From 927c5d63b382dedd6059a149961540af1ca17e30 Mon Sep 17 00:00:00 2001
From: Jonathan Prykop <jonathan@freeside.biz>
Date: Tue, 26 Jan 2016 14:45:00 -0600
Subject: [PATCH] RT#38363: use cust_payby when saving cards during payments
 [minor fixes]

---
 FS/FS/cust_main.pm                  | 4 ++--
 FS/FS/payby.pm                      | 2 ++
 httemplate/elements/cust_payby.html | 6 +++++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/FS/FS/cust_main.pm b/FS/FS/cust_main.pm
index a202e3dde..0c109ceb9 100644
--- a/FS/FS/cust_main.pm
+++ b/FS/FS/cust_main.pm
@@ -2174,7 +2174,7 @@ sub cust_contact {
 Returns all payment methods (see L<FS::cust_payby>) for this customer.
 
 If one or more PAYBY are specified, returns only payment methods for specified PAYBY.
-Does not validate PAYBY--do not pass tainted values.
+Does not validate PAYBY.
 
 =cut
 
@@ -2186,7 +2186,7 @@ sub cust_payby {
     'hashref'  => { 'custnum' => $self->custnum },
     'order_by' => "ORDER BY payby IN ('CARD','CHEK') DESC, weight ASC",
   };
-  $search->{'extra_sql'} = ' AND payby IN ( ' . join(',', map { "'$_'" } @payby) . ' ) '
+  $search->{'extra_sql'} = ' AND payby IN ( ' . join(',', map { dbh->quote($_) } @payby) . ' ) '
     if @payby;
 
   qsearch($search);
diff --git a/FS/FS/payby.pm b/FS/FS/payby.pm
index 530d88d80..b84965587 100644
--- a/FS/FS/payby.pm
+++ b/FS/FS/payby.pm
@@ -41,6 +41,8 @@ Payment types.
 # - a customer saved payment type (cust_payby.payby)
 # - a payment or refund type (cust_pay.payby, cust_pay_batch.payby, cust_refund.payby)
 
+# customer methods that start with 'D' will be interpreted as on-demand
+
 tie %hash, 'Tie::IxHash',
   'CARD' => {
     tinyname  => 'card',
diff --git a/httemplate/elements/cust_payby.html b/httemplate/elements/cust_payby.html
index 5e0f09d3f..c7d4549df 100644
--- a/httemplate/elements/cust_payby.html
+++ b/httemplate/elements/cust_payby.html
@@ -216,7 +216,7 @@
   </TABLE>
 
 % }
-% unless ( $opt{'html_only'} ) {
+% unless ( $opt{'html_only'} || $payby_changed_init ) {
   <SCRIPT TYPE="text/javascript">
 
     function payby_changed(what) {
@@ -264,7 +264,11 @@
     }
 
   </SCRIPT>
+%   $payby_changed_init = 1;
 % }
+<%once>
+my $payby_changed_init = 0;
+</%once>
 <%init>
 
 my( %opt ) = @_;
-- 
2.20.1