Fixed extension module update and deletion.

[fa-stable.git] / admin / view_print_transaction.php

diff --git a/admin/view_print_transaction.php b/admin/view_print_transaction.php
index b9931d449228c3cfc42e64359d0c13c7835cdf94..3969418151680e4e5941a15115909e8e4f47506c 100644 (file)
--- a/admin/view_print_transaction.php
+++ b/admin/view_print_transaction.php
@@ -9,8 +9,8 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$path_to_root="..";
-$page_security = 5;
+$page_security = 'SA_VIEWPRINTTRANSACTION';
+$path_to_root = "..";
 
 include($path_to_root . "/includes/db_pager.inc");
 include_once($path_to_root . "/includes/session.inc");
@@ -33,7 +33,7 @@ function view_link($trans)
 
 function prt_link($row)
 {
-       if ($row['type'] != 12 && $row['type'] != 2) // customer payment or bank deposit printout not defined yet.
+       if ($row['type'] != ST_CUSTPAYMENT && $row['type'] != ST_BANKDEPOSIT) // customer payment or bank deposit printout not defined yet.
                return print_document_link($row['trans_no'], _("Print"), true, $row['type'], ICON_PRINT);
 }
 
@@ -60,7 +60,7 @@ function viewing_controls()
 
     ref_cells(_("to #:"), 'ToTransNo');
 
-    submit_cells('ProcessSearch', _("Search"), '', '', true);
+    submit_cells('ProcessSearch', _("Search"), '', '', 'default');
 
        end_row();
     end_table(1);
@@ -82,8 +82,6 @@ function check_valid_entries()
                display_error(_("The ending transaction number is expected to be numeric and greater than zero."));
                return false;
        }
-       if (!isset($_POST['filterType']) || $_POST['filterType'] == "")
-               return false;
 
        return true;
 }
@@ -111,18 +109,18 @@ function handle_search()
                        $sql .= " ,$trans_ref ";
 
                $sql .= ", ".$_POST['filterType']." as type FROM $table_name
-                       WHERE $trans_no_name >= " . $_POST['FromTransNo']. "
-                       AND  $trans_no_name <= " . $_POST['ToTransNo'];
+                       WHERE $trans_no_name >= ".db_escape($_POST['FromTransNo']). "
+                       AND  $trans_no_name <= ".db_escape($_POST['ToTransNo']);
 
                if ($type_name != null)
-                       $sql .= " AND `$type_name` = " . $_POST['filterType'];
+                       $sql .= " AND `$type_name` = ".db_escape($_POST['filterType']);
 
                $sql .= " ORDER BY $trans_no_name";
 
 
                $print_type = $_POST['filterType'];
-               $print_out = ($print_type == 10 || $print_type == 11 || $print_type == systypes::cust_dispatch() ||
-                       $print_type == systypes::po() || $print_type == systypes::sales_order());
+               $print_out = ($print_type == ST_SALESINVOICE || $print_type == ST_CUSTCREDIT || $print_type == ST_CUSTDELIVERY ||
+                       $print_type == ST_PURCHORDER || $print_type == ST_SALESORDER || $print_type == ST_SALESQUOTE);
 
                $cols = array(
                        _("#"), 
@@ -139,10 +137,6 @@ function handle_search()
                }
 
                $table =& new_db_pager('transactions', $sql, $cols);
-               if (list_updated('filterType')) {
-                       $table->set_sql($sql);
-                       $table->set_columns($cols);
-               }
                $table->width = "40%";
                display_db_pager($table);
        }