From: Mitch Jackson <mitch@freeside.biz>
Date: Sun, 4 Nov 2018 15:07:30 +0000 (-0500)
Subject: RT# 81616 Mask CVV on Process Card Payment page
X-Git-Url: http://git.freeside.biz/gitweb/?a=commitdiff_plain;h=ac50269d081f6490705d103186e5b89baac58930;p=freeside.git

RT# 81616 Mask CVV on Process Card Payment page
---

diff --git a/httemplate/misc/payment.cgi b/httemplate/misc/payment.cgi
index 9e530cf0a..b882da061 100644
--- a/httemplate/misc/payment.cgi
+++ b/httemplate/misc/payment.cgi
@@ -42,7 +42,7 @@
 %   my $payname = $cust_main->first. ' '. $cust_main->getfield('last');
 %   if ( $cust_main->payby =~ /^(CARD|DCRD)$/ ) {
 %     $payinfo = $cust_main->paymask;
-%     $paycvv = $cust_main->paycvv;
+%     ( $paycvv = $cust_main->paycvv ) =~ s/./*/g;
 %     ( $month, $year ) = $cust_main->paydate_monthyear;
 %     $payname = $cust_main->payname if $cust_main->payname;
 %   } elsif ($disable_payauto_default) {
diff --git a/httemplate/misc/process/payment.cgi b/httemplate/misc/process/payment.cgi
index 5f945a71a..6163b93dd 100644
--- a/httemplate/misc/process/payment.cgi
+++ b/httemplate/misc/process/payment.cgi
@@ -124,7 +124,9 @@ if ( $payby eq 'CHEK' ) {
 
   if ( defined $cust_main->dbdef_table->column('paycvv') ) {
     if ( length($cgi->param('paycvv') ) ) {
-      if ( cardtype($payinfo) eq 'American Express card' ) {
+      if ( $cgi->param('paycvv') =~ /^\*+$/ ) {
+        $paycvv = $cust_main->paycvv;
+      } elsif ( cardtype($payinfo) eq 'American Express card' ) {
         $cgi->param('paycvv') =~ /^(\d{4})$/
           or errorpage("CVV2 (CID) for American Express cards is four digits.");
         $paycvv = $1;