Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[4507] trunk
|
From: <dai...@us...> - 2011-03-11 20:24:10
|
Revision: 4507
http://web-erp.svn.sourceforge.net/web-erp/?rev=4507&view=rev
Author: daintree
Date: 2011-03-11 20:24:03 +0000 (Fri, 11 Mar 2011)
Log Message:
-----------
Exson fix all htmlentities to use ENTQUOTES, UTF-8 option
Modified Paths:
--------------
trunk/AccountGroups.php
trunk/Contracts.php
trunk/GLJournal.php
trunk/PO_SelectPurchOrder.php
trunk/PageSecurity.php
trunk/SelectCreditItems.php
trunk/SelectOrderItems.php
trunk/SelectSalesOrder.php
trunk/doc/Change.log.html
trunk/includes/MiscFunctions.php
Modified: trunk/AccountGroups.php
===================================================================
--- trunk/AccountGroups.php 2011-03-10 06:24:48 UTC (rev 4506)
+++ trunk/AccountGroups.php 2011-03-11 20:24:03 UTC (rev 4507)
@@ -68,7 +68,7 @@
}
if (ContainsIllegalCharacters($_POST['GroupName'])) {
$InputError = 1;
- prnMsg( _('The account group name cannot contain the character') . " '&' " . _('or the character') ." '",'error');
+ prnMsg( _('The account group name cannot contain the character') . " '&' " . _('or the character') ."' '",'error');
$Errors[$i] = 'GroupName';
$i++;
}
@@ -257,13 +257,13 @@
break;
} //end of switch statement
- echo '<td>' . htmlentities($myrow[0]) . '</td>
+ echo '<td>' . htmlentities($myrow[0], ENT_QUOTES,'UTF-8') . '</td>
<td>' . $myrow[1] . '</td>
<td>' . $myrow[2] . '</td>
<td>' . $PandLText . '</td>
<td>' . $myrow[4] . '</td>';
- echo '<td><a href="' . $_SERVER['PHP_SELF'] . '?' . SID . '&SelectedAccountGroup=' . htmlentities($myrow[0]) . '">' . _('Edit') . '</a></td>';
- echo '<td><a href="' . $_SERVER['PHP_SELF'] . '?' . SID . '&SelectedAccountGroup=' . htmlentities($myrow[0]) . '&delete=1">' . _('Delete') .'</a></td></tr>';
+ echo '<td><a href="' . $_SERVER['PHP_SELF'] . '?' . SID . '&SelectedAccountGroup=' . htmlentities($myrow[0], ENT_QUOTES,'UTF-8') . '">' . _('Edit') . '</a></td>';
+ echo '<td><a href="' . $_SERVER['PHP_SELF'] . '?' . SID . '&SelectedAccountGroup=' . htmlentities($myrow[0], ENT_QUOTES,'UTF-8') . '&delete=1">' . _('Delete') .'</a></td></tr>';
} //END WHILE LIST LOOP
echo '</table>';
@@ -353,9 +353,9 @@
while ( $grouprow = DB_fetch_array($groupresult) ) {
if (isset($_POST['ParentGroupName']) and $_POST['ParentGroupName']==$grouprow['groupname']) {
- echo '<option selected="selected" value="'.htmlentities($grouprow['groupname']).'">' .htmlentities($grouprow['groupname']).'</option>';
+ echo '<option selected="selected" value="'.htmlentities($grouprow['groupname'], ENT_QUOTES,'UTF-8').'">' .htmlentities($grouprow['groupname'], ENT_QUOTES,'UTF-8').'</option>';
} else {
- echo '<option value="'.htmlentities($grouprow['groupname']).'">' .htmlentities($grouprow['groupname']).'</option>';
+ echo '<option value="'.htmlentities($grouprow['groupname'], ENT_QUOTES,'UTF-8').'">' .htmlentities($grouprow['groupname'], ENT_QUOTES,'UTF-8').'</option>';
}
}
echo '</select>';
Modified: trunk/Contracts.php
===================================================================
--- trunk/Contracts.php 2011-03-10 06:24:48 UTC (rev 4506)
+++ trunk/Contracts.php 2011-03-11 20:24:03 UTC (rev 4507)
@@ -792,13 +792,13 @@
$k=1;
}
if ($LastCustomer != $myrow['name']) {
- echo '<td>'.htmlentities($myrow['name']).'</td>';
+ echo '<td>'.htmlentities($myrow['name'], ENT_QUOTES,'UTF-8').'</td>';
} else {
echo '<td></td>';
}
- echo '<td><input tabindex="'.($j+5).'" type="submit" name="SubmitCustomerSelection' . $j .'" value="'.htmlentities($myrow['brname']).'" /></td>
+ echo '<td><input tabindex="'.($j+5).'" type="submit" name="SubmitCustomerSelection' . $j .'" value="'.htmlentities($myrow['brname'], ENT_QUOTES,'UTF-8').'" /></td>
<input type="hidden" name="SelectedCustomer' . $j .'" value="'.$myrow['debtorno'].' - '.$myrow['branchcode'].'" />
- <td>'.htmlentities($myrow['contactname']).'</td>
+ <td>'.htmlentities($myrow['contactname'], ENT_QUOTES,'UTF-8') .'</td>
<td>'.$myrow['phoneno'].'</td>
<td>'.$myrow['faxno'].'</td>
</tr>';
Modified: trunk/GLJournal.php
===================================================================
--- trunk/GLJournal.php 2011-03-10 06:24:48 UTC (rev 4506)
+++ trunk/GLJournal.php 2011-03-11 20:24:03 UTC (rev 4507)
@@ -249,175 +249,173 @@
$_SESSION['JournalDetail']->JnlDate = Date($_SESSION['DefaultDateFormat'],mktime(0,0,0,date('m'),0,date('Y')));
}
- echo '<table><tr>
- <td colspan="5"><table class="selection"><tr><td>'._('Date to Process Journal').":</td>
- <td><input type='text' class='date' alt='".$_SESSION['DefaultDateFormat']."' name='JournalProcessDate' maxlength='10' size='11' value='" .
- $_SESSION['JournalDetail']->JnlDate . "' /></td>";
- echo '<td>' . _('Type') . ':</td>
- <td><select name="JournalType">';
+echo '<table><tr>
+ <td colspan="5"><table class="selection"><tr><td>'._('Date to Process Journal').":</td>
+ <td><input type='text' class='date' alt='".$_SESSION['DefaultDateFormat']."' name='JournalProcessDate' maxlength='10' size='11' value='" .
