From ddb53fcc9fc80561354b97e4e7803004990138d0 Mon Sep 17 00:00:00 2001
From: ivan <ivan>
Date: Sun, 10 Feb 2002 18:56:49 +0000
Subject: use unique tokens to prevent double-submission of payments in the web
 UI (closes: Bug#320)

---
 httemplate/edit/cust_pay.cgi | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'httemplate/edit')

diff --git a/httemplate/edit/cust_pay.cgi b/httemplate/edit/cust_pay.cgi
index 27d36eb54..f6ae7b299 100755
--- a/httemplate/edit/cust_pay.cgi
+++ b/httemplate/edit/cust_pay.cgi
@@ -32,6 +32,8 @@ if ( $cgi->param('error') ) {
 }
 my $_date = time;
 
+my $paybatch = "webui-$_date-$$-". rand() * 2**32;
+
 my $p1 = popurl(1);
 print header("Post payment", '');
 
@@ -111,11 +113,12 @@ print qq!<TR><TD ALIGN="right">Check #</TD><TD BGCOLOR="#ffffff"><INPUT TYPE="te
 
 print qq!<TR><TD ALIGN="right">Auto-apply<BR>to invoices</TD><TD><SELECT NAME="apply"><OPTION VALUE="yes" SELECTED>yes<OPTION>no</SELECT></TD>!;
 
+print "</TABLE>";
+
 #paybatch
-print qq!<INPUT TYPE="hidden" NAME="paybatch" VALUE="">!;
+print qq!<INPUT TYPE="hidden" NAME="paybatch" VALUE="$paybatch">!;
 
 print <<END;
-</TABLE>
 <BR>
 <INPUT TYPE="submit" VALUE="Post payment">
     </FORM>
-- 
cgit v1.2.1