Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[4950] trunk
|
From: <dai...@us...> - 2012-02-22 06:26:56
|
Revision: 4950
http://web-erp.svn.sourceforge.net/web-erp/?rev=4950&view=rev
Author: daintree
Date: 2012-02-22 06:26:38 +0000 (Wed, 22 Feb 2012)
Log Message:
-----------
fully qualify htmlspecialchars() function
Modified Paths:
--------------
trunk/AddCustomerTypeNotes.php
trunk/AuditTrail.php
trunk/BOMExtendedQty.php
trunk/BOMIndented.php
trunk/BOMIndentedReverse.php
trunk/BOMInquiry.php
trunk/BOMListing.php
trunk/BOMs.php
trunk/BackupDatabase.php
trunk/BankReconciliation.php
trunk/COGSGLPostings.php
trunk/CompanyPreferences.php
trunk/ConfirmDispatch_Invoice.php
trunk/ContractBOM.php
trunk/ContractCosting.php
trunk/ContractOtherReqts.php
trunk/Contracts.php
trunk/CounterSales.php
trunk/CreditStatus.php
trunk/Credit_Invoice.php
trunk/Currencies.php
trunk/CustEDISetup.php
trunk/CustLoginSetup.php
trunk/CustWhereAlloc.php
trunk/CustomerAllocations.php
trunk/CustomerBranches.php
trunk/CustomerInquiry.php
trunk/CustomerReceipt.php
trunk/CustomerTransInquiry.php
trunk/CustomerTypes.php
trunk/Customers.php
trunk/DailyBankTransactions.php
trunk/DebtorsAtPeriodEnd.php
trunk/DiscountCategories.php
trunk/DiscountMatrix.php
trunk/EDIMessageFormat.php
trunk/EmailCustTrans.php
trunk/ExchangeRateTrend.php
trunk/FTP_RadioBeacon.php
trunk/Factors.php
trunk/FixedAssetCategories.php
trunk/FixedAssetDepreciation.php
trunk/FixedAssetItems.php
trunk/FixedAssetLocations.php
trunk/FixedAssetRegister.php
trunk/FixedAssetTransfer.php
trunk/FormDesigner.php
trunk/FreightCosts.php
trunk/GLAccountCSV.php
trunk/GLAccountInquiry.php
trunk/GLAccountReport.php
trunk/GLAccounts.php
trunk/GLBalanceSheet.php
trunk/GLBudgets.php
trunk/GLJournal.php
trunk/GLProfit_Loss.php
trunk/GLTagProfit_Loss.php
trunk/GLTags.php
trunk/GLTrialBalance.php
trunk/GLTrialBalance_csv.php
trunk/GeocodeSetup.php
trunk/GoodsReceived.php
trunk/InventoryPlanning.php
trunk/InventoryPlanningPrefSupplier.php
trunk/InventoryQuantities.php
trunk/InventoryValuation.php
trunk/Labels.php
trunk/Locations.php
trunk/MRP.php
trunk/MRPCalendar.php
trunk/MRPCreateDemands.php
trunk/MRPDemandTypes.php
trunk/MRPDemands.php
trunk/MRPPlannedPurchaseOrders.php
trunk/MRPPlannedWorkOrders.php
trunk/MRPReport.php
trunk/MRPReschedules.php
trunk/MRPShortages.php
trunk/OffersReceived.php
trunk/OutstandingGRNs.php
trunk/PDFBankingSummary.php
trunk/PDFChequeListing.php
trunk/PDFCustTransListing.php
trunk/PDFCustomerList.php
trunk/PDFDIFOT.php
trunk/PDFDeliveryDifferences.php
trunk/PDFLowGP.php
trunk/PDFOrderStatus.php
trunk/PDFOrdersInvoiced.php
trunk/PDFPeriodStockTransListing.php
trunk/PDFPickingList.php
trunk/PDFPriceList.php
trunk/PDFPrintLabel.php
trunk/PDFRemittanceAdvice.php
trunk/PDFStockCheckComparison.php
trunk/PDFStockLocTransfer.php
trunk/PDFStockTransfer.php
trunk/PDFSuppTransListing.php
trunk/POReport.php
trunk/PO_AuthorisationLevels.php
trunk/PO_AuthoriseMyOrders.php
trunk/PO_Header.php
trunk/PO_Items.php
trunk/PO_PDFPurchOrder.php
trunk/PO_SelectOSPurchOrder.php
trunk/PO_SelectPurchOrder.php
trunk/PageSecurity.php
trunk/PaymentMethods.php
trunk/PaymentTerms.php
trunk/Payments.php
trunk/PcAssignCashToTab.php
trunk/PcAuthorizeExpenses.php
trunk/PcClaimExpensesFromTab.php
trunk/PcExpenses.php
trunk/PcExpensesTypeTab.php
trunk/PcReportTab.php
trunk/PcTabs.php
trunk/PcTypeTabs.php
trunk/Prices.php
trunk/PricesBasedOnMarkUp.php
trunk/PricesByCost.php
trunk/Prices_Customer.php
trunk/PrintCustStatements.php
trunk/PrintCustTrans.php
trunk/PrintCustTransPortrait.php
trunk/PurchData.php
trunk/RecurringSalesOrders.php
trunk/ReorderLevel.php
trunk/ReorderLevelLocation.php
trunk/ReprintGRN.php
trunk/ReverseGRN.php
trunk/SMTPServer.php
trunk/SalesAnalReptCols.php
trunk/SalesAnalRepts.php
trunk/SalesByTypePeriodInquiry.php
trunk/SalesCategories.php
trunk/SalesCategoryPeriodInquiry.php
trunk/SalesGLPostings.php
trunk/SalesGraph.php
trunk/SalesInquiry.php
trunk/SalesPeople.php
trunk/SalesTopItemsInquiry.php
trunk/SalesTypes.php
trunk/SecurityTokens.php
trunk/SelectCompletedOrder.php
trunk/SelectContract.php
trunk/SelectCreditItems.php
trunk/SelectCustomer.php
trunk/SelectGLAccount.php
trunk/SelectOrderItems.php
trunk/SelectProduct.php
trunk/SelectRecurringSalesOrder.php
trunk/SelectSalesOrder.php
trunk/SelectSupplier.php
trunk/SelectWorkOrder.php
trunk/ShipmentCosting.php
trunk/Shipments.php
trunk/Shippers.php
trunk/Shipt_Select.php
trunk/SpecialOrder.php
trunk/StockAdjustments.php
trunk/StockCategories.php
trunk/StockCheck.php
trunk/StockCostUpdate.php
trunk/StockCounts.php
trunk/StockDispatch.php
trunk/StockLocMovements.php
trunk/StockLocStatus.php
trunk/StockLocTransfer.php
trunk/StockLocTransferReceive.php
trunk/StockMovements.php
trunk/StockQuantityByDate.php
trunk/StockReorderLevel.php
trunk/StockSerialItemResearch.php
trunk/StockStatus.php
trunk/StockTransfers.php
trunk/StockUsage.php
trunk/Stocks.php
trunk/SuppContractChgs.php
trunk/SuppCreditGRNs.php
trunk/SuppFixedAssetChgs.php
trunk/SuppInvGRNs.php
trunk/SuppLoginSetup.php