+ $_SESSION['JournalDetail']->JnlDate . "' /></td>";
+echo '<td>' . _('Type') . ':</td>
+ <td><select name="JournalType">';
- if ($_POST['JournalType'] == 'Reversing'){
- echo "<option selected='True' value = 'Reversing'>" . _('Reversing')."</option>";
- echo "<option value = 'Normal'>" . _('Normal')."</option>";
- } else {
- echo "<option value = 'Reversing'>" . _('Reversing')."</option>";
- echo "<option selected='True' value = 'Normal'>" . _('Normal')."</option>";
- }
+if ($_POST['JournalType'] == 'Reversing'){
+ echo '<option selected="True" value = "Reversing">' . _('Reversing').'</option>';
+ echo '<option value = "Normal">' . _('Normal').'</option>';
+} else {
+ echo '<option value = "Reversing">' . _('Reversing').'</option>';
+ echo '<option selected="True" value = "Normal">' . _('Normal') . '</option>';
+}
- echo '</select></td>
- </tr>
- </table>';
- /* close off the table in the first column */
+echo '</select></td>
+ </tr>
+ </table>';
+/* close off the table in the first column */
- echo '<br />';
- echo '<table class="selection" width="70%">';
- /* Set upthe form for the transaction entry for a GL Payment Analysis item */
+echo '<br />';
+echo '<table class="selection" width="70%">';
+/* Set upthe form for the transaction entry for a GL Payment Analysis item */
- echo '<tr><th colspan="3"><div class="centre"><font size="3" color="blue"><b>' . _('Journal Line Entry') . '</b></font></div></th></tr>';
+echo '<tr><th colspan="3"><div class="centre"><font size="3" color="blue"><b>' . _('Journal Line Entry') . '</b></font></div></th></tr>';
- /*now set up a GLCode field to select from avaialble GL accounts */
- echo '<tr><th>' . _('GL Tag') . '</th>';
- echo '<th>' . _('GL Account Code') . '</th>';
- echo '<th>' . _('Select GL Account') . '</th></tr>';
+/*now set up a GLCode field to select from avaialble GL accounts */
+echo '<tr><th>' . _('GL Tag') . '</th>';
+echo '<th>' . _('GL Account Code') . '</th>';
+echo '<th>' . _('Select GL Account') . '</th></tr>';
/* Set upthe form for the transaction entry for a GL Payment Analysis item */
- //Select the tag
- echo '<tr><td><select name="tag">';
+//Select the tag
+echo '<tr><td><select name="tag">';
- $SQL = "SELECT tagref,
- tagdescription
- FROM tags
- ORDER BY tagref";
+$SQL = 'SELECT tagref,
+ tagdescription
+ FROM tags
+ ORDER BY tagref';
- $result=DB_query($SQL,$db);
- echo '<option value="0">0 - None</option>';
- while ($myrow=DB_fetch_array($result)){
- if (isset($_POST['tag']) and $_POST['tag']==$myrow['tagref']){
- echo '<option selected value="' . $myrow['tagref'] . '">' . $myrow['tagref'].' - ' .$myrow['tagdescription']."</option>";
- } else {
- echo '<option value="' . $myrow['tagref'] . '">' . $myrow['tagref'].' - ' .$myrow['tagdescription']."</option>";
- }
+$result=DB_query($SQL,$db);
+echo '<option value="0">0 - None</option>';
+while ($myrow=DB_fetch_array($result)){
+ if (isset($_POST['tag']) and $_POST['tag']==$myrow['tagref']){
+ echo '<option selected value="' . $myrow['tagref'] . '">' . $myrow['tagref'].' - ' .$myrow['tagdescription'].'</option>';
+ } else {
+ echo '<option value="' . $myrow['tagref'] . '">' . $myrow['tagref'].' - ' .$myrow['tagdescription'] . '</option>';
}
- echo '</select></td>';
+}
+echo '</select></td>';
// End select tag
- if (!isset($_POST['GLManualCode'])) {
- $_POST['GLManualCode']='';
- }
- echo '<td><input class="number" type="text" Name="GLManualCode" Maxlength="12" size="12" onChange="inArray(this.value, GLCode.options,'.
- "'".'The account code '."'".'+ this.value+ '."'".' doesnt exist'."'".')"' .
- ' value="'. $_POST['GLManualCode'] .'" /></td>';
+if (!isset($_POST['GLManualCode'])) {
+ $_POST['GLManualCode']='';
+}
+echo '<td><input class="number" type="text" Name="GLManualCode" Maxlength="12" size="12" onChange="inArray(this.value, GLCode.options,'.
+ "'".'The account code '."'".'+ this.value+ '."'".' doesnt exist'."'".')"' .
+ ' value="'. $_POST['GLManualCode'] .'" /></td>';
- $sql="SELECT accountcode,
- accountname
- FROM chartmaster
- ORDER BY accountcode";
+$sql="SELECT accountcode,
+ accountname
+ FROM chartmaster
+ ORDER BY accountcode";
- $result=DB_query($sql, $db);
- echo '<td><select name="GLCode" onChange="return assignComboToInput(this,'.'GLManualCode'.')">';
- echo '<option value="">' . _('Select a general ledger account code') . '</option>';
- while ($myrow=DB_fetch_array($result)){
- if (isset($_POST['tag']) and $_POST['tag']==$myrow['accountcode']){
- echo '<option selected value="' . $myrow['accountcode'] . '">' . $myrow['accountcode'].' - ' .htmlentities($myrow['accountname'])."</option>";
- } else {
- echo '<option value="' . $myrow['accountcode'] . '">' . $myrow['accountcode'].' - ' .htmlentities($myrow['accountname'])."</option>";
- }
+$result=DB_query($sql, $db);
+echo '<td><select name="GLCode" onChange="return assignComboToInput(this,'.'GLManualCode'.')">';
+echo '<option value="">' . _('Select a general ledger account code') . '</option>';
+while ($myrow=DB_fetch_array($result)){
+ if (isset($_POST['tag']) and $_POST['tag']==$myrow['accountcode']){
+ echo '<option selected value="' . $myrow['accountcode'] . '">' . $myrow['accountcode'].' - ' .htmlentities($myrow['accountname'], ENT_QUOTES,'UTF-8') . '</option>';
+ } else {
+ echo '<option value="' . $myrow['accountcode'] . '">' . $myrow['accountcode'].' - ' .htmlentities($myrow['accountname'], ENT_QUOTES,'UTF-8') .'</option>';
}
- echo '</select></td>';
+}
+echo '</select></td>';
- if (!isset($_POST['GLNarrative'])) {
- $_POST['GLNarrative'] = '';
- }
- if (!isset($_POST['Credit'])) {
- $_POST['Credit'] = '';
- }
- if (!isset($_POST['Debit'])) {
- $_POST['Debit'] = '';
- }
+if (!isset($_POST['GLNarrative'])) {
+ $_POST['GLNarrative'] = '';
+}
+if (!isset($_POST['Credit'])) {
+ $_POST['Credit'] = '';
+}
+if (!isset($_POST['Debit'])) {
+ $_POST['Debit'] = '';
+}
- echo '</tr><tr><th>' . _('Debit') . "</th>".'<td><input type="text" class="number" Name = "Debit" ' .
- 'onChange="eitherOr(this, '.'Credit'.')"'.
- ' Maxlength="12" size="10" value="' . $_POST['Debit'] . '" /></td>';
- echo '</tr><tr><th>' . _('Credit') . "</th>".'<td><input type="text" class="number" Name = "Credit" ' .
- 'onChange="eitherOr(this, '.'Debit'.')"'.
