sub process_change_pay {
my $postal = $cgi->param( 'postal_invoicing' );
+ my $payby = $cgi->param( 'payby' );
my @list =
qw( payby payinfo payinfo1 payinfo2 month year payname
address1 address2 city county state zip country auto paytype
paystate ss stateid stateid_state invoicing_list
);
push @list, 'postal_invoicing' if $postal;
- unless ( $postal || $cgi->param( 'invoicing_list' ) ) {
+ unless ( $payby ne 'BILL'
+ || $postal
+ || $cgi->param( 'invoicing_list' )
+ )
+ {
$action = 'change_pay';
return {
%{&change_pay()},
sub payment_results {
- use Business::CreditCard;
+ use Business::CreditCard 0.30;
#we should only do basic checking here for DoS attacks and things
#that couldn't be constructed by the web form... let process_payment() do
my $amount = $1;
my $payinfo = $cgi->param('payinfo');
- $payinfo =~ s/\D//g;
- $payinfo =~ /^(\d{13,16})$/
+ $payinfo =~ s/[^\dx]//g;
+ $payinfo =~ /^([\dx]{13,16})$/
#or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
or die "illegal card"; #!!!
$payinfo = $1;
- validate($payinfo)
- #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
- or die "invalid card"; #!!!
+ unless ( $payinfo =~ /x/ ) {
+ validate($payinfo)
+ #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
+ or die "invalid card"; #!!!
+ }
if ( $cgi->param('card_type') ) {
cardtype($payinfo) eq $cgi->param('card_type')
my $amount = $1;
my $payinfo1 = $cgi->param('payinfo1');
- $payinfo1=~ /^(\d+)$/
+ $payinfo1 =~ s/[^\dx]//g;
+ $payinfo1 =~ /^([\dx]+)$/
or die "illegal account"; #!!!
- $payinfo1= $1;
+ $payinfo1 = $1;
my $payinfo2 = $cgi->param('payinfo2');
- $payinfo2=~ /^(\d+)$/
+ $payinfo2 =~ s/[^\dx]//g;
+ $payinfo2 =~ /^([\dx]+)$/
or die "illegal ABA/routing code"; #!!!
- $payinfo2= $1;
+ $payinfo2 = $1;
$cgi->param('payname') =~ /^(.{0,80})$/ or die "illegal payname";
my $payname = $1;