Changed context help organization to enable use of central, multilanguage wiki.

[fa-stable.git] / sales / inquiry / sales_deliveries_view.php

diff --git a/sales/inquiry/sales_deliveries_view.php b/sales/inquiry/sales_deliveries_view.php
index d39a733eb2239767dfe553da872f7e69d1e1978b..e65602bf557f6a2fba83423691878fe92ad2f21d 100644 (file)
--- a/sales/inquiry/sales_deliveries_view.php
+++ b/sales/inquiry/sales_deliveries_view.php
@@ -9,7 +9,7 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 'SA_SALESTRANSVIEW';
+$page_security = 'SA_SALESINVOICE';
 $path_to_root = "../..";
 include($path_to_root . "/includes/db_pager.inc");
 include($path_to_root . "/includes/session.inc");
@@ -26,12 +26,12 @@ if ($use_date_picker)
 if (isset($_GET['OutstandingOnly']) && ($_GET['OutstandingOnly'] == true))
 {
        $_POST['OutstandingOnly'] = true;
-       page(_("Search Not Invoiced Deliveries"), false, false, "", $js);
+       page(_($help_context = "Search Not Invoiced Deliveries"), false, false, "", $js);
 }
 else
 {
        $_POST['OutstandingOnly'] = false;
-       page(_("Search All Deliveries"), false, false, "", $js);
+       page(_($help_context = "Search All Deliveries"), false, false, "", $js);
 }
 
 if (isset($_GET['selected_customer']))
@@ -115,7 +115,6 @@ hidden('OutstandingOnly', $_POST['OutstandingOnly']);
 end_row();
 
 end_table();
-end_form();
 //---------------------------------------------------------------------------------------------
 
 if (isset($_POST['SelectStockFromList']) && ($_POST['SelectStockFromList'] != "") &&
@@ -204,7 +203,8 @@ if ($_POST['OutstandingOnly'] == true) {
 //figure out the sql required from the inputs available
 if (isset($_POST['DeliveryNumber']) && $_POST['DeliveryNumber'] != "")
 {
-       $sql .= " AND trans.trans_no LIKE '%". $_POST['DeliveryNumber'] ."'";
+       $delivery = "%".$_POST['DeliveryNumber'];
+       $sql .= " AND trans.trans_no LIKE ".db_escape($delivery);
        $sql .= " GROUP BY trans.trans_no";
 }
 else
@@ -213,13 +213,13 @@ else
        $sql .= " AND trans.tran_date <= '".date2sql($_POST['DeliveryToDate'])."'";
 
        if ($selected_customer != -1)
-               $sql .= " AND trans.debtor_no='" . $selected_customer . "' ";
+               $sql .= " AND trans.debtor_no=".db_escape($selected_customer)." ";
 
        if (isset($selected_stock_item))
-               $sql .= " AND line.stock_id='". $selected_stock_item ."' ";
+               $sql .= " AND line.stock_id=".db_escape($selected_stock_item)." ";
 
        if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT)
-               $sql .= " AND sorder.from_stk_loc = '". $_POST['StockLocation'] . "' ";
+               $sql .= " AND sorder.from_stk_loc = ".db_escape($_POST['StockLocation'])." ";
 
        $sql .= " GROUP BY trans.trans_no ";
 
@@ -257,8 +257,6 @@ $table->set_marker('check_overdue', _("Marked items are overdue."));
 
 //$table->width = "92%";
 
-start_form();
-
 display_db_pager($table);
 
 end_form();