- ' Maxlength="12" size="10" value="' . $_POST['Credit'] . '" /></td>';
- echo '</tr><tr><td></td><td></td><th>'. _('Narrative'). '</th>';
- echo '</tr><tr><th></th><th>' . _('GL Narrative') . "</th>";
+echo '</tr><tr><th>' . _('Debit') . '</th>'.'<td><input type="text" class="number" Name = "Debit" ' .
+ 'onChange="eitherOr(this, '.'Credit'.')"'.
+ ' Maxlength="12" size="10" value="' . $_POST['Debit'] . '" /></td>';
+echo '</tr><tr><th>' . _('Credit') . "</th>".'<td><input type="text" class="number" Name = "Credit" ' .
+ 'onChange="eitherOr(this, '.'Debit'.')"'.
+ ' Maxlength="12" size="10" value="' . $_POST['Credit'] . '" /></td>';
+echo '</tr><tr><td></td><td></td><th>'. _('Narrative'). '</th>';
+echo '</tr><tr><th></th><th>' . _('GL Narrative') . "</th>";
- echo '<td><input type="text" name="GLNarrative" maxlength="100" size="100" value="' . $_POST['GLNarrative'] . '" /></td>';
+echo '<td><input type="text" name="GLNarrative" maxlength="100" size="100" value="' . $_POST['GLNarrative'] . '" /></td>';
- echo '</tr></table><br />'; /*Close the main table */
- echo "<div class='centre'><input type='submit' name='Process' value='" . _('Accept') . "' /></div><br /><br />";
+echo '</tr></table><br />'; /*Close the main table */
+echo "<div class='centre'><input type='submit' name='Process' value='" . _('Accept') . "' /></div><br /><br />";
- echo "<table class='selection' width='85%'>";
+echo '<table class="selection" width="85%">';
- echo '<tr><th colspan="6"><div class="centre"><font size="3" color="blue"><b>' . _('Journal Summary') . '</b></font></div></th></tr>';
- echo "<tr>
- <th>"._('GL Tag')."</th>
- <th>"._('GL Account')."</th>
- <th>"._('Debit')."</th>
- <th>"._('Credit')."</th>
- <th>"._('Narrative').'</th></tr>';
+echo '<tr><th colspan="6"><div class="centre"><font size="3" color="blue"><b>' . _('Journal Summary') . '</b></font></div></th></tr>';
+echo '<tr>
+ <th>'._('GL Tag').'</th>
+ <th>'._('GL Account').'</th>
+ <th>'._('Debit').'</th>
+ <th>'._('Credit').'</th>
+ <th>'._('Narrative').'</th></tr>';
- $debittotal=0;
- $credittotal=0;
- $j=0;
+$debittotal=0;
+$credittotal=0;
+$j=0;
- foreach ($_SESSION['JournalDetail']->GLEntries as $JournalItem) {
- if ($j==1) {
- echo '<tr class="OddTableRows">';
- $j=0;
- } else {
- echo '<tr class="EvenTableRows">';
- $j++;
- }
- $sql="SELECT tagdescription
- FROM tags
- WHERE tagref='".$JournalItem->tag . "'";
- $result=DB_query($sql, $db);
- $myrow=DB_fetch_row($result);
- if ($JournalItem->tag==0) {
- $tagdescription='None';
- } else {
- $tagdescription=$myrow[0];
- }
- echo "<td>" . $JournalItem->tag . ' - ' . $tagdescription . "</td>";
- echo "<td>" . $JournalItem->GLCode . ' - ' . $JournalItem->GLActName . "</td>";
- if($JournalItem->Amount>0)
- {
- echo "<td class='number'>" . number_format($JournalItem->Amount,2) . '</td><td></td>';
- $debittotal=$debittotal+$JournalItem->Amount;
- }
- elseif($JournalItem->Amount<0)
- {
- $credit=(-1 * $JournalItem->Amount);
- echo "<td></td>
- <td class='number'>" . number_format($credit,2) . '</td>';
- $credittotal=$credittotal+$credit;
- }
+foreach ($_SESSION['JournalDetail']->GLEntries as $JournalItem) {
+ if ($j==1) {
+ echo '<tr class="OddTableRows">';
+ $j=0;
+ } else {
+ echo '<tr class="EvenTableRows">';
+ $j++;
+ }
+ $sql="SELECT tagdescription
+ FROM tags
+ WHERE tagref='".$JournalItem->tag . "'";
+ $result=DB_query($sql, $db);
+ $myrow=DB_fetch_row($result);
+ if ($JournalItem->tag==0) {
+ $tagdescription='None';
+ } else {
+ $tagdescription=$myrow[0];
+ }
+ echo '<td>' . $JournalItem->tag . ' - ' . $tagdescription . '</td>';
+ echo '<td>' . $JournalItem->GLCode . ' - ' . $JournalItem->GLActName . '</td>';
+ if ($JournalItem->Amount>0) {
+ echo '<td class="number">' . number_format($JournalItem->Amount,2) . '</td><td></td>';
+ $debittotal=$debittotal+$JournalItem->Amount;
+
+ } elseif($JournalItem->Amount<0) {
+ $credit=(-1 * $JournalItem->Amount);
+ echo '<td></td>
+ <td class="number">' . number_format($credit,2) . '</td>';
+ $credittotal=$credittotal+$credit;
+ }
- echo '<td>' . $JournalItem->Narrative . "</td>
- <td><a href='" . $_SERVER['PHP_SELF'] . '?' . SID . '&Delete=' . $JournalItem->ID . "'>"._('Delete').'</a></td>
- </tr>';
- }
+ echo '<td>' . $JournalItem->Narrative . "</td>
+ <td><a href='" . $_SERVER['PHP_SELF'] . '?' . SID . '&Delete=' . $JournalItem->ID . "'>"._('Delete').'</a></td>
+ </tr>';
+}
- echo '<tr class="EvenTableRows"><td></td>
- <td class="number"><b> Total </b></td>
- <td class="number"><b>' . number_format($debittotal,2) . '</b></td>
- <td class="number"><b>' . number_format($credittotal,2) . '</b></td></tr>';
- if ($debittotal!=$credittotal) {
- echo '<td align="center" style="background-color: #fddbdb"><b>Required to balance - </b>' .
- number_format(abs($debittotal-$credittotal),2);
- }
- if ($debittotal>$credittotal) {
- echo ' Credit</td></tr>';
- } else if ($debittotal<$credittotal) {
- echo ' Debit</td></tr>';
- }
- echo '</table>';
+echo '<tr class="EvenTableRows"><td></td>
+ <td class="number"><b> Total </b></td>
+ <td class="number"><b>' . number_format($debittotal,2) . '</b></td>
+ <td class="number"><b>' . number_format($credittotal,2) . '</b></td></tr>';
+if ($debittotal!=$credittotal) {
+ echo '<td align="center" style="background-color: #fddbdb"><b>Required to balance - </b>' .
