From 64ece402c019dd54bd6ca9882fd300362ef42871 Mon Sep 17 00:00:00 2001
From: Joe Hunt <joe.hunt.consulting@gmail.com>
Date: Wed, 29 Jul 2009 14:07:05 +0000
Subject: [PATCH] Release 2.1.4

---
 CHANGELOG.txt                         | 10 ++++++++++
 config.php                            |  2 +-
 inventory/purchasing_data.php         |  8 ++++----
 purchasing/includes/purchasing_db.inc |  4 ++--
 reporting/rep709.php                  |  2 +-
 5 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 896b53dd..b055599a 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -19,6 +19,16 @@ Legend:
 ! -> Note
 $ -> Affected files
 
+------------------------------- Release 2.1.4 ----------------------------------
+30-Jul-2009 Joe Hunt
+! Release 2.1.4
+$ config.php
+# Bad right margin on Tax Report (papersize A4)
+$ /reporting/rep709.php
+# [0000146] Purch data description with a ' (apostrophe) fails
+$ /inventory/purchasing_data.php
+  /purchasing/includes/db/purchasing_db.inc
+
 28-Jul-2009 Joe Hunt
 # Bugs in sending documents as email. Seems to land in the spam filter due to bad text and scrambled name on attached documents
 $ /reporting/rep109.php
diff --git a/config.php b/config.php
index d45a837f..6fb1c5e5 100644
--- a/config.php
+++ b/config.php
@@ -56,7 +56,7 @@ if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_
 	// Main Title
 	$app_title = "FrontAccounting";
 	// application version
-	$version 		= "2.1.3";
+	$version 		= "2.1.4";
 
 	// Build for development purposes
 	$build_version 	= date("d.m.Y", filemtime("$path_to_root/CHANGELOG.txt"));
diff --git a/inventory/purchasing_data.php b/inventory/purchasing_data.php
index c545beb5..ce1c9b78 100644
--- a/inventory/purchasing_data.php
+++ b/inventory/purchasing_data.php
@@ -67,17 +67,17 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
     		$sql = "INSERT INTO ".TB_PREF."purch_data (supplier_id, stock_id, price, suppliers_uom,
     			conversion_factor, supplier_description) VALUES (";
     		$sql .= "'".$_POST['supplier_id']."', '" . $_POST['stock_id'] . "', " .
-		    input_num('price') . ", '" . $_POST['suppliers_uom'] . "', " .
-    			input_num('conversion_factor') . ", '" . $_POST['supplier_description'] . "')";
+		    input_num('price',0) . ", '" . $_POST['suppliers_uom'] . "', " .
+    			input_num('conversion_factor') . ", " . db_escape($_POST['supplier_description']) . ")";
 
     		db_query($sql,"The supplier purchasing details could not be added");
     		display_notification(_("This supplier purchasing data has been added."));
        	} else
        	{
-          	$sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price') . ",
+          	$sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price',0) . ",
 				suppliers_uom='" . $_POST['suppliers_uom'] . "',
 				conversion_factor=" . input_num('conversion_factor') . ",
-				supplier_description='" . $_POST['supplier_description'] . "'
+				supplier_description=" . db_escape($_POST['supplier_description']) . "
 				WHERE stock_id='" . $_POST['stock_id'] . "' AND
 				supplier_id='$selected_id'";
           	db_query($sql,"The supplier purchasing details could not be updated");
diff --git a/purchasing/includes/purchasing_db.inc b/purchasing/includes/purchasing_db.inc
index da038358..850d2291 100644
--- a/purchasing/includes/purchasing_db.inc
+++ b/purchasing/includes/purchasing_db.inc
@@ -98,7 +98,7 @@ function add_or_update_purchase_data($supplier_id, $stock_id, $price, $descripti
 	{
 		$sql = "INSERT INTO ".TB_PREF."purch_data (supplier_id, stock_id, price, suppliers_uom,
 			conversion_factor, supplier_description) VALUES ('$supplier_id', '$stock_id', 
-			$price, '$uom', 1, '$description')";
+			$price, '$uom', 1, ".db_escape($description).")";
 		db_query($sql,"The supplier purchasing details could not be added");
 		return;
 	}	
@@ -107,7 +107,7 @@ function add_or_update_purchase_data($supplier_id, $stock_id, $price, $descripti
 	if ($uom != "")
 		$sql .= ",suppliers_uom='$uom'";
 	if ($description != "")	
-		$sql .= ",supplier_description='$description'";
+		$sql .= ",supplier_description=".db_escape($description);
 	$sql .= " WHERE stock_id='$stock_id' AND supplier_id='$supplier_id'";
 	db_query($sql,"The supplier purchasing details could not be updated");
 	return true;
diff --git a/reporting/rep709.php b/reporting/rep709.php
index ac058d31..ad6f59d0 100644
--- a/reporting/rep709.php
+++ b/reporting/rep709.php
@@ -101,7 +101,7 @@ function print_tax_report()
 						1 => array('text' => _('Period'), 'from' => $from, 'to' => $to),
 						2 => array('text' => _('Type'), 'from' => $summary, 'to' => ''));
 
-	$cols = array(0, 80, 130, 180, 290, 370, 455, 505, 555);
+	$cols = array(0, 100, 130, 180, 290, 370, 420, 470, 520);
 
 	$headers = array(_('Trans Type'), _('Ref'), _('Date'), _('Name'), _('Branch Name'),
 		_('Net'), _('Rate'), _('Tax'));
-- 
2.30.2