trunk/SuppPaymentRun.php
trunk/SuppPriceList.php
trunk/SuppShiptChgs.php
trunk/SuppTransGLAnalysis.php
trunk/SupplierAllocations.php
trunk/SupplierBalsAtPeriodEnd.php
trunk/SupplierContacts.php
trunk/SupplierCredit.php
trunk/SupplierInquiry.php
trunk/SupplierInvoice.php
trunk/SupplierTenders.php
trunk/SupplierTransInquiry.php
trunk/SupplierTypes.php
trunk/Suppliers.php
trunk/SystemParameters.php
trunk/Tax.php
trunk/TaxAuthorities.php
trunk/TaxAuthorityRates.php
trunk/TaxCategories.php
trunk/TaxGroups.php
trunk/TaxProvinces.php
trunk/TopItems.php
trunk/UnitsOfMeasure.php
trunk/UpgradeDatabase.php
trunk/UserSettings.php
trunk/WOSerialNos.php
trunk/WWW_Access.php
trunk/WWW_Users.php
trunk/WhereUsedInquiry.php
trunk/WorkCentres.php
trunk/WorkOrderCosting.php
trunk/WorkOrderEntry.php
trunk/WorkOrderIssue.php
trunk/WorkOrderReceive.php
trunk/Z_BottomUpCosts.php
trunk/Z_ChangeBranchCode.php
trunk/Z_ChangeCustomerCode.php
trunk/Z_ChangeStockCategory.php
trunk/Z_ChangeStockCode.php
trunk/Z_CheckDebtorsControl.php
trunk/Z_CreateCompanyTemplateFile.php
trunk/Z_DataExport.php
trunk/Z_DeleteSalesTransActions.php
trunk/Z_ImportChartOfAccounts.php
trunk/Z_ImportGLAccountGroups.php
trunk/Z_ImportGLAccountSections.php
trunk/Z_ImportPartCodes.php
trunk/Z_MakeNewCompany.php
trunk/Z_ReApplyCostToSA.php
trunk/Z_RePostGLFromPeriod.php
trunk/Z_ReverseSuppPaymentRun.php
trunk/Z_UpdateChartDetailsBFwd.php
trunk/Z_Upgrade3.10.php
trunk/Z_Upgrade_3.04-3.05.php
trunk/Z_Upgrade_3.05-3.06.php
trunk/Z_Upgrade_3.07-3.08.php
trunk/Z_Upgrade_3.08-3.09.php
trunk/Z_Upgrade_3.09-3.10.php
trunk/Z_Upgrade_3.10-3.11.php
trunk/Z_Upgrade_3.11-4.00.php
trunk/Z_poAddLanguage.php
trunk/Z_poEditLangHeader.php
trunk/Z_poEditLangModule.php
trunk/Z_poEditLangRemaining.php
trunk/Z_poRebuildDefault.php
trunk/config.distrib.php
trunk/doc/Change.log
trunk/doc/Manual/ManualContents.php
trunk/doc/Manual/ManualGettingStarted.html
trunk/includes/InputSerialItems.php
trunk/includes/InputSerialItemsExisting.php
trunk/includes/InputSerialItemsKeyed.php
trunk/includes/InputSerialItemsSequential.php
trunk/includes/OutputSerialItems.php
trunk/includes/session.inc
trunk/includes/tcpdf/config/tcpdf_config.php
trunk/includes/tcpdf/config/tcpdf_config_alt.php
trunk/locale/zh_CN.utf8/Manual/ManualContents.php
trunk/locale/zh_CN.utf8/Manual/ManualGettingStarted.html
trunk/locale/zh_HK.utf8/Manual/ManualContents.php
trunk/locale/zh_HK.utf8/Manual/ManualGettingStarted.html
Modified: trunk/AddCustomerTypeNotes.php
===================================================================
--- trunk/AddCustomerTypeNotes.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/AddCustomerTypeNotes.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -147,7 +147,7 @@
}
if (isset($Id)) {
echo '<div class="centre">
- <a href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?DebtorType=' . $DebtorType . '">' . _('Review all notes for this Customer Type') .'</a>
+ <a href="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?DebtorType=' . $DebtorType . '">' . _('Review all notes for this Customer Type') .'</a>
</div>';
}
Modified: trunk/AuditTrail.php
===================================================================
--- trunk/AuditTrail.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/AuditTrail.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -34,7 +34,7 @@
// Get list of users
$UserResult = DB_query("SELECT userid FROM www_users",$db);
-echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '" method="post">';
+echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class="selection">';
Modified: trunk/BOMExtendedQty.php
===================================================================
--- trunk/BOMExtendedQty.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/BOMExtendedQty.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -262,7 +262,7 @@
echo '<br />
<br />
- <form action=' . htmlspecialchars($_SERVER['PHP_SELF']) . ' method="post">
+ <form action=' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . ' method="post">
<table class="selection">
<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />
<tr>
Modified: trunk/BOMIndented.php
===================================================================
--- trunk/BOMIndented.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/BOMIndented.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -247,7 +247,7 @@
echo '<br />
<br />
- <form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '" method="post">
+ <form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method="post">
<table class="selection">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<tr>
Modified: trunk/BOMIndentedReverse.php
===================================================================
--- trunk/BOMIndentedReverse.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/BOMIndentedReverse.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -235,7 +235,7 @@
_('Search') . '" alt="" />' . ' ' . $title.'</p><br />';
echo '<br />
<br />
- <form action=' . htmlspecialchars($_SERVER['PHP_SELF']) . ' method="post">