+ number_format(abs($debittotal-$credittotal),2);
+}
+if ($debittotal>$credittotal) {
+ echo ' Credit</td></tr>';
+} else if ($debittotal<$credittotal) {
+ echo ' Debit</td></tr>';
+}
+echo '</table>';
if (ABS($_SESSION['JournalDetail']->JournalTotal)<0.001 AND $_SESSION['JournalDetail']->GLItemCounter > 0){
echo "<br /><br /><div class='centre'><input type='submit' name='CommitBatch' value='"._('Accept and Process Journal')."' /></div>";
Modified: trunk/PO_SelectPurchOrder.php
===================================================================
--- trunk/PO_SelectPurchOrder.php 2011-03-10 06:24:48 UTC (rev 4506)
+++ trunk/PO_SelectPurchOrder.php 2011-03-11 20:24:03 UTC (rev 4507)
@@ -121,10 +121,10 @@
}
}
echo '</select> ' . _('Order Status:') .' <select name="Status">';
- if (!isset($_POST['Status']) OR $_POST['Status']=='Pending_Authorised'){
- echo '<option selected value="Pending_Authorised">' . _('Pending and Authorised') . '</option>';
+ if (!isset($_POST['Status']) OR $_POST['Status']=='Pending_Authorised_Completed'){
+ echo '<option selected value="Pending_Authorised_Completed">' . _('Pending/Authorised/Completed') . '</option>';
} else {
- echo '<option value="Pending_Authorised">' . _('Pending and Authorised') . '</option>';
+ echo '<option value="Pending_Authorised_Completed">' . _('Pending/Authorised/Completed') . '</option>';
}
if ($_POST['Status']=='Pending'){
echo '<option selected value="Pending">' . _('Pending') . '</option>';
@@ -136,6 +136,11 @@
} else {
echo '<option value="Authorised">' . _('Authorised') . '</option>';
}
+ if ($_POST['Status']=='Completed'){
+ echo '<option selected value="Completed">' . _('Completed') . '</option>';
+ } else {
+ echo '<option value="Completed">' . _('Completed') . '</option>';
+ }
if ($_POST['Status']=='Cancelled'){
echo '<option selected value="Cancelled">' . _('Cancelled') . '</option>';
} else {
@@ -207,8 +212,8 @@
else {
//figure out the SQL required from the inputs available
- if (!isset($_POST['Status']) OR $_POST['Status']=='Pending_Authorised'){
- $StatusCriteria = " AND (purchorders.status='Pending' OR purchorders.status='Authorised' OR purchorders.status='Printed') ";
+ if (!isset($_POST['Status']) OR $_POST['Status']=='Pending_Authorised_Completed'){
+ $StatusCriteria = " AND (purchorders.status='Pending' OR purchorders.status='Authorised' OR purchorders.status='Printed' OR purchorders.status='Completed') ";
}elseif ($_POST['Status']=='Authorised'){
$StatusCriteria = " AND (purchorders.status='Authorised' OR purchorders.status='Printed')";
}elseif ($_POST['Status']=='Pending'){
@@ -217,25 +222,26 @@
$StatusCriteria = " AND purchorders.status='Rejected' ";
}elseif ($_POST['Status']=='Cancelled'){
$StatusCriteria = " AND purchorders.status='Cancelled' ";
+ } elseif($_POST['Status']=='Completed'){
+ $StatusCriteria = " AND purchorders.status='Completed' ";
}
-
if (isset($OrderNumber) && $OrderNumber != "") {
$SQL = "SELECT purchorders.orderno,
- suppliers.suppname,
- purchorders.orddate,
- purchorders.initiator,
- purchorders.requisitionno,
- purchorders.allowprint,
- purchorders.status,
- suppliers.currcode,
- SUM(purchorderdetails.unitprice*purchorderdetails.quantityord) AS ordervalue
- FROM purchorders,
- purchorderdetails,
- suppliers
- WHERE purchorders.orderno = purchorderdetails.orderno
- AND purchorders.supplierno = suppliers.supplierid
- AND purchorders.orderno='" . $OrderNumber . "'
- GROUP BY purchorders.orderno";
+ suppliers.suppname,
+ purchorders.orddate,
+ purchorders.initiator,
+ purchorders.requisitionno,
+ purchorders.allowprint,
+ purchorders.status,
+ suppliers.currcode,
+ SUM(purchorderdetails.unitprice*purchorderdetails.quantityord) AS ordervalue
+ FROM purchorders,
+ purchorderdetails,
+ suppliers
+ WHERE purchorders.orderno = purchorderdetails.orderno
+ AND purchorders.supplierno = suppliers.supplierid
+ AND purchorders.orderno='" . $OrderNumber . "'
+ GROUP BY purchorders.orderno";
} else {
/* $DateAfterCriteria = FormatDateforSQL($OrdersAfterDate); */
if (empty($_POST['StockLocation'])) {
@@ -244,106 +250,106 @@
if (isset($SelectedSupplier)) {
if (isset($SelectedStockItem)) {
$SQL = "SELECT purchorders.orderno,
- suppliers.suppname,
- purchorders.orddate,
- purchorders.initiator,
- purchorders.requisitionno,
- purchorders.allowprint,
- purchorders.status,
- suppliers.currcode,
- SUM(purchorderdetails.unitprice*purchorderdetails.quantityord) AS ordervalue
- FROM purchorders,
- purchorderdetails,
- suppliers
- WHERE purchorders.orderno = purchorderdetails.orderno
- AND purchorders.supplierno = suppliers.supplierid
- AND purchorderdetails.itemcode='" . $SelectedStockItem . "'
- AND purchorders.supplierno='" . $SelectedSupplier . "'
- AND purchorders.intostocklocation = '" . $_POST['StockLocation'] . "'
- " . $StatusCriteria . "
- GROUP BY purchorders.orderno,
- suppliers.suppname,
- purchorders.orddate,
- purchorders.initiator,
- purchorders.requisitionno,
- purchorders.allowprint,
- suppliers.currcode";
+ suppliers.suppname,
+ purchorders.orddate,
+ purchorders.initiator,
+ purchorders.requisitionno,
+ purchorders.allowprint,
+ purchorders.status,
+ suppliers.currcode,
+ SUM(purchorderdetails.unitprice*purchorderdetails.quantityord) AS ordervalue
+ FROM purchorders,
+ purchorderdetails,
+ suppliers
+ WHERE purchorders.orderno = purchorderdetails.orderno
+ AND purchorders.supplierno = suppliers.supplierid
+ AND purchorderdetails.itemcode='" . $SelectedStockItem . "'
+ AND purchorders.supplierno='" . $SelectedSupplier . "'
+ AND purchorders.intostocklocation = '" . $_POST['StockLocation'] . "'
+ " . $StatusCriteria . "
+ GROUP BY purchorders.orderno,
+ suppliers.suppname,
+ purchorders.orddate,
+ purchorders.initiator,
+ purchorders.requisitionno,
+ purchorders.allowprint,
+ suppliers.currcode";
