Added text fields sanitization on upgrdae to 2.2.

[fa-stable.git] / sales / customer_payments.php

diff --git a/sales/customer_payments.php b/sales/customer_payments.php
index afc30fa0a1cd66bc4511d490b16b62a6778e3c2b..a01bd2896df7df19760a7caa17dc94ce56f54b19 100644 (file)
--- a/sales/customer_payments.php
+++ b/sales/customer_payments.php
@@ -143,7 +143,11 @@ function can_process()
        }
 
        $_SESSION['alloc']->amount = input_num('amount');
-       return check_allocations();
+
+       if (isset($_POST["TotalNumberOfAllocs"]))
+               return check_allocations();
+       else
+               return true;
 }
 
 //----------------------------------------------------------------------------------------------
@@ -200,7 +204,7 @@ function read_customer_data()
                ".TB_PREF."credit_status.dissallow_invoices
                FROM ".TB_PREF."debtors_master, ".TB_PREF."credit_status
                WHERE ".TB_PREF."debtors_master.credit_status = ".TB_PREF."credit_status.id
-                       AND ".TB_PREF."debtors_master.debtor_no = '" . $_POST['customer_id'] . "'";
+                       AND ".TB_PREF."debtors_master.debtor_no = ".db_escape($_POST['customer_id']);
 
        $result = db_query($sql, "could not query customers");