+ <form action=' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . ' method="post">
<table class="selection">
<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />
<tr>
Modified: trunk/BOMInquiry.php
===================================================================
--- trunk/BOMInquiry.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/BOMInquiry.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -13,7 +13,7 @@
}
if (!isset($_POST['StockID'])) {
- echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '" method="post">
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method="post">
<b>
<br />
</b>
Modified: trunk/BOMListing.php
===================================================================
--- trunk/BOMListing.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/BOMListing.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -112,7 +112,7 @@
/*if $FromCriteria is not set then show a form to allow input */
- echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '" method="POST">
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method="POST">
<table class="selection">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
Modified: trunk/BOMs.php
===================================================================
--- trunk/BOMs.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/BOMs.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -113,7 +113,7 @@
$DrillID='';
} else {
$DrillText = '<a href="%s&Select=%s">' . _('Drill Down');
- $DrillLink = htmlspecialchars($_SERVER['PHP_SELF']) . '?';
+ $DrillLink = htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?';
$DrillID=$myrow['component'];
}
if ($ParentMBflag!='M' AND $ParentMBflag!='G'){
@@ -160,12 +160,12 @@
ConvertSQLDate($myrow['effectiveto']),
$AutoIssue,
$QuantityOnHand,
- htmlspecialchars($_SERVER['PHP_SELF']) . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?',
$Parent,
$myrow['component'],
$DrillLink,
$DrillID,
- htmlspecialchars($_SERVER['PHP_SELF']) . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?',
$Parent,
$myrow['component'],
$UltimateParent);
@@ -418,7 +418,7 @@
break;
}
- echo '<br /><div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">' . _('Select a Different BOM') . '</a></div><br />';
+ echo '<br /><div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">' . _('Select a Different BOM') . '</a></div><br />';
echo '<table class="selection">';
// Display Manufatured Parent Items
$sql = "SELECT bom.parent,
@@ -437,7 +437,7 @@
if( DB_num_rows($result) > 0 ) {
echo '<tr><td><div class="centre">'._('Manufactured parent items').' : ';
while ($myrow = DB_fetch_array($result)){
- echo (($ix)?', ':'').'<a href="'.htmlspecialchars($_SERVER['PHP_SELF']) . '?Select='.$myrow['parent'].'">'.
+ echo (($ix)?', ':'').'<a href="'.htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?Select='.$myrow['parent'].'">'.
$myrow['description'].' ('.$myrow['parent'].')</a>';
$ix++;
} //end while loop
@@ -460,7 +460,7 @@
echo (($reqnl)?'<br />':'').'<tr><td><div class="centre">'._('Assembly parent items').' : ';
$ix = 0;
while ($myrow = DB_fetch_array($result)){
- echo (($ix)?', ':'').'<a href="'.htmlspecialchars($_SERVER['PHP_SELF']) . '?Select='.$myrow['parent'].'">'.
+ echo (($ix)?', ':'').'<a href="'.htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?Select='.$myrow['parent'].'">'.
$myrow['description'].' ('.$myrow['parent'].')</a>';
$ix++;
} //end while loop
@@ -482,7 +482,7 @@
echo (($reqnl)?'<br />':'').'<tr><td><div class="centre">'._('Kit sets').' : ';
$ix = 0;
while ($myrow = DB_fetch_array($result)){
- echo (($ix)?', ':'').'<a href="'.htmlspecialchars($_SERVER['PHP_SELF']) . '?Select='.$myrow['parent'].'">'.
+ echo (($ix)?', ':'').'<a href="'.htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?Select='.$myrow['parent'].'">'.
$myrow['description'].' ('.$myrow['parent'].')</a>';
$ix++;
} //end while loop
@@ -504,7 +504,7 @@
echo (($reqnl)?'<br />':'').'<tr><td><div class="centre">'._('Phantom').' : ';
$ix = 0;
while ($myrow = DB_fetch_array($result)){
- echo (($ix)?', ':'').'<a href="'.htmlspecialchars($_SERVER['PHP_SELF']) . '?Select='.$myrow['parent'].'">'.
+ echo (($ix)?', ':'').'<a href="'.htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?Select='.$myrow['parent'].'">'.
$myrow['description'].' ('.$myrow['parent'].')</a>';
$ix++;
} //end while loop
@@ -564,7 +564,7 @@
if (! isset($_GET['delete'])) {
- echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?Select=' . $SelectedParent .'">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?Select=' . $SelectedParent .'">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($_GET['SelectedComponent']) and $InputError !=1) {
@@ -830,7 +830,7 @@
if (!isset($SelectedParent)) {
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/magnifier.png" title="' . _('Search') . '" alt="" />' . ' ' . $title . '</p>';
- echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '" method="post">' .
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method="post">' .
