From b0db5181d8f88bfa9104c189b4860a9dd7649e21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C4=93teris=20Caune?= Date: Wed, 2 Oct 2019 17:28:20 +0300 Subject: [PATCH] Don't validate plan_id if it has not changed from the old value (when updating payment method). --- hc/payments/views.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hc/payments/views.py b/hc/payments/views.py index 6405e655..86d9c8d3 100644 --- a/hc/payments/views.py +++ b/hc/payments/views.py @@ -91,9 +91,6 @@ def update(request): plan_id = request.POST["plan_id"] nonce = request.POST["nonce"] - if plan_id not in ("", "P20", "P80", "Y192", "Y768"): - return HttpResponseBadRequest() - sub = Subscription.objects.for_user(request.user) # If plan_id has not changed then just update the payment method: if plan_id == sub.plan_id: @@ -104,6 +101,9 @@ def update(request): request.session["payment_method_status"] = "success" return redirect("hc-billing") + if plan_id not in ("", "P20", "P80", "Y192", "Y768"): + return HttpResponseBadRequest() + # Cancel the previous plan and reset limits: sub.cancel()