From: Ivan Kohler <ivan@freeside.biz>
Date: Thu, 18 Aug 2016 20:56:11 +0000 (-0700)
Subject: Fix Prospect edit, from Fernando-Kiernan
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=7e9422a954e8249627c256b53080ee6afeeed913

Fix Prospect edit, from Fernando-Kiernan
---

diff --git a/httemplate/edit/prospect_main.html b/httemplate/edit/prospect_main.html
index 7c02538f8..6aefe80d0 100644
--- a/httemplate/edit/prospect_main.html
+++ b/httemplate/edit/prospect_main.html
@@ -34,8 +34,10 @@
        { 'field'             => 'contactnum',
          'type'              => 'contact',
          'colspan'           => 7,
-         'o2m_table'      => 'contact',
-         'm2_label'       => 'Contact',
+         'prospectnum'       => $prospectnum,
+         'm2m_method'        => 'prospect_contact',
+         'm2m_dstcol'        => 'contactnum',
+         'm2_label'          => 'Contact',
          'm2_error_callback' => $m2_error_callback,
 
        },
@@ -69,18 +71,25 @@ my $conf = new FS::Conf;
 
 my $prospectnum;
 if ( $cgi->param('error') ) {
-  $prospectnum = scalar($cgi->param('prospectnum'));
+  $cgi->param('prospectnum') =~ /^(\d*)$/ or die 'illegal prospectnum';
+  $prospectnum = $1;
 
   die "access denied"
     unless $curuser->access_right(($prospectnum ? 'Edit' : 'New'). ' prospect');
 
 } elsif ( $cgi->keywords ) { #editing
 
+  my($query) = $cgi->keywords;
+  $query =~ /^(\d+)$/ or die 'no prospectnum';
+  $prospectnum = $1;
+
   die "access denied"
     unless $curuser->access_right('Edit prospect');
 
 } else { #new prospect 
 
+  $prospectnum = '';
+
   die "access denied"
     unless $curuser->access_right('New prospect');