projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Security update merged from 2.1.
[fa-stable.git]
/
manufacturing
/
search_work_orders.php
diff --git
a/manufacturing/search_work_orders.php
b/manufacturing/search_work_orders.php
index b4e0d2f5cb5401d02c601f0435aca1f6ab7a0dd3..cf93441cfaa7332ef74cc7f5e020667a52e9e1a7 100644
(file)
--- a/
manufacturing/search_work_orders.php
+++ b/
manufacturing/search_work_orders.php
@@
-185,17
+185,17
@@
if (check_value('OpenOnly') || $outstanding_only != 0)
if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != $all_items)
{
if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != $all_items)
{
- $sql .= " AND workorder.loc_code=
'" . $_POST['StockLocation'] . "' "
;
+ $sql .= " AND workorder.loc_code=
".db_escape($_POST['StockLocation'])
;
}
if (isset($_POST['OrderNumber']) && $_POST['OrderNumber'] != "")
{
}
if (isset($_POST['OrderNumber']) && $_POST['OrderNumber'] != "")
{
- $sql .= " AND workorder.wo_ref LIKE
'%". $_POST['OrderNumber'] . "%'"
;
+ $sql .= " AND workorder.wo_ref LIKE
".db_escape('%'.$_POST['OrderNumber'].'%')
;
}
if (isset($_POST['SelectedStockItem']) && $_POST['SelectedStockItem'] != $all_items)
{
}
if (isset($_POST['SelectedStockItem']) && $_POST['SelectedStockItem'] != $all_items)
{
- $sql .= " AND workorder.stock_id=
'". $_POST['SelectedStockItem'] . "'"
;
+ $sql .= " AND workorder.stock_id=
".db_escape($_POST['SelectedStockItem'])
;
}
if (check_value('OverdueOnly'))
}
if (check_value('OverdueOnly'))