'<div class="page_help_text">'. _('Select a manufactured part') . ' (' . _('or Assembly or Kit part') . ') ' . _('to maintain the bill of material for using the options below') . '<br /><font size="1">' . _('Parts must be defined in the stock item entry') . '/' . _('modification screen as manufactured') . ', ' . _('kits or assemblies to be available for construction of a bill of material') .'</div>'. '</font>
<br />
<table class="selection" cellpadding="3" colspan="4">
Modified: trunk/BackupDatabase.php
===================================================================
--- trunk/BackupDatabase.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/BackupDatabase.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -44,7 +44,7 @@
prnMsg(_('Once you have downloaded the database backup file to your local machine you should use the link below to delete it - backup files can consume a lot of space on your hosting account and will accumulate if not deleted - they also contain sensitive information which would otherwise be available for others to download!'),'info');
echo '<br />
<br />
- <a href="'. htmlspecialchars($_SERVER['PHP_SELF']) . '?BackupFile=' .$BackupFile .'">' . _('Delete the backup file off the server') . '</a>';
+ <a href="'. htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?BackupFile=' .$BackupFile .'">' . _('Delete the backup file off the server') . '</a>';
} else {
prnMsg(_('There was some problem producing a backup using mysqldump. Normally this relates to a permissions issue - the web-server user must have permission to write to the companies directory'),'error');
}
Modified: trunk/BankReconciliation.php
===================================================================
--- trunk/BankReconciliation.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/BankReconciliation.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -8,7 +8,7 @@
include('includes/header.inc');
-echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/money_add.png" title="' . _('Search') . '" alt="" />' . ' ' . $title.'</p><br />';
Modified: trunk/COGSGLPostings.php
===================================================================
--- trunk/COGSGLPostings.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/COGSGLPostings.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -111,9 +111,9 @@
$myrow['stkcat'],
$myrow['salestype'],
$myrow['accountname'],
- htmlspecialchars($_SERVER['PHP_SELF']) . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?',
$myrow['id'],
- htmlspecialchars($_SERVER['PHP_SELF']). '?',
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8'). '?',
$myrow['id']);
}//end while
echo '</table>';
@@ -210,9 +210,9 @@
$myrow['stkcat'],
$myrow['salestype'],
$myrow['accountname'],
- htmlspecialchars($_SERVER['PHP_SELF']) . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?',
$myrow['id'],
- htmlspecialchars($_SERVER['PHP_SELF']) . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?',
$myrow['id']);
}//END WHILE LIST LOOP
@@ -222,12 +222,12 @@
//end of ifs and buts!
if (isset($SelectedCOGSPostingID)) {
- echo '<div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF']) .'">' . _('Show all cost of sales posting records') . '</a></div>';
+ echo '<div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') .'">' . _('Show all cost of sales posting records') . '</a></div>';
}
echo '<br />';
-echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedCOGSPostingID)) {
Modified: trunk/CompanyPreferences.php
===================================================================
--- trunk/CompanyPreferences.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/CompanyPreferences.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -153,7 +153,7 @@
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/maintenance.png" title="' . _('Search') .
'" alt="" />' . ' ' . $title.'</p><br />';
-echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class="selection">';
Modified: trunk/ConfirmDispatch_Invoice.php
===================================================================
--- trunk/ConfirmDispatch_Invoice.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/ConfirmDispatch_Invoice.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -266,7 +266,7 @@
</table>
<br />';
-echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?identifier='.$identifier . '" method="post">';
+echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?identifier='.$identifier . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
/***************************************************************
Modified: trunk/ContractBOM.php
===================================================================
--- trunk/ContractBOM.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/ContractBOM.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -215,7 +215,7 @@
/* This is where the order as selected should be displayed reflecting any deletions or insertions*/
-echo '<form name="ContractBOMForm" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?identifier='.$identifier. '" method="post">';
+echo '<form name="ContractBOMForm" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?identifier='.$identifier. '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (count($_SESSION['Contract'.$identifier]->ContractBOM)>0){
@@ -263,7 +263,7 @@
<td>' . $ContractComponent->UOM . '</td>
<td class="number">' . locale_number_format($ContractComponent->ItemCost,$_SESSION['CompanyRecord']['decimalplaces']) . '</td>
<td class="number">' . $DisplayLineTotal . '</td>
- <td><a href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?identifier='.$identifier. '&Delete=' . $ContractComponent->ComponentID . '" onclick="return confirm(\'' . _('Are you sure you wish to delete this item from the contract BOM?') . '\');">' . _('Delete') . '</a></td></tr>';
+ <td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?identifier='.$identifier. '&Delete=' . $ContractComponent->ComponentID . '" onclick="return confirm(\'' . _('Are you sure you wish to delete this item from the contract BOM?') . '\');">' . _('Delete') . '</a></td></tr>';
$TotalCost += $LineTotal;
}
Modified: trunk/ContractCosting.php
===================================================================
--- trunk/ContractCosting.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/ContractCosting.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -432,7 +432,7 @@
if ($_SESSION['Contract'.$identifier]->Status ==2){//the contract is an order being processed now
- echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?SelectedContract=' . $_SESSION['Contract'.$identifier]->ContractRef . '&identifier=' . $identifier . '">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?SelectedContract=' . $_SESSION['Contract'.$identifier]->ContractRef . '&identifier=' . $identifier . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<br />
<div class="centre">
Modified: trunk/ContractOtherReqts.php
===================================================================
--- trunk/ContractOtherReqts.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/ContractOtherReqts.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -75,7 +75,7 @@
/* This is where the other requirement as entered/modified should be displayed reflecting any deletions or insertions*/
-echo '<form name="ContractReqtsForm" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?identifier='.$identifier. '" method="post">';
+echo '<form name="ContractReqtsForm" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?identifier='.$identifier. '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/contract.png" title="' . _('Contract Other Requirements') . '" alt="" /> ' . _('Contract Other Requirements') . ' - ' . $_SESSION['Contract'.$identifier]->CustomerName.'</p>';
@@ -116,7 +116,7 @@
<td><input type="text" class="number" name="Qty' . $ContractReqtID . '" size="11" value="' . locale_number_format($ContractComponent->Quantity,'Variable') . '" /></td>
<td><input type="text" class="number" name="CostPerUnit' . $ContractReqtID . '" size="11" value="' . locale_number_format($ContractComponent->CostPerUnit,$_SESSION['CompanyRecord']['decimalplaces']) . '" /></td>
<td class="number">' . $DisplayLineTotal . '</td>
- <td><a href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?identifier='.$identifier. '&Delete=' . $ContractReqtID . '" onclick="return confirm(\'' . _('Are you sure you wish to delete this contract requirement?') . '\');">' . _('Delete') . '</a></td>
+ <td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?identifier='.$identifier. '&Delete=' . $ContractReqtID . '" onclick="return confirm(\'' . _('Are you sure you wish to delete this contract requirement?') . '\');">' . _('Delete') . '</a></td>
</tr>';
$TotalCost += $LineTotal;
}
Modified: trunk/Contracts.php
===================================================================
--- trunk/Contracts.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/Contracts.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -746,7 +746,7 @@
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/contract.png" title="' .
