[0000313] Fixed multiply vulnerabilities.

[fa-stable.git] / reporting / rep104.php
diff --git a/reporting/rep104.php b/reporting/rep104.php

index e1cbdefc0ab145009abb72869b9be6e82aeff839..a9bec54ba2115c1e61c30dc8908d324f9216f868 100644 (file)
--- a/reporting/rep104.php
+++ b/reporting/rep104.php
@@ -1,12 +1,12 @@
  <?php
  /**********************************************************************
      Copyright (C) FrontAccounting, LLC.
  <?php
  /**********************************************************************
      Copyright (C) FrontAccounting, LLC.
-       Released under the terms of the GNU General Public License, GPL, 
-       as published by the Free Software Foundation, either version 3 
+       Released under the terms of the GNU General Public License, GPL,
+       as published by the Free Software Foundation, either version 3
         of the License, or (at your option) any later version.
      This program is distributed in the hope that it will be useful,
      but WITHOUT ANY WARRANTY; without even the implied warranty of
         of the License, or (at your option) any later version.
      This program is distributed in the hope that it will be useful,
      but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
      See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
  ***********************************************************************/
  $page_security = 'SA_PRICEREP';
      See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
  ***********************************************************************/
  $page_security = 'SA_PRICEREP';
@@ -34,13 +34,13 @@ function fetch_items($category=0)
  {
                 $sql = "SELECT ".TB_PREF."stock_master.stock_id, ".TB_PREF."stock_master.description AS name,
                                 ".TB_PREF."stock_master.material_cost+".TB_PREF."stock_master.labour_cost+".TB_PREF."stock_master.overhead_cost AS Standardcost,
  {
                 $sql = "SELECT ".TB_PREF."stock_master.stock_id, ".TB_PREF."stock_master.description AS name,
                                 ".TB_PREF."stock_master.material_cost+".TB_PREF."stock_master.labour_cost+".TB_PREF."stock_master.overhead_cost AS Standardcost,
-                               ".TB_PREF."stock_master.category_id,
+                               ".TB_PREF."stock_master.category_id,".TB_PREF."stock_master.units,
                                 ".TB_PREF."stock_category.description
                         FROM ".TB_PREF."stock_master,
                                 ".TB_PREF."stock_category
                                 ".TB_PREF."stock_category.description
                         FROM ".TB_PREF."stock_master,
                                 ".TB_PREF."stock_category
-                       WHERE ".TB_PREF."stock_master.category_id=".TB_PREF."stock_category.category_id";
+                       WHERE ".TB_PREF."stock_master.category_id=".TB_PREF."stock_category.category_id AND NOT ".TB_PREF."stock_master.inactive";
                 if ($category != 0)
                 if ($category != 0)
-                       $sql .= " AND ".TB_PREF."stock_category.category_id = '$category'";
+                       $sql .= " AND ".TB_PREF."stock_category.category_id = ".db_escape($category);
                 $sql .= " ORDER BY ".TB_PREF."stock_master.category_id,
                                 ".TB_PREF."stock_master.stock_id";
  
                 $sql .= " ORDER BY ".TB_PREF."stock_master.category_id,
                                 ".TB_PREF."stock_master.stock_id";
  
@@ -57,7 +57,7 @@ function get_kits($category=0)
                         ON i.category_id=c.category_id";
         $sql .= " WHERE !i.is_foreign AND i.item_code!=i.stock_id";
         if ($category != 0)
                         ON i.category_id=c.category_id";
         $sql .= " WHERE !i.is_foreign AND i.item_code!=i.stock_id";
         if ($category != 0)
-               $sql .= " AND c.category_id = '$category'";
+               $sql .= " AND c.category_id = ".db_escape($category);
         $sql .= " GROUP BY i.item_code";
      return db_query($sql,"No kits were returned");
  }
         $sql .= " GROUP BY i.item_code";
      return db_query($sql,"No kits were returned");
  }
@@ -66,7 +66,7 @@ function get_kits($category=0)
  
  function print_price_listing()
  {
  
  function print_price_listing()
  {
-    global $comp_path, $path_to_root, $pic_height, $pic_width;
+    global $path_to_root, $pic_height, $pic_width;
  
      $currency = $_POST['PARAM_0'];
      $category = $_POST['PARAM_1'];
  
      $currency = $_POST['PARAM_0'];
      $category = $_POST['PARAM_1'];
@@ -83,13 +83,13 @@ function print_price_listing()
      $dec = user_price_dec();
  
         $home_curr = get_company_pref('curr_default');
      $dec = user_price_dec();
  
         $home_curr = get_company_pref('curr_default');
-       if ($currency == reserved_words::get_all())
+       if ($currency == ALL_TEXT)
                 $currency = $home_curr;
         $curr = get_currency($currency);
         $curr_sel = $currency . " - " . $curr['currency'];
                 $currency = $home_curr;
         $curr = get_currency($currency);
         $curr_sel = $currency . " - " . $curr['currency'];
-       if ($category == reserved_words::get_all_numeric())
+       if ($category == ALL_NUMERIC)
                 $category = 0;
                 $category = 0;
-       if ($salestype == reserved_words::get_all_numeric())
+       if ($salestype == ALL_NUMERIC)
                 $salestype = 0;
         if ($category == 0)
                 $cat = _('All');
                 $salestype = 0;
         if ($category == 0)
                 $cat = _('All');
@@ -104,11 +104,11 @@ function print_price_listing()
         else
                 $GP = _('Yes');
  
         else
                 $GP = _('Yes');
  
