X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fui%2Fui_lists.inc;h=d2be5fab97aec7eebcf1a62c3218e4d348e14f2a;hb=5d3fcb9c57e586c20651594edf91a2dccb08df00;hp=91722536b7931b3aab1c842d41f7df768bb0f215;hpb=eabd55f8ffc01d28b6b0af9d0352424355188551;p=fa-stable.git

diff --git a/includes/ui/ui_lists.inc b/includes/ui/ui_lists.inc
index 91722536..d2be5fab 100644
--- a/includes/ui/ui_lists.inc
+++ b/includes/ui/ui_lists.inc
@@ -709,7 +709,7 @@ $options = array(
 	if (!$showclosed)
 		$options['where'][] = "closed=0";
 	if($showtype)
-		$options['where'][] = "type_=$showtype";
+		$options['where'][] = "type_=".db_escape($showtype);
 
 	return combo_input($name, $selected_id, $sql, 'id', 'ref', $options);
 }
@@ -889,7 +889,7 @@ function stock_component_items_list($name, $parent_stock_id, $selected_id=null,
 	$all_option=false, $submit_on_change=false, $editkey = false)
 {
 	return stock_items_list($name, $selected_id, $all_option, $submit_on_change,
-		array('where'=>array("stock_id != '$parent_stock_id'")), $editkey);
+		array('where'=>array("stock_id != ".db_escape($parent_stock_id))), $editkey);
 }
 
 function stock_component_items_list_cells($label, $name, $parent_stock_id, 
@@ -898,7 +898,7 @@ function stock_component_items_list_cells($label, $name, $parent_stock_id,
 	if ($label != null)
 		echo "<td>$label</td>\n";
 	echo stock_items_list($name, $selected_id, $all_option, $submit_on_change,
-		array('where'=>array("stock_id != '$parent_stock_id'"), 'cells'=>true),
+		array('where'=>array("stock_id != ".db_escape($parent_stock_id)), 'cells'=>true),
 		$editkey);
 }
 //------------------------------------------------------------------------------------
@@ -1911,7 +1911,7 @@ function journal_types_list_cells($label, $name, $value=null, $submit_on_change=
 
 	// exclude quotes, orders and dimensions
 	foreach (array(ST_PURCHORDER, ST_WORKORDER, ST_SALESORDER, ST_DIMENSION, 
-				ST_SALESQUOTE) as $excl)
+				ST_SALESQUOTE, ST_LOCTRANSFER) as $excl)
 			unset($items[$excl]);
 	
 	echo array_selector($name, $value, $items, 
@@ -2200,7 +2200,7 @@ function security_roles_list_row($label, $name, $selected_id=null, $new_item=fal
 	echo "</tr>\n";
 }
 
-function tab_list_row($label, $name, $selected_id=null, $all = false)
+function tab_list_row($label, $name, $selected_id=null)
 {
 	global $installed_extensions;
 	
@@ -2208,12 +2208,6 @@ function tab_list_row($label, $name, $selected_id=null, $all = false)
 	foreach ($_SESSION['App']->applications as $app) {
 		$tabs[$app->id] = access_string($app->name, true);
 	}
-	if ($all) {	// add also not active ext. modules
-		foreach ($installed_extensions as $ext) {
-			if ($ext['type'] == 'module' && !$ext['active'])
-				$tabs[$ext['tab']] = access_string($ext['title'], true);
-		}
-	}
 	echo "<tr>\n";
 	echo "<td class='label'>$label</td><td>\n";
 	echo array_selector($name, $selected_id, $tabs);