%if ($error) {
% $cgi->param('error', $error);
-<% cgi->redirect(popurl(2). "recharge_svc.html?". $cgi->query_string ) %>
+<% $cgi->redirect(popurl(2). "recharge_svc.html?". $cgi->query_string ) %>
%} else {
<% header("Package recharged") %>
<SCRIPT TYPE="text/javascript">
- window.top.location.reload();
+ topreload();
</SCRIPT>
</BODY></HTML>
%}
#untaint prepaid
my $prepaid = $cgi->param('prepaid');
+$prepaid =~ s/\W//g;
$prepaid =~ /^(\w*)$/;
$prepaid = $1;
$error = $cust_main->recharge_prepay( $prepaid );
} elsif ( $payby =~ /^(CARD|DCRD|CHEK|DCHK|LECB|BILL|COMP)$/ ) {
my $part_pkg = $svc_acct->cust_svc->cust_pkg->part_pkg;
- $amount = $part_pkg->option('recharge_amount', 1);
+ my $amount = $part_pkg->option('recharge_amount', 1);
my %rhash = map { $_ =~ /^recharge_(.*)$/; $1, $part_pkg->option($_) }
grep { $part_pkg->option($_, 1) }
qw ( recharge_seconds recharge_upbytes recharge_downbytes
$error = $cust_main->charge($amount, "Recharge " . $svc_acct->label,
$description, $part_pkg->taxclass);
+ $error ||= "invalid $_" foreach grep { $rhash{$_} !~ /^\d*$/ } keys %rhash;
if ($part_pkg->option('recharge_reset', 1)) {
- $error ||= $svc_acct->set_usage(\%rhash);
+ $error ||= $svc_acct->set_usage(\%rhash, 'null' => 1);
}else{
$error ||= $svc_acct->recharge(\%rhash);
}