X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fprospect_main.html;h=6aefe80d0cb6d01304d9c668a15cc3c1ae9fcf95;hb=9d5f61a78f7cddeb65f6943f3e58326f47cc0c0b;hp=fb675153296445cdd9e61c37c5a357c2f59fae17;hpb=947dd5bdd4d005109d7f3db0af0c415df3d83c16;p=freeside.git

diff --git a/httemplate/edit/prospect_main.html b/httemplate/edit/prospect_main.html
index fb6751532..6aefe80d0 100644
--- a/httemplate/edit/prospect_main.html
+++ b/httemplate/edit/prospect_main.html
@@ -34,8 +34,10 @@
        { 'field'             => 'contactnum',
          'type'              => 'contact',
          'colspan'           => 7,
-         'o2m_table'      => 'contact',
-         'm2_label'       => 'Contact',
+         'prospectnum'       => $prospectnum,
+         'm2m_method'        => 'prospect_contact',
+         'm2m_dstcol'        => 'contactnum',
+         'm2_label'          => 'Contact',
          'm2_error_callback' => $m2_error_callback,
 
        },
@@ -50,6 +52,7 @@
        },
        { 'field'    => 'taxstatusnum',
          'type'     => 'select-tax_status',
+         'required' => 1,
          'empty_label'   => ' ',
        },
      ],
@@ -68,18 +71,25 @@ my $conf = new FS::Conf;
 
 my $prospectnum;
 if ( $cgi->param('error') ) {
-  $prospectnum = scalar($cgi->param('prospectnum'));
+  $cgi->param('prospectnum') =~ /^(\d*)$/ or die 'illegal prospectnum';
+  $prospectnum = $1;
 
   die "access denied"
     unless $curuser->access_right(($prospectnum ? 'Edit' : 'New'). ' prospect');
 
 } elsif ( $cgi->keywords ) { #editing
 
+  my($query) = $cgi->keywords;
+  $query =~ /^(\d+)$/ or die 'no prospectnum';
+  $prospectnum = $1;
+
   die "access denied"
     unless $curuser->access_right('Edit prospect');
 
 } else { #new prospect 
 
+  $prospectnum = '';
+
   die "access denied"
     unless $curuser->access_right('New prospect');