From f158d84399d97f9d5556dbab48f46ed79d221182 Mon Sep 17 00:00:00 2001 From: Janusz Dobrowolski Date: Fri, 19 Aug 2011 10:06:38 +0200 Subject: [PATCH] Fixed improper checks on GL account deletion. --- gl/includes/db/gl_db_accounts.inc | 14 +++++++++++++- gl/manage/bank_accounts.php | 5 ++--- gl/manage/gl_accounts.php | 25 ++++++++++++------------- 3 files changed, 27 insertions(+), 17 deletions(-) diff --git a/gl/includes/db/gl_db_accounts.inc b/gl/includes/db/gl_db_accounts.inc index f97b713e..a788604a 100644 --- a/gl/includes/db/gl_db_accounts.inc +++ b/gl/includes/db/gl_db_accounts.inc @@ -103,7 +103,7 @@ function gl_account_in_company_defaults($acc) OR name='default_cogs_act' OR name='default_adj_act' OR name='default_inv_sales_act' - OR name='default_assembly_act') AND value=$acc"; + OR name='default_assembly_act') AND value=".db_escape($acc); $result = db_query($sql,"Couldn't test for default company GL codes"); $myrow = db_fetch_row($result); @@ -112,6 +112,8 @@ function gl_account_in_company_defaults($acc) function gl_account_in_stock_category($acc) { + $acc = db_escape($acc); + $sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_category WHERE dflt_inventory_act=$acc OR dflt_cogs_act=$acc @@ -125,6 +127,8 @@ function gl_account_in_stock_category($acc) function gl_account_in_stock_master($acc) { + $acc = db_escape($acc); + $sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_master WHERE inventory_account=$acc OR cogs_account=$acc @@ -138,6 +142,8 @@ function gl_account_in_stock_master($acc) function gl_account_in_tax_types($acc) { + $acc = db_escape($acc); + $sql= "SELECT COUNT(*) FROM ".TB_PREF."tax_types WHERE sales_gl_code=$acc OR purchasing_gl_code=$acc"; $result = db_query($sql,"Couldn't test for existing tax GL codes"); @@ -147,6 +153,8 @@ function gl_account_in_tax_types($acc) function gl_account_in_cust_branch($acc) { + $acc = db_escape($acc); + $sql= "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE sales_account=$acc OR sales_discount_account=$acc @@ -160,6 +168,8 @@ function gl_account_in_cust_branch($acc) function gl_account_in_suppliers($acc) { + $acc = db_escape($acc); + $sql= "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE purchase_account=$acc OR payment_discount_account=$acc @@ -172,6 +182,8 @@ function gl_account_in_suppliers($acc) function gl_account_in_quick_entry_lines($acc) { + $acc = db_escape($acc); + $sql= "SELECT COUNT(*) FROM ".TB_PREF."quick_entry_lines WHERE dest_id=$acc AND UPPER(LEFT(action, 1)) <> 'T'"; $result = db_query($sql,"Couldn't test for existing Quick Entry Line GL codes"); diff --git a/gl/manage/bank_accounts.php b/gl/manage/bank_accounts.php index d8d02ab2..c494247b 100644 --- a/gl/manage/bank_accounts.php +++ b/gl/manage/bank_accounts.php @@ -68,16 +68,15 @@ elseif( $Mode == 'Delete') //the link to delete a selected record was clicked instead of the submit button $cancel_delete = 0; - $acc = db_escape($selected_id); // PREVENT DELETES IF DEPENDENT RECORDS IN 'bank_trans' - if (key_in_foreign_table($acc, 'bank_trans', 'bank_act', true)) + if (key_in_foreign_table($selected_id, 'bank_trans', 'bank_act', true) || key_in_foreign_table(get_post('account_code'), 'gl_trans', 'account', true)) { $cancel_delete = 1; display_error(_("Cannot delete this bank account because transactions have been created using this account.")); } - if (key_in_foreign_table($acc, 'sales_pos', 'pos_account', true)) + if (key_in_foreign_table($selected_id, 'sales_pos', 'pos_account', true)) { $cancel_delete = 1; display_error(_("Cannot delete this bank account because POS definitions have been created using this account.")); diff --git a/gl/manage/gl_accounts.php b/gl/manage/gl_accounts.php index 345d3791..db432dcc 100644 --- a/gl/manage/gl_accounts.php +++ b/gl/manage/gl_accounts.php @@ -110,61 +110,60 @@ function can_delete($selected_account) { if ($selected_account == "") return false; - $acc = db_escape($selected_account); - if (key_in_foreign_table($acc, 'gl_trans', 'account', true)) + if (key_in_foreign_table($selected_account, 'gl_trans', 'account', true)) { display_error(_("Cannot delete this account because transactions have been created using this account.")); return false; } - if (gl_account_in_company_defaults($acc)) + if (gl_account_in_company_defaults($selected_account)) { display_error(_("Cannot delete this account because it is used as one of the company default GL accounts.")); return false; } - if (key_in_foreign_table($acc, 'bank_accounts', 'account_code', true)) + if (key_in_foreign_table($selected_account, 'bank_accounts', 'account_code', true)) { display_error(_("Cannot delete this account because it is used by a bank account.")); return false; } - if (gl_account_in_stock_category($acc)) + if (gl_account_in_stock_category($selected_account)) { display_error(_("Cannot delete this account because it is used by one or more Item Categories.")); return false; } - if (gl_account_in_stock_master($acc)) + if (gl_account_in_stock_master($selected_account)) { display_error(_("Cannot delete this account because it is used by one or more Items.")); return false; } - if (gl_account_in_tax_types($acc)) + if (gl_account_in_tax_types($selected_account)) { display_error(_("Cannot delete this account because it is used by one or more Taxes.")); return false; } - if (gl_account_in_cust_branch($acc)) + if (gl_account_in_cust_branch($selected_account)) { display_error(_("Cannot delete this account because it is used by one or more Customer Branches.")); return false; } - if (gl_account_in_suppliers($acc)) + if (gl_account_in_suppliers($selected_account)) { display_error(_("Cannot delete this account because it is used by one or more suppliers.")); return false; - } - - if (gl_account_in_quick_entry_lines($acc)) + } + + if (gl_account_in_quick_entry_lines($selected_account)) { display_error(_("Cannot delete this account because it is used by one or more Quick Entry Lines.")); return false; - } + } return true; } -- 2.30.2