Items, Company Setup: additional check to ensure uploaded image compatibility with...

[fa-stable.git] / inventory / manage / items.php

diff --git a/inventory/manage/items.php b/inventory/manage/items.php
index d0ed1aa5df6ee6640ae17532c4766398f0a5ad02..653d9e78bfad45213db18151cc2996897ac0607e 100644 (file)
--- a/inventory/manage/items.php
+++ b/inventory/manage/items.php
@@ -12,6 +12,7 @@
 $page_security = 'SA_ITEM';
 $path_to_root = "../..";
 include($path_to_root . "/includes/session.inc");
+include($path_to_root . "/reporting/includes/tcpdf.php");
 
 $js = "";
 if ($SysPrefs->use_popup_windows)
@@ -87,7 +88,7 @@ if (isset($_FILES['pic']) && $_FILES['pic']['name'] != '')
        {
                mkdir($filename);
        }       
-       $filename .= "/".item_img_name($stock_id).".jpg";
+       $filename .= "/".item_img_name($stock_id).(substr(trim($_FILES['pic']['name']), strrpos($_FILES['pic']['name'], '.')));
 
   if ($_FILES['pic']['error'] == UPLOAD_ERR_INI_SIZE) {
     display_error(_('The file size is over the maximum allowed.'));
@@ -137,6 +138,11 @@ if (isset($_FILES['pic']) && $_FILES['pic']['name'] != '')
        if ($upload_file == 'Yes')
        {
                $result  =  move_uploaded_file($_FILES['pic']['tmp_name'], $filename);
+               if ($msg = check_image_file($filename)) {
+                       display_error($msg);
+                       unlink($filename);
+                       $upload_file ='No';
+               }
        }
        $Ajax->activate('details');
  /* EOF Add Image upload for New Item  - by Ori */
@@ -213,7 +219,7 @@ if (isset($_POST['addupdate']))
       $_POST['depreciation_rate'] = 0;
     }
     $move_row = get_fixed_asset_move($_POST['NewStockID'], ST_SUPPRECEIVE);
-    if (isset($_POST['depreciation_start']) && strtotime($_POST['depreciation_start']) < strtotime($move_row['tran_date'])) {
+    if ($move_row && isset($_POST['depreciation_start']) && strtotime($_POST['depreciation_start']) < strtotime($move_row['tran_date'])) {
       display_warning(_('The depracation cannot start before the fixed asset purchase date'));
     }
   }
@@ -390,14 +396,12 @@ function item_settings(&$stock_id, $new_item)
 
        stock_units_list_row(_('Units of Measure:'), 'units', null, $fresh_item);
 
-       check_row(_("Editable description:"), 'editable');
 
-       if (get_post('fixed_asset'))
-               hidden('no_sale', 0);
-       else
+       if (!get_post('fixed_asset')) {
+               check_row(_("Editable description:"), 'editable');
                check_row(_("Exclude from sales:"), 'no_sale');
-
-       check_row(_("Exclude from purchases:"), 'no_purchase');
+               check_row(_("Exclude from purchases:"), 'no_purchase');
+       }
 
        if (get_post('fixed_asset')) {
                table_section_title(_("Depreciation"));
@@ -490,7 +494,8 @@ function item_settings(&$stock_id, $new_item)
        // Add Image upload for New Item  - by Joe
        $stock_img_link = "";
        $check_remove_image = false;
-       if (isset($_POST['NewStockID']) && file_exists(company_path().'/images/'
+
+       if (@$_POST['NewStockID'] && file_exists(company_path().'/images/'
                .item_img_name($_POST['NewStockID']).".jpg")) 
        {
         // 31/08/08 - rand() call is necessary here to avoid caching problems.
@@ -643,7 +648,7 @@ end_form();
 
 //------------------------------------------------------------------------------------
 
-end_page();
+end_page(@$_REQUEST['popup']);
 
 function generateBarcode() {
        $tmpBarcodeID = "";