} else {
$SQL = "SELECT purchorders.orderno,
- suppliers.suppname,
- purchorders.orddate,
- purchorders.initiator,
- purchorders.requisitionno,
- purchorders.allowprint,
- purchorders.status,
- suppliers.currcode,
- SUM(purchorderdetails.unitprice*purchorderdetails.quantityord) AS ordervalue
- FROM purchorders,
- purchorderdetails,
- suppliers
- WHERE purchorders.orderno = purchorderdetails.orderno
- AND purchorders.supplierno = suppliers.supplierid
- AND purchorders.supplierno='" . $SelectedSupplier . "'
- AND purchorders.intostocklocation = '" . $_POST['StockLocation'] . "'
- " . $StatusCriteria . "
- GROUP BY purchorders.orderno,
- suppliers.suppname,
- purchorders.orddate,
- purchorders.initiator,
- purchorders.requisitionno,
- purchorders.allowprint,
- suppliers.currcode";
+ suppliers.suppname,
+ purchorders.orddate,
+ purchorders.initiator,
+ purchorders.requisitionno,
+ purchorders.allowprint,
+ purchorders.status,
+ suppliers.currcode,
+ SUM(purchorderdetails.unitprice*purchorderdetails.quantityord) AS ordervalue
+ FROM purchorders,
+ purchorderdetails,
+ suppliers
+ WHERE purchorders.orderno = purchorderdetails.orderno
+ AND purchorders.supplierno = suppliers.supplierid
+ AND purchorders.supplierno='" . $SelectedSupplier . "'
+ AND purchorders.intostocklocation = '" . $_POST['StockLocation'] . "'
+ " . $StatusCriteria . "
+ GROUP BY purchorders.orderno,
+ suppliers.suppname,
+ purchorders.orddate,
+ purchorders.initiator,
+ purchorders.requisitionno,
+ purchorders.allowprint,
+ suppliers.currcode";
}
} else { //no supplier selected
if (isset($SelectedStockItem)) {
$SQL = "SELECT purchorders.orderno,
- suppliers.suppname,
- purchorders.orddate,
- purchorders.initiator,
- purchorders.requisitionno,
- purchorders.allowprint,
- purchorders.status,
- suppliers.currcode,
- SUM(purchorderdetails.unitprice*purchorderdetails.quantityord) AS ordervalue
- FROM purchorders,
- purchorderdetails,
- suppliers
- WHERE purchorders.orderno = purchorderdetails.orderno
- AND purchorders.supplierno = suppliers.supplierid
- AND purchorderdetails.itemcode='" . $SelectedStockItem . "'
- AND purchorders.intostocklocation = '" . $_POST['StockLocation'] . "'
- " . $StatusCriteria . "
- GROUP BY purchorders.orderno,
- suppliers.suppname,
- purchorders.orddate,
- purchorders.initiator,
- purchorders.requisitionno,
- purchorders.allowprint,
- suppliers.currcode";
+ suppliers.suppname,
+ purchorders.orddate,
+ purchorders.initiator,
+ purchorders.requisitionno,
+ purchorders.allowprint,
+ purchorders.status,
+ suppliers.currcode,
+ SUM(purchorderdetails.unitprice*purchorderdetails.quantityord) AS ordervalue
+ FROM purchorders,
+ purchorderdetails,
+ suppliers
+ WHERE purchorders.orderno = purchorderdetails.orderno
+ AND purchorders.supplierno = suppliers.supplierid
+ AND purchorderdetails.itemcode='" . $SelectedStockItem . "'
+ AND purchorders.intostocklocation = '" . $_POST['StockLocation'] . "'
+ " . $StatusCriteria . "
+ GROUP BY purchorders.orderno,
+ suppliers.suppname,
+ purchorders.orddate,
+ purchorders.initiator,
+ purchorders.requisitionno,
+ purchorders.allowprint,
+ suppliers.currcode";
} else {
$SQL = "SELECT purchorders.orderno,
- suppliers.suppname,
- purchorders.orddate,
- purchorders.initiator,
- purchorders.requisitionno,
- purchorders.allowprint,
- purchorders.status,
- suppliers.currcode,
- sum(purchorderdetails.unitprice*purchorderdetails.quantityord) as ordervalue
- FROM purchorders,
- purchorderdetails,
- suppliers
- WHERE purchorders.orderno = purchorderdetails.orderno
- AND purchorders.supplierno = suppliers.supplierid
- AND purchorders.intostocklocation = '" . $_POST['StockLocation'] . "'
- " . $StatusCriteria . "
- GROUP BY purchorders.orderno,
- suppliers.suppname,
- purchorders.orddate,
- purchorders.initiator,
- purchorders.requisitionno,
- purchorders.allowprint,
- suppliers.currcode";
+ suppliers.suppname,
+ purchorders.orddate,
+ purchorders.initiator,
+ purchorders.requisitionno,
+ purchorders.allowprint,
+ purchorders.status,
+ suppliers.currcode,
+ sum(purchorderdetails.unitprice*purchorderdetails.quantityord) as ordervalue
+ FROM purchorders,
+ purchorderdetails,
+ suppliers
+ WHERE purchorders.orderno = purchorderdetails.orderno
+ AND purchorders.supplierno = suppliers.supplierid
+ AND purchorders.intostocklocation = '" . $_POST['StockLocation'] . "'
+ " . $StatusCriteria . "
+ GROUP BY purchorders.orderno,
+ suppliers.suppname,
+ purchorders.orddate,
+ purchorders.initiator,
+ purchorders.requisitionno,
+ purchorders.allowprint,
+ suppliers.currcode";
}
} //end selected supplier
@@ -377,17 +383,17 @@
$ViewPurchOrder = $rootpath . '/PO_OrderDetails.php?' . SID . 'OrderNo=' . $myrow['orderno'];
$FormatedOrderDate = ConvertSQLDate($myrow['orddate']);
$FormatedOrderValue = number_format($myrow['ordervalue'], 2);
- /* View Supplier Currency Requisition Order Date Initiator Order Total
+ /* View Supplier Currency Requisition Order Date Initiator Order Total
ModifyPage, $myrow["orderno"], $myrow["suppname"], $myrow["currcode"], $myrow["requisitionno"] $FormatedOrderDate, $myrow["initiator"] $FormatedOrderValue Order Status*/
- echo "<td><a href='" . $ViewPurchOrder . "'>" . $myrow['orderno'] . "</a></td>
- <td>" . $myrow['suppname'] . "</td>
- <td>" . $myrow['currcode'] . "</td>
- <td>" . $myrow['requisitionno'] . "</td>
- <td>" . $FormatedOrderDate . "</td>
- <td>" . $myrow['initiator'] . "</td>
- <td class=number>" . $FormatedOrderValue . "</td>
- <td>" . _($myrow['status']) . "</td>
- </tr>";
+ echo '<td><a href="' . $ViewPurchOrder . '">' . $myrow['orderno'] . '</a></td>
+ <td>' . $myrow['suppname'] . '</td>
+ <td>' . $myrow['currcode'] . '</td>
+ <td>' . $myrow['requisitionno'] . '</td>
+ <td>' . $FormatedOrderDate . '</td>
+ <td>' . $myrow['initiator'] . '</td>
