X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fmisc%2Fprocess%2Frecharge_svc.html;h=88a1f7f369677cd3f07eb73bc52e8aa453e0745c;hb=76b22e66bf8e615def0a24cd8cda23c3949eae70;hp=5f68bf151b55a87e1a5ba0b88a30792333832681;hpb=42682206b4ba30de01c82743042f5fb9d48a93ed;p=freeside.git

diff --git a/httemplate/misc/process/recharge_svc.html b/httemplate/misc/process/recharge_svc.html
index 5f68bf151..88a1f7f36 100755
--- a/httemplate/misc/process/recharge_svc.html
+++ b/httemplate/misc/process/recharge_svc.html
@@ -4,7 +4,7 @@
 %} else {
 <% header("Package recharged") %>
   <SCRIPT TYPE="text/javascript">
-    window.top.location.reload();
+    topreload();
   </SCRIPT>
   </BODY></HTML>
 %}
@@ -22,6 +22,7 @@ $svcnum = $1;
 
 #untaint prepaid
 my $prepaid = $cgi->param('prepaid');
+$prepaid =~ s/\W//g;
 $prepaid =~ /^(\w*)$/;
 $prepaid = $1;
 
@@ -62,6 +63,7 @@ unless ($error) {
     $error = $cust_main->charge($amount, "Recharge " . $svc_acct->label,
                                 $description, $part_pkg->taxclass);
 
+    $error ||= "invalid $_" foreach grep { $rhash{$_} !~ /^\d*$/ } keys %rhash;
     if ($part_pkg->option('recharge_reset', 1)) {
       $error ||= $svc_acct->set_usage(\%rhash, 'null' => 1);
     }else{