Security update merged from 2.1.

[fa-stable.git] / sales / manage / sales_types.php

diff --git a/sales/manage/sales_types.php b/sales/manage/sales_types.php
index 05a3166adb8b0618d06b0d80f3590c226c9d132f..4d9d1f08a54a753940613792eabd3f56d4643bfb 100644 (file)
--- a/sales/manage/sales_types.php
+++ b/sales/manage/sales_types.php
@@ -9,8 +9,8 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 14;
-$path_to_root="../..";
+$page_security = 'SA_SALESTYPES';
+$path_to_root = "../..";
 include_once($path_to_root . "/includes/session.inc");
 
 page(_("Sales Types"));
@@ -66,7 +66,7 @@ if ($Mode == 'Delete')
 {
        // PREVENT DELETES IF DEPENDENT RECORDS IN 'debtor_trans'
 
-       $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE tpe='$selected_id'";
+       $sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE tpe=".db_escape($selected_id);
        $result = db_query($sql,"check failed");
        check_db_error("The number of transactions using this Sales type record could not be retrieved", $sql);
 
@@ -79,7 +79,7 @@ if ($Mode == 'Delete')
        else
        {
 
-               $sql = "SELECT COUNT(*) FROM ".TB_PREF."debtors_master WHERE sales_type='$selected_id'";
+               $sql = "SELECT COUNT(*) FROM ".TB_PREF."debtors_master WHERE sales_type=".db_escape($selected_id);
                $result = db_query($sql,"check failed");
                check_db_error("The number of customers using this Sales type record could not be retrieved", $sql);