diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 2e8cd316bc0..3758cc72238 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -365,13 +365,15 @@ class Productcustomerprice extends CommonObject foreach ($filter as $key => $value) { if (strpos($key, 'date')) // To allow $filter['YEAR(s.dated)']=>$year { - $sql .= ' AND '.$key.' = \''.$value.'\''; + $sql .= ' AND '.$key.' = \''.$this->db->escape($value).'\''; } elseif ($key == 'soc.nom') { - $sql .= ' AND '.$key.' LIKE \'%'.$value.'%\''; - } elseif ($key == 'prod.ref') { - $sql .= ' AND '.$key.' LIKE \'%'.$value.'%\''; + $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + } elseif ($key == 'prod.ref' || $key == 'prod.label') { + $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\''; + } elseif ($key == 't.price' || $key == 't.price_ttc') { + $sql .= ' AND ' . $key . ' LIKE \'%' . price2num($value) . '%\''; } else { - $sql .= ' AND '.$key.' = '.$value; + $sql .= ' AND '.$key.' = '.$this->db->escape($value); } } } diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php index df8e966d0ce..0b1f64ac278 100644 --- a/htdocs/societe/price.php +++ b/htdocs/societe/price.php @@ -43,6 +43,9 @@ $langs->loadLangs(array("products", "companies", "bills")); $action = GETPOST('action', 'alpha'); $search_prod = GETPOST('search_prod', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); +$search_label = GETPOST('search_label', 'alpha'); +$search_price = GETPOST('search_price'); +$search_price_ttc = GETPOST('search_price_ttc'); // Security check $socid = GETPOST('socid', 'int') ?GETPOST('socid', 'int') : GETPOST('id', 'int'); @@ -70,7 +73,7 @@ if (empty($reshook)) { if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) // Both test are required to be compatible with all browsers { - $search_prod = ''; + $search_prod = $search_label = $search_price = $search_price_ttc = ''; } if ($action == 'add_customer_price_confirm' && !$cancel && ($user->rights->produit->creer || $user->rights->service->creer)) { @@ -259,6 +262,18 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { $filter ['prod.ref'] = $search_prod; } + if (! empty($search_label)) { + $filter ['prod.label'] = $search_label; + } + + if (! empty($search_price)) { + $filter ['t.price'] = $search_price; + } + + if (! empty($search_price_ttc)) { + $filter ['t.price_ttc'] = $search_price_ttc; + } + if ($action == 'add_customer_price') { // Create mode @@ -521,7 +536,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { setEventMessages($prodcustprice->error, $prodcustprice->errors, 'errors'); } - $option = '&search_prod='.$search_prod.'&id='.$object->id; + $option = '&search_prod=' . $search_prod . '&id=' . $object->id . '&label=' . $search_label .'&price=' . $search_price . '&price_ttc=' . $search_price_ttc; print ''."\n"; @@ -534,7 +549,8 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { print ''; print ''; - print ''; + print ''; + print ''; print ''; print ''; print ''; @@ -550,7 +566,11 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { { print ''; print ''; - print ''; + print ''; + print ''; + print ''; + print ''; + print ''; // Print the search button print '"; + print ""; print ""; print '";
'.$langs->trans("Product").'' . $langs->trans("Ref") . '' . $langs->trans("product") . ''.$langs->trans("AppliedPricesFrom").''.$langs->trans("PriceBase").''.$langs->trans("VAT").'
   '; $searchpicto = $form->showFilterAndCheckAddButtons(0); @@ -569,6 +589,7 @@ if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { $staticprod->fetch($line->fk_product); print "".$staticprod->getNomUrl(1)."" . $staticprod->label ."".dol_print_date($line->datec, "dayhour")."'.$langs->trans($line->price_base_type)."