X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=htdocs%2Fedit%2Fprocess%2Fcust_pkg.cgi;h=9d82b3c243a04b208ac71c162a55a0d0207dc144;hb=069f8453eb624a0d4a77734aca8bc9367dbb60e6;hp=639b2f14001aa327c1c5a947814327e0305e2144;hpb=cd6989b0380bb289bffac0b947a3bfa6eb8c773e;p=freeside.git

diff --git a/htdocs/edit/process/cust_pkg.cgi b/htdocs/edit/process/cust_pkg.cgi
index 639b2f140..9d82b3c24 100755
--- a/htdocs/edit/process/cust_pkg.cgi
+++ b/htdocs/edit/process/cust_pkg.cgi
@@ -1,6 +1,6 @@
 #!/usr/bin/perl -Tw
 #
-# $Id: cust_pkg.cgi,v 1.4 1999-01-25 12:19:10 ivan Exp $
+# $Id: cust_pkg.cgi,v 1.7 1999-04-07 15:24:06 ivan Exp $
 #
 # this is for changing packages around, not for editing things within the
 # package
@@ -8,8 +8,6 @@
 # Usage: post form to:
 #        http://server.name/path/cust_pkg.cgi
 #
-# Note: Should be run setuid root as user nobody.
-#
 # ivan@voicenet.com 97-mar-21 - 97-mar-24
 #
 # rewrote for new API
@@ -21,8 +19,14 @@
 #       bmccane@maxbaud.net     98-apr-3
 #
 # $Log: cust_pkg.cgi,v $
-# Revision 1.4  1999-01-25 12:19:10  ivan
-# yet more mod_perl stuff
+# Revision 1.7  1999-04-07 15:24:06  ivan
+# don't use anchor in redirect
+#
+# Revision 1.6  1999/02/28 00:03:44  ivan
+# removed misleading comments
+#
+# Revision 1.5  1999/02/07 09:59:26  ivan
+# more mod_perl fixes, and bugfixes Peter Wemm sent via email
 #
 # Revision 1.3  1999/01/19 05:13:54  ivan
 # for mod_perl: no more top-level my() variables; use vars instead
@@ -37,15 +41,15 @@ use vars qw( $cgi $custnum @remove_pkgnums @pkgparts $pkgpart $error );
 use CGI;
 use CGI::Carp qw(fatalsToBrowser);
 use FS::UID qw(cgisuidsetup);
-use FS::CGI qw(idiot popurl);
+use FS::CGI qw(popurl);
 use FS::cust_pkg;
 
 $cgi = new CGI; # create form object
-
 &cgisuidsetup($cgi);
+$error = '';
 
 #untaint custnum
-$cgi->param('new_custnum') =~ /^(\d+)$/;
+$cgi->param('custnum') =~ /^(\d+)$/;
 $custnum = $1;
 
 @remove_pkgnums = map {
@@ -54,18 +58,23 @@ $custnum = $1;
 } $cgi->param('remove_pkg');
 
 foreach $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) {
-  my($num_pkgs)=$cgi->param("pkg$pkgpart");
-  while ( $num_pkgs-- ) {
-    push @pkgparts,$pkgpart;
+  if ( $cgi->param("pkg$pkgpart") =~ /^(\d+)$/ ) {
+    my $num_pkgs = $1;
+    while ( $num_pkgs-- ) {
+      push @pkgparts,$pkgpart;
+    }
+  } else {
+    $error = "Illegal quantity";
+    last;
   }
 }
 
-$error = FS::cust_pkg::order($custnum,\@pkgparts,\@remove_pkgnums);
+$error ||= FS::cust_pkg::order($custnum,\@pkgparts,\@remove_pkgnums);
 
 if ($error) {
   $cgi->param('error', $error);
   print $cgi->redirect(popurl(2). "cust_pkg.cgi?". $cgi->query_string );
 } else {
-  print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum#cust_pkg");
+  print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
 }