[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb: [380] trunk
- Subject: SF.net SVN: ledger-smb: [380] trunk
- From: ..hidden..
- Date: Sun, 29 Oct 2006 19:33:08 -0800
Revision: 380
http://svn.sourceforge.net/ledger-smb/?rev=380&view=rev
Author: einhverfr
Date: 2006-10-29 19:33:05 -0800 (Sun, 29 Oct 2006)
Log Message:
-----------
Finished IR.pm whitespace and SQL cleanup
Modified Paths:
--------------
trunk/Changelog
trunk/LedgerSMB/IR.pm
Modified: trunk/Changelog
===================================================================
--- trunk/Changelog 2006-10-30 03:04:59 UTC (rev 379)
+++ trunk/Changelog 2006-10-30 03:33:05 UTC (rev 380)
@@ -11,7 +11,7 @@
* Forced edited files to have whitelisted extensions and no .. strings (Chris T)
* Audited Form.pm for SQL-injection problems and move to new API (Chris T)
* Audited BP.pm, CA.pm, CT.pm for SQL injection and moved to new API. (Chris T)
-* Audited IS.pm for SQL injection and moved to new API. (Chris T)
+* Audited IS.pm, IR.pm for SQL injection and moved to new API. (Chris T)
* Audited User.pm for SQL injection. (Chris T)
Localization:
Modified: trunk/LedgerSMB/IR.pm
===================================================================
--- trunk/LedgerSMB/IR.pm 2006-10-30 03:04:59 UTC (rev 379)
+++ trunk/LedgerSMB/IR.pm 2006-10-30 03:33:05 UTC (rev 380)
@@ -23,7 +23,7 @@
#
#======================================================================
#
-# This file has NOT undergone whitespace cleanup.
+# This file has undergone whitespace cleanup.
#
#======================================================================
#
@@ -1135,203 +1135,218 @@
sub retrieve_item {
- my ($self, $myconfig, $form) = @_;
+ my ($self, $myconfig, $form) = @_;
- my $i = $form->{rowcount};
- my $null;
- my $var;
+ my $i = $form->{rowcount};
+ my $null;
+ my $var;
- # don't include assemblies or obsolete parts
- my $where = "WHERE p.assembly = '0' AND p.obsolete = '0'";
+ # don't include assemblies or obsolete parts
+ my $where = "WHERE p.assembly = '0' AND p.obsolete = '0'";
- if ($form->{"partnumber_$i"} ne "") {
- $var = $form->like(lc $form->{"partnumber_$i"});
- $where .= " AND lower(p.partnumber) LIKE '$var'";
- }
+ if ($form->{"partnumber_$i"} ne "") {
+ $var = $dbh->quote($form->like(lc $form->{"partnumber_$i"}));
+ $where .= " AND lower(p.partnumber) LIKE $var";
+ }
- if ($form->{"description_$i"} ne "") {
- $var = $form->like(lc $form->{"description_$i"});
- if ($form->{language_code} ne "") {
- $where .= " AND lower(t1.description) LIKE '$var'";
- } else {
- $where .= " AND lower(p.description) LIKE '$var'";
- }
- }
+ if ($form->{"description_$i"} ne "") {
+ $var = $dbh->quote($form->$like(lc $form->{"description_$i"}));
+ if ($form->{language_code} ne "") {
+ $where .= " AND lower(t1.description) LIKE $var";
+ } else {
+ $where .= " AND lower(p.description) LIKE $var";
+ }
+ }
- if ($form->{"partsgroup_$i"} ne "") {
- ($null, $var) = split /--/, $form->{"partsgroup_$i"};
- $var *= 1;
