From ac50269d081f6490705d103186e5b89baac58930 Mon Sep 17 00:00:00 2001
From: Mitch Jackson <mitch@freeside.biz>
Date: Sun, 4 Nov 2018 10:07:30 -0500
Subject: [PATCH] RT# 81616 Mask CVV on Process Card Payment page

---
 httemplate/misc/payment.cgi         | 2 +-
 httemplate/misc/process/payment.cgi | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/httemplate/misc/payment.cgi b/httemplate/misc/payment.cgi
index 9e530cf0a..b882da061 100644
--- a/httemplate/misc/payment.cgi
+++ b/httemplate/misc/payment.cgi
@@ -42,7 +42,7 @@
 %   my $payname = $cust_main->first. ' '. $cust_main->getfield('last');
 %   if ( $cust_main->payby =~ /^(CARD|DCRD)$/ ) {
 %     $payinfo = $cust_main->paymask;
-%     $paycvv = $cust_main->paycvv;
+%     ( $paycvv = $cust_main->paycvv ) =~ s/./*/g;
 %     ( $month, $year ) = $cust_main->paydate_monthyear;
 %     $payname = $cust_main->payname if $cust_main->payname;
 %   } elsif ($disable_payauto_default) {
diff --git a/httemplate/misc/process/payment.cgi b/httemplate/misc/process/payment.cgi
index 5f945a71a..6163b93dd 100644
--- a/httemplate/misc/process/payment.cgi
+++ b/httemplate/misc/process/payment.cgi
@@ -124,7 +124,9 @@ if ( $payby eq 'CHEK' ) {
 
   if ( defined $cust_main->dbdef_table->column('paycvv') ) {
     if ( length($cgi->param('paycvv') ) ) {
-      if ( cardtype($payinfo) eq 'American Express card' ) {
+      if ( $cgi->param('paycvv') =~ /^\*+$/ ) {
+        $paycvv = $cust_main->paycvv;
+      } elsif ( cardtype($payinfo) eq 'American Express card' ) {
         $cgi->param('paycvv') =~ /^(\d{4})$/
           or errorpage("CVV2 (CID) for American Express cards is four digits.");
         $paycvv = $1;
-- 
2.11.0