Security update merged from 2.1.

[fa-stable.git] / reporting / rep104.php
diff --git a/reporting/rep104.php b/reporting/rep104.php

index 280f447a74cd39363df0faafb3aac089347d2b9f..d6249e0d5a5dfeaf109b421c98655f56bcb3f81e 100644 (file)
--- a/reporting/rep104.php
+++ b/reporting/rep104.php
@@ -9,7 +9,7 @@
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
      See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
  ***********************************************************************/
-$page_security = 2;
+$page_security = 'SA_PRICEREP';
  // ----------------------------------------------------------------
  // $ Revision: 2.0 $
  // Creator:    Joe Hunt
@@ -24,7 +24,7 @@ include_once($path_to_root . "/includes/ui/ui_input.inc");
  include_once($path_to_root . "/includes/data_checks.inc");
  include_once($path_to_root . "/gl/includes/gl_db.inc");
  include_once($path_to_root . "/sales/includes/db/sales_types_db.inc");
-include_once($path_to_root . "/inventory/includes/db/items_category_db.inc");
+include_once($path_to_root . "/inventory/includes/inventory_db.inc");
  
  //----------------------------------------------------------------------------------------------------
  
@@ -40,7 +40,7 @@ function fetch_items($category=0)
                                 ".TB_PREF."stock_category
                         WHERE ".TB_PREF."stock_master.category_id=".TB_PREF."stock_category.category_id";
                 if ($category != 0)
-                       $sql .= " AND ".TB_PREF."stock_category.category_id = '$category'";
+                       $sql .= " AND ".TB_PREF."stock_category.category_id = ".db_escape($category);
                 $sql .= " ORDER BY ".TB_PREF."stock_master.category_id,
                                 ".TB_PREF."stock_master.stock_id";
  
@@ -57,7 +57,7 @@ function get_kits($category=0)
                         ON i.category_id=c.category_id";
         $sql .= " WHERE !i.is_foreign AND i.item_code!=i.stock_id";
         if ($category != 0)
-               $sql .= " AND c.category_id = '$category'";
+               $sql .= " AND c.category_id = ".db_escape($category);
         $sql .= " GROUP BY i.item_code";
      return db_query($sql,"No kits were returned");
  }
@@ -83,13 +83,13 @@ function print_price_listing()
      $dec = user_price_dec();
  
         $home_curr = get_company_pref('curr_default');
-       if ($currency == reserved_words::get_all())
+       if ($currency == ALL_TEXT)
                 $currency = $home_curr;
         $curr = get_currency($currency);
         $curr_sel = $currency . " - " . $curr['currency'];
-       if ($category == reserved_words::get_all_numeric())
+       if ($category == ALL_NUMERIC)
                 $category = 0;
-       if ($salestype == reserved_words::get_all_numeric())
+       if ($salestype == ALL_NUMERIC)
                 $salestype = 0;
         if ($category == 0)
                 $cat = _('All');
@@ -159,13 +159,14 @@ function print_price_listing()
                 }
                 if ($pictures)
                 {
-                       $image = $comp_path . '/'. $user_comp . "/images/" . $myrow['stock_id'] . ".jpg";
+                       $image = $comp_path . '/'. $user_comp . "/images/" 
+                               . item_img_name($myrow['stock_id']) . ".jpg";
                         if (file_exists($image))
                         {
                                 $rep->NewLine();
                                 if ($rep->row - $pic_height < $rep->bottomMargin)
                                         $rep->Header();
-                               $rep->AddImage($image, $rep->cols[1], $rep->row - $pic_height, $pic_width, $pic_height);
+                               $rep->AddImage($image, $rep->cols[1], $rep->row - $pic_height, 0, $pic_height);
                                 $rep->row -= $pic_height;
                                 $rep->NewLine();
                         }