[freeside-commits] freeside/fs_selfservice/FS-SelfService/cgi
selfservice.cgi, 1.20, 1.21 make_payment.html, 1.12, 1.13
Ivan,,,
ivan at wavetail.420.am
Sun Jan 21 18:42:10 PST 2007
- Previous message: [freeside-commits] freeside/FS/FS/ClientAPI MyAccount.pm,1.50,1.51
- Next message: [freeside-commits] freeside/httemplate/elements phonenumber.html,
1.3, 1.4 progress-init.html, 1.10, 1.11 progress-popup.html,
1.6, 1.7 tr-input-beginning_ending.html, 1.3,
1.4 tr-input-date-field.html, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /home/cvs/cvsroot/freeside/fs_selfservice/FS-SelfService/cgi
In directory wavetail:/tmp/cvs-serv4912/fs_selfservice/FS-SelfService/cgi
Modified Files:
selfservice.cgi make_payment.html
Log Message:
accept CVV2 on self-service manual payment screen
Index: selfservice.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/fs_selfservice/FS-SelfService/cgi/selfservice.cgi,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -d -r1.20 -r1.21
--- selfservice.cgi 5 Jan 2007 05:19:35 -0000 1.20
+++ selfservice.cgi 22 Jan 2007 02:42:07 -0000 1.21
@@ -238,6 +238,10 @@
use Business::CreditCard;
+ #we should only do basic checking here for DoS attacks and things
+ #that couldn't be constructed by the web form... let process_payment() do
+ #the rest, it gives better error messages
+
$cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/
or die "illegal amount"; #!!!
my $amount = $1;
@@ -258,6 +262,9 @@
or die "not a ". $cgi->param('card_type');
}
+ $cgi->param('paycvv') =~ /^\s*(.{0,4})\s*$/ or die "illegal CVV2";
+ my $paycvv = $1;
+
$cgi->param('month') =~ /^(\d{2})$/ or die "illegal month";
my $month = $1;
$cgi->param('year') =~ /^(\d{4})$/ or die "illegal year";
@@ -294,6 +301,7 @@
'session_id' => $session_id,
'amount' => $amount,
'payinfo' => $payinfo,
+ 'paycvv' => $paycvv,
'month' => $month,
'year' => $year,
'payname' => $payname,
Index: make_payment.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/fs_selfservice/FS-SelfService/cgi/make_payment.html,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- make_payment.html 8 Jun 2005 09:03:06 -0000 1.12
+++ make_payment.html 22 Jan 2007 02:42:08 -0000 1.13
@@ -1,5 +1,18 @@
<HTML><HEAD><TITLE>MyAccount</TITLE></HEAD>
-<BODY BGCOLOR="#eeeeee"><FONT SIZE=5>MyAccount</FONT><BR><BR>
+<BODY BGCOLOR="#eeeeee">
+<script language="JavaScript"><!--
+ var mywindow = -1;
+ function myopen(filename,windowname,properties) {
+ myclose();
+ mywindow = window.open(filename,windowname,properties);
+ }
+ function myclose() {
+ if ( mywindow != -1 )
+ mywindow.close();
+ mywindow = -1
+ }
+//--></script>
+<FONT SIZE=5>MyAccount</FONT><BR><BR>
<%= $url = "$selfurl?session=$session_id;action="; ''; %>
<%= include('myaccount_menu') %>
<TD VALIGN="top">
@@ -60,6 +73,9 @@
</TABLE>
</TD>
</TR><TR>
+ <TD ALIGN="right">CVV2 (<A HREF="javascript:myopen('cvv2.html','cvv2','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=yes,copyhistory=no,width=480,height=288')">help</A>)</TD>
+ <TD><INPUT TYPE="text" NAME="paycvv" VALUE="" SIZE=4 MAXLENGTH=4></TD></TR>
+</TR><TR>
<TD ALIGN="right">Exact name on card</TD>
<TD><INPUT TYPE="text" SIZE=32 MAXLENGTH=80 NAME="payname" VALUE="<%=$payname%>"></TD>
</TR><TR>
- Previous message: [freeside-commits] freeside/FS/FS/ClientAPI MyAccount.pm,1.50,1.51
- Next message: [freeside-commits] freeside/httemplate/elements phonenumber.html,
1.3, 1.4 progress-init.html, 1.10, 1.11 progress-popup.html,
1.6, 1.7 tr-input-beginning_ending.html, 1.3,
1.4 tr-input-date-field.html, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the freeside-commits
mailing list