_('Contract') . '" alt="" />' . ' ' . _('Contract: Select Customer') . '</p>';
- echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?identifier=' . $identifier .'" name="CustomerSelection" method="post">';
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?identifier=' . $identifier .'" name="CustomerSelection" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table cellpadding="3" colspan="4" class="selection">
@@ -814,7 +814,7 @@
//end if RequireCustomerSelection
} else { /*A customer is already selected so get into the contract setup proper */
- echo '<form name="ContractEntry" enctype="multipart/form-data" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?identifier=' . $identifier . '" method="post">';
+ echo '<form name="ContractEntry" enctype="multipart/form-data" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?identifier=' . $identifier . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p class="page_title_text">
Modified: trunk/CounterSales.php
===================================================================
--- trunk/CounterSales.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/CounterSales.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -212,7 +212,7 @@
echo '<br /><br />';
prnMsg(_('This sale has been cancelled as requested'),'success');
- echo '<br /><br /><a href="' .htmlspecialchars($_SERVER['PHP_SELF']) . '">' . _('Start a new Counter Sale') . '</a>';
+ echo '<br /><br /><a href="' .htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">' . _('Start a new Counter Sale') . '</a>';
include('includes/footer.inc');
exit;
@@ -361,7 +361,7 @@
/* Always do the stuff below */
-echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?identifier='.$identifier . '" name="SelectParts" method="post">';
+echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?identifier='.$identifier . '" name="SelectParts" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
//Get The exchange rate used for GPPercent calculations on adding or amending items
@@ -819,7 +819,7 @@
$_SESSION['Items'.$identifier]->TaxGLCodes=$TaxGLCodes;
echo '<td class="number">' . locale_number_format($TaxLineTotal ,$_SESSION['Items'.$identifier]->CurrDecimalPlaces) . '</td>';
echo '<td class="number">' . locale_number_format($SubTotal + $TaxLineTotal ,$_SESSION['Items'.$identifier]->CurrDecimalPlaces) . '</td>';
- echo '<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?identifier='.$identifier . '&Delete=' . $OrderLine->LineNumber . '" onclick="return confirm(\'' . _('Are You Sure?') . '\');">' . _('Delete') . '</a></td></tr>';
+ echo '<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?identifier='.$identifier . '&Delete=' . $OrderLine->LineNumber . '" onclick="return confirm(\'' . _('Are You Sure?') . '\');">' . _('Delete') . '</a></td></tr>';
if ($_SESSION['AllowOrderLineItemNarrative'] == 1){
echo $RowStarter;
@@ -1980,7 +1980,7 @@
} else {
echo '<img src="'.$rootpath.'/css/'.$theme.'/images/printer.png" title="' . _('Print') . '" alt="" />' . ' ' . '<a target="_blank" href="'.$rootpath.'/PrintCustTransPortrait.php?FromTransNo='.$InvoiceNo.'&InvOrCredit=Invoice&PrintPDF=True">'. _('Print this invoice'). ' (' . _('Portrait') . ')</a><br /><br />';
}
- echo '<br /><br /><a href="' .htmlspecialchars($_SERVER['PHP_SELF']) . '">' . _('Start a new Counter Sale') . '</a></div>';
+ echo '<br /><br /><a href="' .htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">' . _('Start a new Counter Sale') . '</a></div>';
}
// There were input errors so don't process nuffin
@@ -2197,7 +2197,7 @@
if (isset($SearchResult)) {
$j = 1;
- echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?' . SID .'identifier='.$identifier . '" method="post" name="orderform">';
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?' . SID .'identifier='.$identifier . '" method="post" name="orderform">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class="table1">';
echo '<tr>
Modified: trunk/CreditStatus.php
===================================================================
--- trunk/CreditStatus.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/CreditStatus.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -177,9 +177,9 @@
$myrow['reasoncode'],
$myrow['reasondescription'],
$DissallowText,
- htmlspecialchars($_SERVER['PHP_SELF']),
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8'),
$myrow['reasoncode'],
- htmlspecialchars($_SERVER['PHP_SELF']),
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8'),
$myrow['reasoncode']);
} //END WHILE LIST LOOP
@@ -189,13 +189,13 @@
if (isset($SelectedReason)) {
echo '<div class="centre">
- <a href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">' . _('Show Defined Credit Status Codes') . '</a>
+ <a href="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">' . _('Show Defined Credit Status Codes') . '</a>
</div>';
}
if (!isset($_GET['delete'])) {
- echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedReason) and ($InputError!=1)) {
Modified: trunk/Credit_Invoice.php
===================================================================
--- trunk/Credit_Invoice.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/Credit_Invoice.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -256,7 +256,7 @@
if (!isset($_POST['ProcessCredit'])) {
- echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) .'" method="post">';
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') .'" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
@@ -378,7 +378,7 @@
echo '<td class="number">' . $DisplayTaxAmount . '</td>
<td class="number">' . $DisplayGrossLineTotal . '</td>
- <td><a href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?Delete=' . $LnItm->LineNumber . '" onclick="return confirm(\'' . _('Are you sure you wish to delete this item from the credit?') . '\');">' . _('Delete') . '</a></td></tr>';
+ <td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?Delete=' . $LnItm->LineNumber . '" onclick="return confirm(\'' . _('Are you sure you wish to delete this item from the credit?') . '\');">' . _('Delete') . '</a></td></tr>';
echo '<tr' . $RowStarter . '><td colspan="12"><textarea tabindex="' . $j .'" name="Narrative_' . $LnItm->LineNumber . '" cols="100%" rows="1">' . $LnItm->Narrative . '</textarea><br /><hr></td></tr>';
$j++;
Modified: trunk/Currencies.php
===================================================================
--- trunk/Currencies.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/Currencies.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -267,10 +267,10 @@
locale_number_format($myrow['decimalplaces'],0),
locale_number_format($myrow['rate'],6),
locale_number_format(GetCurrencyRate($myrow['currabrev'],$CurrencyRatesArray),6),
- htmlspecialchars($_SERVER['PHP_SELF']) . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?',
$myrow['currabrev'],
_('Edit'),
