projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
even more reliable multiple-payment/double-click/concurrent-payment-form protection
[freeside.git]
/
httemplate
/
misc
/
process
/
payment.cgi
diff --git
a/httemplate/misc/process/payment.cgi
b/httemplate/misc/process/payment.cgi
index
71a4891
..
889670d
100644
(file)
--- a/
httemplate/misc/process/payment.cgi
+++ b/
httemplate/misc/process/payment.cgi
@@
-56,6
+56,10
@@
$cgi->param('payunique') =~ /^([\w \!\@\#\$\%\&\(\)\-\+\;\:\'\"\,\.\?\/\=]*)$/
or errorpage(gettext('illegal_text'). " payunique: ". $cgi->param('payunique'));
my $payunique = $1;
or errorpage(gettext('illegal_text'). " payunique: ". $cgi->param('payunique'));
my $payunique = $1;
+$cgi->param('balance') =~ /^\s*(\-?\s*\d*(\.\d\d)?)\s*$/
+ or errorpage("illegal balance");
+my $balance = $1;
+
my $payinfo;
my $paycvv = '';
if ( $payby eq 'CHEK' ) {
my $payinfo;
my $paycvv = '';
if ( $payby eq 'CHEK' ) {
@@
-125,6
+129,7
@@
if ( $cgi->param('batch') ) {
$error = $cust_main->realtime_bop( $FS::payby::payby2bop{$payby}, $amount,
'quiet' => 1,
'manual' => 1,
$error = $cust_main->realtime_bop( $FS::payby::payby2bop{$payby}, $amount,
'quiet' => 1,
'manual' => 1,
+ 'balance' => $balance,
'payinfo' => $payinfo,
'paydate' => "$year-$month-01",
'payname' => $payname,
'payinfo' => $payinfo,
'paydate' => "$year-$month-01",
'payname' => $payname,