'session_id' => $_COOKIE['session_id'],
) );
-foreach ( $cust_pkg AS $pkg ) {
- $part_pkg .= $pkg[pkgpart];
- $class_num .= $pkg[classnum];
+if ( preg_match( '/^(\d+)$/', $_GET['pkgnum'] ) ) {
+ $cust_pkg = $freeside->pkg_info( array(
+ 'session_id' => $_COOKIE['session_id'],
+ 'pkgnum' => $_GET['pkgnum'],
+ ) );
}
+else { $cust_pkg['error'] = 'Bad Package Number'; }
-$get_params = array( 'pkgnum', 'pkg', 'classnum', 'pkgpart' );
-foreach ( $get_params AS $param ) {
- $params[$param] = $_GET[$param];
+if ( isset($cust_pkg['error']) && $cust_pkg['error'] ) {
+ $error = $cust_pkg['error'];
+ header('Location:index.php?error='. urlencode($error));
+ die();
}
$pkgselect = $freeside->mason_comp( array(
'session_id' => $_COOKIE['session_id'],
'comp' => '/elements/select-part_pkg.html',
- 'args' => [ 'classnum', $params['classnum'], 'curr_value', $params['pkgpart'], ],
+ 'args' => [ 'classnum', $cust_pkg['classnum'], 'curr_value', $cust_pkg['pkgpart'], ],
)
);
}
</SCRIPT>
-<FONT SIZE=4>Purchase replacement package for "<? echo $params['pkg']; ?>"</FONT><BR><BR>
+<FONT SIZE=4>Purchase replacement package for "<? echo htmlspecialchars($cust_pkg['pkg_label']); ?>"</FONT><BR><BR>
<? include('elements/error.php'); ?>
</TABLE>
<BR>
<INPUT TYPE="hidden" NAME="custnum" VALUE="<? echo $customer_info['custnum'] ?>">
-<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<? echo $params['pkgnum'] ?>">
-<INPUT TYPE="hidden" NAME="pkg" VALUE="<? echo $params['pkg'] ?>">
+<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<? echo htmlspecialchars($_GET['pkgnum']) ?>">
<INPUT TYPE="hidden" NAME="action" VALUE="process_change_pkg">
<INPUT NAME="submit" TYPE="submit" VALUE="Change Package">
</FORM>