prevent reload loops on process pages, #71249

[freeside.git] / httemplate / misc / process / recharge_svc.html

diff --git a/httemplate/misc/process/recharge_svc.html b/httemplate/misc/process/recharge_svc.html
index 5f68bf1..88a1f7f 100755 (executable)
--- a/httemplate/misc/process/recharge_svc.html
+++ b/httemplate/misc/process/recharge_svc.html
@@ -4,7 +4,7 @@
 %} else {
 <% header("Package recharged") %>
   <SCRIPT TYPE="text/javascript">
-    window.top.location.reload();
+    topreload();
   </SCRIPT>
   </BODY></HTML>
 %}
@@ -22,6 +22,7 @@ $svcnum = $1;
 
 #untaint prepaid
 my $prepaid = $cgi->param('prepaid');
+$prepaid =~ s/\W//g;
 $prepaid =~ /^(\w*)$/;
 $prepaid = $1;
 
@@ -62,6 +63,7 @@ unless ($error) {
     $error = $cust_main->charge($amount, "Recharge " . $svc_acct->label,
                                 $description, $part_pkg->taxclass);
 
+    $error ||= "invalid $_" foreach grep { $rhash{$_} !~ /^\d*$/ } keys %rhash;
     if ($part_pkg->option('recharge_reset', 1)) {
       $error ||= $svc_acct->set_usage(\%rhash, 'null' => 1);
     }else{