fix for lack of input validation - RT#15405

[freeside.git] / httemplate / edit / process / part_event.html

diff --git a/httemplate/edit/process/part_event.html b/httemplate/edit/process/part_event.html
index d4d4526..481439d 100644 (file)
--- a/httemplate/edit/process/part_event.html
+++ b/httemplate/edit/process/part_event.html
@@ -39,6 +39,7 @@
                                                  split(/\0/, $value)
                                            };
                                 } elsif ( $info->{'type'} eq 'freq' ) {
+                                  $value = '0' if !length($value);
                                   $value .= $params->{$cgi_field.'_units'};
                                 }
 
@@ -84,6 +85,21 @@
       if ( $cgi->param('_initialize') ) {
         $cgi->param('disabled', 'Y');
       }
+
+      my $balance_age_rx = qr/^(condition.+)\.balance_age\.age$/;
+
+      foreach my $param ( keys %{ $cgi->Vars() } ){
+
+       next unless ( $param =~ /$balance_age_rx/ );
+       next unless $cgi->param($1) eq 'balance_age';
+
+       my $errstr = FS::part_event::Condition::balance_age->
+         check_options( { age       => $cgi->param($param),
+                          age_units => $cgi->param("${param}_units") } );
+
+       return $errstr if $errstr;
+      }
+
       return '';
     },
     'noerror_callback' => sub {