RT#38363: use cust_payby when saving cards during payments [minor fixes]

diff --git a/FS/FS/cust_main.pm b/FS/FS/cust_main.pm
index a202e3d..0c109ce 100644 (file)
--- a/FS/FS/cust_main.pm
+++ b/FS/FS/cust_main.pm
@@ -2174,7 +2174,7 @@ sub cust_contact {
 Returns all payment methods (see L<FS::cust_payby>) for this customer.
 
 If one or more PAYBY are specified, returns only payment methods for specified PAYBY.
-Does not validate PAYBY--do not pass tainted values.
+Does not validate PAYBY.
 
 =cut
 
@@ -2186,7 +2186,7 @@ sub cust_payby {
     'hashref'  => { 'custnum' => $self->custnum },
     'order_by' => "ORDER BY payby IN ('CARD','CHEK') DESC, weight ASC",
   };
-  $search->{'extra_sql'} = ' AND payby IN ( ' . join(',', map { "'$_'" } @payby) . ' ) '
+  $search->{'extra_sql'} = ' AND payby IN ( ' . join(',', map { dbh->quote($_) } @payby) . ' ) '
     if @payby;
 
   qsearch($search);

diff --git a/FS/FS/payby.pm b/FS/FS/payby.pm
index 530d88d..b849655 100644 (file)
--- a/FS/FS/payby.pm
+++ b/FS/FS/payby.pm
@@ -41,6 +41,8 @@ Payment types.
 # - a customer saved payment type (cust_payby.payby)
 # - a payment or refund type (cust_pay.payby, cust_pay_batch.payby, cust_refund.payby)
 
+# customer methods that start with 'D' will be interpreted as on-demand
+
 tie %hash, 'Tie::IxHash',
   'CARD' => {
     tinyname  => 'card',

diff --git a/httemplate/elements/cust_payby.html b/httemplate/elements/cust_payby.html
index 5e0f09d..c7d4549 100644 (file)
--- a/httemplate/elements/cust_payby.html
+++ b/httemplate/elements/cust_payby.html
@@ -216,7 +216,7 @@
   </TABLE>
 
 % }
-% unless ( $opt{'html_only'} ) {
+% unless ( $opt{'html_only'} || $payby_changed_init ) {
   <SCRIPT TYPE="text/javascript">
 
     function payby_changed(what) {
@@ -264,7 +264,11 @@
     }
 
   </SCRIPT>
+%   $payby_changed_init = 1;
 % }
+<%once>
+my $payby_changed_init = 0;
+</%once>
 <%init>
 
 my( %opt ) = @_;