Index: trunk/cgi-bin/main.cgi
===================================================================
--- trunk/cgi-bin/main.cgi	(revision 74)
+++ trunk/cgi-bin/main.cgi	(revision 87)
@@ -828,5 +828,5 @@
 my $city;	# Shut up Perl's "strict" scoping/usage check.
       $sql = "select * from poolips where available='y' and".
-	" ptype='$base' and city='$webvar{city}'";
+	" ptype='$base' and city='$webvar{pop}'";
     }
 
@@ -839,6 +839,9 @@
       $ipcount{$data[0]}++;
     }
+    $sth = $ip_dbh->prepare("select city from allocations where cidr=?");
     foreach my $key (keys %ipcount) {
-      $optionlist .= "<option value='$key'>$key [$ipcount{$key} free IP(s)]</option>\n";
+      $sth->execute($key);
+      my @data = $sth->fetchrow_array;
+      $optionlist .= "<option value='$key'>$key [$ipcount{$key} free IP(s)] in $data[0]</option>\n";
     }
     $cidr = "Single static IP";
@@ -931,6 +934,8 @@
   $html =~ s|\$\$ALLOC_FROM\$\$|$alloc_from|g;
   $html =~ s|\$\$CIDR\$\$|$cidr|g;
+  $webvar{city} = desanitize($webvar{city});
   $html =~ s|\$\$CITY\$\$|$webvar{city}|g;
   $html =~ s|\$\$CUSTID\$\$|$webvar{custid}|g;
+  $webvar{circid} = desanitize($webvar{circid});
   $html =~ s|\$\$CIRCID\$\$|$webvar{circid}|g;
   $webvar{desc} = desanitize($webvar{desc});
@@ -1156,5 +1161,5 @@
       printAndExit("Please enter a customer ID.");
     }
-    if ($webvar{custid} !~ /^(?:\d{10}|\d{7}|STAFF)(?:-\d\d?)?$/) {
+    if ($webvar{custid} !~ /^(?:\d{10}|\d{7}|STAFF|TEMP)(?:-\d\d?)?$/) {
       printAndExit("Please enter a valid customer ID- this must be a 7- or 10-digit number, or STAFF for static IPs for staff.");
     }