projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Module gl sealed against XSS Attacks
[fa-stable.git]
/
sales
/
customer_delivery.php
diff --git
a/sales/customer_delivery.php
b/sales/customer_delivery.php
index a1672775c74685780b4bc4ed9ed558d1e6135b2a..db8a51b848de253c3e8e345adcffea5ff3a262cd 100644
(file)
--- a/
sales/customer_delivery.php
+++ b/
sales/customer_delivery.php
@@
-116,55
+116,66
@@
if (isset($_GET['OrderNumber']) && $_GET['OrderNumber'] > 0) {
exit;
} elseif (!check_quantities()) {
exit;
} elseif (!check_quantities()) {
- display_error(_("Selected quantity cannot be less th
en quantity invoiced nor more the
n quantity
+ display_error(_("Selected quantity cannot be less th
an quantity invoiced nor more tha
n quantity
not dispatched on sales order."));
not dispatched on sales order."));
-}
+
+} elseif(!check_num('ChargeFreightCost', 0))
+ display_error(_("Freight cost cannot be less than zero"));
+ set_focus('ChargeFreightCost');
+
+
//-----------------------------------------------------------------------------
function check_data()
{
if (!isset($_POST['DispatchDate']) || !is_date($_POST['DispatchDate'])) {
display_error(_("The entered date of delivery is invalid."));
//-----------------------------------------------------------------------------
function check_data()
{
if (!isset($_POST['DispatchDate']) || !is_date($_POST['DispatchDate'])) {
display_error(_("The entered date of delivery is invalid."));
+ set_focus('DispatchDate');
return false;
}
if (!is_date_in_fiscalyear($_POST['DispatchDate'])) {
display_error(_("The entered date of delivery is not in fiscal year."));
return false;
}
if (!is_date_in_fiscalyear($_POST['DispatchDate'])) {
display_error(_("The entered date of delivery is not in fiscal year."));
+ set_focus('DispatchDate');
return false;
}
if (!isset($_POST['due_date']) || !is_date($_POST['due_date'])) {
display_error(_("The entered dead-line for invoice is invalid."));
return false;
}
if (!isset($_POST['due_date']) || !is_date($_POST['due_date'])) {
display_error(_("The entered dead-line for invoice is invalid."));
+ set_focus('due_date');
return false;
}
if ($_SESSION['Items']->trans_no==0) {
if (!references::is_valid($_POST['ref'])) {
display_error(_("You must enter a reference."));
return false;
}
if ($_SESSION['Items']->trans_no==0) {
if (!references::is_valid($_POST['ref'])) {
display_error(_("You must enter a reference."));
+ set_focus('ref');
return false;
}
if ($_SESSION['Items']->trans_no==0 && !is_new_reference($_POST['ref'], 13)) {
display_error(_("The entered reference is already in use."));
return false;
}
if ($_SESSION['Items']->trans_no==0 && !is_new_reference($_POST['ref'], 13)) {
display_error(_("The entered reference is already in use."));
+ set_focus('ref');
return false;
}
}
if ($_POST['ChargeFreightCost'] == "") {
return false;
}
}
if ($_POST['ChargeFreightCost'] == "") {
- $_POST['ChargeFreightCost'] =
0
;
+ $_POST['ChargeFreightCost'] =
price_format(0)
;
}
}
- if (!
is_numeric($_POST['ChargeFreightCost']) || $_POST['ChargeFreightCost'] < 0
) {
+ if (!
