From: ivan <ivan>
Date: Sat, 4 May 2002 00:47:24 +0000 (+0000)
Subject: prevent stuff passed from template/user from being used in searches by signup server
X-Git-Tag: freeside_1_4_0_pre12~13
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=99230201dec5366bf58b33b29fb2f7ab4724b764

prevent stuff passed from template/user from being used in searches by signup server
---

diff --git a/FS/FS/cust_pkg.pm b/FS/FS/cust_pkg.pm
index 08c04a06b..a4256ea1f 100644
--- a/FS/FS/cust_pkg.pm
+++ b/FS/FS/cust_pkg.pm
@@ -225,7 +225,7 @@ sub check {
     return "Unknown customer ". $self->custnum unless $self->cust_main;
   }
 
-  return "Unknown pkgpart"
+  return "Unknown pkgpart: ". $self->pkgpart
     unless qsearchs( 'part_pkg', { 'pkgpart' => $self->pkgpart } );
 
   $self->otaker(getotaker) unless $self->otaker;
@@ -701,7 +701,7 @@ sub order {
 
 =head1 VERSION
 
-$Id: cust_pkg.pm,v 1.20 2002-04-22 21:23:16 ivan Exp $
+$Id: cust_pkg.pm,v 1.21 2002-05-04 00:47:24 ivan Exp $
 
 =head1 BUGS
 
diff --git a/fs_signup/fs_signup_server b/fs_signup/fs_signup_server
index e8aa6ed64..70045e63b 100755
--- a/fs_signup/fs_signup_server
+++ b/fs_signup/fs_signup_server
@@ -142,9 +142,12 @@ while (1) {
 
     my @invoicing_list = split( /\s*\,\s*/, $signup_data->{'invoicing_list'} );
 
+    $signup_data->{'pkgpart'} =~ /^(\d+)$/ or '' =~ /^()$/;
+    my $pkgpart = $1;
+
     my $part_pkg =
-      qsearchs( 'part_pkg', { 'pkgpart' => $signup_data->{'pkgpart'} } )
-        or $error ||= "WARNING: unknown pkgpart ". $signup_data->{pkgpart};
+      qsearchs( 'part_pkg', { 'pkgpart' => $pkgpart } )
+        or $error ||= "WARNING: unknown pkgpart: $pkgpart";
     my $svcpart = $part_pkg->svcpart unless $error;
 
     my $cust_pkg = new FS::cust_pkg ( {