- $where .= qq| AND p.partsgroup_id = $var|;
- }
+ if ($form->{"partsgroup_$i"} ne "") {
+ ($null, $var) = split /--/, $form->{"partsgroup_$i"};
+ $var = $dbh->quote($var);
+ $where .= qq| AND p.partsgroup_id = $var|;
+ }
- if ($form->{"description_$i"} ne "") {
- $where .= " ORDER BY 3";
- } else {
- $where .= " ORDER BY 2";
- }
+ if ($form->{"description_$i"} ne "") {
+ $where .= " ORDER BY 3";
+ } else {
+ $where .= " ORDER BY 2";
+ }
- # connect to database
- my $dbh = $form->dbconnect($myconfig);
+ # connect to database
+ my $dbh = $form->dbconnect($myconfig);
- my $query = qq|SELECT p.id, p.partnumber, p.description,
- pg.partsgroup, p.partsgroup_id,
- p.lastcost AS sellprice, p.unit, p.bin, p.onhand, p.notes,
- p.inventory_accno_id, p.income_accno_id, p.expense_accno_id,
- p.partnumber AS sku, p.weight,
- t1.description AS translation,
- t2.description AS grouptranslation
- FROM parts p
- LEFT JOIN partsgroup pg ON (pg.id = p.partsgroup_id)
- LEFT JOIN translation t1 ON (t1.trans_id = p.id AND t1.language_code = '$form->{language_code}')
- LEFT JOIN translation t2 ON (t2.trans_id = p.partsgroup_id AND t2.language_code = '$form->{language_code}')
+ my $query = qq|
+ SELECT p.id, p.partnumber, p.description,
+ pg.partsgroup, p.partsgroup_id,
+ p.lastcost AS sellprice, p.unit, p.bin, p.onhand,
+ p.notes, p.inventory_accno_id, p.income_accno_id,
+ p.expense_accno_id, p.partnumber AS sku, p.weight,
+ t1.description AS translation,
+ t2.description AS grouptranslation
+ FROM parts p
+ LEFT JOIN partsgroup pg ON (pg.id = p.partsgroup_id)
+ LEFT JOIN translation t1
+ ON (t1.trans_id = p.id AND t1.language_code = ?)
+ LEFT JOIN translation t2
+ ON (t2.trans_id = p.partsgroup_id
+ AND t2.language_code = ?)
$where|;
- my $sth = $dbh->prepare($query);
- $sth->execute || $form->dberror($query);
+ my $sth = $dbh->prepare($query);
+ $sth->execute($form->{language_code}, $form->{language_code})
+ || $form->dberror($query);
- # foreign currency
- &exchangerate_defaults($dbh, $form);
+ # foreign currency
+ &exchangerate_defaults($dbh, $form);
- # taxes
- $query = qq|SELECT c.accno
- FROM chart c
- JOIN partstax pt ON (pt.chart_id = c.id)
- WHERE pt.parts_id = ?|;
- my $tth = $dbh->prepare($query) || $form->dberror($query);
+ # taxes
+ $query = qq|
+ SELECT c.accno
+ FROM chart c
+ JOIN partstax pt ON (pt.chart_id = c.id)
+ WHERE pt.parts_id = ?|;
+ my $tth = $dbh->prepare($query) || $form->dberror($query);
- # price matrix
- my $pmh = PriceMatrix::price_matrix_query($dbh, $form);
+ # price matrix
+ my $pmh = PriceMatrix::price_matrix_query($dbh, $form);
- my $ref;
- my $ptref;
+ my $ref;
+ my $ptref;
- while ($ref = $sth->fetchrow_hashref(NAME_lc)) {
+ while ($ref = $sth->fetchrow_hashref(NAME_lc)) {
- my ($dec) = ($ref->{sellprice} =~ /\.(\d+)/);
- $dec = length $dec;
- my $decimalplaces = ($dec > 2) ? $dec : 2;
+ my ($dec) = ($ref->{sellprice} =~ /\.(\d+)/);
+ $dec = length $dec;
+ my $decimalplaces = ($dec > 2) ? $dec : 2;
- # get taxes for part