+ <td class=number>' . $FormatedOrderValue . '</td>
+ <td>' . _($myrow['status']) . '</td>
+ </tr>';
//$myrow['status'] is a string which has gettext translations from PO_Header.php script
$j++;
Modified: trunk/PageSecurity.php
===================================================================
--- trunk/PageSecurity.php 2011-03-10 06:24:48 UTC (rev 4506)
+++ trunk/PageSecurity.php 2011-03-11 20:24:03 UTC (rev 4507)
@@ -40,9 +40,9 @@
echo '<td><select name="'.$myrow['script'].'">';
while ($mytokenrow=DB_fetch_array($TokenResult)) {
if ($mytokenrow['tokenid']==$myrow['pagesecurity']) {
- echo '<option selected="True" value="'.$mytokenrow['tokenid'].'">'.htmlentities($mytokenrow['tokenname']).'</option>';
+ echo '<option selected="True" value="'.$mytokenrow['tokenid'].'">'.htmlentities($mytokenrow['tokenname'], ENT_QUOTES,'UTF-8') .'</option>';
} else {
- echo '<option value="'.$mytokenrow['tokenid'].'">'.htmlentities($mytokenrow['tokenname']).'</option>';
+ echo '<option value="'.$mytokenrow['tokenid'].'">'.htmlentities($mytokenrow['tokenname'], ENT_QUOTES,'UTF-8') .'</option>';
}
}
echo '</select></td></tr>';
Modified: trunk/SelectCreditItems.php
===================================================================
--- trunk/SelectCreditItems.php 2011-03-10 06:24:48 UTC (rev 4506)
+++ trunk/SelectCreditItems.php 2011-03-11 20:24:03 UTC (rev 4507)
@@ -5,8 +5,6 @@
/*The credit selection screen uses the Cart class used for the making up orders
some of the variable names refer to order - please think credit when you read order */
-//$PageSecurity = 3;
-
include('includes/DefineCartClass.php');
include('includes/DefineSerialItems.php');
/* Session started in session.inc for password checking and authorisation level check */
Modified: trunk/SelectOrderItems.php
===================================================================
--- trunk/SelectOrderItems.php 2011-03-10 06:24:48 UTC (rev 4506)
+++ trunk/SelectOrderItems.php 2011-03-11 20:24:03 UTC (rev 4507)
@@ -660,7 +660,7 @@
} else {
echo '<td></td>';
}
- echo '<td><input tabindex='.($j+5).' type=submit name="SubmitCustomerSelection' . $j .'" value="' . htmlentities($myrow['brname']) . '"></td>
+ echo '<td><input tabindex='.($j+5).' type=submit name="SubmitCustomerSelection' . $j .'" value="' . htmlentities($myrow['brname'], ENT_QUOTES,'UTF-8'). '"></td>
<input type="hidden" name="SelectedCustomer' . $j .'" value="'.$myrow['debtorno'] .' - '.$myrow['branchcode'].'">
<td>'.$myrow['contactname'].'</td>
<td>'.$myrow['phoneno'].'</td>
Modified: trunk/SelectSalesOrder.php
===================================================================
--- trunk/SelectSalesOrder.php 2011-03-10 06:24:48 UTC (rev 4506)
+++ trunk/SelectSalesOrder.php 2011-03-11 20:24:03 UTC (rev 4507)
@@ -53,135 +53,153 @@
purchdata.stockid";
$ErrMsg = _('Unable to retrieve the items on the selected orders for creating purchase orders for');
$ItemResult = DB_query($sql,$db,$ErrMsg);
+ /*Now get the default delivery address details from the users default stock location */
+ $sql = "SELECT locationame,
+ deladd1,
+ deladd2,
+ deladd3,
+ deladd4,
+ deladd5,
+ deladd6,
+ tel,
+ contact
+ FROM locations
+ WHERE loccode = '" .$_SESSION['UserStockLocation'] . "'";
+ $ErrMsg = _('The delivery address for the order could not be obtained from the user default stock location');
+ $DelAddResult = DB_query($sql, $db,$ErrMsg);
+ $DelAddRow = DB_fetch_array($DelAddResult);
+
$SupplierID = '';
+ if (IsEmailAddress($_SESSION['UserEmail'])){
+ $UserDetails = ' <a href="mailto:' . $_SESSION['UserEmail'] . '">' . $_SESSION['UsersRealName']. '</a>';
+ } else {
+ $UserDetails = ' ' . $_SESSION['UsersRealName'] . ' ';
+ }
+
while ($ItemRow = DB_fetch_array($ItemResult)){
- $SupplierID = $ItemRow['supplierno'];
- /*Now get all the required details for the supplier */
-
-
-
-
-
-
-
- $result = DB_Txn_Begin($db);
-
- /*figure out what status to set the order to */
- if (IsEmailAddress($_SESSION['UserEmail'])){
- $UserDetails = ' <a href="mailto:' . $_SESSION['UserEmail'] . '">' . $_SESSION['UsersRealName']. '</a>';
- } else {
- $UserDetails = ' ' . $_SESSION['UsersRealName'] . ' ';
- }
- if ($_SESSION['AutoAuthorisePO']==1) { //if the user has authority to authorise the PO then it will automatically be authorised
- $AuthSQL ="SELECT authlevel
- FROM purchorderauth
- WHERE userid='".$_SESSION['UserID']."'
- AND currabrev='".$_SESSION['PO'.$identifier]->CurrCode."'";
-
- $AuthResult=DB_query($AuthSQL,$db);
- $AuthRow=DB_fetch_array($AuthResult);
+ if ($SupplierID != $ItemRow['supplierno']){
+ /* This order item is purchased from a different supplier so need to finish off the authorisation of the previous order and start a new order */
- if (DB_num_rows($AuthResult) > 0 AND $AuthRow['authlevel'] > $_SESSION['PO'.$identifier]->Order_Value()) { //user has authority to authrorise as well as create the order
- $StatusComment=date($_SESSION['DefaultDateFormat']).' - ' . _('Order Created and Authorised by') . $UserDetails . ' - '.$_SESSION['PO'.$identifier]->StatusMessage.'<br />';
- $_SESSION['PO'.$identifier]->AllowPrintPO=1;
- $_SESSION['PO'.$identifier]->Status = 'Authorised';
- } else { // no authority to authorise this order
- if (DB_num_rows($AuthResult) ==0){
- $AuthMessage = _('Your authority to approve purchase orders in') . ' ' . $_SESSION['PO'.$identifier]->CurrCode . ' ' . _('has not yet been set up') . '<br />';
- } else {
- $AuthMessage = _('You can only authorise up to').' '.$_SESSION['PO'.$identifier]->CurrCode.' '.$AuthorityLevel.'.<br />';
+ if ($SupplierID !='' AND $_SESSION['AutoAuthorisePO']==1) {
+ //if the user has authority to authorise the PO then it should be created as authorised
+ $AuthSQL ="SELECT authlevel
+ FROM purchorderauth
+ WHERE userid='".$_SESSION['UserID']."'
