X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=httemplate%2Fedit%2Fprospect_main.html;h=6aefe80d0cb6d01304d9c668a15cc3c1ae9fcf95;hp=7c02538f8eb78847fe56f20cc0962df09af3f747;hb=7e9422a954e8249627c256b53080ee6afeeed913;hpb=ac0bdc5e7860c6ab43d467f075505b0b4ec0245f

diff --git a/httemplate/edit/prospect_main.html b/httemplate/edit/prospect_main.html
index 7c02538f8..6aefe80d0 100644
--- a/httemplate/edit/prospect_main.html
+++ b/httemplate/edit/prospect_main.html
@@ -34,8 +34,10 @@
        { 'field'             => 'contactnum',
          'type'              => 'contact',
          'colspan'           => 7,
-         'o2m_table'      => 'contact',
-         'm2_label'       => 'Contact',
+         'prospectnum'       => $prospectnum,
+         'm2m_method'        => 'prospect_contact',
+         'm2m_dstcol'        => 'contactnum',
+         'm2_label'          => 'Contact',
          'm2_error_callback' => $m2_error_callback,
 
        },
@@ -69,18 +71,25 @@ my $conf = new FS::Conf;
 
 my $prospectnum;
 if ( $cgi->param('error') ) {
-  $prospectnum = scalar($cgi->param('prospectnum'));
+  $cgi->param('prospectnum') =~ /^(\d*)$/ or die 'illegal prospectnum';
+  $prospectnum = $1;
 
   die "access denied"
     unless $curuser->access_right(($prospectnum ? 'Edit' : 'New'). ' prospect');
 
 } elsif ( $cgi->keywords ) { #editing
 
+  my($query) = $cgi->keywords;
+  $query =~ /^(\d+)$/ or die 'no prospectnum';
+  $prospectnum = $1;
+
   die "access denied"
     unless $curuser->access_right('Edit prospect');
 
 } else { #new prospect 
 
+  $prospectnum = '';
+
   die "access denied"
     unless $curuser->access_right('New prospect');