MyAccount

From: ivan Date: Mon, 22 Jan 2007 02:42:08 +0000 (+0000) Subject: accept CVV2 on self-service manual payment screen X-Git-Tag: TRIXBOX_2_6~739 X-Git-Url: http://git.freeside.biz/gitweb/?a=commitdiff_plain;h=25f6e4198b75ba4299753eceaa96f35739581ed9;p=freeside.git accept CVV2 on self-service manual payment screen --- diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm index 0ab1d8a0b..675ae0b66 100644 --- a/FS/FS/ClientAPI/MyAccount.pm +++ b/FS/FS/ClientAPI/MyAccount.pm @@ -326,17 +326,15 @@ sub process_payment { return { 'error' => gettext('unknown_card_type') } if cardtype($payinfo) eq "Unknown"; - if ( defined $cust_main->dbdef_table->column('paycvv') ) { - if ( length($p->{'paycvv'} ) ) { - if ( cardtype($payinfo) eq 'American Express card' ) { - $p->{'paycvv'} =~ /^(\d{4})$/ - or return { 'error' => "CVV2 (CID) for American Express cards is four digits." }; - $paycvv = $1; - } else { - $p->{'paycvv'} =~ /^(\d{3})$/ - or return { 'error' => "CVV2 (CVC2/CID) is three digits." }; - $paycvv = $1; - } + if ( length($p->{'paycvv'}) && $p->{'paycvv'} !~ /^\s*$/ ) { + if ( cardtype($payinfo) eq 'American Express card' ) { + $p->{'paycvv'} =~ /^\s*(\d{4})\s*$/ + or return { 'error' => "CVV2 (CID) for American Express cards is four digits." }; + $paycvv = $1; + } else { + $p->{'paycvv'} =~ /^\s*(\d{3})\s*$/ + or return { 'error' => "CVV2 (CVC2/CID) is three digits." }; + $paycvv = $1; } } diff --git a/fs_selfservice/FS-SelfService/cgi/make_payment.html b/fs_selfservice/FS-SelfService/cgi/make_payment.html index 1bbbe90b2..64b1e00b5 100644 --- a/fs_selfservice/FS-SelfService/cgi/make_payment.html +++ b/fs_selfservice/FS-SelfService/cgi/make_payment.html @@ -1,5 +1,18 @@ MyAccount -MyAccount

+ + +MyAccount

<%= $url = "$selfurl?session=$session_id;action="; ''; %> <%= include('myaccount_menu') %> @@ -60,6 +73,9 @@ + CVV2 (help) + + Exact name on card diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi index 1fc2e5f8b..975203dc8 100644 --- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi +++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi @@ -238,6 +238,10 @@ sub payment_results { use Business::CreditCard; + #we should only do basic checking here for DoS attacks and things + #that couldn't be constructed by the web form... let process_payment() do + #the rest, it gives better error messages + $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/ or die "illegal amount"; #!!! my $amount = $1; @@ -258,6 +262,9 @@ sub payment_results { or die "not a ". $cgi->param('card_type'); } + $cgi->param('paycvv') =~ /^\s*(.{0,4})\s*$/ or die "illegal CVV2"; + my $paycvv = $1; + $cgi->param('month') =~ /^(\d{2})$/ or die "illegal month"; my $month = $1; $cgi->param('year') =~ /^(\d{4})$/ or die "illegal year"; @@ -294,6 +301,7 @@ sub payment_results { 'session_id' => $session_id, 'amount' => $amount, 'payinfo' => $payinfo, + 'paycvv' => $paycvv, 'month' => $month, 'year' => $year, 'payname' => $payname,