lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX #14034

Browse Source
This commit is contained in:
Laurent Destailleur 2020-06-17 18:29:29 +02:00
parent 2f687a3c40
commit 32eaa9137c
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/accountancy/bookkeeping/card.php
View File

@ -41,7 +41,7 @@ $action = GETPOST('action', 'aZ09');
$optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')
$id = GETPOST('id', 'int'); // id of record
$mode = GETPOST('mode', 'aZ09'); // '' or 'tmp'
$mode = GETPOST('mode', 'aZ09'); // '' or '_tmp'
$piece_num = GETPOST("piece_num", 'int'); // id of transaction (several lines share the same transaction id)
// Security check

12
htdocs/accountancy/class/bookkeeping.class.php
View File

@ -1127,7 +1127,7 @@ class BookKeeping extends CommonObject
*
* @param User $user User that modifies
* @param bool $notrigger false=launch triggers after, true=disable triggers
* @param string $mode Mode
* @param string $mode Mode ('' or _tmp')
* @return int <0 if KO, >0 if OK
*/
public function update(User $user, $notrigger = false, $mode = '')
@ -1254,12 +1254,12 @@ class BookKeeping extends CommonObject
}
/**
* Update movement
* Update accounting movement
*
* @param string $piece_num Piece num
* @param string $field Field
* @param string $value Value
* @param string $mode Mode
* @param string $mode Mode ('' or _tmp')
* @return number <0 if KO, >0 if OK
*/
public function updateByMvt($piece_num = '', $field = '', $value = '', $mode = '')
@ -1268,9 +1268,9 @@ class BookKeeping extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element.$mode." as ab";
$sql .= ' SET ab.'.$field.'='.(is_numeric($value) ? $value : "'".$this->db->escape($value)."'");
$sql .= ' WHERE ab.piece_num='.$piece_num;
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element.$mode;
$sql .= ' SET '.$field.'='.(is_numeric($value) ? $value : "'".$this->db->escape($value)."'");
$sql .= " WHERE piece_num = '".$this->db->escape($piece_num)."'";
$resql = $this->db->query($sql);
if (!$resql) {