[Phpcompta-dev] r4647 - in phpcompta/trunk: html include include/templat

phpcompta-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpcompta-dev] r4647 - in phpcompta/trunk: html include include/templat

From:	phpcompta-dev
Subject:	[Phpcompta-dev] r4647 - in phpcompta/trunk: html include include/template
Date:	Wed, 21 Dec 2011 12:12:39 +0100 (CET)

Author: danydb
Date: 2011-12-21 12:12:32 +0100 (Wed, 21 Dec 2011)
New Revision: 4647

Modified:
   phpcompta/trunk/html/ajax_ledger.php
   phpcompta/trunk/include/class_acc_ledger.php
   phpcompta/trunk/include/template/ledger_detail_bottom.php
   phpcompta/trunk/include/template/ledger_detail_misc.php
Log:
#315 D?\195?\169tail article 
fix small bug
Protect search against sql attack

Modified: phpcompta/trunk/html/ajax_ledger.php
===================================================================
--- phpcompta/trunk/html/ajax_ledger.php        2011-12-20 21:50:40 UTC (rev 
4646)
+++ phpcompta/trunk/html/ajax_ledger.php        2011-12-21 11:12:32 UTC (rev 
4647)
@@ -367,7 +367,8 @@
            $cn->exec_sql("select comptaproc.jrn_add_note($1,$2)",
                          array($jr_id,$_POST['jrn_note']));
             $rapt=$_POST['rapt'];
-            if ( $g_parameter->MY_UPDLAB=='Y')
+            
+            if ( $g_parameter->MY_UPDLAB=='Y' && isset ($_POST['j_id']))
             {
                 $a_rowid=$_POST["j_id"];
                 for ($e=0;$e<count($a_rowid);$e++)

Modified: phpcompta/trunk/include/class_acc_ledger.php
===================================================================
--- phpcompta/trunk/include/class_acc_ledger.php        2011-12-20 21:50:40 UTC 
(rev 4646)
+++ phpcompta/trunk/include/class_acc_ledger.php        2011-12-21 11:12:32 UTC 
(rev 4647)
@@ -2564,14 +2564,15 @@
         {
                        $desc=sql_string($desc);
             $fil_desc=$and." ( upper(jr_comment) like upper('%".$desc."%') or 
upper(jr_pj_number) like upper('%".$desc."%') ".
-                      " or upper(jr_internal)  like upper('%".$desc."%') )";
+                      " or upper(jr_internal)  like upper('%".$desc."%') 
+                          or jr_grpt_id in (select j_grpt from jrnx where 
j_text ~* '".$desc."'))";
             $and=" and ";
         }
         //    Poste
         if ( isset ($accounting) && $accounting != null )
         {
             $fil_account=$and."  jr_grpt_id in (select j_grpt
-                         from jrnx where j_poste::text like '$accounting%' )  
";
+                         from jrnx where j_poste::text like 
'".sql_string($accounting)."%' )  ";
             $and=" and ";
         }
         // Quick Code
@@ -2579,7 +2580,7 @@
         if ( isset ($qcode)  && $qcode != null )
         {
             $fil_qcode=$and."  jr_grpt_id in ( select j_grpt from
-                       jrnx where trim(j_qcode) = upper(trim('$qcode')))";
+                       jrnx where trim(j_qcode) = 
upper(trim('".sql_string($qcode)."')))";
             $and=" and ";
         }
 

Modified: phpcompta/trunk/include/template/ledger_detail_bottom.php
===================================================================
--- phpcompta/trunk/include/template/ledger_detail_bottom.php   2011-12-20 
21:50:40 UTC (rev 4646)
+++ phpcompta/trunk/include/template/ledger_detail_bottom.php   2011-12-21 
11:12:32 UTC (rev 4647)
@@ -1,7 +1,8 @@
 <fieldset>
 <legend>
+<? echo _('Rapprochement');?>
+</legend>
 <?
-echo _('Rapprochement');
 $oRap=new Acc_Reconciliation($cn);
 $oRap->jr_id=$jr_id;
 $aRap=$oRap->get();

Modified: phpcompta/trunk/include/template/ledger_detail_misc.php
===================================================================
--- phpcompta/trunk/include/template/ledger_detail_misc.php     2011-12-20 
21:50:40 UTC (rev 4646)
+++ phpcompta/trunk/include/template/ledger_detail_misc.php     2011-12-21 
11:12:32 UTC (rev 4647)
@@ -115,20 +115,34 @@
     else
       $view_history='';
     $row.=td($view_history);
-       if ( $q[$e]['j_text']!='')
+$l_lib = $q[$e]['j_text'] ;
+   
+    if ( $l_lib!='')
        {
-        $row.=td(h(strip_tags($q[$e]['j_text'])));
-       }else
-    if ( $q[$e]['j_qcode'] !='') {
+        $l_lib=$q[$e]['j_text'];
+       }
+      else  if ( $q[$e]['j_qcode'] !='') {
       // nom de la fiche
       $ff=new Fiche($cn);
       $ff->get_by_qcode( $q[$e]['j_qcode']);
-      $row.=td(h($ff->strAttribut(ATTR_DEF_NAME)));
+      $l_lib=$ff->strAttribut(ATTR_DEF_NAME);
     } else {
       // libellé du compte
       $name=$cn->get_value('select pcm_lib from tmp_pcmn where 
pcm_val=$1',array($q[$e]['j_poste']));
-      $row.=td(h($name));
+      $l_lib=$name;
     }
+    $l_lib=strip_tags($l_lib);
+    if ($owner->MY_UPDLAB == 'Y')
+    {
+        $hidden = HtmlInput::hidden("j_id[]", $q[$e]['j_id']);
+        $input = new IText("e_march" . $q[$e]['j_id'] . "_label", $l_lib);
+    }
+    else
+    {
+        $input = new ISpan("e_march" . $q[$e]['j_id'] . "_label");
+        $hidden = HtmlInput::hidden("j_id[]", $q[$e]['j_id']);
+    }
+     $row.=td($input->input().$hidden);
     $montant=td(nbm($q[$e]['j_montant']),'class="num"');
     $row.=($q[$e]['j_debit']=='t')?$montant:td('');
     $row.=($q[$e]['j_debit']=='f')?$montant:td('');

[Prev in Thread]

Current Thread

[Next in Thread]

[Phpcompta-dev] r4647 - in phpcompta/trunk: html include include/template, phpcompta-dev <=

Prev by Date: [Phpcompta-dev] r213 - in trunk/coprop: . include include/template
Next by Date: [Phpcompta-dev] r4648 - in phpcompta/trunk: html html/js include include/template
Previous by thread: [Phpcompta-dev] r213 - in trunk/coprop: . include include/template
Next by thread: [Phpcompta-dev] r4648 - in phpcompta/trunk: html html/js include include/template
Index(es):
- Date
- Thread