+ AND currabrev='".$SuppRow['currcode']."'";
+
+ $AuthResult=DB_query($AuthSQL,$db);
+ $AuthRow=DB_fetch_array($AuthResult);
+
+ if (DB_num_rows($AuthResult) > 0 AND $AuthRow['authlevel'] > $Order_Value) { //user has authority to authrorise as well as create the order
+ $StatusComment=date($_SESSION['DefaultDateFormat']).' - ' . _('Order Created and Authorised by') . $UserDetails . ' - '._('Auto created from sales orders') .'<br />';
+ $result = DB_query("UPDATE purchorders SET allowprint=1,
+ status='Authorised',
+ statuscomment='" . $StatusComment . "'
+ WHERE orderno='" . $OrderNo . "'",
+ $db);
+ } else { // no authority to authorise this order
+ if (DB_num_rows($AuthResult) ==0){
+ $AuthMessage = _('Your authority to approve purchase orders in') . ' ' .$SuppRow['currcode'] . ' ' . _('has not yet been set up') . '<br />';
+ } else {
+ $AuthMessage = _('You can only authorise up to').' '.$SuppRow['currcode'].' '.$AuthRow['authlevel'].'.<br />';
+ }
+
+ prnMsg( _('You do not have permission to authorise this purchase order').'.<br />'. _('This order is for').' '.
+ $SuppRow['currcode'] . ' '. $Order_Value .'. '.
+ $AuthMessage . _('If you think this is a mistake please contact the systems administrator') . '<br />'.
+ _('The order has been created with a status of pending and will require authorisation'), 'warn');
}
-
- prnMsg( _('You do not have permission to authorise this purchase order').'.<br />'. _('This order is for').' '.
- $_SESSION['PO'.$identifier]->CurrCode . ' '. $_SESSION['PO'.$identifier]->Order_Value() .'. '.
- $AuthMessage .
- _('If you think this is a mistake please contact the systems administrator') . '<br />'.
- _('The order will be created with a status of pending and will require authorisation'), 'warn');
-
- $_SESSION['PO'.$identifier]->AllowPrintPO=0;
- $StatusComment=date($_SESSION['DefaultDateFormat']).' - ' . _('Order Created by') . $UserDetails . ' - '.$_SESSION['PO'.$identifier]->StatusMessage.'<br />';
- $_SESSION['PO'.$identifier]->Status = 'Pending';
+ } //end of authorisation status settings
+
+ if ($SupplierID !=''){ //then we have just added a purchase order
+ DB_Txn_Commit($db);
}
- } else { //auto authorise is set to off
- $_SESSION['PO'.$identifier]->AllowPrintPO=0;
- $StatusComment=date($_SESSION['DefaultDateFormat']).' - ' . _('Order Created by') . $UserDetails . ' - '.$_SESSION['PO'.$identifier]->StatusMessage.'<br />';
- $_SESSION['PO'.$identifier]->Status = 'Pending';
- }
-
- if ($_SESSION['ExistingOrder']==0){ /*its a new order to be inserted */
-
- //Do we need to check authorisation to create - no because already trapped when new PO session started
+ /*Starting a new purchase order with a different supplier */
+ $result = DB_Txn_Begin($db);
+ $OrderNo = GetNextTransNo(18, $db); //get the next PO number
- /*Get the order number */
- $_SESSION['PO'.$identifier]->OrderNo = GetNextTransNo(18, $db);
-
+ $SupplierID = $ItemRow['supplierno'];
+ $Order_Value =0;
+ /*Now get all the required details for the supplier */
+ $sql = "SELECT address1,
+ address2,
+ address3,
+ address4,
+ address5,
+ address6,
+ suppliercontact,
+ telephone,
+ paymentterms,
+ currcode,
+ rate
+ FROM suppliers INNER JOIN currencies
+ ON suppliers.currcode = currencies.currabrev
+ WHERE supplierno='" . $SupplierID . "'";
+
+ $ErrMsg = _('Could not get the supplier information for the order');
+ $SuppResult = DB_query($sql, $db, $ErrMsg);
+ $SuppRow = DB_fetch_array($SuppResult);
+
+ $StatusComment=date($_SESSION['DefaultDateFormat']).' - ' . _('Order Created by') . $UserDetails . ' - '._('Auto created from sales orders') .'<br />';
/*Insert to purchase order header record */
$sql = "INSERT INTO purchorders ( orderno,
- supplierno,
- comments,
- orddate,
- rate,
- initiator,
- requisitionno,
- intostocklocation,
- deladd1,
- deladd2,
- deladd3,
- deladd4,
- deladd5,
- deladd6,
- tel,
- suppdeladdress1,
- suppdeladdress2,
- suppdeladdress3,
- suppdeladdress4,
- suppdeladdress5,
- suppdeladdress6,
- suppliercontact,
- supptel,
- contact,
- version,
- revised,
- deliveryby,
- status,
- stat_comment,
- deliverydate,
- paymentterms,
- allowprint)
- VALUES( '" . $_SESSION['PO'.$identifier]->OrderNo . "',
- '" . $_SESSION['PO'.$identifier]->SupplierID . "',
- '" . $_SESSION['PO'.$identifier]->Comments . "',
- '" . Date('Y-m-d') . "',
- '" . $_SESSION['PO'.$identifier]->ExRate . "',
- '" . $_SESSION['PO'.$identifier]->Initiator . "',
- '" . $_SESSION['PO'.$identifier]->RequisitionNo . "',
- '" . $_SESSION['PO'.$identifier]->Location . "',
- '" . $_SESSION['PO'.$identifier]->DelAdd1 . "',
- '" . $_SESSION['PO'.$identifier]->DelAdd2 . "',
- '" . $_SESSION['PO'.$identifier]->DelAdd3 . "',
- '" . $_SESSION['PO'.$identifier]->DelAdd4 . "',
- '" . $_SESSION['PO'.$identifier]->DelAdd5 . "',
- '" . $_SESSION['PO'.$identifier]->DelAdd6 . "',
- '" . $_SESSION['PO'.$identifier]->Tel . "',
- '" . $_SESSION['PO'.$identifier]->SuppDelAdd1 . "',
- '" . $_SESSION['PO'.$identifier]->SuppDelAdd2 . "',
- '" . $_SESSION['PO'.$identifier]->SuppDelAdd3 . "',
- '" . $_SESSION['PO'.$identifier]->SuppDelAdd4 . "',
- '" . $_SESSION['PO'.$identifier]->SuppDelAdd5 . "',
- '" . $_SESSION['PO'.$identifier]->SuppDelAdd6 . "',
- '" . $_SESSION['PO'.$identifier]->SupplierContact . "',
- '" . $_SESSION['PO'.$identifier]->SuppTel. "',
- '" . $_SESSION['PO'.$identifier]->Contact . "',
- '" . $_SESSION['PO'.$identifier]->Version . "',
- '" . Date('Y-m-d') . "',
- '" . $_SESSION['PO'.$identifier]->DeliveryBy . "',
- '" . $_SESSION['PO'.$identifier]->Status . "',
- '" . $StatusComment . "',
- '" . FormatDateForSQL($_SESSION['PO'.$identifier]->DeliveryDate) . "',
- '" . $_SESSION['PO'.$identifier]->PaymentTerms. "',