- $tth->execute($ref->{id});
+ # get taxes for part
+ $tth->execute($ref->{id});
- $ref->{taxaccounts} = "";
- while ($ptref = $tth->fetchrow_hashref(NAME_lc)) {
- $ref->{taxaccounts} .= "$ptref->{accno} ";
- }
- $tth->finish;
- chop $ref->{taxaccounts};
+ $ref->{taxaccounts} = "";
+ while ($ptref = $tth->fetchrow_hashref(NAME_lc)) {
+ $ref->{taxaccounts} .= "$ptref->{accno} ";
+ }
+ $tth->finish;
+ chop $ref->{taxaccounts};
- # get vendor price and partnumber
- PriceMatrix::price_matrix($pmh, $ref, $decimalplaces, $form, $myconfig);
+ # get vendor price and partnumber
+ PriceMatrix::price_matrix(
+ $pmh, $ref, $decimalplaces, $form, $myconfig);
- $ref->{description} = $ref->{translation} if $ref->{translation};
- $ref->{partsgroup} = $ref->{grouptranslation} if $ref->{grouptranslation};
+ $ref->{description} = $ref->{translation}
+ if $ref->{translation};
+ $ref->{partsgroup} = $ref->{grouptranslation}
+ if $ref->{grouptranslation};
- push @{ $form->{item_list} }, $ref;
+ push @{ $form->{item_list} }, $ref;
- }
+ }
- $sth->finish;
- $dbh->disconnect;
+ $sth->finish;
+ $dbh->commit;
}
sub exchangerate_defaults {
- my ($dbh, $form) = @_;
+ my ($dbh, $form) = @_;
- my $var;
+ my $var;
- # get default currencies
- my $query = qq|SELECT substr(curr,1,3), curr FROM defaults|;
- my $eth = $dbh->prepare($query) || $form->dberror($query);
- $eth->execute;
- ($form->{defaultcurrency}, $form->{currencies}) = $eth->fetchrow_array;
- $eth->finish;
+ # get default currencies
+ my $query = qq|SELECT substr(curr,1,3), curr FROM defaults|;
+ my $eth = $dbh->prepare($query) || $form->dberror($query);
+ $eth->execute;
+ ($form->{defaultcurrency}, $form->{currencies}) = $eth->fetchrow_array;
+ $eth->finish;
- $query = qq|SELECT sell
- FROM exchangerate
- WHERE curr = ?
- AND transdate = ?|;
- my $eth1 = $dbh->prepare($query) || $form->dberror($query);
+ $query = qq|
+ SELECT sell
+ FROM exchangerate
+ WHERE curr = ?
+ AND transdate = ?|;
+ my $eth1 = $dbh->prepare($query) || $form->dberror($query);
- $query = qq~SELECT max(transdate || ' ' || sell || ' ' || curr)
- FROM exchangerate
- WHERE curr = ?~;
- my $eth2 = $dbh->prepare($query) || $form->dberror($query);
+ $query = qq/
+ SELECT max(transdate || ' ' || sell || ' ' || curr)
+ FROM exchangerate
+ WHERE curr = ?/;
+ my $eth2 = $dbh->prepare($query) || $form->dberror($query);
- # get exchange rates for transdate or max
- foreach $var (split /:/, substr($form->{currencies},4)) {
- $eth1->execute($var, $form->{transdate});
- ($form->{$var}) = $eth1->fetchrow_array;
- if (! $form->{$var} ) {
- $eth2->execute($var);
+ # get exchange rates for transdate or max
+ foreach $var (split /:/, substr($form->{currencies},4)) {
+ $eth1->execute($var, $form->{transdate});
+ ($form->{$var}) = $eth1->fetchrow_array;
+ if (! $form->{$var} ) {
+ $eth2->execute($var);
- ($form->{$var}) = $eth2->fetchrow_array;
- ($null, $form->{$var}) = split / /, $form->{$var};
- $form->{$var} = 1 unless $form->{$var};
