X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fmanage%2Frecurrent_invoices.php;h=a1b0bdec6f3595a41d836a5587fa70e348695f93;hb=8ea6c4dd0d9b31b3456d012b0c94339b801bee0c;hp=eace174d3aa6df912822e8033f9f18bee84f34fd;hpb=a5242af68e65661edb7175412444dce536a7f311;p=fa-stable.git

diff --git a/sales/manage/recurrent_invoices.php b/sales/manage/recurrent_invoices.php
index eace174d..a1b0bdec 100644
--- a/sales/manage/recurrent_invoices.php
+++ b/sales/manage/recurrent_invoices.php
@@ -9,8 +9,8 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 3;
-$path_to_root="../..";
+$page_security = 'SA_SRECURRENT';
+$path_to_root = "../..";
 include($path_to_root . "/includes/session.inc");
 include($path_to_root . "/includes/ui.inc");
 
@@ -49,7 +49,7 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
     			monthly=".input_num('monthly', 0).", 
     			begin='".date2sql($_POST['begin'])."', 
     			end='".date2sql($_POST['end'])."' 
-    			WHERE id = '$selected_id'";
+    			WHERE id = ".db_escape($selected_id);
 			$note = _('Selected recurrent invoice has been updated');
     	} 
     	else 
@@ -75,7 +75,7 @@ if ($Mode == 'Delete')
 
 	if ($cancel_delete == 0) 
 	{
-		$sql="DELETE FROM ".TB_PREF."recurrent_invoices WHERE id='" . $selected_id . "'";
+		$sql="DELETE FROM ".TB_PREF."recurrent_invoices WHERE id=".db_escape($selected_id);
 		db_query($sql,"could not delete recurrent invoice");
 
 		display_notification(_('Selected recurrent invoice has been deleted'));
@@ -91,7 +91,7 @@ if ($Mode == 'RESET')
 //-------------------------------------------------------------------------------------------------
 function get_sales_group_name($group_no)
 {
-	$sql = "SELECT description FROM ".TB_PREF."groups WHERE id = $group_no";
+	$sql = "SELECT description FROM ".TB_PREF."groups WHERE id = ".db_escape($group_no);
 	$result = db_query($sql, "could not get group");
 	$row = db_fetch($result);
 	return $row[0];
@@ -114,7 +114,7 @@ while ($myrow = db_fetch($result))
 	alt_table_row_color($k);
 		
 	label_cell($myrow["description"]);
-	label_cell(get_customer_trans_view_str(30, $myrow["order_no"]));
+	label_cell(get_customer_trans_view_str(ST_SALESORDER, $myrow["order_no"]));
 	if ($myrow["debtor_no"] == 0)
 	{
 		label_cell("");
@@ -149,7 +149,7 @@ if ($selected_id != -1)
 {
  	if ($Mode == 'Edit') {
 		//editing an existing area
-		$sql = "SELECT * FROM ".TB_PREF."recurrent_invoices WHERE id='$selected_id'";
+		$sql = "SELECT * FROM ".TB_PREF."recurrent_invoices WHERE id=".db_escape($selected_id);
 
 		$result = db_query($sql,"could not get recurrent invoice");
 		$myrow = db_fetch($result);
@@ -188,7 +188,7 @@ date_row(_("End:"), 'end', null, null, 0, 0, 5);
 
 end_table(1);
 
-submit_add_or_update_center($selected_id == -1, '', true);
+submit_add_or_update_center($selected_id == -1, '', 'both');
 
 end_form();