From 694c13812c068de4de751a4e1d6492256d3729ab Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 9 Aug 2010 15:17:29 +0000 Subject: [PATCH] Fix: rowid is not a business field. Usage to search by users must be a hidden option as makin search on hidden fields will create result that user may not understand. --- htdocs/societe/ajaxcompanies.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/htdocs/societe/ajaxcompanies.php b/htdocs/societe/ajaxcompanies.php index 00808eb13dd..188e9f1f321 100644 --- a/htdocs/societe/ajaxcompanies.php +++ b/htdocs/societe/ajaxcompanies.php @@ -52,10 +52,13 @@ if (! empty($_POST['newcompany']) || ! empty($_POST['socid']) || ! empty($_POST[ $sql = "SELECT rowid, nom"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql.= " WHERE 1=1"; - if ($socid){ - $sql.=" AND (rowid LIKE '%" . $socid . "%'"; - $sql.=" OR nom LIKE '%" . $socid . "%'"; - $sql.=" OR code_fournisseur LIKE '%" . $socid . "%')"; + if ($socid) + { + $sql.=" AND (nom LIKE '%" . $socid . "%'"; + $sql.=" OR code_client LIKE '%" . $socid . "%'"; + $sql.=" OR code_fournisseur LIKE '%" . $socid . "%'"; + if ($conf->global->SOCIETE_ALLOW_SEARCH_ON_ROWID) $sql.=" OR rowid = '" . $socid . "'"; + $sql.=")"; } if (! empty($_GET["filter"])) $sql.= " AND ".$_GET["filter"]; // Add other filters $sql.= " ORDER BY nom ASC";