- $eth2->finish;
- }
- $eth1->finish;
- }
+ ($form->{$var}) = $eth2->fetchrow_array;
+ ($null, $form->{$var}) = split / /, $form->{$var};
+ $form->{$var} = 1 unless $form->{$var};
+ $eth2->finish;
+ }
+ $eth1->finish;
+ }
- $form->{$form->{currency}} = $form->{exchangerate} if $form->{exchangerate};
- $form->{$form->{currency}} ||= 1;
- $form->{$form->{defaultcurrency}} = 1;
+ $form->{$form->{currency}} = $form->{exchangerate}
+ if $form->{exchangerate};
+ $form->{$form->{currency}} ||= 1;
+ $form->{$form->{defaultcurrency}} = 1;
}
sub vendor_details {
- my ($self, $myconfig, $form) = @_;
+ my ($self, $myconfig, $form) = @_;
- # connect to database
- my $dbh = $form->dbconnect($myconfig);
+ # connect to database
+ my $dbh = $form->{dbh};
- # get rest for the vendor
- my $query = qq|SELECT vendornumber, name, address1, address2, city, state,
- zipcode, country,
- contact, phone as vendorphone, fax as vendorfax, vendornumber,
- taxnumber AS vendortaxnumber, sic_code AS sic, iban, bic,
- gifi_accno AS gifi, startdate, enddate
- FROM vendor
- WHERE id = $form->{vendor_id}|;
- my $sth = $dbh->prepare($query);
- $sth->execute || $form->dberror($query);
+ # get rest for the vendor
+ my $query = qq|
+ SELECT vendornumber, name, address1, address2, city, state,
+ zipcode, country, contact, phone as vendorphone,
+ fax as vendorfax, vendornumber,
+ taxnumber AS vendortaxnumber, sic_code AS sic, iban, bic,
+ gifi_accno AS gifi, startdate, enddate
+ FROM vendor
+ WHERE id = ?|;
+ my $sth = $dbh->prepare($query);
+ $sth->execute($form->{vendor_id}) || $form->dberror($query);
- $ref = $sth->fetchrow_hashref(NAME_lc);
- for (keys %$ref) {
- $form->{$_} = $ref->{$_};
- }
+ $ref = $sth->fetchrow_hashref(NAME_lc);
+ for (keys %$ref) {
+ $form->{$_} = $ref->{$_};
+ }
- $sth->finish;
- $dbh->disconnect;
+ $sth->finish;
+ $dbh->commit;
}
sub item_links {
- my ($self, $myconfig, $form) = @_;
+ my ($self, $myconfig, $form) = @_;
- # connect to database
- my $dbh = $form->dbconnect($myconfig);
+ # connect to database
+ my $dbh = $form->dbconnect($myconfig);
- my $query = qq|SELECT accno, description, link
- FROM chart
- WHERE link LIKE '%IC%'
+ my $query = qq|
+ SELECT accno, description, link
+ FROM chart
+ WHERE link LIKE '%IC%'
ORDER BY accno|;
- my $sth = $dbh->prepare($query);
- $sth->execute || $form->dberror($query);
+ my $sth = $dbh->prepare($query);
+ $sth->execute || $form->dberror($query);
- while (my $ref = $sth->fetchrow_hashref(NAME_lc)) {
- foreach my $key (split(/:/, $ref->{link})) {
- if ($key =~ /IC/) {
- push @{ $form->{IC_links}{$key} }, { accno => $ref->{accno},
- description => $ref->{description} };
- }
- }
- }
+ while (my $ref = $sth->fetchrow_hashref(NAME_lc)) {
+ foreach my $key (split(/:/, $ref->{link})) {
+ if ($key =~ /IC/) {
+ push @{ $form->{IC_links}{$key} },
+ { accno => $ref->{accno},
+ description => $ref->{description} };
+ }
+ }
+ }
- $sth->finish;
+ $sth->finish;
}
1;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.