Fixed error log warning (missing installed_extensions.inc) during upgrade to 2.2.

[fa-stable.git] / purchasing / inquiry / po_search_completed.php

diff --git a/purchasing/inquiry/po_search_completed.php b/purchasing/inquiry/po_search_completed.php
index cd9c77ac754e1f407399f8a69f4915dd4f381f8c..23053bae4cc850e4dbeedea3b564d7fdbeba1461 100644 (file)
--- a/purchasing/inquiry/po_search_completed.php
+++ b/purchasing/inquiry/po_search_completed.php
@@ -9,7 +9,7 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 2;
+$page_security = 'SA_SUPPTRANSVIEW';
 $path_to_root="../..";
 include($path_to_root . "/includes/db_pager.inc");
 include($path_to_root . "/includes/session.inc");
@@ -77,7 +77,7 @@ if (isset($_POST['order_number']))
 }
 
 if (isset($_POST['SelectStockFromList']) &&    ($_POST['SelectStockFromList'] != "") &&
-       ($_POST['SelectStockFromList'] != reserved_words::get_all()))
+       ($_POST['SelectStockFromList'] != ALL_TEXT))
 {
        $selected_stock_item = $_POST['SelectStockFromList'];
 }
@@ -89,7 +89,14 @@ else
 //---------------------------------------------------------------------------------------------
 function trans_view($trans)
 {
-       return get_trans_view_str(systypes::po(), $trans["order_no"]);
+       return get_trans_view_str(ST_PURCHORDER, $trans["order_no"]);
+}
+
+function edit_link($row) 
+{
+  return pager_link( _("Edit"),
+       "/purchasing/po_entry_items.php?" . SID 
+       . "ModifyOrderNumber=" . $row["order_no"], ICON_EDIT);
 }
 
 function prt_link($row)
@@ -119,7 +126,7 @@ $sql = "SELECT
 
 if (isset($order_number) && $order_number != "")
 {
-       $sql .= "AND porder.reference LIKE '%". $order_number . "%'";
+       $sql .= "AND porder.reference LIKE ".db_escape('%'. $order_number . '%');
 }
 else
 {
@@ -130,13 +137,13 @@ else
        $sql .= " AND porder.ord_date >= '$data_after'";
        $sql .= " AND porder.ord_date <= '$date_before'";
 
-       if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != reserved_words::get_all())
+       if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT)
        {
-               $sql .= " AND porder.into_stock_location = '". $_POST['StockLocation'] . "' ";
+               $sql .= " AND porder.into_stock_location = ".db_escape($_POST['StockLocation']);
        }
        if (isset($selected_stock_item))
        {
-               $sql .= " AND line.item_code='". $selected_stock_item ."' ";
+               $sql .= " AND line.item_code=".db_escape($selected_stock_item);
        }
 
 } //end not order number selected
@@ -152,6 +159,7 @@ $cols = array(
                _("Order Date") => array('name'=>'ord_date', 'type'=>'date', 'ord'=>'desc'),
                _("Currency") => array('align'=>'center'), 
                _("Order Total") => 'amount',
+               array('insert'=>true, 'fun'=>'edit_link'),
                array('insert'=>true, 'fun'=>'prt_link'),
 );
 
@@ -162,10 +170,6 @@ if (get_post('StockLocation') != $all_items) {
 
 $table =& new_db_pager('orders_tbl', $sql, $cols);
 
-if (get_post('SearchOrders')) {
-       $table->set_sql($sql);
-       $table->set_columns($cols);
-}
 $table->width = "80%";
 start_form();