[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpcompta-dev] r4647 - in phpcompta/trunk: html include include/templat
From: |
phpcompta-dev |
Subject: |
[Phpcompta-dev] r4647 - in phpcompta/trunk: html include include/template |
Date: |
Wed, 21 Dec 2011 12:12:39 +0100 (CET) |
Author: danydb
Date: 2011-12-21 12:12:32 +0100 (Wed, 21 Dec 2011)
New Revision: 4647
Modified:
phpcompta/trunk/html/ajax_ledger.php
phpcompta/trunk/include/class_acc_ledger.php
phpcompta/trunk/include/template/ledger_detail_bottom.php
phpcompta/trunk/include/template/ledger_detail_misc.php
Log:
#315 D?\195?\169tail article
fix small bug
Protect search against sql attack
Modified: phpcompta/trunk/html/ajax_ledger.php
===================================================================
--- phpcompta/trunk/html/ajax_ledger.php 2011-12-20 21:50:40 UTC (rev
4646)
+++ phpcompta/trunk/html/ajax_ledger.php 2011-12-21 11:12:32 UTC (rev
4647)
@@ -367,7 +367,8 @@
$cn->exec_sql("select comptaproc.jrn_add_note($1,$2)",
array($jr_id,$_POST['jrn_note']));
$rapt=$_POST['rapt'];
- if ( $g_parameter->MY_UPDLAB=='Y')
+
+ if ( $g_parameter->MY_UPDLAB=='Y' && isset ($_POST['j_id']))
{
$a_rowid=$_POST["j_id"];
for ($e=0;$e<count($a_rowid);$e++)
Modified: phpcompta/trunk/include/class_acc_ledger.php
===================================================================
--- phpcompta/trunk/include/class_acc_ledger.php 2011-12-20 21:50:40 UTC
(rev 4646)
+++ phpcompta/trunk/include/class_acc_ledger.php 2011-12-21 11:12:32 UTC
(rev 4647)
@@ -2564,14 +2564,15 @@
{
$desc=sql_string($desc);
$fil_desc=$and." ( upper(jr_comment) like upper('%".$desc."%') or
upper(jr_pj_number) like upper('%".$desc."%') ".
- " or upper(jr_internal) like upper('%".$desc."%') )";
+ " or upper(jr_internal) like upper('%".$desc."%')
+ or jr_grpt_id in (select j_grpt from jrnx where
j_text ~* '".$desc."'))";
$and=" and ";
}
// Poste
if ( isset ($accounting) && $accounting != null )
{
$fil_account=$and." jr_grpt_id in (select j_grpt
- from jrnx where j_poste::text like '$accounting%' )
";
+ from jrnx where j_poste::text like
'".sql_string($accounting)."%' ) ";
$and=" and ";
}
// Quick Code
@@ -2579,7 +2580,7 @@
if ( isset ($qcode) && $qcode != null )
{
$fil_qcode=$and." jr_grpt_id in ( select j_grpt from
- jrnx where trim(j_qcode) = upper(trim('$qcode')))";
+ jrnx where trim(j_qcode) =
upper(trim('".sql_string($qcode)."')))";
$and=" and ";
}
Modified: phpcompta/trunk/include/template/ledger_detail_bottom.php
===================================================================
--- phpcompta/trunk/include/template/ledger_detail_bottom.php 2011-12-20
21:50:40 UTC (rev 4646)
+++ phpcompta/trunk/include/template/ledger_detail_bottom.php 2011-12-21
11:12:32 UTC (rev 4647)
@@ -1,7 +1,8 @@
<fieldset>
<legend>
+<? echo _('Rapprochement');?>
+</legend>
<?
-echo _('Rapprochement');
$oRap=new Acc_Reconciliation($cn);
$oRap->jr_id=$jr_id;
$aRap=$oRap->get();
Modified: phpcompta/trunk/include/template/ledger_detail_misc.php
===================================================================
--- phpcompta/trunk/include/template/ledger_detail_misc.php 2011-12-20
21:50:40 UTC (rev 4646)
+++ phpcompta/trunk/include/template/ledger_detail_misc.php 2011-12-21
11:12:32 UTC (rev 4647)
@@ -115,20 +115,34 @@
else
$view_history='';
$row.=td($view_history);
- if ( $q[$e]['j_text']!='')
+$l_lib = $q[$e]['j_text'] ;
+
+ if ( $l_lib!='')
{
- $row.=td(h(strip_tags($q[$e]['j_text'])));
- }else
- if ( $q[$e]['j_qcode'] !='') {
+ $l_lib=$q[$e]['j_text'];
+ }
+ else if ( $q[$e]['j_qcode'] !='') {
// nom de la fiche
$ff=new Fiche($cn);
$ff->get_by_qcode( $q[$e]['j_qcode']);
- $row.=td(h($ff->strAttribut(ATTR_DEF_NAME)));
+ $l_lib=$ff->strAttribut(ATTR_DEF_NAME);
} else {
// libellé du compte
$name=$cn->get_value('select pcm_lib from tmp_pcmn where
pcm_val=$1',array($q[$e]['j_poste']));
- $row.=td(h($name));
+ $l_lib=$name;
}
+ $l_lib=strip_tags($l_lib);
+ if ($owner->MY_UPDLAB == 'Y')
+ {
+ $hidden = HtmlInput::hidden("j_id[]", $q[$e]['j_id']);
+ $input = new IText("e_march" . $q[$e]['j_id'] . "_label", $l_lib);
+ }
+ else
+ {
+ $input = new ISpan("e_march" . $q[$e]['j_id'] . "_label");
+ $hidden = HtmlInput::hidden("j_id[]", $q[$e]['j_id']);
+ }
+ $row.=td($input->input().$hidden);
$montant=td(nbm($q[$e]['j_montant']),'class="num"');
$row.=($q[$e]['j_debit']=='t')?$montant:td('');
$row.=($q[$e]['j_debit']=='f')?$montant:td('');
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpcompta-dev] r4647 - in phpcompta/trunk: html include include/template,
phpcompta-dev <=