- '" . $_SESSION['PO'.$identifier]->AllowPrintPO . "'
- )";
+ supplierno,
+ orddate,
+ rate,
+ initiator,
+ intostocklocation,
+ deladd1,
+ deladd2,
+ deladd3,
+ deladd4,
+ deladd5,
+ deladd6,
+ tel,
+ suppdeladdress1,
+ suppdeladdress2,
+ suppdeladdress3,
+ suppdeladdress4,
+ suppdeladdress5,
+ suppdeladdress6,
+ supptel,
+ version,
+ revised,
+ deliveryby,
+ status,
+ stat_comment,
+ deliverydate,
+ paymentterms,
+ allowprint)
+ VALUES( '" . $OrderNo . "',
+ '" . $SupplierID . "',
+ '" . Date('Y-m-d') . "',
+ '" . $SuppRow['rate'] . "',
+ '" . $_SESSION['UsersRealName'] . "',
+ '" . $_SESSION['UserStockLocation'] . "',
+ '" . $DelAddRow['locationname'] . "',
+ '" . $DelAddRow['deladd1'] . "',
+ '" . $DelAddRow['deladd2'] . "',
+ '" . $DelAddRow['deladd3'] . "',
+ '" . $DelAddRow['deladd4'] . "',
+ '" . $DelAddRow['deladd5'] . "',
+ '" . $DelAddRow['deladd6'] . "',
+ '" . $DelAddRow['tel'] . "',
+ '" . $SuppRow['address1'] . "',
+ '" . $SuppRow['address2'] . "',
+ '" . $SuppRow['address3'] . "',
+ '" . $SuppRow['address4'] . "',
+ '" . $SuppRow['address5'] . "',
+ '" . $SuppRow['address6'] . "',
+ '" . $SuppRow['telephone'] . "',
+ '1.0',
+ '" . Date('Y-m-d') . "',
+ '" . $_SESSION['Default_Shipper'] . "',
+ 'Pending',
+ '" . $StatusComment . "',
+ '" . Date('Y-m-d') . "',
+ '" . $SuppRow['paymentterms'] . "',
+ 0)";
$ErrMsg = _('The purchase order header record could not be inserted into the database because');
$DbgMsg = _('The SQL statement used to insert the purchase order header record and failed was');
@@ -191,50 +209,50 @@
foreach ($_SESSION['PO'.$identifier]->LineItems as $POLine) {
if ($POLine->Deleted==False) {
$sql = "INSERT INTO purchorderdetails ( orderno,
- itemcode,
- deliverydate,
- itemdescription,
- glcode,
- unitprice,
- quantityord,
- shiptref,
- jobref,
- itemno,
- suppliersunit,
- suppliers_partno,
- subtotal_amount,
- package,
- pcunit,
- netweight,
- kgs,
- cuft,
- total_quantity,
- total_amount,
- assetid,
- conversionfactor )
- VALUES (
- '" . $_SESSION['PO'.$identifier]->OrderNo . "',
- '" . $POLine->StockID . "',
- '" . FormatDateForSQL($POLine->ReqDelDate) . "',
- '" . $POLine->ItemDescription . "',
- '" . $POLine->GLCode . "',
- '" . $POLine->Price . "',
- '" . $POLine->Quantity . "',
- '" . $POLine->ShiptRef . "',
- '" . $POLine->JobRef . "',
- '" . $POLine->ItemNo . "',
- '" . $POLine->SuppliersUnit . "',
- '" . $POLine->Suppliers_PartNo . "',
- '" . $POLine->SubTotal_Amount . "',
- '" . $POLine->Package . "',
- '" . $POLine->PcUnit . "',
- '" . $POLine->NetWeight . "',
- '" . $POLine->KGs . "',
- '" . $POLine->CuFt . "',
- '" . $POLine->Total_Quantity . "',
- '" . $POLine->Total_Amount . "',
- '" . $POLine->AssetID . "',
- '" . $POLine->ConversionFactor . "')";
+ itemcode,
+ deliverydate,
+ itemdescription,
+ glcode,
+ unitprice,
+ quantityord,
+ shiptref,
+ jobref,
+ itemno,
+ suppliersunit,
+ suppliers_partno,
+ subtotal_amount,
+ package,
+ pcunit,
+ netweight,
+ kgs,
+ cuft,
+ total_quantity,
+ total_amount,
+ assetid,
+ conversionfactor )
+ VALUES (
+ '" . $_SESSION['PO'.$identifier]->OrderNo . "',
+ '" . $POLine->StockID . "',
+ '" . FormatDateForSQL($POLine->ReqDelDate) . "',
+ '" . $POLine->ItemDescription . "',
+ '" . $POLine->GLCode . "',
+ '" . $POLine->Price . "',
+ '" . $POLine->Quantity . "',
+ '" . $POLine->ShiptRef . "',
+ '" . $POLine->JobRef . "',
+ '" . $POLine->ItemNo . "',
+ '" . $POLine->SuppliersUnit . "',
+ '" . $POLine->Suppliers_PartNo . "',
+ '" . $POLine->SubTotal_Amount . "',
+ '" . $POLine->Package . "',
+ '" . $POLine->PcUnit . "',
+ '" . $POLine->NetWeight . "',
+ '" . $POLine->KGs . "',
+ '" . $POLine->CuFt . "',
+ '" . $POLine->Total_Quantity . "',
+ '" . $POLine->Total_Amount . "',
+ '" . $POLine->AssetID . "',
+ '" . $POLine->ConversionFactor . "')";
$ErrMsg =_('One of the purchase order detail records could not be inserted into the database because');
$DbgMsg =_('The SQL statement used to insert the purchase order detail record and failed was');
Modified: trunk/doc/Change.log.html
===================================================================
--- trunk/doc/Change.log.html 2011-03-10 06:24:48 UTC (rev 4506)
+++ trunk/doc/Change.log.html 2011-03-11 20:24:03 UTC (rev 4507)
@@ -1,5 +1,6 @@
<p><font SIZE=4 COLOR=BLUE><b>webERP Change Log</b></font></p>
<p>
+<p>12/3/11: Exson fix all htmlentities to use ENTQUOTES, 'UTF-8' option so other character sets work with it</p>
<p>10/3/11: Phil fix pagination of PrintCustOrder_generic.php - second copy was not restarting page numbers</p>
<p>10/3/11: Tims launchpad fixes brought in MRP.php fix for table charset utf8 so joins work correctly; typeo in PO_Header preventing purchasing data being retrieved ($result not $Result); correct sql on searching for customer in SelectCreditItems.php; StockStatus.php pricing history bug resolved (4450); StockQuantityByDate.php now allowed to show for all categories - enclosed 'All' in gettext</p>
<p>8/3/11: Tim/Phil PO_Items.php in committing an order detail the assetid of 'Not an Asset' was being inserted to an integer field. Modified $_POST['AssetID'] to = 0 if it was 'Not an Asset' as advised by Tim</p>
Modified: trunk/includes/MiscFunctions.php
===================================================================
--- trunk/includes/MiscFunctions.php 2011-03-10 06:24:48 UTC (rev 4506)
+++ trunk/includes/MiscFunctions.php 2011-03-11 20:24:03 UTC (rev 4507)
@@ -114,8 +114,7 @@
OR strstr($CheckVariable,"\"")
OR strstr($CheckVariable,'&')
OR strstr($CheckVariable,"\\")
- OR strstr($CheckVariable,'"')
- OR strstr($CheckVariable,' ')){
+ OR strstr($CheckVariable,'"')){
return true;
} else {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
