Security update merged from 2.1.

[fa-stable.git] / reporting / rep301.php

diff --git a/reporting/rep301.php b/reporting/rep301.php
index dede52077f64ff7032ed17bf5299d0b8ca41919a..3b091cde1da032217492d436284d6a298829e37e 100644 (file)
--- a/reporting/rep301.php
+++ b/reporting/rep301.php
@@ -52,9 +52,9 @@ function getTransactions($category, $location)
                        ".TB_PREF."stock_master.description
                HAVING SUM(".TB_PREF."stock_moves.qty) != 0";
                if ($category != 0)
-                       $sql .= " AND ".TB_PREF."stock_master.category_id = '$category'";
+                       $sql .= " AND ".TB_PREF."stock_master.category_id = ".db_escape($category);
                if ($location != 'all')
-                       $sql .= " AND ".TB_PREF."stock_moves.loc_code = '$location'";
+                       $sql .= " AND ".TB_PREF."stock_moves.loc_code = ".db_escape($location);
                $sql .= " ORDER BY ".TB_PREF."stock_master.category_id,
                        ".TB_PREF."stock_master.stock_id";
 
@@ -76,17 +76,17 @@ function print_inventory_valuation_report()
                include_once($path_to_root . "/reporting/includes/excel_report.inc");
        else
                include_once($path_to_root . "/reporting/includes/pdf_report.inc");
-
+       $detail = !$detail;
     $dec = user_price_dec();
 
-       if ($category == reserved_words::get_all_numeric())
+       if ($category == ALL_NUMERIC)
                $category = 0;
        if ($category == 0)
                $cat = _('All');
        else
                $cat = get_category_name($category);
 
-       if ($location == reserved_words::get_all())
+       if ($location == ALL_TEXT)
                $location = 'all';
        if ($location == 'all')
                $loc = _('All');