! -> Note
$ -> Affected files
+18-Oct-2009 Joe Hunt
+# Fixed double escaping gl account name on add/update.
+$ /gl/includes/db/gl_db_accounts.inc
+
------------------------------- Release 2.1.7 ----------------------------------
! Seccurity release 2.1.7. We strongly encourage to update to this release.
-16-ock-2009 Joe Hunt
+16-Oct-2009 Joe Hunt
$ config.php
15-Oct-2009 Joe Hunt
***********************************************************************/
function add_gl_account($account_code, $account_name, $account_type, $account_code2)
{
- $account_name = db_escape($account_name);
$sql = "INSERT INTO ".TB_PREF."chart_master (account_code, account_code2, account_name, account_type)
VALUES (".db_escape($account_code).", ".db_escape($account_code2).", "
.db_escape($account_name).", ".db_escape($account_type).")";
function update_gl_account($account_code, $account_name, $account_type, $account_code2)
{
- $account_name = db_escape($account_name);
$sql = "UPDATE ".TB_PREF."chart_master SET account_name=".db_escape($account_name)
.",account_type=".db_escape($account_type).", account_code2=".db_escape($account_code2)
." WHERE account_code = ".db_escape($account_code);