-       $cols = array(0, 100, 385, 450, 515);
+       $cols = array(0, 100, 360, 385, 450, 515);
  
  
-       $headers = array(_('Category/Items'), _('Description'), _('Price'),     _('GP %'));
+       $headers = array(_('Category/Items'), _('Description'), _('UOM'), _('Price'),   _('GP %'));
  
  
-       $aligns = array('left', 'left', 'right', 'right');
+       $aligns = array('left', 'left', 'left', 'right', 'right');
  
      $params =   array(         0 => $comments,
                                     1 => array('text' => _('Currency'), 'from' => $curr_sel, 'to' => ''),
  
      $params =   array(         0 => $comments,
                                     1 => array('text' => _('Currency'), 'from' => $curr_sel, 'to' => ''),
@@ -125,7 +125,7 @@ function print_price_listing()
  
      $rep->Font();
      $rep->Info($params, $cols, $headers, $aligns);
  
      $rep->Font();
      $rep->Info($params, $cols, $headers, $aligns);
-    $rep->Header();
+    $rep->NewPage();
  
         $result = fetch_items($category);
  
  
         $result = fetch_items($category);
  
@@ -146,8 +146,9 @@ function print_price_listing()
                 $rep->NewLine();
                 $rep->TextCol(0, 1,     $myrow['stock_id']);
                 $rep->TextCol(1, 2, $myrow['name']);
                 $rep->NewLine();
                 $rep->TextCol(0, 1,     $myrow['stock_id']);
                 $rep->TextCol(1, 2, $myrow['name']);
+               $rep->TextCol(2, 3, $myrow['units']);
                 $price = get_price($myrow['stock_id'], $currency, $salestype);
                 $price = get_price($myrow['stock_id'], $currency, $salestype);
-               $rep->AmountCol(2, 3, $price, $dec);
+               $rep->AmountCol(3, 4, $price, $dec);
                 if ($showGP)
                 {
                         $price2 = get_price($myrow['stock_id'], $home_curr, $salestype);
                 if ($showGP)
                 {
                         $price2 = get_price($myrow['stock_id'], $home_curr, $salestype);
@@ -155,17 +156,17 @@ function print_price_listing()
                                 $disp = ($price2 - $myrow['Standardcost']) * 100 / $price2;
                         else
                                 $disp = 0.0;
                                 $disp = ($price2 - $myrow['Standardcost']) * 100 / $price2;
                         else
                                 $disp = 0.0;
-                       $rep->TextCol(3, 4,     number_format2($disp, user_percent_dec()) . " %");
+                       $rep->TextCol(4, 5,     number_format2($disp, user_percent_dec()) . " %");
                 }
                 if ($pictures)
                 {
                 }
                 if ($pictures)
                 {
-                       $image = $comp_path . '/'. $user_comp . "/images/" 
+                       $image = company_path(). "/images/"
                                 . item_img_name($myrow['stock_id']) . ".jpg";
                         if (file_exists($image))
                         {
                                 $rep->NewLine();
                                 if ($rep->row - $pic_height < $rep->bottomMargin)
                                 . item_img_name($myrow['stock_id']) . ".jpg";
                         if (file_exists($image))
                         {
                                 $rep->NewLine();
                                 if ($rep->row - $pic_height < $rep->bottomMargin)
-                                       $rep->Header();
+                                       $rep->NewPage();
                                 $rep->AddImage($image, $rep->cols[1], $rep->row - $pic_height, 0, $pic_height);
                                 $rep->row -= $pic_height;
                                 $rep->NewLine();
                                 $rep->AddImage($image, $rep->cols[1], $rep->row - $pic_height, 0, $pic_height);
                                 $rep->row -= $pic_height;
                                 $rep->NewLine();
@@ -189,7 +190,7 @@ function print_price_listing()
                                 $rep->fontSize += 2;
                                 $rep->TextCol(0, 3, _("Sales Kits"));
                                 $rep->fontSize -= 2;
                                 $rep->fontSize += 2;
                                 $rep->TextCol(0, 3, _("Sales Kits"));
                                 $rep->fontSize -= 2;
-                       }       
+                       }
                         $rep->Line($rep->row  - $rep->lineHeight);
                         $rep->NewLine(2);
                         $rep->fontSize += 2;
                         $rep->Line($rep->row  - $rep->lineHeight);
                         $rep->NewLine(2);
                         $rep->fontSize += 2;
@@ -200,9 +201,9 @@ function print_price_listing()
                 }
                 $rep->NewLine();
                 $rep->TextCol(0, 1,     $myrow['kit_code']);
                 }
                 $rep->NewLine();
                 $rep->TextCol(0, 1,     $myrow['kit_code']);
-               $rep->TextCol(1, 2, $myrow['kit_name']);
+               $rep->TextCol(1, 3, $myrow['kit_name']);
                 $price = get_kit_price($myrow['kit_code'], $currency, $salestype);
                 $price = get_kit_price($myrow['kit_code'], $currency, $salestype);
-               $rep->AmountCol(2, 3, $price, $dec);
+               $rep->AmountCol(3, 4, $price, $dec);
                 $rep->NewLine(0, 1);
         }
         $rep->Line($rep->row  - 4);
                 $rep->NewLine(0, 1);
         }
         $rep->Line($rep->row  - 4);