X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fcost_update.php;h=e268f360dbdcdca8d6200bf88d087a57ab98b36d;hb=af78fbb535a6fedbc2eb70a26ddc39739be2b986;hp=48e75ebaa986635ea885ce5815c5f8c06aa5a144;hpb=f12dbe7523bb1abc6cd69b009ef8f0be838f5348;p=fa-stable.git

diff --git a/inventory/cost_update.php b/inventory/cost_update.php
index 48e75eba..e268f360 100644
--- a/inventory/cost_update.php
+++ b/inventory/cost_update.php
@@ -1,7 +1,16 @@
 <?php
-
-$page_security = 2;
-$path_to_root="..";
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
+$page_security = 'SA_STANDARDCOST';
+$path_to_root = "..";
 include_once($path_to_root . "/includes/session.inc");
 
 include_once($path_to_root . "/includes/date_functions.inc");
@@ -59,7 +68,7 @@ if (isset($_POST['UpdateData']))
 
         if ($update_no > 0)
         {
-    		display_note(get_gl_view_str(systypes::cost_update(), $update_no, _("View the GL Journal Entries for this Cost Update")), 0, 1);
+    		display_note(get_gl_view_str(ST_COSTUPDATE, $update_no, _("View the GL Journal Entries for this Cost Update")), 0, 1);
         }
    	}
 }
@@ -68,7 +77,7 @@ if (list_updated('stock_id'))
 	$Ajax->activate('cost_table');
 //-----------------------------------------------------------------------------------------
 
-start_form(false, true);
+start_form();
 
 if (!isset($_POST['stock_id']))
 	$_POST['stock_id'] = get_global_stock_item();
@@ -82,7 +91,7 @@ set_global_stock_item($_POST['stock_id']);
 $sql = "SELECT description, units, material_cost, labour_cost,
 	overhead_cost, mb_flag
 	FROM ".TB_PREF."stock_master
-	WHERE stock_id='" . $_POST['stock_id'] . "'
+	WHERE stock_id=".db_escape($_POST['stock_id']) . "
 	GROUP BY description, units, material_cost, labour_cost, overhead_cost, mb_flag";
 $result = db_query($sql);
 check_db_error("The cost details for the item could not be retrieved", $sql);
@@ -117,7 +126,7 @@ else
 
 end_table(1);
 div_end();
-submit_center('UpdateData', _("Update"));
+submit_center('UpdateData', _("Update"), true, false, 'default');
 
 end_form();
 end_page();