- if ( $params->{'pkgpart'} && scalar(@{ $params->{'pkgpart'} }) ) {
- my @pkgpart = grep /^(\d+)$/, @{ $params->{'pkgpart'} };
- push @where, 'cust_pkg.pkgpart IN ('. join(',', @pkgpart ). ')';
+ ##pkgpart, now properly untainted, can be arrayref
+ #for my $pkgpart ( $params->{'pkgpart'} ) {
+ # if ( ref $pkgpart ) {
+ # my $where = join(',', map { /^(\d+)$/ ? $1 : () } @$pkgpart );
+ # push @where, "cust_pkg.pkgpart IN ($where)" if $where;
+ # }
+ # elsif ( $pkgpart =~ /^(\d+)$/ ) {
+ # push @where, "cust_pkg.pkgpart = $1";
+ # }
+ #}
+ if ( $params->{'pkgpart'} ) {
+ my @pkgpart = ref( $params->{'pkgpart'} )
+ ? @{ $params->{'pkgpart'} }
+ : $params->{'pkgpart'}
+ ? ( $params->{'pkgpart'} )
+ : ();
+ @pkgpart = grep /^(\d+)$/, @pkgpart;
+ push @where, 'cust_pkg.pkgpart IN ('. join(',', @pkgpart ). ')' if @pkgpart;
+ }
+
+ #svcnum
+ if ( $params->{'svcnum'} ) {
+ my @svcnum = ref( $params->{'svcnum'} )
+ ? @{ $params->{'svcnum'} }
+ : $params->{'svcnum'};
+ @svcnum = grep /^\d+$/, @svcnum;
+ push @where, 'svcnum IN ('. join(',', @svcnum) . ')' if @svcnum;