RT# 80869 Harden process payment screen against Edge browser bug

[freeside.git] / httemplate / misc / process / payment.cgi

diff --git a/httemplate/misc/process/payment.cgi b/httemplate/misc/process/payment.cgi
index 9458217..5f945a7 100644 (file)
--- a/httemplate/misc/process/payment.cgi
+++ b/httemplate/misc/process/payment.cgi
@@ -42,11 +42,11 @@ if ( $cgi->param('fee') =~ /^\s*(\d*(\.\d\d)?)\s*$/ ) {
   $amount = sprintf('%.2f', $amount + $fee);
 }
 
-$cgi->param('year') =~ /^(\d+)$/
+$cgi->param('year') =~ /^(\d{4})/
   or errorpage("illegal year ". $cgi->param('year'));
 my $year = $1;
 
-$cgi->param('month') =~ /^(\d+)$/
+$cgi->param('month') =~ /^(\d{2})/
   or errorpage("illegal month ". $cgi->param('month'));
 my $month = $1;