Release 2.1.4

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 896b53dd0b43740e68bd9ea932b2159641a998c8..b055599ae5dc0a6c896ad38bfcb763ebb15dc98c 100644 (file)
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -19,6 +19,16 @@ Legend:
 ! -> Note
 $ -> Affected files
 
+------------------------------- Release 2.1.4 ----------------------------------
+30-Jul-2009 Joe Hunt
+! Release 2.1.4
+$ config.php
+# Bad right margin on Tax Report (papersize A4)
+$ /reporting/rep709.php
+# [0000146] Purch data description with a ' (apostrophe) fails
+$ /inventory/purchasing_data.php
+  /purchasing/includes/db/purchasing_db.inc
+
 28-Jul-2009 Joe Hunt
 # Bugs in sending documents as email. Seems to land in the spam filter due to bad text and scrambled name on attached documents
 $ /reporting/rep109.php

diff --git a/config.php b/config.php
index d45a837f295eba034a885cf36072744590247ed0..6fb1c5e55d25b2d0f7200318d2b647e7275b1dbc 100644 (file)
--- a/config.php
+++ b/config.php
@@ -56,7 +56,7 @@ if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_
        // Main Title
        $app_title = "FrontAccounting";
        // application version
-       $version                = "2.1.3";
+       $version                = "2.1.4";
 
        // Build for development purposes
        $build_version  = date("d.m.Y", filemtime("$path_to_root/CHANGELOG.txt"));

diff --git a/inventory/purchasing_data.php b/inventory/purchasing_data.php
index c545beb5f902fb7703233b0f71b2d01fbbcc5bf9..ce1c9b7853c5226ad78e02f4e328d968ad34723b 100644 (file)
--- a/inventory/purchasing_data.php
+++ b/inventory/purchasing_data.php
@@ -67,17 +67,17 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
                $sql = "INSERT INTO ".TB_PREF."purch_data (supplier_id, stock_id, price, suppliers_uom,
                        conversion_factor, supplier_description) VALUES (";
                $sql .= "'".$_POST['supplier_id']."', '" . $_POST['stock_id'] . "', " .
-                   input_num('price') . ", '" . $_POST['suppliers_uom'] . "', " .
-                       input_num('conversion_factor') . ", '" . $_POST['supplier_description'] . "')";
+                   input_num('price',0) . ", '" . $_POST['suppliers_uom'] . "', " .
+                       input_num('conversion_factor') . ", " . db_escape($_POST['supplier_description']) . ")";
 
                db_query($sql,"The supplier purchasing details could not be added");
                display_notification(_("This supplier purchasing data has been added."));
                } else
                {
-               $sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price') . ",
+               $sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price',0) . ",
                                suppliers_uom='" . $_POST['suppliers_uom'] . "',
                                conversion_factor=" . input_num('conversion_factor') . ",
-                               supplier_description='" . $_POST['supplier_description'] . "'
+                               supplier_description=" . db_escape($_POST['supplier_description']) . "
                                WHERE stock_id='" . $_POST['stock_id'] . "' AND
                                supplier_id='$selected_id'";
                db_query($sql,"The supplier purchasing details could not be updated");

diff --git a/purchasing/includes/purchasing_db.inc b/purchasing/includes/purchasing_db.inc
index da038358b1faf5fb95d3cf13e42f1745a6112f88..850d22910f8821a4c87c851f96cbfb7fb55c7aa1 100644 (file)
--- a/purchasing/includes/purchasing_db.inc
+++ b/purchasing/includes/purchasing_db.inc
@@ -98,7 +98,7 @@ function add_or_update_purchase_data($supplier_id, $stock_id, $price, $descripti
        {
                $sql = "INSERT INTO ".TB_PREF."purch_data (supplier_id, stock_id, price, suppliers_uom,
                        conversion_factor, supplier_description) VALUES ('$supplier_id', '$stock_id', 
-                       $price, '$uom', 1, '$description')";
+                       $price, '$uom', 1, ".db_escape($description).")";
                db_query($sql,"The supplier purchasing details could not be added");
                return;
        }       
@@ -107,7 +107,7 @@ function add_or_update_purchase_data($supplier_id, $stock_id, $price, $descripti
        if ($uom != "")
                $sql .= ",suppliers_uom='$uom'";
        if ($description != "") 
-               $sql .= ",supplier_description='$description'";
+               $sql .= ",supplier_description=".db_escape($description);
        $sql .= " WHERE stock_id='$stock_id' AND supplier_id='$supplier_id'";
        db_query($sql,"The supplier purchasing details could not be updated");
        return true;

diff --git a/reporting/rep709.php b/reporting/rep709.php
index ac058d31ec7777b6436a91edafaa71940619448d..ad6f59d0780200533a92616ef900ec8ae4eba261 100644 (file)
--- a/reporting/rep709.php
+++ b/reporting/rep709.php
@@ -101,7 +101,7 @@ function print_tax_report()
                                                1 => array('text' => _('Period'), 'from' => $from, 'to' => $to),
                                                2 => array('text' => _('Type'), 'from' => $summary, 'to' => ''));
 
-       $cols = array(0, 80, 130, 180, 290, 370, 455, 505, 555);
+       $cols = array(0, 100, 130, 180, 290, 370, 420, 470, 520);
 
        $headers = array(_('Trans Type'), _('Ref'), _('Date'), _('Name'), _('Branch Name'),
                _('Net'), _('Rate'), _('Tax'));