[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb:[3674] trunk
- Subject: SF.net SVN: ledger-smb:[3674] trunk
- From: ..hidden..
- Date: Fri, 19 Aug 2011 21:23:18 +0000
Revision: 3674
http://ledger-smb.svn.sourceforge.net/ledger-smb/?rev=3674&view=rev
Author: einhverfr
Date: 2011-08-19 21:23:18 +0000 (Fri, 19 Aug 2011)
Log Message:
-----------
Order filter corrected, as is name/account info escaping in order entry
Modified Paths:
--------------
trunk/LedgerSMB/OE.pm
trunk/bin/oe.pl
Modified: trunk/LedgerSMB/OE.pm
===================================================================
--- trunk/LedgerSMB/OE.pm 2011-08-18 22:20:37 UTC (rev 3673)
+++ trunk/LedgerSMB/OE.pm 2011-08-19 21:23:18 UTC (rev 3674)
@@ -116,9 +116,11 @@
LEFT JOIN exchangerate ex
ON (ex.curr = o.curr AND ex.transdate = o.transdate)
WHERE o.quotation = ?
+ AND o.oe_class_id = ?
$department|;
my @queryargs = @dptargs;
+ unshift @queryargs, $form->{oe_class_id};
unshift @queryargs, $quotation;
my %ordinal = (
Modified: trunk/bin/oe.pl
===================================================================
--- trunk/bin/oe.pl 2011-08-18 22:20:37 UTC (rev 3673)
+++ trunk/bin/oe.pl 2011-08-19 21:23:18 UTC (rev 3674)
@@ -1182,11 +1182,12 @@
$requiredby = $locale->text('Required by');
if ( $form->{type} eq 'purchase_order' ) {
- $form->{title} = $locale->text('Purchase Orders');
- $form->{vc} = 'vendor';
- $ordlabel = $locale->text('Order Number');
- $ordnumber = 'ordnumber';
- $employee = $locale->text('Employee');
+ $form->{title} = $locale->text('Purchase Orders');
+ $form->{vc} = 'vendor';
+ $ordlabel = $locale->text('Order Number');
+ $ordnumber = 'ordnumber';
+ $employee = $locale->text('Employee');
+ $form->{oe_class_id} = 2;
}
if ( $form->{type} eq 'receive_order' ) {
@@ -1198,36 +1199,40 @@
}
if ( $form->{type} eq 'generate_sales_order' ) {
- $form->{title} =
+ $form->{title} =
$locale->text('Generate Sales Order from Purchase Orders');
- $form->{vc} = 'vendor';
- $ordlabel = $locale->text('Order Number');
- $ordnumber = 'ordnumber';
- $employee = $locale->text('Employee');
+ $form->{vc} = 'vendor';
+ $ordlabel = $locale->text('Order Number');
+ $ordnumber = 'ordnumber';
+ $employee = $locale->text('Employee');
+ $form->{oe_class_id} = 2;
}
if ( $form->{type} eq 'consolidate_sales_order' ) {
- $form->{title} = $locale->text('Consolidate Sales Orders');
- $form->{vc} = 'customer';
- $ordlabel = $locale->text('Order Number');
- $ordnumber = 'ordnumber';
- $employee = $locale->text('Salesperson');
+ $form->{title} = $locale->text('Consolidate Sales Orders');
+ $form->{vc} = 'customer';
+ $ordlabel = $locale->text('Order Number');
+ $ordnumber = 'ordnumber';
+ $employee = $locale->text('Salesperson');
+ $form->{oe_class_id} = 1;
}
if ( $form->{type} eq 'request_quotation' ) {
- $form->{title} = $locale->text('Request for Quotations');
- $form->{vc} = 'vendor';
- $ordlabel = $locale->text('RFQ Number');
- $ordnumber = 'quonumber';
- $employee = $locale->text('Employee');
+ $form->{title} = $locale->text('Request for Quotations');
+ $form->{vc} = 'vendor';
+ $ordlabel = $locale->text('RFQ Number');
+ $ordnumber = 'quonumber';
+ $employee = $locale->text('Employee');
+ $form->{oe_class_id} = 4;
}
if ( $form->{type} eq 'sales_order' ) {
- $form->{title} = $locale->text('Sales Orders');
- $form->{vc} = 'customer';
- $ordlabel = $locale->text('Order Number');
- $ordnumber = 'ordnumber';
- $employee = $locale->text('Salesperson');
+ $form->{title} = $locale->text('Sales Orders');
+ $form->{vc} = 'customer';
+ $ordlabel = $locale->text('Order Number');
+ $ordnumber = 'ordnumber';
+ $employee = $locale->text('Salesperson');
+ $form->{oe_class_id} = 1;
}
if ( $form->{type} eq 'ship_order' ) {
@@ -1239,29 +1244,32 @@
}
if ( $form->{type} eq 'sales_quotation' ) {
