projects
/
freeside.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
6edcac3
)
RT# 80869 Harden process payment screen against Edge browser bug
author
Mitch Jackson
<mitch@freeside.biz>
Sun, 26 Aug 2018 21:07:46 +0000
(17:07 -0400)
committer
Mitch Jackson
<mitch@freeside.biz>
Sun, 26 Aug 2018 22:17:37 +0000
(18:17 -0400)
httemplate/elements/city.html
patch
|
blob
|
history
httemplate/elements/cust_payby_new.html
patch
|
blob
|
history
httemplate/elements/select-country.html
patch
|
blob
|
history
httemplate/elements/select-month_year.html
patch
|
blob
|
history
httemplate/elements/select-state.html
patch
|
blob
|
history
httemplate/elements/select-table.html
patch
|
blob
|
history
httemplate/misc/process/payment.cgi
patch
|
blob
|
history
diff --git
a/httemplate/elements/city.html
b/httemplate/elements/city.html
index
4e9a609
..
05250fe
100644
(file)
--- a/
httemplate/elements/city.html
+++ b/
httemplate/elements/city.html
@@
-132,14
+132,14
@@
function <% $pre %>county_changed(what, callback) {}
>
% unless ( $opt{'disable_empty'} ) {
>
% unless ( $opt{'disable_empty'} ) {
- <OPTION VALUE="" <% $opt{city} eq '' ? 'SELECTED' : '' %>><% $opt{empty_label} %>
+ <OPTION VALUE="" <% $opt{city} eq '' ? 'SELECTED' : '' %>><% $opt{empty_label} %>
</OPTION>
% }
% foreach my $city ( @cities ) {
<OPTION VALUE="<% $city |h %>"
<% $city eq $opt{city} ? 'SELECTED' : '' %>
% }
% foreach my $city ( @cities ) {
<OPTION VALUE="<% $city |h %>"
<% $city eq $opt{city} ? 'SELECTED' : '' %>
- ><% $city eq $opt{empty_data_value} ? $opt{empty_data_label} : $city %>
+ ><% $city eq $opt{empty_data_value} ? $opt{empty_data_label} : $city %>
</OPTION>
% }
% }
diff --git
a/httemplate/elements/cust_payby_new.html
b/httemplate/elements/cust_payby_new.html
index
7ed0496
..
8b1d93d
100644
(file)
--- a/
httemplate/elements/cust_payby_new.html
+++ b/
httemplate/elements/cust_payby_new.html
@@
-4,7
+4,6
@@
% my( $payinfo, $paycvv, $month, $year ) = ( '', '', '', '' );
% my $payname = $cust_main->first. ' '. $cust_main->getfield('last');
% my $location = $cust_main->bill_location;
% my( $payinfo, $paycvv, $month, $year ) = ( '', '', '', '' );
% my $payname = $cust_main->first. ' '. $cust_main->getfield('last');
% my $location = $cust_main->bill_location;
-
<TR>
<TH ALIGN="right"><% mt('Card number') |h %></TH>
<TD COLSPAN=7>
<TR>
<TH ALIGN="right"><% mt('Card number') |h %></TH>
<TD COLSPAN=7>
@@
-15,21
+14,17
@@
<TH><% mt('Exp.') |h %></TH>
<TD>
<SELECT NAME="month">
<TH><% mt('Exp.') |h %></TH>
<TD>
<SELECT NAME="month">
-% for ( ( map "0$_", 1 .. 9 ), 10 .. 12 ) {
-
- <OPTION<% $_ == $month ? ' SELECTED' : '' %>><% $_ %>
+% for my $mm ( map{ sprintf( '%02d', $_ ) } (1..12) ) {
+ <OPTION value="<% $mm %>"<% $mm == $month ? ' SELECTED' : '' %>><% $mm %></OPTION>
% }
% }
-
</SELECT>
</TD>
<TD> / </TD>
<TD>
<SELECT NAME="year">
</SELECT>
</TD>
