From: ivan Date: Sun, 10 Feb 2002 18:56:49 +0000 (+0000) Subject: use unique tokens to prevent double-submission of payments in the web UI X-Git-Tag: freeside_1_4_0pre11~78 X-Git-Url: http://git.freeside.biz/gitweb/?a=commitdiff_plain;h=ddb53fcc9fc80561354b97e4e7803004990138d0;p=freeside.git use unique tokens to prevent double-submission of payments in the web UI (closes: Bug#320) --- diff --git a/FS/FS/cust_pay.pm b/FS/FS/cust_pay.pm index 839571a95..6156eadeb 100644 --- a/FS/FS/cust_pay.pm +++ b/FS/FS/cust_pay.pm @@ -136,6 +136,17 @@ sub insert { } } + if ( $self->paybatch =~ /^webui-/ ) { + my @cust_pay = qsearch('cust_pay', { + 'custnum' => $self->custnum, + 'paybatch' => $self->paybatch, + } ); + if ( scalar(@cust_pay) > 1 ) { + $dbh->rollback if $oldAutoCommit; + return "a payment with webui token ". $self->paybatch. " already exists"; + } + } + $dbh->commit or die $dbh->errstr if $oldAutoCommit; #false laziness w/ cust_credit::insert @@ -348,7 +359,7 @@ sub unapplied { =head1 VERSION -$Id: cust_pay.pm,v 1.16 2002-02-07 22:29:34 ivan Exp $ +$Id: cust_pay.pm,v 1.17 2002-02-10 18:56:49 ivan Exp $ =head1 BUGS diff --git a/README.1.4.0pre9 b/README.1.4.0pre9 new file mode 100644 index 000000000..3ab2b4233 --- /dev/null +++ b/README.1.4.0pre9 @@ -0,0 +1,19 @@ +the following is necessary to upgrade from 1.4.0pre8 to 1.4.0pre9 + +if you're upgradeing from before 1.4.0pre8 see README.1.4.0pre8 first! + +if you're upgrading from 1.3.1 follow the instructions in +httemplate/docs/upgrade8.html instead + +----- + +install the FS perl modules and httemplate as per install.html or upgrade8.html + +CREATE INDEX cust_pay2 ON cust_pay ( paynum ); +CREATE INDEX cust_pay3 ON cust_pay ( custnum ); +CREATE INDEX cust_pay4 ON cust_pay ( paybatch ); + +Run bin/dbdef-create + +Restart Apache and freeside-queued + diff --git a/bin/fs-setup b/bin/fs-setup index 07c9709a1..5f8059425 100755 --- a/bin/fs-setup +++ b/bin/fs-setup @@ -1,6 +1,6 @@ #!/usr/bin/perl -Tw # -# $Id: fs-setup,v 1.75 2002-02-06 15:07:49 ivan Exp $ +# $Id: fs-setup,v 1.76 2002-02-10 18:56:49 ivan Exp $ #to delay loading dbdef until we're ready BEGIN { $FS::Record::setup_hack = 1; } @@ -500,7 +500,7 @@ sub tables_hash_hack { ], 'primary_key' => 'billpaynum', 'unique' => [ [] ], - 'index' => [ [ 'paynum', 'invnum' ] ], + 'index' => [ [ 'paynum' ], [ 'custnum' ], [ 'paybatch' ] ], }, 'cust_pay_batch' => { #what's this used for again? list of customers diff --git a/httemplate/docs/upgrade8.html b/httemplate/docs/upgrade8.html index b243eba75..2c7008a6c 100644 --- a/httemplate/docs/upgrade8.html +++ b/httemplate/docs/upgrade8.html @@ -192,6 +192,9 @@ CREATE INDEX cust_credit_refund1 ON cust_credit_refund ( crednum ); CREATE INDEX cust_credit_refund2 ON cust_credit_refund ( refundnum ); CREATE UNIQUE INDEX cust_pay_batch_pkey ON cust_pay_batch ( paybatchnum ); CREATE UNIQUE INDEX part_svc_column1 ON part_svc_column ( svcpart, columnname ); +CREATE INDEX cust_pay2 ON cust_pay ( paynum ); +CREATE INDEX cust_pay3 ON cust_pay ( custnum ); +CREATE INDEX cust_pay4 ON cust_pay ( paybatch );
  • If you are using PostgreSQL, apply the following changes to your database: diff --git a/httemplate/edit/cust_pay.cgi b/httemplate/edit/cust_pay.cgi index 27d36eb54..f6ae7b299 100755 --- a/httemplate/edit/cust_pay.cgi +++ b/httemplate/edit/cust_pay.cgi @@ -32,6 +32,8 @@ if ( $cgi->param('error') ) { } my $_date = time; +my $paybatch = "webui-$_date-$$-". rand() * 2**32; + my $p1 = popurl(1); print header("Post payment", ''); @@ -111,11 +113,12 @@ print qq!Check #Auto-apply
    to invoices!; +print ""; + #paybatch -print qq!!; +print qq!!; print <