Added text fields sanitization on upgrdae to 2.2.

[fa-stable.git] / gl / view / gl_trans_view.php

diff --git a/gl/view/gl_trans_view.php b/gl/view/gl_trans_view.php
index 57e27833457f47e4344d7cd905eec91c2b498b32..64e585a5a16b8f2530bfa84d9f0cc3d028b0dc26 100644 (file)
--- a/gl/view/gl_trans_view.php
+++ b/gl/view/gl_trans_view.php
@@ -1,7 +1,16 @@
 <?php
-
-$page_security = 8;
-$path_to_root="../..";
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+       Released under the terms of the GNU General Public License, GPL, 
+       as published by the Free Software Foundation, either version 3 
+       of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
+$page_security = 'SA_GLTRANSVIEW';
+$path_to_root = "../..";
 include_once($path_to_root . "/includes/session.inc");
 
 page(_("General Ledger Transaction Details"), true);
@@ -20,8 +29,8 @@ if (!isset($_GET['type_id']) || !isset($_GET['trans_no']))
 
 function display_gl_heading($myrow)
 {
-       global $table_style;
-       $trans_name = systypes::name($_GET['type_id']);
+       global $table_style, $systypes_array;
+       $trans_name = $systypes_array[$_GET['type_id']];
     start_table("$table_style width=95%");
     $th = array(_("General Ledger Transaction Details"),
        _("Date"), _("Person/Item"));
@@ -29,7 +38,7 @@ function display_gl_heading($myrow)
     start_row();       
     label_cell("$trans_name #" . $_GET['trans_no']);
        label_cell(sql2date($myrow["tran_date"]));
-       label_cell(payment_person_types::person_name($myrow["person_type_id"],$myrow["person_id"]));
+       label_cell(payment_person_name($myrow["person_type_id"],$myrow["person_id"]));
        
        end_row();
 
@@ -38,13 +47,17 @@ function display_gl_heading($myrow)
     end_table(1);
 }
 
-$sql = "SELECT ".TB_PREF."gl_trans.*, account_name FROM ".TB_PREF."gl_trans, ".TB_PREF."chart_master WHERE ".TB_PREF."gl_trans.account = ".TB_PREF."chart_master.account_code AND type= " . $_GET['type_id'] . " AND type_no = " . $_GET['trans_no'] . " ORDER BY counter";
+$sql = "SELECT ".TB_PREF."gl_trans.*, account_name FROM "
+       .TB_PREF."gl_trans, ".TB_PREF."chart_master WHERE "
+       .TB_PREF."gl_trans.account = ".TB_PREF."chart_master.account_code AND type= " 
+       .db_escape($_GET['type_id']) . " AND type_no = ".db_escape($_GET['trans_no']) 
+       . " ORDER BY counter";
 $result = db_query($sql,"could not get transactions");
 //alert("sql = ".$sql);
 
 if (db_num_rows($result) == 0)
 {
-    echo "<p><center>" . _("No general ledger transactions have been created for") . " " .systypes::name($_GET['type_id'])." " . _("number") . " " . $_GET['trans_no'] . "</center></p><br><br>";
+    echo "<p><center>" . _("No general ledger transactions have been created for") . " " .$systypes_array[$_GET['type_id']]." " . _("number") . " " . $_GET['trans_no'] . "</center></p><br><br>";
        end_page(true);
        exit;
 }