diff options
Diffstat (limited to 'fs_selfservice/FS-SelfService/cgi/selfservice.cgi')
| -rw-r--r-- | fs_selfservice/FS-SelfService/cgi/selfservice.cgi | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi index 1fc2e5f8b..975203dc8 100644 --- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi +++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi @@ -238,6 +238,10 @@ sub payment_results { use Business::CreditCard; + #we should only do basic checking here for DoS attacks and things + #that couldn't be constructed by the web form... let process_payment() do + #the rest, it gives better error messages + $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/ or die "illegal amount"; #!!! my $amount = $1; @@ -258,6 +262,9 @@ sub payment_results { or die "not a ". $cgi->param('card_type'); } + $cgi->param('paycvv') =~ /^\s*(.{0,4})\s*$/ or die "illegal CVV2"; + my $paycvv = $1; + $cgi->param('month') =~ /^(\d{2})$/ or die "illegal month"; my $month = $1; $cgi->param('year') =~ /^(\d{4})$/ or die "illegal year"; @@ -294,6 +301,7 @@ sub payment_results { 'session_id' => $session_id, 'amount' => $amount, 'payinfo' => $payinfo, + 'paycvv' => $paycvv, 'month' => $month, 'year' => $year, 'payname' => $payname, |