X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Finquiry%2Fsales_orders_view.php;h=dac158eaf7c133aa31679c9a2611f13ba8f25982;hb=8ea6c4dd0d9b31b3456d012b0c94339b801bee0c;hp=9ec7cc313a2b2e8f9a4e98d011f7873bcff60ab2;hpb=f0f460043b9bcb6153c0f6f82d4a74433efe4ad8;p=fa-stable.git diff --git a/sales/inquiry/sales_orders_view.php b/sales/inquiry/sales_orders_view.php index 9ec7cc31..dac158ea 100644 --- a/sales/inquiry/sales_orders_view.php +++ b/sales/inquiry/sales_orders_view.php @@ -9,7 +9,6 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 'SA_STEMPLATE'; $path_to_root = "../.."; include($path_to_root . "/includes/db_pager.inc"); @@ -17,6 +16,15 @@ include($path_to_root . "/includes/session.inc"); include($path_to_root . "/sales/includes/sales_ui.inc"); include_once($path_to_root . "/reporting/includes/reporting.inc"); +$page_security = 'SA_SALESTRANSVIEW'; + +set_page_security( @$_POST['order_view_mode'], + array( 'OutstandingOnly' => 'SA_SALESDELIVERY', + 'InvoiceTemplates' => 'SA_SALESINVOICE'), + array( 'OutstandingOnly' => 'SA_SALESDELIVERY', + 'InvoiceTemplates' => 'SA_SALESINVOICE') +); + $js = ""; if ($use_popup_windows) $js .= get_js_open_window(900, 600); @@ -29,6 +37,7 @@ elseif (isset($_GET['type']) && $_GET['type'] == ST_SALESQUOTE) $trans_type = ST_SALESQUOTE; else $trans_type = ST_SALESORDER; + if ($trans_type == ST_SALESORDER) { if (isset($_GET['OutstandingOnly']) && ($_GET['OutstandingOnly'] == true)) @@ -266,8 +275,9 @@ $sql = "SELECT if (isset($_POST['OrderNumber']) && $_POST['OrderNumber'] != "") { - // search orders with number like ... - $sql .= " AND sorder.order_no LIKE '%". $_POST['OrderNumber'] ."'" + // search orders with number like + $number_like = "%".$_POST['OrderNumber']; + $sql .= " AND sorder.order_no LIKE ".db_escape($number_like) ." GROUP BY sorder.order_no"; } else // ... or select inquiry constraints @@ -283,13 +293,13 @@ else // ... or select inquiry constraints if ($trans_type == 32 && !check_value('show_all')) $sql .= " AND sorder.delivery_date >= '".date2sql(Today())."'"; if ($selected_customer != -1) - $sql .= " AND sorder.debtor_no='" . $selected_customer . "'"; + $sql .= " AND sorder.debtor_no=".db_escape($selected_customer); if (isset($selected_stock_item)) - $sql .= " AND line.stk_code='". $selected_stock_item ."'"; + $sql .= " AND line.stk_code=".db_escape($selected_stock_item); if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT) - $sql .= " AND sorder.from_stk_loc = '". $_POST['StockLocation'] . "' "; + $sql .= " AND sorder.from_stk_loc = ".db_escape($_POST['StockLocation']); if ($_POST['order_view_mode']=='OutstandingOnly') $sql .= " AND line.qty_sent < line.quantity"; @@ -333,15 +343,15 @@ else _("Currency") => array('align'=>'center') ); if ($_POST['order_view_mode'] == 'OutstandingOnly') { - //array_replace($cols, 3, 1, _("Cust Order Ref")); + //array_substitute($cols, 3, 1, _("Cust Order Ref")); array_append($cols, array(array('insert'=>true, 'fun'=>'dispatch_link'))); } elseif ($_POST['order_view_mode'] == 'InvoiceTemplates') { - array_replace($cols, 3, 1, _("Description")); + array_substitute($cols, 3, 1, _("Description")); array_append($cols, array( array('insert'=>true, 'fun'=>'invoice_link'))); } else if ($_POST['order_view_mode'] == 'DeliveryTemplates') { - array_replace($cols, 3, 1, _("Description")); + array_substitute($cols, 3, 1, _("Description")); array_append($cols, array( array('insert'=>true, 'fun'=>'delivery_link')) );