Added text fields sanitization on upgrdae to 2.2.

[fa-stable.git] / sales / customer_payments.php

diff --git a/sales/customer_payments.php b/sales/customer_payments.php
index 53f92be50d40505e54c1f312fd2a980bcb0f1b23..a01bd2896df7df19760a7caa17dc94ce56f54b19 100644 (file)
--- a/sales/customer_payments.php
+++ b/sales/customer_payments.php
@@ -60,7 +60,7 @@ if (isset($_GET['AddedID'])) {
 
        display_notification_centered(_("The customer payment has been successfully entered."));
 
-       display_note(get_gl_view_str(12, $payment_no, _("&View the GL Journal Entries for this Customer Payment")));
+       display_note(get_gl_view_str(ST_CUSTPAYMENT, $payment_no, _("&View the GL Journal Entries for this Customer Payment")));
 
 //     hyperlink_params($path_to_root . "/sales/allocations/customer_allocate.php", _("&Allocate this Customer Payment"), "trans_no=$payment_no&trans_type=12");
 
@@ -92,7 +92,7 @@ function can_process()
                return false;
        }
 
-       if (!is_new_reference($_POST['ref'], 12)) {
+       if (!is_new_reference($_POST['ref'], ST_CUSTPAYMENT)) {
                display_error(_("The entered reference is already in use."));
                set_focus('ref');
                return false;
@@ -109,11 +109,13 @@ function can_process()
                set_focus('charge');
                return false;
        }
-
-       if (isset($_POST['charge']) && input_num('charge') > 0 && get_company_pref('bank_charge_act') == '') {
-               display_error(_("The Bank Charge Account has not been set in System and General GL Setup."));
-               set_focus('charge');
-               return false;
+       if (isset($_POST['charge']) && input_num('charge') > 0) {
+               $charge_acct = get_company_pref('bank_charge_act');
+               if (get_gl_account($charge_acct) == false) {
+                       display_error(_("The Bank Charge Account has not been set in System and General GL Setup."));
+                       set_focus('charge');
+                       return false;
+               }       
        }
 
        if (isset($_POST['_ex_rate']) && !check_num('_ex_rate', 0.000001))
@@ -141,7 +143,11 @@ function can_process()
        }
 
        $_SESSION['alloc']->amount = input_num('amount');
-       return check_allocations();
+
+       if (isset($_POST["TotalNumberOfAllocs"]))
+               return check_allocations();
+       else
+               return true;
 }
 
 //----------------------------------------------------------------------------------------------
@@ -198,7 +204,7 @@ function read_customer_data()
                ".TB_PREF."credit_status.dissallow_invoices
                FROM ".TB_PREF."debtors_master, ".TB_PREF."credit_status
                WHERE ".TB_PREF."debtors_master.credit_status = ".TB_PREF."credit_status.id
-                       AND ".TB_PREF."debtors_master.debtor_no = '" . $_POST['customer_id'] . "'";
+                       AND ".TB_PREF."debtors_master.debtor_no = ".db_escape($_POST['customer_id']);
 
        $result = db_query($sql, "could not query customers");
 
@@ -218,7 +224,7 @@ start_form();
 
        customer_list_row(_("From Customer:"), 'customer_id', null, false, true);
        if (!isset($_POST['bank_account'])) // first page call
-                 $_SESSION['alloc'] = new allocation(12,0);
+                 $_SESSION['alloc'] = new allocation(ST_CUSTPAYMENT,0);
 
        if (db_customer_has_branches($_POST['customer_id'])) {
                customer_branches_list_row(_("Branch:"), $_POST['customer_id'], 'BranchID', null, false, true, true);