Added text fields sanitization on upgrdae to 2.2.

[fa-stable.git] / inventory / cost_update.php

diff --git a/inventory/cost_update.php b/inventory/cost_update.php
index 0cf4fb6d9b0983ce1cab5bada9b675ec1db35f74..e268f360dbdcdca8d6200bf88d087a57ab98b36d 100644 (file)
--- a/inventory/cost_update.php
+++ b/inventory/cost_update.php
@@ -9,8 +9,8 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 2;
-$path_to_root="..";
+$page_security = 'SA_STANDARDCOST';
+$path_to_root = "..";
 include_once($path_to_root . "/includes/session.inc");
 
 include_once($path_to_root . "/includes/date_functions.inc");
@@ -68,7 +68,7 @@ if (isset($_POST['UpdateData']))
 
         if ($update_no > 0)
         {
-               display_note(get_gl_view_str(systypes::cost_update(), $update_no, _("View the GL Journal Entries for this Cost Update")), 0, 1);
+               display_note(get_gl_view_str(ST_COSTUPDATE, $update_no, _("View the GL Journal Entries for this Cost Update")), 0, 1);
         }
        }
 }
@@ -91,7 +91,7 @@ set_global_stock_item($_POST['stock_id']);
 $sql = "SELECT description, units, material_cost, labour_cost,
        overhead_cost, mb_flag
        FROM ".TB_PREF."stock_master
-       WHERE stock_id='" . $_POST['stock_id'] . "'
+       WHERE stock_id=".db_escape($_POST['stock_id']) . "
        GROUP BY description, units, material_cost, labour_cost, overhead_cost, mb_flag";
 $result = db_query($sql);
 check_db_error("The cost details for the item could not be retrieved", $sql);
@@ -126,7 +126,7 @@ else
 
 end_table(1);
 div_end();
-submit_center('UpdateData', _("Update"));
+submit_center('UpdateData', _("Update"), true, false, 'default');
 
 end_form();
 end_page();