if (!$showclosed)
$options['where'][] = "closed=0";
if($showtype)
- $options['where'][] = "type_=$showtype";
+ $options['where'][] = "type_=".db_escape($showtype);
return combo_input($name, $selected_id, $sql, 'id', 'ref', $options);
}
$all_option=false, $submit_on_change=false, $editkey = false)
{
return stock_items_list($name, $selected_id, $all_option, $submit_on_change,
- array('where'=>array("stock_id != '$parent_stock_id'")), $editkey);
+ array('where'=>array("stock_id != ".db_escape($parent_stock_id))), $editkey);
}
function stock_component_items_list_cells($label, $name, $parent_stock_id,
if ($label != null)
echo "<td>$label</td>\n";
echo stock_items_list($name, $selected_id, $all_option, $submit_on_change,
- array('where'=>array("stock_id != '$parent_stock_id'"), 'cells'=>true),
+ array('where'=>array("stock_id != ".db_escape($parent_stock_id)), 'cells'=>true),
$editkey);
}
//------------------------------------------------------------------------------------
// exclude quotes, orders and dimensions
foreach (array(ST_PURCHORDER, ST_WORKORDER, ST_SALESORDER, ST_DIMENSION,
- ST_SALESQUOTE) as $excl)
+ ST_SALESQUOTE, ST_LOCTRANSFER) as $excl)
unset($items[$excl]);
echo array_selector($name, $value, $items,
echo "</tr>\n";
}
-function tab_list_row($label, $name, $selected_id=null, $all = false)
+function tab_list_row($label, $name, $selected_id=null)
{
global $installed_extensions;
foreach ($_SESSION['App']->applications as $app) {
$tabs[$app->id] = access_string($app->name, true);
}
- if ($all) { // add also not active ext. modules
- foreach ($installed_extensions as $ext) {
- if ($ext['type'] == 'module' && !$ext['active'])
- $tabs[$ext['tab']] = access_string($ext['title'], true);
- }
- }
echo "<tr>\n";
echo "<td class='label'>$label</td><td>\n";
echo array_selector($name, $selected_id, $tabs);