$result{'syserror'} = 'Invoked without password' unless $password;
return \%result if $result{'syserror'};
- if ($arg{'contactnum'}) {
+ if ($arg{'contactnum'} =~ /^\d+$/) {
my $contactnum = $arg{'contactnum'};
$result{'syserror'} = 'Invalid contactnum' unless $contactnum =~ /^\d*$/;
return \%result if $result{'syserror'};
my $contact = $contactnum
? qsearchs('contact',{'contactnum' => $contactnum})
- : '';
+ : (new FS::contact {});
$result{'error'} = $contact->is_password_allowed($password);
}