X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Felements%2Fcreate_uri_query;h=414d53ba494b2fc922ecdc755970754be5781641;hb=8eb6542c022ac84b125416f3fb0828b278ba600a;hp=32d8e2f87b913d76caa848f8ecbff00d4739aa25;hpb=fb4ab1073f0d15d660c6cdc4e07afebf68ef3924;p=freeside.git

diff --git a/httemplate/elements/create_uri_query b/httemplate/elements/create_uri_query
index 32d8e2f87..414d53ba4 100644
--- a/httemplate/elements/create_uri_query
+++ b/httemplate/elements/create_uri_query
@@ -1,17 +1,34 @@
 <% $query %>\
 <%init>
 
+my %opt = @_;
+
+if ( $opt{secure} ) {
+
+  foreach my $param (grep /pay(info\d?|cvv)$/, $cgi->param) {
+    my $value = $cgi->param($param);
+    next unless length($value);
+    my $encrypted = FS::Record->encrypt( $value );
+    $cgi->param($param, $encrypted);
+  }
+
+}
+
 my $query = $cgi->query_string;
 
-if ( length($query) > 1920 ) { #stupid IE 2083 URL limit
+if ( length($query) > 1920 || $opt{secure} ) { #stupid IE 2083 URL limit
 
-  my $session = int(rand(4294967296)); #XXX
+  my $session = random_id(9);
   my $pref = new FS::access_user_pref({
     'usernum'    => $FS::CurrentUser::CurrentUser->usernum,
     'prefname'   => "redirect$session",
     'prefvalue'  => $query,
-    'expiration' => time + 3600, #1h?  1m?
+    'expiration' => time + ( $opt{secure} ? 120  #2m?
+                                          : 3600 #1h?
+                           ),
   });
+  local($FS::Record::no_history) = 1;
+
   my $pref_error = $pref->insert;
   if ( $pref_error ) {
     die "FATAL: couldn't even set redirect cookie: $pref_error".