check_num('ChargeFreightCost',0)
) {
display_error(_("The entered shipping value is not numeric."));
display_error(_("The entered shipping value is not numeric."));
+ set_focus('ChargeFreightCost');
return false;
}
return false;
}
- if ($_SESSION['Items']->has_items_dispatch() == 0 &&
$_POST['ChargeFreightCost']
== 0) {
+ if ($_SESSION['Items']->has_items_dispatch() == 0 &&
input_num('ChargeFreightCost')
== 0) {
display_error(_("There are no item quantities on this delivery note."));
return false;
}
if (!check_quantities()) {
display_error(_("There are no item quantities on this delivery note."));
return false;
}
if (!check_quantities()) {
- display_error(_("Selected quantity cannot be less th
en quantity invoiced nor more the
n quantity
+ display_error(_("Selected quantity cannot be less th
an quantity invoiced nor more tha
n quantity
not dispatched on sales order."));
return false;
}
not dispatched on sales order."));
return false;
}
@@
-176,12
+187,14
@@
function copy_to_cart()
{
$cart = &$_SESSION['Items'];
$cart->ship_via = $_POST['ship_via'];
{
$cart = &$_SESSION['Items'];
$cart->ship_via = $_POST['ship_via'];
- $cart->freight_cost =
$_POST['ChargeFreightCost']
;
+ $cart->freight_cost =
input_num('ChargeFreightCost')
;
$cart->document_date = $_POST['DispatchDate'];
$cart->due_date = $_POST['due_date'];
$cart->Location = $_POST['Location'];
$cart->Comments = $_POST['Comments'];
$cart->document_date = $_POST['DispatchDate'];
$cart->due_date = $_POST['due_date'];
$cart->Location = $_POST['Location'];
$cart->Comments = $_POST['Comments'];
- $cart->default_sales_type = $_POST['sales_type_id'];
+ if ($cart->trans_no == 0)
+ $dn->ref = $_POST['ref'];
+
}
//------------------------------------------------------------------------------
}
//------------------------------------------------------------------------------
@@
-189,12
+202,11
@@
function copy_from_cart()
{
$cart = &$_SESSION['Items'];
$_POST['ship_via'] = $cart->ship_via;
{
$cart = &$_SESSION['Items'];
$_POST['ship_via'] = $cart->ship_via;
- $_POST['ChargeFreightCost'] =
$cart->freight_cost
;
+ $_POST['ChargeFreightCost'] =
price_format($cart->freight_cost)
;
$_POST['DispatchDate']= $cart->document_date;
$_POST['due_date'] = $cart->due_date;
$_POST['Location']= $cart->Location;
$_POST['Comments']= $cart->Comments;
$_POST['DispatchDate']= $cart->document_date;
$_POST['due_date'] = $cart->due_date;
$_POST['Location']= $cart->Location;
$_POST['Comments']= $cart->Comments;
- $_POST['sales_type_id'] = $cart->default_sales_type;
}
//------------------------------------------------------------------------------
}
//------------------------------------------------------------------------------
@@
-204,11
+216,9
@@
function check_quantities()
// Update cart delivery quantities/descriptions
foreach ($_SESSION['Items']->line_items as $line=>$itm) {
if (isset($_POST['Line'.$line])) {
// Update cart delivery quantities/descriptions
foreach ($_SESSION['Items']->line_items as $line=>$itm) {
if (isset($_POST['Line'.$line])) {
- $line_qty = $_POST['Line'.$line];
- if (is_numeric($line_qty) && ($_POST['Line'.$line] <= $itm->quantity) &&
- ($_POST['Line'.$line] >= $itm->qty_done)) {
-
- $_SESSION['Items']->line_items[$line]->qty_dispatched = $line_qty;
+ if (!check_num('Line'.$line, $itm->qty_done, $itm->quantity) == 0) {
+ $_SESSION['Items']->line_items[$line]->qty_dispatched =
+ input_num('Line'.$line);
} else {
$ok = 0;
}
} else {
$ok = 0;
}
@@
-222,8
+232,9
@@
function check_quantities()
}
}
}
}
}
}
- $_SESSION['Items']->freight_cost = $_POST['ChargeFreightCost'];
-
+// ...
+// else
+// $_SESSION['Items']->freight_cost = input_num('ChargeFreightCost');
return $ok;
}
//------------------------------------------------------------------------------
return $ok;
}
//------------------------------------------------------------------------------
@@
-257,15
+268,12
@@
if (isset($_POST['process_delivery']) && check_data() && check_qoh()) {
} else {
$bo_policy = 1;
}
} else {
$bo_policy = 1;
}
- $newdelivery = $dn->trans_no==0;
-
- if ($newdelivery)
- $dn->ref = $_POST['ref'];
+ $newdelivery = ($dn->trans_no == 0);
copy_to_cart();
$delivery_no = $dn->write($bo_policy);
copy_to_cart();
$delivery_no = $dn->write($bo_policy);
- processing_end();
+ processing_end();
if ($newdelivery) {
meta_forward($_SERVER['PHP_SELF'], "AddedID=$delivery_no");
} else {