<TD> / </TD>
<TD>
<SELECT NAME="year">
-% my @a = localtime; for ( $a[5]+1900 .. $a[5]+1915 ) {
-
- <OPTION<% $_ == $year ? ' SELECTED' : '' %>><% $_ %>
+% my @a = localtime; for my $yyyy ( $a[5]+1900 .. $a[5]+1915 ) {
+ <OPTION value="<% $yyyy %>"<% $yyyy == $year ? ' SELECTED' : '' %>><% $yyyy %></OPTION>
% }
% }
-
</SELECT>
</TD>
</TR>
</SELECT>
</TD>
</TR>
@@
-162,7
+157,7
@@
<% mt('as') |h %>
<SELECT NAME="weight">
% for ( 1 .. 1+scalar(grep { $_->payby =~ /^(CARD|CHEK)$/ } @cust_payby) ) {
<% mt('as') |h %>
<SELECT NAME="weight">
% for ( 1 .. 1+scalar(grep { $_->payby =~ /^(CARD|CHEK)$/ } @cust_payby) ) {
- <OPTION VALUE="<%$_%>"><% mt( $weight{$_} ) |h %>
+ <OPTION VALUE="<%$_%>"><% mt( $weight{$_} ) |h %>
</OPTION>
% }
</SELECT>
% } else {
% }
</SELECT>
% } else {
diff --git
a/httemplate/elements/select-country.html
b/httemplate/elements/select-country.html
index
c981479
..
2868267
100644
(file)
--- a/
httemplate/elements/select-country.html
+++ b/
httemplate/elements/select-country.html
@@
-91,15
+91,13
@@
Example:
>
% unless ( $opt{'disable_empty'} ) {
>
% unless ( $opt{'disable_empty'} ) {
- <OPTION VALUE=""><% $opt{'empty_label'} || '(all)' %>
+ <OPTION VALUE=""><% $opt{'empty_label'} || '(all)' %>
</OPTION>
% }
% foreach my $country ( @all_countries ) {
% }
% foreach my $country ( @all_countries ) {
-
- <OPTION VALUE="<% $country |h %>"
- <% $country eq $opt{'country'} ? ' SELECTED' : '' %>
- ><% FS::geocode_Mixin->code2country($country). " ($country)" %>
-
+ <OPTION VALUE="<% $country |h %>"<% $country eq $opt{'country'} ? ' SELECTED' : '' %>>
+ <% FS::geocode_Mixin->code2country($country). " ($country)" |h %>
+ </OPTION>
% }
</SELECT>
% }
</SELECT>
diff --git
a/httemplate/elements/select-month_year.html
b/httemplate/elements/select-month_year.html
index
62c10b1
..
406c13b
100644
(file)
--- a/
httemplate/elements/select-month_year.html
+++ b/
httemplate/elements/select-month_year.html
@@
-3,16
+3,15
@@
<% $empty ? '<OPTION VALUE="">' : '' %>
% foreach ( 1 .. 12 ) {
<% $empty ? '<OPTION VALUE="">' : '' %>
% foreach ( 1 .. 12 ) {
- <OPTION<% $_ == $mon ? ' SELECTED' : '' %> VALUE="<%
$_ %>"><% $mon[$_-1] %
>
+ <OPTION<% $_ == $mon ? ' SELECTED' : '' %> VALUE="<%
sprintf('%02d', $_) %>"><% $mon[$_-1] %></OPTION
>
% }
% }
-
</SELECT>/<SELECT NAME="<% $prefix %>_year" SIZE="1" <% $disabled%>>
<% $empty ? '<OPTION VALUE="">' : '' %>
% for ( $start_year .. $end_year ) {
</SELECT>/<SELECT NAME="<% $prefix %>_year" SIZE="1" <% $disabled%>>
<% $empty ? '<OPTION VALUE="">' : '' %>
% for ( $start_year .. $end_year ) {
- <OPTION<% $_ == $year ? ' SELECTED' : '' %> VALUE="<% $_ %>"><% $_ %>
+ <OPTION<% $_ == $year ? ' SELECTED' : '' %> VALUE="<% $_ %>"><% $_ %>
</OPTION>
% }
</SELECT>
% }
</SELECT>
diff --git
a/httemplate/elements/select-state.html
b/httemplate/elements/select-state.html
index
3fb5597
..
