From d4cdc4db87f1b6a373398b7ab33e791bd0527dda Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Sun, 17 Nov 2013 17:10:06 -0800
Subject: don't redirect to a GET with sensitive data, RT#26099

---
 httemplate/edit/process/cust_main.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'httemplate/edit/process')

diff --git a/httemplate/edit/process/cust_main.cgi b/httemplate/edit/process/cust_main.cgi
index ff8be1a71..4fb8f622d 100755
--- a/httemplate/edit/process/cust_main.cgi
+++ b/httemplate/edit/process/cust_main.cgi
@@ -1,7 +1,7 @@
 % if ( $error ) {
 %   $cgi->param('error', $error);
-%
-<% $cgi->redirect(popurl(2). "cust_main.cgi?". $cgi->query_string ) %>
+%   my $query = $m->scomp('/elements/create_uri_query', 'secure'=>1);
+<% $cgi->redirect(popurl(2). "cust_main.cgi?$query" ) %>
 %
 % } else { 
 %
-- 
cgit v1.2.1