- htmlspecialchars($_SERVER['PHP_SELF']) . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?',
$myrow['currabrev'],
_('Delete'),
$rootpath,
@@ -301,14 +301,14 @@
if (isset($SelectedCurrency)) {
- echo '<div class="centre"><a href="' .htmlspecialchars($_SERVER['PHP_SELF']) . '">'._('Show all currency definitions').'</a></div>';
+ echo '<div class="centre"><a href="' .htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">'._('Show all currency definitions').'</a></div>';
}
echo '<br />';
if (!isset($_GET['delete'])) {
- echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedCurrency) AND $SelectedCurrency!='') {
Modified: trunk/CustEDISetup.php
===================================================================
--- trunk/CustEDISetup.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/CustEDISetup.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -69,7 +69,7 @@
}
}
-echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<br /><table class="selection">';
Modified: trunk/CustLoginSetup.php
===================================================================
--- trunk/CustLoginSetup.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/CustLoginSetup.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -123,7 +123,7 @@
}
-echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class="selection">
Modified: trunk/CustWhereAlloc.php
===================================================================
--- trunk/CustWhereAlloc.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/CustWhereAlloc.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -6,7 +6,7 @@
$title = _('Customer How Paid Inquiry');
include('includes/header.inc');
-echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '" method="post">';
+echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p class="page_title_text">
Modified: trunk/CustomerAllocations.php
===================================================================
--- trunk/CustomerAllocations.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/CustomerAllocations.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -336,7 +336,7 @@
if (isset($_POST['AllocTrans'])) {
// Page called with trans number
- echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '" method="post">';
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<input type="hidden" name="AllocTrans" value="' . $_POST['AllocTrans'] . '" />';
@@ -488,7 +488,7 @@
<td class="number">' . locale_number_format($myrow['total'],$myrow['currdecimalplaces']) . '</td>
<td class="number">' . locale_number_format($myrow['total']-$myrow['alloc'],$myrow['currdecimalplaces']) . '</td>
<td>' . $myrow['currcode'] . '</td>';
- echo '<td><a href=' . htmlspecialchars($_SERVER['PHP_SELF']). '?AllocTrans=' . $myrow['id'] . '>' . _('Allocate') . '</a></td></tr>';
+ echo '<td><a href=' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8'). '?AllocTrans=' . $myrow['id'] . '>' . _('Allocate') . '</a></td></tr>';
}
echo '</table><p>';
} else {
@@ -529,7 +529,7 @@
$k=0;
while ($myrow = DB_fetch_array($result)) {
- $AllocateLink = '<a href=' . htmlspecialchars($_SERVER['PHP_SELF']). '?AllocTrans=' . $myrow['id'] . '>' . _('Allocate') . '</a>';
+ $AllocateLink = '<a href=' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8'). '?AllocTrans=' . $myrow['id'] . '>' . _('Allocate') . '</a>';
if ( $CurrentDebtor != $myrow['debtorno'] ) {
if ( $CurrentTransaction > 1 ) {
Modified: trunk/CustomerBranches.php
===================================================================
--- trunk/CustomerBranches.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/CustomerBranches.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -409,11 +409,11 @@
$myrow[8],
$myrow[9],
($myrow[11]?_('No'):_('Yes')),
- htmlspecialchars($_SERVER['PHP_SELF']),
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8'),
$DebtorNo,
urlencode($myrow[1]),
_('Edit'),
- htmlspecialchars($_SERVER['PHP_SELF']),
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8'),
$DebtorNo,
urlencode($myrow[1]),
_('Delete Branch'));
@@ -463,7 +463,7 @@
}
if (!isset($_GET['delete'])) {
- echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) .'">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') .'">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedBranch)) {
@@ -539,7 +539,7 @@
echo '<p Class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/customer.png" title="' . _('Customer') . '" alt="" />
' . ' ' . _('Change Details for Branch'). ' '. $SelectedBranch . '</p>';
if (isset($SelectedBranch)) {
- echo '<div class="centre"><a href=' . htmlspecialchars($_SERVER['PHP_SELF']) . '?DebtorNo=' . $DebtorNo. '>' . _('Show all branches defined for'). ' '. $DebtorNo . '</a></div>';
+ echo '<div class="centre"><a href=' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?DebtorNo=' . $DebtorNo. '>' . _('Show all branches defined for'). ' '. $DebtorNo . '</a></div>';
}
echo '<br />
<table class="selection">
Modified: trunk/CustomerInquiry.php
===================================================================
--- trunk/CustomerInquiry.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/CustomerInquiry.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -152,7 +152,7 @@
echo '<br />
<div class="centre">
- <form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '" method="post">
+ <form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method="post">
<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />'
. _('Show all transactions after') . ': <input tabindex="1" type="text" class="date" alt="' .$_SESSION['DefaultDateFormat']. '" id="datepicker" name="TransAfterDate" value="' . $_POST['TransAfterDate'] . '" maxlength="10" size="12" />
<input tabindex="2" type="submit" name="Refresh Inquiry" value="' . _('Refresh Inquiry') . '" />
Modified: trunk/CustomerReceipt.php
===================================================================
--- trunk/CustomerReceipt.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/CustomerReceipt.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -729,7 +729,7 @@
/*set up the form whatever */
-echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?Type='.$_GET['Type'] . '" method="post" name="form1">';
+echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?Type='.$_GET['Type'] . '" method="post" name="form1">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
/*show the batch header details and the entries in the batch so far */
@@ -918,7 +918,7 @@
<td>' . stripslashes($ReceiptItem->CustomerName) . '</td>
<td>'.$ReceiptItem->GLCode.' - '.$myrow['accountname'].'</td>
<td>'.$ReceiptItem->Narrative . '</td>
- <td><a href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?Delete=' . $ReceiptItem->ID . '&Type=' . $_GET['Type']. '">' . _('Delete') . '</a></td>
+ <td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?Delete=' . $ReceiptItem->ID . '&Type=' . $_GET['Type']. '">' . _('Delete') . '</a></td>
