diff options
| author | Mitch Jackson <mitch@freeside.biz> | 2018-08-26 17:07:46 -0400 |
|---|---|---|
| committer | Mitch Jackson <mitch@freeside.biz> | 2018-09-07 17:17:17 -0400 |
| commit | 3b236eac5f7926f18623f6b9dc7c6f0d350ab61c (patch) | |
| tree | c8083bea8b6fbf86df35756102a4e3e4c8b856d0 /httemplate/misc | |
| parent | 6686819fd4feebda67a069e2ba456ea1f53bea64 (diff) | |
RT# 80869 Harden process payment screen against Edge browser bug
Diffstat (limited to 'httemplate/misc')
| -rw-r--r-- | httemplate/misc/payment.cgi | 8 | ||||
| -rw-r--r-- | httemplate/misc/process/payment.cgi | 4 |
2 files changed, 5 insertions, 7 deletions
diff --git a/httemplate/misc/payment.cgi b/httemplate/misc/payment.cgi index 44904fba6..9e530cf0a 100644 --- a/httemplate/misc/payment.cgi +++ b/httemplate/misc/payment.cgi @@ -59,9 +59,8 @@ <TH><% mt('Exp.') |h %></TH> <TD> <SELECT NAME="month"> -% for ( ( map "0$_", 1 .. 9 ), 10 .. 12 ) { - - <OPTION<% $_ == $month ? ' SELECTED' : '' %>><% $_ %> +% for ( map{ sprintf('%02d',$_) } (1..12) ) { + <OPTION VALUE="<% $_ %>"<% $_ == $month ? ' SELECTED' : '' %>><% $_ %></OPTION> % } </SELECT> @@ -70,8 +69,7 @@ <TD> <SELECT NAME="year"> % my @a = localtime; for ( $a[5]+1900 .. $a[5]+1915 ) { - - <OPTION<% $_ == $year ? ' SELECTED' : '' %>><% $_ %> + <OPTION VALUE="<% $_ %>"<% $_ == $year ? ' SELECTED' : '' %>><% $_ %></OPTION> % } </SELECT> diff --git a/httemplate/misc/process/payment.cgi b/httemplate/misc/process/payment.cgi index 9458217c1..5f945a71a 100644 --- a/httemplate/misc/process/payment.cgi +++ b/httemplate/misc/process/payment.cgi @@ -42,11 +42,11 @@ if ( $cgi->param('fee') =~ /^\s*(\d*(\.\d\d)?)\s*$/ ) { $amount = sprintf('%.2f', $amount + $fee); } -$cgi->param('year') =~ /^(\d+)$/ +$cgi->param('year') =~ /^(\d{4})/ or errorpage("illegal year ". $cgi->param('year')); my $year = $1; -$cgi->param('month') =~ /^(\d+)$/ +$cgi->param('month') =~ /^(\d{2})/ or errorpage("illegal month ". $cgi->param('month')); my $month = $1; |