diff options
Diffstat (limited to 'FS')
| -rw-r--r-- | FS/FS/cust_main.pm | 4 | ||||
| -rw-r--r-- | FS/FS/payby.pm | 2 |
2 files changed, 4 insertions, 2 deletions
diff --git a/FS/FS/cust_main.pm b/FS/FS/cust_main.pm index ee70deaa6..bbdc8fe41 100644 --- a/FS/FS/cust_main.pm +++ b/FS/FS/cust_main.pm @@ -2174,7 +2174,7 @@ sub cust_contact { Returns all payment methods (see L<FS::cust_payby>) for this customer. If one or more PAYBY are specified, returns only payment methods for specified PAYBY. -Does not validate PAYBY--do not pass tainted values. +Does not validate PAYBY. =cut @@ -2186,7 +2186,7 @@ sub cust_payby { 'hashref' => { 'custnum' => $self->custnum }, 'order_by' => "ORDER BY payby IN ('CARD','CHEK') DESC, weight ASC", }; - $search->{'extra_sql'} = ' AND payby IN ( ' . join(',', map { "'$_'" } @payby) . ' ) ' + $search->{'extra_sql'} = ' AND payby IN ( ' . join(',', map { dbh->quote($_) } @payby) . ' ) ' if @payby; qsearch($search); diff --git a/FS/FS/payby.pm b/FS/FS/payby.pm index 530d88d80..b84965587 100644 --- a/FS/FS/payby.pm +++ b/FS/FS/payby.pm @@ -41,6 +41,8 @@ Payment types. # - a customer saved payment type (cust_payby.payby) # - a payment or refund type (cust_pay.payby, cust_pay_batch.payby, cust_refund.payby) +# customer methods that start with 'D' will be interpreted as on-demand + tie %hash, 'Tie::IxHash', 'CARD' => { tinyname => 'card', |