if ($newdelivery) {
meta_forward($_SERVER['PHP_SELF'], "AddedID=$delivery_no");
} else {
@@
-298,12
+306,7
@@
if ($_SESSION['Items']->trans_no==0) {
label_cells(_("For Sales Order"), get_customer_trans_view_str(systypes::sales_order(), $_SESSION['Items']->order_no), "class='tableheader2'");
label_cells(_("For Sales Order"), get_customer_trans_view_str(systypes::sales_order(), $_SESSION['Items']->order_no), "class='tableheader2'");
-if (!isset($_POST['sales_type_id'])) {
- $_POST['sales_type_id'] = $_SESSION['Items']->default_sales_type;
-}
-label_cell(_("Sales Type"), "class='tableheader2'");
-sales_types_list_cells(null, 'sales_type_id', $_POST['sales_type_id']);
-
+label_cells(_("Sales Type"), $_SESSION['Items']->sales_type_name, "class='tableheader2'");
end_row();
start_row();
end_row();
start_row();
@@
-326,7
+329,7
@@
if (!isset($_POST['DispatchDate']) || !is_date($_POST['DispatchDate'])) {
$_POST['DispatchDate'] = end_fiscalyear();
}
}
$_POST['DispatchDate'] = end_fiscalyear();
}
}
-date_cells(_("Date"), 'DispatchDate', $_POST['DispatchDate'], 0, 0, 0, "class='tableheader'");
+date_cells(_("Date"), 'DispatchDate', $_POST['DispatchDate'], 0, 0, 0, "class='tableheader
2
'");
end_row();
end_table();
end_row();
end_table();
@@
-338,7
+341,7
@@
start_table("$table_style width=90%");
if (!isset($_POST['due_date']) || !is_date($_POST['due_date'])) {
$_POST['due_date'] = get_invoice_duedate($_SESSION['Items']->customer_id, $_POST['DispatchDate']);
}
if (!isset($_POST['due_date']) || !is_date($_POST['due_date'])) {
$_POST['due_date'] = get_invoice_duedate($_SESSION['Items']->customer_id, $_POST['DispatchDate']);
}
-date_row(_("Invoice Dead-line"), 'due_date', $_POST['due_date'], 0, 0, 0, "class='tableheader'");
+date_row(_("Invoice Dead-line"), 'due_date', $_POST['due_date'], 0, 0, 0, "class='tableheader
2
'");
end_table();
echo "</td></tr>";
end_table();
echo "</td></tr>";
@@
-382,9
+385,9
@@
foreach ($_SESSION['Items']->line_items as $line=>$ln_itm) {
label_cell($ln_itm->units);
qty_cell($ln_itm->qty_done);
label_cell($ln_itm->units);
qty_cell($ln_itm->qty_done);
-
text_cells(null, 'Line'.$line, $ln_itm->qty_dispatched, 10, 10
);
+
small_qty_cells(null, 'Line'.$line, qty_format($ln_itm->qty_dispatched)
);
- $display_discount_percent =
number_format2($ln_itm->discount_percent*100,user_percent_dec()
) . "%";
+ $display_discount_percent =
percent_format($ln_itm->discount_percent*100
) . "%";
$line_total = ($ln_itm->qty_dispatched * $ln_itm->price * (1 - $ln_itm->discount_percent));
$line_total = ($ln_itm->qty_dispatched * $ln_itm->price * (1 - $ln_itm->discount_percent));
@@
-396,10
+399,10
@@
foreach ($_SESSION['Items']->line_items as $line=>$ln_itm) {
end_row();
}
end_row();
}
-$_POST['ChargeFreightCost'] =
$_SESSION['Items']->freight_cost
;
+$_POST['ChargeFreightCost'] =
price_format($_SESSION['Items']->freight_cost)
;
-if (!
is_numeric($_POST['ChargeFreightCost']
)) {
- $_POST['ChargeFreightCost'] =
0
;
+if (!
check_num('ChargeFreightCost'
)) {
+ $_POST['ChargeFreightCost'] =
price_format(0)
;
}
start_row();
}
start_row();
@@
-408,14
+411,14
@@
small_amount_cells(_("Shipping Cost"), 'ChargeFreightCost', $_SESSION['Items']->
$inv_items_total = $_SESSION['Items']->get_items_total_dispatch();
$inv_items_total = $_SESSION['Items']->get_items_total_dispatch();
-$display_sub_total =
number_format2($inv_items_total + $_POST['ChargeFreightCost'],user_price_dec(
));
+$display_sub_total =
price_format($inv_items_total + input_num('ChargeFreightCost'
));
label_row(_("Sub-total"), $display_sub_total, "colspan=9 align=right","align=right");
label_row(_("Sub-total"), $display_sub_total, "colspan=9 align=right","align=right");
-$taxes = $_SESSION['Items']->get_taxes(
$_POST['ChargeFreightCost']
);
+$taxes = $_SESSION['Items']->get_taxes(
input_num('ChargeFreightCost')
);
$tax_total = display_edit_tax_items($taxes, 9, $_SESSION['Items']->tax_included);
$tax_total = display_edit_tax_items($taxes, 9, $_SESSION['Items']->tax_included);
-$display_total =
number_format2(($inv_items_total + $_POST['ChargeFreightCost'] + $tax_total), user_price_dec(
));
+$display_total =
price_format(($inv_items_total + input_num('ChargeFreightCost') + $tax_total
));
label_row(_("Amount Total"), $display_total, "colspan=9 align=right","align=right");
label_row(_("Amount Total"), $display_total, "colspan=9 align=right","align=right");