diff --git a/TrsrDB/HTTP/Account.pm b/TrsrDB/HTTP/Account.pm
index 8051589..8368751 100644
--- a/TrsrDB/HTTP/Account.pm
+++ b/TrsrDB/HTTP/Account.pm
@@ -43,18 +43,27 @@ sub upsert {
if ( $self->req->method eq 'POST' ) {
my $p = $self->req->params->to_hash;
+
if ( ($p->{IBAN}//q{}) eq q{*} ) {
$p->{IBAN} = q{};
}
elsif ( !$iban ) {
delete $p->{IBAN};
}
+
+ if ( $p->{ID} !~ m{ \A [a-z] \w+ \z }aixms ) {
+ die "Invalid ID: Must consist of ascii letters/numbers/",
+ "underscores, but always begin with a letter";
+ }
+
for my $field ($account->result_source->columns) {
my $value = $p->{ $field };
$account->$field($value);
}
+
$account->update_or_insert();
$self->redirect_to("home");
+
}
else {
if ( defined( $iban ) ) {
diff --git a/templates/account/list.html.ep b/templates/account/list.html.ep
index 5cd646f..8b15d12 100644
--- a/templates/account/list.html.ep
+++ b/templates/account/list.html.ep
@@ -17,8 +17,8 @@
<%= $inter_header->($t) %>
% }
% my $u = $account->ID;
-| <%= $u %> |
- <%= $bal->even_until // "never" %> | <%== money $bal->arrears %> |  |  |
+
|---|
| <%= $u %> |
+ <%= $bal->even_until // "never" %> | <%== money $bal->arrears %> | | |
% my $which = ($bal->arrears && 1) + ($bal->available && 1);
% if ( $which == 2 ) {
@@ -32,7 +32,7 @@
% else {
% }
- | <%== money $bal->available %> | |  | <%== money $bal->earned %> | <%== money $bal->promised %> | History | Report |
|---|
+ <%== money $bal->available %> | | | <%== money $bal->earned %> | <%== money $bal->promised %> | History | Report |
% } # while