</tr>';
$BatchTotal= $BatchTotal + $ReceiptItem->Amount;
}
Modified: trunk/CustomerTransInquiry.php
===================================================================
--- trunk/CustomerTransInquiry.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/CustomerTransInquiry.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -12,7 +12,7 @@
echo '<div class="page_help_text">' . _('Choose which type of transaction to report on.') . '</div>
<br />';
-echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '" method="post">';
+echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method="post">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class="selection">
Modified: trunk/CustomerTypes.php
===================================================================
--- trunk/CustomerTypes.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/CustomerTypes.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -204,9 +204,9 @@
</tr>',
$myrow[0],
$myrow[1],
- htmlspecialchars($_SERVER['PHP_SELF']) . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?',
$myrow[0],
- htmlspecialchars($_SERVER['PHP_SELF']) . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?',
$myrow[0]);
}
//END WHILE LIST LOOP
@@ -216,11 +216,11 @@
//end of ifs and buts!
if (isset($SelectedType)) {
- echo '<div class="centre"><p><a href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">' . _('Show All Types Defined') . '</a></div><p>';
+ echo '<div class="centre"><p><a href="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">' . _('Show All Types Defined') . '</a></div><p>';
}
if (! isset($_GET['delete'])) {
- echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p><table class="selection">'; //Main table
Modified: trunk/Customers.php
===================================================================
--- trunk/Customers.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/Customers.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -420,11 +420,11 @@
}
if ($SetupErrors>0) {
- echo '<br /><div class="centre"><a href="'.htmlspecialchars($_SERVER['PHP_SELF']) .'" >'._('Click here to continue').'</a></div>';
+ echo '<br /><div class="centre"><a href="'.htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') .'" >'._('Click here to continue').'</a></div>';
include('includes/footer.inc');
exit;
}
- echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<input type="hidden" name="New" value="Yes" />';
@@ -618,7 +618,7 @@
//DebtorNo exists - either passed when calling the form or from the form itself
- echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class="selection">
<tr><td valign="top"><table class="selection">';
@@ -1069,7 +1069,7 @@
$myrow['notes'],
$myrow['contid'],
$myrow['debtorno'],
- htmlspecialchars($_SERVER['PHP_SELF']) . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?',
$myrow['contid'],
$myrow['debtorno']);
}
Modified: trunk/DailyBankTransactions.php
===================================================================
--- trunk/DailyBankTransactions.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/DailyBankTransactions.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -12,7 +12,7 @@
</p>';
if (!isset($_POST['Show'])) {
- echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '" method=post>';
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method=post>';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class="selection">';
@@ -139,7 +139,7 @@
echo '</table>';
} //end if no bank trans in the range to show
- echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '" method=post>';
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method=post>';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<br /><div class="centre"><input type="submit" name="Return" value="' . _('Select Another Date'). '" /></div>';
echo '</form>';
Modified: trunk/DebtorsAtPeriodEnd.php
===================================================================
--- trunk/DebtorsAtPeriodEnd.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/DebtorsAtPeriodEnd.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -129,7 +129,7 @@
/*if $FromCriteria is not set then show a form to allow input */
- echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '" method="post">
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method="post">
<table class="selection">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
Modified: trunk/DiscountCategories.php
===================================================================
--- trunk/DiscountCategories.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/DiscountCategories.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -65,7 +65,7 @@
}
if (isset($_POST['selectchoice'])) {
- echo '<form name="update" method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+ echo '<form name="update" method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
$sql = "SELECT DISTINCT discountcategory FROM stockmaster WHERE discountcategory <>''";
@@ -91,7 +91,7 @@
<br />';
}
- echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<input type="hidden" name="ChooseOption" value="'.$_POST['ChooseOption'].'" />';
echo '<input type="hidden" name="selectchoice" value="'.$_POST['selectchoice'].'" />';
@@ -212,7 +212,7 @@
echo '<tr class="OddTableRows">';
$k=1;
}
- $DeleteURL = htmlspecialchars($_SERVER['PHP_SELF']) . '?Delete=yes&StockID=' . $myrow['stockid'] . '&DiscountCategory=' . $myrow['discountcategory'];
+ $DeleteURL = htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?Delete=yes&StockID=' . $myrow['stockid'] . '&DiscountCategory=' . $myrow['discountcategory'];
printf('<td>%s</td>
<td>%s - %s</td>
@@ -235,7 +235,7 @@
}
if (!isset($_POST['selectchoice'])) {
- echo '<form method="post" name="choose" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+ echo '<form method="post" name="choose" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table class="selection">';
echo '<tr><td>'._('Update discount category for').'</td>';
Modified: trunk/DiscountMatrix.php
===================================================================
--- trunk/DiscountMatrix.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/DiscountMatrix.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -81,7 +81,7 @@
echo '<br />';
}
-echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
@@ -173,7 +173,7 @@
echo '<tr class="OddTableRows">';
$k=1;
}
- $DeleteURL = htmlspecialchars($_SERVER['PHP_SELF']) . '?Delete=yes&SalesType=' . $myrow['salestype'] . '&DiscountCategory=' . $myrow['discountcategory'] . '&QuantityBreak=' . $myrow['quantitybreak'];
+ $DeleteURL = htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?Delete=yes&SalesType=' . $myrow['salestype'] . '&DiscountCategory=' . $myrow['discountcategory'] . '&QuantityBreak=' . $myrow['quantitybreak'];
printf('<td>%s</td>
