-#untaint custnum
-$cgi->param('custnum') =~ /^(\d+)$/;
-my $custnum = $1;
-
-my @remove_pkgnums = map {
- /^(\d+)$/ or die "Illegal remove_pkg value!";
- $1;
-} $cgi->param('remove_pkg');
-
-my( $action, $error_redirect );
-my @pkgparts = ();
-if ( $cgi->param('new_pkgpart') =~ /^(\d+)$/ ) { #came from misc/change_pkg.cgi
- $action = 'change';
- $error_redirect = "misc/change_pkg.cgi";
- @pkgparts = ($1);
-} else { #came from edit/cust_pkg.cgi
- $action = 'bulk';
- $error_redirect = "edit/cust_pkg.cgi";
- foreach my $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) {
- if ( $cgi->param("pkg$pkgpart") =~ /^(\d+)$/ ) {
- my $num_pkgs = $1;
- while ( $num_pkgs-- ) {
- push @pkgparts,$pkgpart;
- }
- } else {
- $error = "Illegal quantity";
- last;
- }
+ warn "k($k) param{k}($param{$k}) pkgpart($pkgpart) qty($qty)\n"
+ if $DEBUG;
+
+ if ( $qty =~ /\D/ ) {
+ $error = "Invalid quantity $qty for pkgpart $pkgpart - please use a number";
+ last;