don't redirect to a GET with sensitive data, RT#26099

[freeside.git] / httemplate / edit / cust_main.cgi

diff --git a/httemplate/edit/cust_main.cgi b/httemplate/edit/cust_main.cgi
index 2908848..480047c 100755 (executable)
--- a/httemplate/edit/cust_main.cgi
+++ b/httemplate/edit/cust_main.cgi
@@ -73,6 +73,7 @@
     ><% mt('same as billing address') |h %>
     <DIV CLASS="fsinnerbox">
       <TABLE ID="table_ship_location" WIDTH="100%">
+      <& cust_main/before_ship_location.html, $cust_main &>
       <& /elements/location.html,
           object => $cust_main->ship_location,
           prefix => 'ship_',
@@ -202,6 +203,7 @@ my $prospectnum = '';
 my $locationnum = '';
 my $same = '';
 
+$m->comp('/elements/handle_uri_query', 'secure'=>1);
 
 if ( $cgi->param('error') ) {
 
@@ -299,7 +301,6 @@ if ( $cgi->param('error') ) {
   $cust_main = new FS::cust_main ( {} );
   $cust_main->agentnum( $conf->config('default_agentnum') )
     if $conf->exists('default_agentnum');
-  $cust_main->otaker( &getotaker );
   $cust_main->referral_custnum( $cgi->param('referral_custnum') );
   @invoicing_list = ();
   push @invoicing_list, 'POST'