X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Finquiry%2Fpo_search_completed.php;h=23053bae4cc850e4dbeedea3b564d7fdbeba1461;hb=510d6e1925c4d1621ae3efd85e117cc9bb4320f0;hp=56945c6bc8ea37aee139e5bd4aec78d8f8b814e2;hpb=e000d0b3fb245b02de604356b1f60c65b5f4962f;p=fa-stable.git

diff --git a/purchasing/inquiry/po_search_completed.php b/purchasing/inquiry/po_search_completed.php
index 56945c6b..23053bae 100644
--- a/purchasing/inquiry/po_search_completed.php
+++ b/purchasing/inquiry/po_search_completed.php
@@ -1,6 +1,15 @@
 <?php
-
-$page_security = 2;
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
+$page_security = 'SA_SUPPTRANSVIEW';
 $path_to_root="../..";
 include($path_to_root . "/includes/db_pager.inc");
 include($path_to_root . "/includes/session.inc");
@@ -44,7 +53,7 @@ if (get_post('SearchOrders'))
 }
 //---------------------------------------------------------------------------------------------
 
-start_form(false, true);
+start_form();
 
 start_table("class='tablestyle_noborder'");
 start_row();
@@ -57,7 +66,7 @@ locations_list_cells(_("into location:"), 'StockLocation', null, true);
 
 stock_items_list_cells(_("for item:"), 'SelectStockFromList', null, true);
 
-submit_cells('SearchOrders', _("Search"),'',_('Select documents'), true);
+submit_cells('SearchOrders', _("Search"),'',_('Select documents'), 'default');
 end_row();
 end_table();
 end_form();
@@ -68,7 +77,7 @@ if (isset($_POST['order_number']))
 }
 
 if (isset($_POST['SelectStockFromList']) &&	($_POST['SelectStockFromList'] != "") &&
-	($_POST['SelectStockFromList'] != reserved_words::get_all()))
+	($_POST['SelectStockFromList'] != ALL_TEXT))
 {
  	$selected_stock_item = $_POST['SelectStockFromList'];
 }
@@ -80,12 +89,19 @@ else
 //---------------------------------------------------------------------------------------------
 function trans_view($trans)
 {
-	return get_trans_view_str(systypes::po(), $trans["order_no"]);
+	return get_trans_view_str(ST_PURCHORDER, $trans["order_no"]);
+}
+
+function edit_link($row) 
+{
+  return pager_link( _("Edit"),
+	"/purchasing/po_entry_items.php?" . SID 
+	. "ModifyOrderNumber=" . $row["order_no"], ICON_EDIT);
 }
 
 function prt_link($row)
 {
-	return print_document_link($row['order_no'], _("Print"), true, 18);
+	return print_document_link($row['order_no'], _("Print"), true, 18, ICON_PRINT);
 }
 
 //---------------------------------------------------------------------------------------------
@@ -110,7 +126,7 @@ $sql = "SELECT
 
 if (isset($order_number) && $order_number != "")
 {
-	$sql .= "AND porder.reference LIKE '%". $order_number . "%'";
+	$sql .= "AND porder.reference LIKE ".db_escape('%'. $order_number . '%');
 }
 else
 {
@@ -121,13 +137,13 @@ else
 	$sql .= " AND porder.ord_date >= '$data_after'";
 	$sql .= " AND porder.ord_date <= '$date_before'";
 
-	if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != reserved_words::get_all())
+	if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT)
 	{
-		$sql .= " AND porder.into_stock_location = '". $_POST['StockLocation'] . "' ";
+		$sql .= " AND porder.into_stock_location = ".db_escape($_POST['StockLocation']);
 	}
 	if (isset($selected_stock_item))
 	{
-		$sql .= " AND line.item_code='". $selected_stock_item ."' ";
+		$sql .= " AND line.item_code=".db_escape($selected_stock_item);
 	}
 
 } //end not order number selected
@@ -140,9 +156,10 @@ $cols = array(
 		_("Supplier") => array('ord'=>''),
 		_("Location"),
 		_("Supplier's Reference"), 
-		_("Order Date") => array('type'=>'date', 'ord'=>'desc'),
+		_("Order Date") => array('name'=>'ord_date', 'type'=>'date', 'ord'=>'desc'),
 		_("Currency") => array('align'=>'center'), 
 		_("Order Total") => 'amount',
+		array('insert'=>true, 'fun'=>'edit_link'),
 		array('insert'=>true, 'fun'=>'prt_link'),
 );
 
@@ -153,10 +170,7 @@ if (get_post('StockLocation') != $all_items) {
 
 $table =& new_db_pager('orders_tbl', $sql, $cols);
 
-if (get_post('SearchOrders')) {
-	$table->set_sql($sql);
-	$table->set_columns($cols);
-}
+$table->width = "80%";
 start_form();
 
 display_db_pager($table);