don't redirect to a GET with sensitive data, RT#26099

[freeside.git] / httemplate / search / phone_avail.html

diff --git a/httemplate/search/phone_avail.html b/httemplate/search/phone_avail.html
index 8dec7b2..ce7d1bd 100644 (file)
--- a/httemplate/search/phone_avail.html
+++ b/httemplate/search/phone_avail.html
@@ -1,9 +1,9 @@
-<% include( 'elements/search.html',
+<& elements/search.html,
               'title'         => 'Phone Number (DID) Search Results',
               'name_singular' => 'phone number',
               'query'         => {
                                    'table'   => 'phone_avail',
-                                   'hashref' => {},
+                                   'hashref' => $hashref,
                                    'select'  => join(', ',
                                        'phone_avail.*',
                                        'cust_main.custnum',
@@ -81,8 +81,8 @@
                            FS::UI::Web::cust_styles(),
                           '',
                          ],
-      )
-%>
+      
+&>
 <%init>
 
 die "access denied"
@@ -129,6 +129,9 @@ my $addl_from = ' LEFT JOIN cust_svc  USING ( svcnum  ) '.
 
 my $count_query = "SELECT COUNT(*) FROM phone_avail $search"; #$addl_from?
 
+my $hashref = {};
+$hashref->{'ordernum'} = $1 if $cgi->param('ordernum') =~ /^(\d+)$/;
+
 my $link_cust = sub {
   my $phone_avail = shift;
   if ( $phone_avail->svcnum ) {