Single quotes encoded before database data insert.

[fa-stable.git] / admin / create_coy.php
diff --git a/admin/create_coy.php b/admin/create_coy.php

index cdcb971ec698b6a5b1fb48630b185cf281a9d52d..d1050f0e321f0ebd846624e5e9c9f637071eebf6 100644 (file)
--- a/admin/create_coy.php
+++ b/admin/create_coy.php
@@ -1,15 +1,15 @@
  <?php
  /**********************************************************************
-    Copyright (C) 2005-2008  FrontAccounting, LLC.
-       Released under the terms of the GNU Affero General Public License,
-       AGPL, as published by the Free Software Foundation, either version 
-       3 of the License, or (at your option) any later version.
+    Copyright (C) FrontAccounting, LLC.
+       Released under the terms of the GNU General Public License, GPL, 
+       as published by the Free Software Foundation, either version 3 
+       of the License, or (at your option) any later version.
      This program is distributed in the hope that it will be useful,
      but WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
-    See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
  ***********************************************************************/
-$page_security = 20;
+$page_security = 'SA_CREATECOMPANY';
  $path_to_root="..";
  include_once($path_to_root . "/includes/session.inc");
  
@@ -20,7 +20,7 @@ include_once($path_to_root . "/includes/ui.inc");
  
  page(_("Create/Update Company"));
  
-$comp_subdirs = array('images', 'pdf_files', 'backup','js_cache', 'reporting');
+$comp_subdirs = array('images', 'pdf_files', 'backup','js_cache', 'reporting', 'attachments');
  
  //---------------------------------------------------------------------------------------------
  if (isset($_GET['selected_id']))
@@ -146,20 +146,13 @@ function handle_submit()
         {
                 return false;
         }
-       $index = "<?php\nheader(\"Location: ../../index.php\");\n?>";
  
         if ($new)
         {
-           $cdir = $comp_path.'/'.$id;
-           @mkdir($cdir);
-           save_to_file($cdir.'/'.'index.php', 0, $index);
-
-           foreach($comp_subdirs as $dir)
-           {
-                       @mkdir($cdir.'/'.$dir);
-                       save_to_file($cdir.'/'.$dir.'/'.'index.php', 0, $index);
-           }
+               create_comp_dirs("$comp_path/$id", $comp_subdirs);
         }
+       $exts = get_company_extensions();
+       write_extensions($exts, $id);
         return true;
  }
  
@@ -172,7 +165,7 @@ function handle_delete()
         $id = $_GET['id'];
  
         $cdir = $comp_path.'/'.$id;
-       @flush_dir($cdir);
+       @flush_dir($cdir, true);
         if (!rmdir($cdir))
         {
                 display_error(_("Cannot remove company data directory ") . $cdir);
@@ -249,9 +242,8 @@ function display_companies()
                 $delete = _("Delete");
                 if (user_graphic_links())
                 {
-                       global $path_to_root;
-                       $edit = "<img src='$path_to_root/themes/".user_theme()."/images/".ICON_EDIT."' width='14' height='14' border='0' title='$edit' />\n";
-                       $delete = "<img src='$path_to_root/themes/".user_theme()."/images/".ICON_DELETE."' width='14' height='14' border='0' title='$delete' />\n";
+                       $edit = set_icon(ICON_EDIT, $edit);
+                       $delete = set_icon(ICON_DELETE, $delete);
                 }
         label_cell("<a href='" . $_SERVER['PHP_SELF']. "?selected_id=$i'>$edit</a>");
                 label_cell( $i == $coyno ? '' :
@@ -274,7 +266,7 @@ function display_company_edit($selected_id)
         else
                 $n = count($db_connections);
  
-       start_form(true, true);
+       start_form(true);
  
         echo "
                 <script language='javascript'>