<td>%s</td>
Modified: trunk/EDIMessageFormat.php
===================================================================
--- trunk/EDIMessageFormat.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/EDIMessageFormat.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -97,7 +97,7 @@
prnMsg($msg,'success');
}
-echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p><table border="0" width="100%">
@@ -153,9 +153,9 @@
$myrow[1],
$myrow[2],
$myrow[3],
- htmlspecialchars($_SERVER['PHP_SELF']) . '?' . SID,
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?' . SID,
$myrow[0],
- htmlspecialchars($_SERVER['PHP_SELF']) . '?' . SID,
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?' . SID,
$myrow[0]);
} //END WHILE LIST LOOP
@@ -189,7 +189,7 @@
$_POST['SequenceNo'] = $myrow['sequenceno'];
$_POST['LineText'] = $myrow['linetext'];
- echo '<div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?MessageType=INVOIC&PartnerCode=' . $myrow['partnercode'] . '">' . _('Review Message Lines') . '</a></div>';
+ echo '<div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?MessageType=INVOIC&PartnerCode=' . $myrow['partnercode'] . '">' . _('Review Message Lines') . '</a></div>';
echo '<input type="hidden" name="SelectedMessageLine" value="' . $SelectedMessageLine . '" />';
echo '<input type="hidden" name="MessageType" value="' . $myrow['messagetype'] . '" />';
Modified: trunk/EmailCustTrans.php
===================================================================
--- trunk/EmailCustTrans.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/EmailCustTrans.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -35,7 +35,7 @@
include ('includes/header.inc');
-echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '" method=post>';
+echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method=post>';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<input type="hidden" name="TransNo" value="' . $_GET['FromTransNo'] . '" />';
Modified: trunk/ExchangeRateTrend.php
===================================================================
--- trunk/ExchangeRateTrend.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/ExchangeRateTrend.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -21,7 +21,7 @@
// SHOW OUR MAIN INPUT FORM
// ************************
- echo '<form method="post" name="update" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+ echo '<form method="post" name="update" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<div class="centre"><p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/money_add.png" title="' .
_('View Currency Trend') . '" alt="" />' . ' ' . _('View Currency Trend') . '</p>';
Modified: trunk/FTP_RadioBeacon.php
===================================================================
--- trunk/FTP_RadioBeacon.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/FTP_RadioBeacon.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -71,7 +71,7 @@
$k=1;
}
- $FTPDispatchNote = htmlspecialchars($_SERVER['PHP_SELF']) . '?OrderNo=' . $myrow['orderno'];
+ $FTPDispatchNote = htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?OrderNo=' . $myrow['orderno'];
$FormatedDelDate = ConvertSQLDate($myrow['deliverydate']);
$FormatedOrderDate = ConvertSQLDate($myrow['orddate']);
$FormatedOrderValue = locale_number_format($myrow['ordervalue'],2);
Modified: trunk/Factors.php
===================================================================
--- trunk/Factors.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/Factors.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -197,7 +197,7 @@
if (isset($_POST['Amend']) or isset($_POST['Create'])) {
// its a new factor being added
- echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<input type="hidden" name="FactorID" value="' . $FactorID .'" />
<table class="selection">
@@ -272,7 +272,7 @@
if (empty($FactorID) AND !isset($_POST['Create']) AND !isset($_POST['Amend'])) {
- echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+ echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<input type="hidden" name="New" value="No" />';
Modified: trunk/FixedAssetCategories.php
===================================================================
--- trunk/FixedAssetCategories.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/FixedAssetCategories.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -192,9 +192,9 @@
$myrow['depnact'],
$myrow['disposalact'],
$myrow['accumdepnact'],
- htmlspecialchars($_SERVER['PHP_SELF']) . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?',
$myrow['categoryid'],
- htmlspecialchars($_SERVER['PHP_SELF']) . '?',
+ htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?',
$myrow['categoryid']);
}
//END WHILE LIST LOOP
@@ -204,10 +204,10 @@
//end of ifs and buts!
if (isset($SelectedCategory)) {
- echo '<br /><div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">' ._('Show All Fixed Asset Categories') . '</a></div>';
+ echo '<br /><div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">' ._('Show All Fixed Asset Categories') . '</a></div>';
}
-echo '<form name="CategoryForm" method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
+echo '<form name="CategoryForm" method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedCategory) and !isset($_POST['submit'])) {
Modified: trunk/FixedAssetDepreciation.php
===================================================================
--- trunk/FixedAssetDepreciation.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/FixedAssetDepreciation.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -267,7 +267,7 @@
/*And post the journal too */
include ('includes/GLPostings.inc');
} else {
- echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '" method="post" name="form">';
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method="post" name="form">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p />
<table class="selection" width="30%">
Modified: trunk/FixedAssetItems.php
===================================================================
--- trunk/FixedAssetItems.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/FixedAssetItems.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -380,7 +380,7 @@
} /* end if delete asset */
$result = DB_Txn_Commit($db);
-echo '<form name="AssetForm" enctype="multipart/form-data" method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">
+echo '<form name="AssetForm" enctype="multipart/form-data" method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '">
<table class="selection">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
Modified: trunk/FixedAssetLocations.php
===================================================================
--- trunk/FixedAssetLocations.php 2012-02-22 06:06:03 UTC (rev 4949)
+++ trunk/FixedAssetLocations.php 2012-02-22 06:26:38 UTC (rev 4950)
@@ -56,7 +56,7 @@
WH...
[truncated message content] |
