From: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com> Date: Tue, 26 Jul 2011 22:01:52 +0000 (-0400) Subject: Confirm CC payments with another page load, not confirm() popup X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=52103ef04e091cd05a6049b6657256238889370a;p=contrib%2FConifer.git Confirm CC payments with another page load, not confirm() popup This does something gross. Your CC card number is rendered in a hidden field on the last confirmation page. At least it's all SSL only. Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com> --- diff --git a/Open-ILS/web/templates/default/opac/myopac/main_payment_form.tt2 b/Open-ILS/web/templates/default/opac/myopac/main_payment_form.tt2 index 592c42dd50..52534d2a69 100644 --- a/Open-ILS/web/templates/default/opac/myopac/main_payment_form.tt2 +++ b/Open-ILS/web/templates/default/opac/myopac/main_payment_form.tt2 @@ -3,6 +3,9 @@ WRAPPER "default/opac/parts/myopac/main_base.tt2"; myopac_page = "main"; myopac_main_page = "payment_form"; + + last_chance = CGI.param("last_chance"); + %] [% IF ctx.fines.balance_owed <= 0 %] <div> @@ -11,14 +14,26 @@ </div> [% ELSE %] <div id="pay_fines_now"> - <form action="[% ctx.opac_root %]/myopac/main_pay" method="POST" - onsubmit="return confirm('[% l("Are you sure you are ready to charge [_1] to your credit card?", money(ctx.fines.balance_owed)) %]');"> + [% IF last_chance %] + <p><big>[% l("Are you sure you are ready to charge [_1] to your credit card?", money(ctx.fines.balance_owed)) %]</big></p> + <form action="[% ctx.opac_root %]/myopac/main_pay" method="POST"> + [% FOR k IN CGI.Vars; + NEXT UNLESS k %] + <input type="hidden" name="[% k | html %]" value="[% CGI.param(k) | html %]" /> + [% END %] + <input type="submit" value="[% l('Submit Payment') %]" /> + <input type="reset" value="[% l('Cancel') %]" + onclick="history.go(-1);" /> + [% ELSE %] + <form method="POST"> + <input type="hidden" name="last_chance" value="1" /> [% FOR xact IN CGI.param('xact') %] <input type="hidden" name="xact" value="[% xact | html %]" /> [% END %] [% FOR xact IN CGI.param('xact_misc') %] <input type="hidden" name="xact_misc" value="[% xact | html %]" /> [% END %] + <table> <tbody> <tr> @@ -157,7 +172,7 @@ </tr> <tr> <td colspan='2' align="center"> - <input type="submit" value="[% l('Submit Payment') %]" /> + <input type="submit" value="[% l('Next') %]" /> <input type="reset" value="[% l('Cancel') %]" onclick="history.go(-1);" /> </td> @@ -165,6 +180,7 @@ [% INCLUDE "default/opac/parts/myopac/main_refund_policy.tt2" %] </tbody> </table> + [% END %] </form> </div> [% END %]