- $form->{title} = $locale->text('Quotations');
- $form->{vc} = 'customer';
- $ordlabel = $locale->text('Quotation Number');
- $ordnumber = 'quonumber';
- $employee = $locale->text('Employee');
- $requiredby = $locale->text('Valid until');
+ $form->{title} = $locale->text('Quotations');
+ $form->{vc} = 'customer';
+ $ordlabel = $locale->text('Quotation Number');
+ $ordnumber = 'quonumber';
+ $employee = $locale->text('Employee');
+ $requiredby = $locale->text('Valid until');
+ $form->{oe_class_id} = 3;
}
if ( $form->{type} eq 'generate_purchase_order' ) {
- $form->{title} =
+ $form->{title} =
$locale->text('Generate Purchase Orders from Sales Order');
- $form->{vc} = 'customer';
- $ordlabel = $locale->text('Order Number');
- $ordnumber = 'ordnumber';
- $employee = $locale->text('Salesperson');
+ $form->{vc} = 'customer';
+ $ordlabel = $locale->text('Order Number');
+ $ordnumber = 'ordnumber';
+ $employee = $locale->text('Salesperson');
+ $form->{oe_class_id} = 1;
}
if ( $form->{type} eq 'consolidate_purchase_order' ) {
- $form->{title} = $locale->text('Consolidate Purchase Orders');
- $form->{vc} = 'vendor';
- $ordlabel = $locale->text('Order Number');
- $ordnumber = 'ordnumber';
- $employee = $locale->text('Employee');
+ $form->{title} = $locale->text('Consolidate Purchase Orders');
+ $form->{vc} = 'vendor';
+ $ordlabel = $locale->text('Order Number');
+ $ordnumber = 'ordnumber';
+ $employee = $locale->text('Employee');
+ $form->{oe_class_id} = 2;
}
$l_employee =
@@ -1523,7 +1531,7 @@
<input type=hidden name=nextsub value=transactions>
|;
- $form->hide_form(qw(path login sessionid vc type));
+ $form->hide_form(qw(path login sessionid vc type oe_class_id));
print qq|
<button class="submit" type="submit" name="action" value="continue">|
@@ -1989,13 +1997,27 @@
qq|<td><input name="ndx_$i" class=checkbox type=checkbox value=$oe->{id} checked></td>|;
$column_data{$ordnumber} =
"<td><a href=$form->{script}?path=$form->{path}&action=$action&type=$form->{type}&id=$oe->{id}&warehouse=$warehouse&vc=$form->{vc}&login=$form->{login}&sessionid=$form->{sessionid}&callback=$callback>$oe->{$ordnumber}</a></td>";
-
+ # $form->escape is the wrong method to choose here for the actual
+ # display. It does $hexhex
+ # encoding. Long-run we need to move ths all to form-dynatable. Until
+ # then, however, just going to do basic sanitation if <>&....
+ #
+ # Of course this has to be after the hexhex encoding for the URL. --CT
+ #
$name = $form->escape( $oe->{name} );
$meta_number = $form->escape( $oe->{meta_number} );
+ $dispname = $oe->{name};
+ $dispmeta = $oe->{meta_number};
+ $dispname =~ s/&/&/;
+ $dispname =~ s/>/>/;
+ $dispname =~ s/</</;
+ $dispmeta=~ s/&/&/;
+ $dispmeta=~ s/>/>/;
+ $dispmeta=~ s/</</;
$column_data{name} =
-qq|<td><a href=$form->{vc}.pl?path=$form->{path}&login=$form->{login}&sessionid=$form->{sessionid}&action=get&entity_id=$oe->{entity_id}&meta_number=$meta_number&account_class=$account_class&callback=$callback>$name</a></td>|;
+qq|<td><a href=$form->{vc}.pl?path=$form->{path}&login=$form->{login}&sessionid=$form->{sessionid}&action=get&entity_id=$oe->{entity_id}&meta_number=$meta_number&account_class=$account_class&callback=$callback>$dispname</a></td>|;
$column_data{meta_number} =
-qq|<td><a href=$form->{vc}.pl?path=$form->{path}&login=$form->{login}&sessionid=$form->{sessionid}&action=get&entity_id=$oe->{entity_id}&meta_number=$meta_number&account_class=$account_class&callback=$callback>$meta_number</a></td>|;
+qq|<td><a href=$form->{vc}.pl?path=$form->{path}&login=$form->{login}&sessionid=$form->{sessionid}&action=get&entity_id=$oe->{entity_id}&meta_number=$meta_number&account_class=$account_class&callback=$callback>$dispmeta</a></td>|;
for (qw(employee manager shipvia curr ponumber)) {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.