X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Finquiry%2Fpo_search_completed.php;h=1632f5b49de15f440d70011bdffddec4ba1231a1;hb=0bf933423b9645bcb57390c478d4fdaf0c895049;hp=1f9ff81007d6005061af0bf481920427c868ff9c;hpb=2383d33373d6ddec06906658a0ed6398077c1147;p=fa-stable.git

diff --git a/purchasing/inquiry/po_search_completed.php b/purchasing/inquiry/po_search_completed.php
index 1f9ff810..1632f5b4 100644
--- a/purchasing/inquiry/po_search_completed.php
+++ b/purchasing/inquiry/po_search_completed.php
@@ -9,7 +9,7 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 2;
+$page_security = 'SA_SUPPTRANSVIEW';
 $path_to_root="../..";
 include($path_to_root . "/includes/db_pager.inc");
 include($path_to_root . "/includes/session.inc");
@@ -21,7 +21,7 @@ if ($use_popup_windows)
 	$js .= get_js_open_window(900, 500);
 if ($use_date_picker)
 	$js .= get_js_date_picker();
-page(_("Search Purchase Orders"), false, false, "", $js);
+page(_($help_context = "Search Purchase Orders"), false, false, "", $js);
 
 if (isset($_GET['order_number']))
 {
@@ -69,7 +69,6 @@ stock_items_list_cells(_("for item:"), 'SelectStockFromList', null, true);
 submit_cells('SearchOrders', _("Search"),'',_('Select documents'), 'default');
 end_row();
 end_table();
-end_form();
 //---------------------------------------------------------------------------------------------
 if (isset($_POST['order_number']))
 {
@@ -77,7 +76,7 @@ if (isset($_POST['order_number']))
 }
 
 if (isset($_POST['SelectStockFromList']) &&	($_POST['SelectStockFromList'] != "") &&
-	($_POST['SelectStockFromList'] != reserved_words::get_all()))
+	($_POST['SelectStockFromList'] != ALL_TEXT))
 {
  	$selected_stock_item = $_POST['SelectStockFromList'];
 }
@@ -89,7 +88,7 @@ else
 //---------------------------------------------------------------------------------------------
 function trans_view($trans)
 {
-	return get_trans_view_str(systypes::po(), $trans["order_no"]);
+	return get_trans_view_str(ST_PURCHORDER, $trans["order_no"]);
 }
 
 function edit_link($row) 
@@ -126,7 +125,7 @@ $sql = "SELECT
 
 if (isset($order_number) && $order_number != "")
 {
-	$sql .= "AND porder.reference LIKE '%". $order_number . "%'";
+	$sql .= "AND porder.reference LIKE ".db_escape('%'. $order_number . '%');
 }
 else
 {
@@ -137,13 +136,13 @@ else
 	$sql .= " AND porder.ord_date >= '$data_after'";
 	$sql .= " AND porder.ord_date <= '$date_before'";
 
-	if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != reserved_words::get_all())
+	if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT)
 	{
-		$sql .= " AND porder.into_stock_location = '". $_POST['StockLocation'] . "' ";
+		$sql .= " AND porder.into_stock_location = ".db_escape($_POST['StockLocation']);
 	}
 	if (isset($selected_stock_item))
 	{
-		$sql .= " AND line.item_code='". $selected_stock_item ."' ";
+		$sql .= " AND line.item_code=".db_escape($selected_stock_item);
 	}
 
 } //end not order number selected
@@ -170,12 +169,7 @@ if (get_post('StockLocation') != $all_items) {
 
 $table =& new_db_pager('orders_tbl', $sql, $cols);
 
-if (get_post('SearchOrders')) {
-	$table->set_sql($sql);
-	$table->set_columns($cols);
-}
 $table->width = "80%";
-start_form();
 
 display_db_pager($table);