8db157b
100644
(file)
--- a/
httemplate/elements/select-state.html
+++ b/
httemplate/elements/select-state.html
@@
-27,16
+27,13
@@
Example:
>
% unless ( $opt{'disable_empty'} ) {
>
% unless ( $opt{'disable_empty'} ) {
- <OPTION VALUE=""<% $opt{state} eq '' ? ' SELECTED' : '' %>><% $opt{empty_label} %>
+ <OPTION VALUE=""<% $opt{state} eq '' ? ' SELECTED' : '' %>><% $opt{empty_label} %>
</OPTION>
% }
% foreach my $state ( keys %states ) {
% }
% foreach my $state ( keys %states ) {
-
- <OPTION VALUE="<% $state |h %>"<% $state eq $opt{'state'} ? ' SELECTED' : '' %>><% $states{$state} || '(n/a)' |h %>
-
+ <OPTION VALUE="<% $state |h %>"<% $state eq $opt{'state'} ? ' SELECTED' : '' %>><% $states{$state} || '(n/a)' |h %></OPTION>
% }
% }
-
</SELECT>
<%init>
</SELECT>
<%init>
diff --git
a/httemplate/elements/select-table.html
b/httemplate/elements/select-table.html
index
a52fdfa
..
d86b7ee
100644
(file)
--- a/
httemplate/elements/select-table.html
+++ b/
httemplate/elements/select-table.html
@@
-83,11
+83,11
@@
Example:
% || ( $value eq $pre_opt );
<OPTION VALUE="<% $pre_opt %>"
<% $selected ? 'SELECTED' : '' %>
% || ( $value eq $pre_opt );
<OPTION VALUE="<% $pre_opt %>"
<% $selected ? 'SELECTED' : '' %>
- ><% $pre_label %>
+ ><% $pre_label %>
</OPTION>
% }
% unless ( $opt{'multiple'} || $opt{'disable_empty'} ) {
% }
% unless ( $opt{'multiple'} || $opt{'disable_empty'} ) {
- <OPTION VALUE=""><% $opt{'empty_label'} || 'all' %>
+ <OPTION VALUE=""><% $opt{'empty_label'} || 'all' %>
</OPTION>
% }
% foreach my $record (
% }
% foreach my $record (
@@
-118,7
+118,7
@@
Example:
? &{ $opt{'label_callback'} }( $record )
: $record->$name_col()
|h
? &{ $opt{'label_callback'} }( $record )
: $record->$name_col()
|h
- %>
+ %>
</OPTION>
% }
% while ( @post_options ) {
% }
% while ( @post_options ) {
@@
-128,7
+128,7
@@
Example:
% || ( $value eq $post_opt );
<OPTION VALUE="<% $post_opt %>"
<% $selected ? 'SELECTED' : '' %>
% || ( $value eq $post_opt );
<OPTION VALUE="<% $post_opt %>"
<% $selected ? 'SELECTED' : '' %>
- ><% $post_label %>
+ ><% $post_label %>
</OPTION>
% }
</SELECT>
% }
</SELECT>
diff --git
a/httemplate/misc/process/payment.cgi
b/httemplate/misc/process/payment.cgi
index
d0e5896
..
7747bcb
100644
(file)
--- a/
httemplate/misc/process/payment.cgi
+++ b/
httemplate/misc/process/payment.cgi
@@
-100,11
+100,11
@@
if ( (my $custpaybynum = scalar($cgi->param('custpaybynum'))) > 0 ) {
# use new info
##
# use new info
##
- $cgi->param('year') =~ /^(\d
+)$
/
+ $cgi->param('year') =~ /^(\d
{4})
/
or errorpage("illegal year ". $cgi->param('year'));
$year = $1;
or errorpage("illegal year ". $cgi->param('year'));
$year = $1;
- $cgi->param('month') =~ /^(\d
+)$
/
+ $cgi->param('month') =~ /^(\d
{2})
/
or errorpage("illegal month ". $cgi->param('month'));
$month = $1;
or errorpage("illegal month ". $cgi->param('month'));
$month = $1;