projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Security update merged from 2.1.
[fa-stable.git]
/
sales
/
inquiry
/
sales_deliveries_view.php
diff --git
a/sales/inquiry/sales_deliveries_view.php
b/sales/inquiry/sales_deliveries_view.php
index 1c5f342d4cd653287e5ab7d6690ba2a7e1fdbf28..72e6d132da71930d9f5e84a1a0bdb40aa0d3d9c2 100644
(file)
--- a/
sales/inquiry/sales_deliveries_view.php
+++ b/
sales/inquiry/sales_deliveries_view.php
@@
-9,7
+9,7
@@
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
-$page_security = 'SA_SALES
TRANSVIEW
';
+$page_security = 'SA_SALES
INVOICE
';
$path_to_root = "../..";
include($path_to_root . "/includes/db_pager.inc");
include($path_to_root . "/includes/session.inc");
$path_to_root = "../..";
include($path_to_root . "/includes/db_pager.inc");
include($path_to_root . "/includes/session.inc");
@@
-119,7
+119,7
@@
end_form();
//---------------------------------------------------------------------------------------------
if (isset($_POST['SelectStockFromList']) && ($_POST['SelectStockFromList'] != "") &&
//---------------------------------------------------------------------------------------------
if (isset($_POST['SelectStockFromList']) && ($_POST['SelectStockFromList'] != "") &&
- ($_POST['SelectStockFromList'] !=
reserved_words::get_all()
))
+ ($_POST['SelectStockFromList'] !=
ALL_TEXT
))
{
$selected_stock_item = $_POST['SelectStockFromList'];
}
{
$selected_stock_item = $_POST['SelectStockFromList'];
}
@@
-131,7
+131,7
@@
else
//---------------------------------------------------------------------------------------------
function trans_view($trans, $trans_no)
{
//---------------------------------------------------------------------------------------------
function trans_view($trans, $trans_no)
{
- return get_customer_trans_view_str(
13
, $trans['trans_no']);
+ return get_customer_trans_view_str(
ST_CUSTDELIVERY
, $trans['trans_no']);
}
function batch_checkbox($row)
}
function batch_checkbox($row)
@@
-153,7
+153,7
@@
function edit_link($row)
function prt_link($row)
{
function prt_link($row)
{
- return print_document_link($row['trans_no'], _("Print"), true,
13
, ICON_PRINT);
+ return print_document_link($row['trans_no'], _("Print"), true,
ST_CUSTDELIVERY
, ICON_PRINT);
}
function invoice_link($row)
}
function invoice_link($row)
@@
-191,7
+191,7
@@
$sql = "SELECT trans.trans_no,
WHERE
sorder.order_no = trans.order_ AND
trans.debtor_no = debtor.debtor_no
WHERE
sorder.order_no = trans.order_ AND
trans.debtor_no = debtor.debtor_no
- AND trans.type =
13
+ AND trans.type =
".ST_CUSTDELIVERY."
AND line.debtor_trans_no = trans.trans_no
AND line.debtor_trans_type = trans.type
AND trans.branch_code = branch.branch_code
AND line.debtor_trans_no = trans.trans_no
AND line.debtor_trans_type = trans.type
AND trans.branch_code = branch.branch_code
@@
-204,7
+204,8
@@
if ($_POST['OutstandingOnly'] == true) {
//figure out the sql required from the inputs available
if (isset($_POST['DeliveryNumber']) && $_POST['DeliveryNumber'] != "")
{
//figure out the sql required from the inputs available
if (isset($_POST['DeliveryNumber']) && $_POST['DeliveryNumber'] != "")
{
- $sql .= " AND trans.trans_no LIKE '%". $_POST['DeliveryNumber'] ."'";
+ $delivery = "%".$_POST['DeliveryNumber'];
+ $sql .= " AND trans.trans_no LIKE ".db_escape($delivery);
$sql .= " GROUP BY trans.trans_no";
}
else
$sql .= " GROUP BY trans.trans_no";
}
else
@@
-213,13
+214,13
@@
else
$sql .= " AND trans.tran_date <= '".date2sql($_POST['DeliveryToDate'])."'";
if ($selected_customer != -1)
$sql .= " AND trans.tran_date <= '".date2sql($_POST['DeliveryToDate'])."'";
if ($selected_customer != -1)
- $sql .= " AND trans.debtor_no=
'" . $selected_customer . "'
";
+ $sql .= " AND trans.debtor_no=
".db_escape($selected_customer)."
";
if (isset($selected_stock_item))
if (isset($selected_stock_item))
- $sql .= " AND line.stock_id=
'". $selected_stock_item ."'
";
+ $sql .= " AND line.stock_id=
".db_escape($selected_stock_item)."
";
- if (isset($_POST['StockLocation']) && $_POST['StockLocation'] !=
reserved_words::get_all()
)
- $sql .= " AND sorder.from_stk_loc =
'". $_POST['StockLocation'] . "'
";
+ if (isset($_POST['StockLocation']) && $_POST['StockLocation'] !=
ALL_TEXT
)
+ $sql .= " AND sorder.from_stk_loc =
".db_escape($_POST['StockLocation'])."
";
$sql .= " GROUP BY trans.trans_no ";
$sql .= " GROUP BY trans.trans_no ";
@@
-255,10
+256,6
@@
if (isset($_SESSION['Batch']))
$table =& new_db_pager('deliveries_tbl', $sql, $cols);
$table->set_marker('check_overdue', _("Marked items are overdue."));
$table =& new_db_pager('deliveries_tbl', $sql, $cols);
$table->set_marker('check_overdue', _("Marked items are overdue."));
-if (get_post('SearchOrders')) {
- $table->set_sql($sql);
- $table->set_columns($cols);
-}
//$table->width = "92%";
start_form();
//$table->width = "92%";
start_form();