'extra_sql' => ' AND '. $curuser->agentnums_sql,
}) or die "unknown custnum $custnum";
+my $invoice = ($cgi->param('invoice') =~ /^(\d+)$/) ? $cgi->param('invoice') : '';
+
$cgi->param('amount') =~ /^\s*(\d*(\.\d\d)?)\s*$/
or errorpage("illegal amount ". $cgi->param('amount'));
my $amount = $1;
'payinfo' => $payinfo,
'paydate' => $paydate,
'payname' => $payname,
+ 'invnum' => $invoice,
map { $_ => scalar($cgi->param($_)) }
@{$payby2fields{$payby}}
);
'discount_term' => $discount_term,
'no_auto_apply' => ($cgi->param('apply') eq 'never') ? 'Y' : '',
'no_invnum' => 1,
+ 'invnum' => $invoice,
map { $_ => scalar($cgi->param($_)) } @{$payby2fields{$payby}}
);
errorpage($error) if $error;