X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fpayment_terms.php;h=1e0f8c652bb8529c0e1605db8b1789692e378ac0;hb=081465f30442afc4f008a1c7038bef320466a730;hp=ddc4c50945fca768af030f114027629028e7d0fa;hpb=0b253e5e0d23400838d3bfb4f27fb3fb2637b3ab;p=fa-stable.git

diff --git a/admin/payment_terms.php b/admin/payment_terms.php
index ddc4c509..1e0f8c65 100644
--- a/admin/payment_terms.php
+++ b/admin/payment_terms.php
@@ -9,11 +9,11 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 10;
+$page_security = 'SA_PAYTERMS';
 $path_to_root="..";
 include($path_to_root . "/includes/session.inc");
 
-page(_("Payment Terms"));
+page(_($help_context = "Payment Terms"));
 
 include($path_to_root . "/includes/ui.inc");
 
@@ -103,7 +103,7 @@ if ($Mode == 'Delete')
 {
 	// PREVENT DELETES IF DEPENDENT RECORDS IN debtors_master
 
-	$sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master WHERE payment_terms = '$selected_id'";
+	$sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master WHERE payment_terms = ".db_escape($selected_id);
 	$result = db_query($sql,"check failed");
 	$myrow = db_fetch_row($result);
 	if ($myrow[0] > 0) 
@@ -112,7 +112,7 @@ if ($Mode == 'Delete')
 	} 
 	else 
 	{
-		$sql= "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE payment_terms = '$selected_id'";
+		$sql= "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE payment_terms = ".db_escape($selected_id);
 		$result = db_query($sql,"check failed");
 		$myrow = db_fetch_row($result);
 		if ($myrow[0] > 0) 
@@ -123,7 +123,7 @@ if ($Mode == 'Delete')
 		{
 			//only delete if used in neither customer or supplier accounts
 
-			$sql="DELETE FROM ".TB_PREF."payment_terms WHERE terms_indicator='$selected_id'";
+			$sql="DELETE FROM ".TB_PREF."payment_terms WHERE terms_indicator=".db_escape($selected_id);
 			db_query($sql,"could not delete a payment terms");
 			display_notification(_('Selected payment terms have been deleted'));
 		}
@@ -198,7 +198,7 @@ if ($selected_id != -1)
 	if ($Mode == 'Edit') {
 		//editing an existing payment terms
 		$sql = "SELECT * FROM ".TB_PREF."payment_terms
-			WHERE terms_indicator='$selected_id'";
+			WHERE terms_indicator=".db_escape($selected_id);
 
 		$result = db_query($sql,"could not get payment term");
 		$myrow = db_fetch($result);
@@ -206,6 +206,7 @@ if ($selected_id != -1)
 		$_POST['terms']  = $myrow["terms"];
 		$days_before_due  = $myrow["days_before_due"];
 		$day_in_following_month  = $myrow["day_in_following_month"];
+		unset($_POST['DayNumber']);
 	}
 	hidden('selected_id', $selected_id);
 }