don't redirect to a GET with sensitive data, RT#26099

[freeside.git] / httemplate / edit / cust_main.cgi

diff --git a/httemplate/edit/cust_main.cgi b/httemplate/edit/cust_main.cgi
index 3f25db1..9e1b4b0 100755 (executable)
--- a/httemplate/edit/cust_main.cgi
+++ b/httemplate/edit/cust_main.cgi
@@ -241,6 +241,8 @@ my %svc_dsl = ();
 my $prospectnum = '';
 my $locationnum = '';
 
+$m->comp('/elements/handle_uri_query', 'secure'=>1);
+
 if ( $cgi->param('error') ) {
 
   $cust_main = new FS::cust_main ( {
@@ -294,7 +296,8 @@ if ( $cgi->param('error') ) {
   my( $query ) = $cgi->keywords;
   $query =~ /^(\d+)$/;
   $custnum=$1;
-  $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } );
+  $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
+    or die "custnum $custnum not found";
   if ( $cust_main->dbdef_table->column('paycvv')
        && length($cust_main->paycvv)             ) {
     my $paycvv = $cust_main->paycvv;