return { 'error' => gettext('unknown_card_type') }
if cardtype($payinfo) eq "Unknown";
- if ( defined $cust_main->dbdef_table->column('paycvv') ) {
- if ( length($p->{'paycvv'} ) ) {
- if ( cardtype($payinfo) eq 'American Express card' ) {
- $p->{'paycvv'} =~ /^(\d{4})$/
- or return { 'error' => "CVV2 (CID) for American Express cards is four digits." };
- $paycvv = $1;
- } else {
- $p->{'paycvv'} =~ /^(\d{3})$/
- or return { 'error' => "CVV2 (CVC2/CID) is three digits." };
- $paycvv = $1;
- }
+ if ( length($p->{'paycvv'}) && $p->{'paycvv'} !~ /^\s*$/ ) {
+ if ( cardtype($payinfo) eq 'American Express card' ) {
+ $p->{'paycvv'} =~ /^\s*(\d{4})\s*$/
+ or return { 'error' => "CVV2 (CID) for American Express cards is four digits." };
+ $paycvv = $1;
+ } else {
+ $p->{'paycvv'} =~ /^\s*(\d{3})\s*$/
+ or return { 'error' => "CVV2 (CVC2/CID) is three digits." };
+ $paycvv = $1;
}
}
<HTML><HEAD><TITLE>MyAccount</TITLE></HEAD>
-<BODY BGCOLOR="#eeeeee"><FONT SIZE=5>MyAccount</FONT><BR><BR>
+<BODY BGCOLOR="#eeeeee">
+<script language="JavaScript"><!--
+ var mywindow = -1;
+ function myopen(filename,windowname,properties) {
+ myclose();
+ mywindow = window.open(filename,windowname,properties);
+ }
+ function myclose() {
+ if ( mywindow != -1 )
+ mywindow.close();
+ mywindow = -1
+ }
+//--></script>
+<FONT SIZE=5>MyAccount</FONT><BR><BR>
<%= $url = "$selfurl?session=$session_id;action="; ''; %>
<%= include('myaccount_menu') %>
<TD VALIGN="top">
</TABLE>
</TD>
</TR><TR>
+ <TD ALIGN="right">CVV2 (<A HREF="javascript:myopen('cvv2.html','cvv2','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=yes,copyhistory=no,width=480,height=288')">help</A>)</TD>
+ <TD><INPUT TYPE="text" NAME="paycvv" VALUE="" SIZE=4 MAXLENGTH=4></TD></TR>
+</TR><TR>
<TD ALIGN="right">Exact name on card</TD>
<TD><INPUT TYPE="text" SIZE=32 MAXLENGTH=80 NAME="payname" VALUE="<%=$payname%>"></TD>
</TR><TR>
use Business::CreditCard;
+ #we should only do basic checking here for DoS attacks and things
+ #that couldn't be constructed by the web form... let process_payment() do
+ #the rest, it gives better error messages
+
$cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/
or die "illegal amount"; #!!!
my $amount = $1;
or die "not a ". $cgi->param('card_type');
}
+ $cgi->param('paycvv') =~ /^\s*(.{0,4})\s*$/ or die "illegal CVV2";
+ my $paycvv = $1;
+
$cgi->param('month') =~ /^(\d{2})$/ or die "illegal month";
my $month = $1;
$cgi->param('year') =~ /^(\d{4})$/ or die "illegal year";
'session_id' => $session_id,
'amount' => $amount,
'payinfo' => $payinfo,
+ 'paycvv' => $paycvv,
'month' => $month,
'year' => $year,
'payname' => $payname,