lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: bug #24271 : Bank Category field not protected

Browse Source
This commit is contained in:
Laurent Destailleur 2008-11-04 17:08:34 +00:00
parent 3d2d9fddcb
commit a72be2810d
2 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
htdocs/compta/bank/categ.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -15,16 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/compta/bank/categ.php
\ingroup compta
\brief Page ajout de catégories bancaires
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@ -41,7 +38,7 @@ if ($_POST["action"] == 'add')
{
if ($_POST["label"])
{
$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_categ (label) VALUES ('".$_POST["label"]."')";
$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_categ (label) VALUES ('".addslashes($_POST["label"])."')";
$result = $db->query($sql);
if (!$result)

8
htdocs/compta/bank/search.php
View File

@ -37,6 +37,10 @@ $type=$_POST["type"];
$account=$_POST["account"];
/*
* View
*/
llxHeader();
$html = new Form($db);
@ -50,7 +54,7 @@ print '<br>';
print '<table class="liste" width="100%">';
print '<tr class="liste_titre">';
print '<td class="liste_titre">'.$langs->trans("Date").'</td>';
print '<td class="liste_titre" align="left">'.$langs->trans("Date").'</td>';
print '<td class="liste_titre">'.$langs->trans("Description").'</td>';
print '<td class="liste_titre" align="right">'.$langs->trans("Debit").'</td>';
print '<td class="liste_titre" align="right">'.$langs->trans("Credit").'</td>';
@ -161,7 +165,7 @@ if ($result)
$var=!$var;
print "<tr $bc[$var]>";
print '<td align="center">'.dolibarr_print_date($objp->do,"day")."</td>\n";
print '<td align="left">'.dolibarr_print_date($objp->do,"day")."</td>\n";
print "<td><a href=\"ligne.php?rowid=$objp->rowid&amp;account=$objp->fk_account\">";
$reg=array();