projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
don't redirect to a GET with sensitive data, RT#26099
[freeside.git]
/
httemplate
/
edit
/
cust_main.cgi
diff --git
a/httemplate/edit/cust_main.cgi
b/httemplate/edit/cust_main.cgi
index
d2c0cb7
..
9e1b4b0
100755
(executable)
--- a/
httemplate/edit/cust_main.cgi
+++ b/
httemplate/edit/cust_main.cgi
@@
-26,7
+26,12
@@
<& cust_main/top_misc.html, $cust_main, 'custnum' => $custnum &>
%# birthdate
<& cust_main/top_misc.html, $cust_main, 'custnum' => $custnum &>
%# birthdate
-% if ( $conf->exists('cust_main-enable_birthdate') ) {
+% if ( $conf->config('national_id-country')
+% || $conf->exists('cust_main-enable_birthdate')
+% || $conf->exists('cust_main-enable_spouse_birthdate')
+% || $conf->exists('cust_main-enable_anniversary_date')
+% )
+% {
<BR>
<& cust_main/birthdate.html, $cust_main &>
% }
<BR>
<& cust_main/birthdate.html, $cust_main &>
% }
@@
-74,7
+79,9
@@
function bill_changed(what) {
function fix_ship_city() {
what.form.ship_city_select.selectedIndex = what.form.city_select.selectedIndex;
what.form.ship_city.style.display = what.form.city.style.display;
function fix_ship_city() {
what.form.ship_city_select.selectedIndex = what.form.city_select.selectedIndex;
what.form.ship_city.style.display = what.form.city.style.display;
- what.form.ship_city_select.style.display = what.form.city_select.style.display;
+ if ( what.form.ship_city_select ) {
+ what.form.ship_city_select.style.display = what.form.city_select.style.display;
+ }
}
function fix_ship_county() {
}
function fix_ship_county() {
@@
-95,11
+102,15
@@
function samechanged(what) {
if ( what.checked ) {
bill_changed(what);
if ( what.checked ) {
bill_changed(what);
-% my @fields = qw( last first company address1 address2 city c
ity_select c
ounty state zip country latitude longitude daytime night fax mobile );
+% my @fields = qw( last first company address1 address2 city county state zip country latitude longitude daytime night fax mobile );
% for (@fields) {
what.form.ship_<%$_%>.disabled = true;
what.form.ship_<%$_%>.style.backgroundColor = '#dddddd';
% for (@fields) {
what.form.ship_<%$_%>.disabled = true;
what.form.ship_<%$_%>.style.backgroundColor = '#dddddd';
-% }
+% }
+ if ( what.form.ship_city_select ) {
+ what.form.ship_city_select.disabled = true;
+ what.form.ship_city_select.style.backgroundColor = '#dddddd';
+ }
% if ( $conf->exists('cust_main-require_address2') ) {
document.getElementById('address2_required').style.visibility = '';
% if ( $conf->exists('cust_main-require_address2') ) {
document.getElementById('address2_required').style.visibility = '';
@@
-129,7
+140,7
@@
function samechanged(what) {
<BR>
<FONT SIZE="+1"><B><% mt('Service address') |h %></B></FONT>
<BR>
<FONT SIZE="+1"><B><% mt('Service address') |h %></B></FONT>
-(<INPUT TYPE="checkbox" NAME="same" VALUE="Y" onClick="samechanged(this)" <%$same_checked%>><% mt('same as billing address') |h %>)
+(<INPUT TYPE="checkbox"
ID="same"
NAME="same" VALUE="Y" onClick="samechanged(this)" <%$same_checked%>><% mt('same as billing address') |h %>)
<& cust_main/contact.html,
'cust_main' => $cust_main,
'pre' => 'ship_',
<& cust_main/contact.html,
'cust_main' => $cust_main,
'pre' => 'ship_',
@@
-230,6
+241,8
@@
my %svc_dsl = ();
my $prospectnum = '';
my $locationnum = '';
my $prospectnum = '';
my $locationnum = '';
+$m->comp('/elements/handle_uri_query', 'secure'=>1);
+
if ( $cgi->param('error') ) {
$cust_main = new FS::cust_main ( {
if ( $cgi->param('error') ) {
$cust_main = new FS::cust_main ( {
@@
-248,6
+261,8
@@
if ( $cgi->param('error') ) {
$stateid = $cust_main->stateid; # don't mask an entered value on errors
$payinfo = $cust_main->payinfo; # don't mask an entered value on errors
$stateid = $cust_main->stateid; # don't mask an entered value on errors
$payinfo = $cust_main->payinfo; # don't mask an entered value on errors
+ $cust_main->national_id( $cgi->param('national_id1') || $cgi->param('national_id2') );
+
$prospectnum = $cgi->param('prospectnum') || '';
$pkgpart_svcpart = $cgi->param('pkgpart_svcpart') || '';
$prospectnum = $cgi->param('prospectnum') || '';
$pkgpart_svcpart = $cgi->param('pkgpart_svcpart') || '';
@@
-281,7
+296,8
@@
if ( $cgi->param('error') ) {
my( $query ) = $cgi->keywords;
$query =~ /^(\d+)$/;
$custnum=$1;
my( $query ) = $cgi->keywords;
$query =~ /^(\d+)$/;
$custnum=$1;
- $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } );
+ $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
+ or die "custnum $custnum not found";
if ( $cust_main->dbdef_table->column('paycvv')
&& length($cust_main->paycvv) ) {
my $paycvv = $cust_main->paycvv;
if ( $cust_main->dbdef_table->column('paycvv')
&& length($cust_main->paycvv) ) {
my $paycvv = $cust_main->paycvv;
@@
-289,7
+305,7
@@
if ( $cgi->param('error') ) {
$cust_main->paycvv($paycvv);
}
@invoicing_list = $cust_main->invoicing_list;
$cust_main->paycvv($paycvv);
}
@invoicing_list = $cust_main->invoicing_list;
- $ss = $cust_main->masked('ss');
+ $ss = $c
onf->exists('unmask_ss') ? $cust_main->ss : $c
ust_main->masked('ss');
$stateid = $cust_main->masked('stateid');
$payinfo = $cust_main->paymask;
$stateid = $cust_main->masked('stateid');
$payinfo = $cust_main->paymask;
@@
-311,6
+327,8
@@
if ( $cgi->param('error') ) {
$stateid = '';
$payinfo = '';
$stateid = '';
$payinfo = '';
+ $cgi->param('tagnum', FS::part_tag->default_tags);
+
if ( $cgi->param('qualnum') =~ /^(\d+)$/ ) {
my $qualnum = $1;
my $qual = qsearchs('qual', { 'qualnum' => $qualnum } )
if ( $cgi->param('qualnum') =~ /^(\d+)$/ ) {
my $qualnum = $1;
my $qual = qsearchs('qual', { 'qualnum' => $qualnum } )
@@
-357,7
+375,7
@@
if ( $cgi->param('error') ) {
}
my %keep = map { $_=>1 } qw( error tagnum lock_agentnum lock_pkgpart );
}
my %keep = map { $_=>1 } qw( error tagnum lock_agentnum lock_pkgpart );
-$cgi->delete( grep
!$keep{$_},
$cgi->param );
+$cgi->delete( grep
{ !$keep{$_} && $_ !~ /^tax_/ }
$cgi->param );
my $title = $custnum ? 'Edit Customer' : 'Add Customer';
$title = mt($title);
my $title = $custnum ? 'Edit Customer' : 'Add Customer';
$title = mt($title);