diff --git a/htdocs/cashdesk/facturation_dhtml.php b/htdocs/cashdesk/facturation_dhtml.php
index e481fcbecf6..8d4ebf8af31 100644
--- a/htdocs/cashdesk/facturation_dhtml.php
+++ b/htdocs/cashdesk/facturation_dhtml.php
@@ -1,6 +1,7 @@
- * Copyright (C) 2008-2009 Laurent Destailleur
+/* Copyright (C) 2007-2008 Jeremie Ollivier
+ * Copyright (C) 2008-2009 Laurent Destailleur
+ * Copyright (C) 2015 Regis Houssin
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -41,8 +42,10 @@ require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php';
//header("Content-type: text/html; charset=UTF-8");
header("Content-type: text/html; charset=".$conf->file->character_set_client);
+$search = GETPOST("code", "alpha");
+
// Search from criteria
-if (dol_strlen($_GET["code"]) >= 0) // If search criteria is on char length at least
+if (dol_strlen($search) >= 0) // If search criteria is on char length at least
{
$sql = "SELECT p.rowid, p.ref, p.label, p.tva_tx";
if (! empty($conf->stock->enabled) && !empty($conf_fkentrepot)) $sql.= ", ps.reel";
@@ -54,11 +57,15 @@ if (dol_strlen($_GET["code"]) >= 0) // If search criteria is on char length at l
// Add criteria on ref/label
if (! empty($conf->global->PRODUCT_DONOTSEARCH_ANYWHERE))
{
- $sql.= " AND (p.ref LIKE '".$_GET['code']."%' OR p.label LIKE '".$_GET['code']."%')";
+ $sql.= " AND (p.ref LIKE '".$db->escape($search)."%' OR p.label LIKE '".$db->escape($search)."%'";
+ if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '".$db->escape($search)."%'";
+ $sql.= ")";
}
else
{
- $sql.= " AND (p.ref LIKE '%".$_GET['code']."%' OR p.label LIKE '%".$_GET['code']."%')";
+ $sql.= " AND (p.ref LIKE '%".$db->escape($search)."%' OR p.label LIKE '%".$db->escape($search)."%'";
+ if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '%".$db->escape($search)."%'";
+ $sql.= ")";
}
$sql.= " ORDER BY label";
diff --git a/htdocs/cashdesk/javascript/dhtml.js b/htdocs/cashdesk/javascript/dhtml.js
index caf0cd94abd..a2af98d65a8 100644
--- a/htdocs/cashdesk/javascript/dhtml.js
+++ b/htdocs/cashdesk/javascript/dhtml.js
@@ -1,5 +1,6 @@
-/* Copyright (C) 2007-2008 Jeremie Ollivier
+/* Copyright (C) 2007-2008 Jeremie Ollivier
+ * Copyright (C) 2015 Regis Houssin
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -59,8 +60,8 @@ function afficheDonnees(aId, aTexte) {
// aCible : id du bloc de destination; aCode : argument a passer a la page php chargee du traitement et de l'affichage
-function verifResultat(aCible, aCode) {
- if (aCode != '') {
+function verifResultat(aCible, aCode, iLimit = 1) {
+ if (aCode != '' && aCode.length >= iLimit) {
if (texte = file ('facturation_dhtml.php?code='+escape(aCode))) {
diff --git a/htdocs/cashdesk/tpl/facturation1.tpl.php b/htdocs/cashdesk/tpl/facturation1.tpl.php
index 338c0f23b16..2d7d170f22e 100644
--- a/htdocs/cashdesk/tpl/facturation1.tpl.php
+++ b/htdocs/cashdesk/tpl/facturation1.tpl.php
@@ -2,6 +2,7 @@
/* Copyright (C) 2007-2008 Jeremie Ollivier
* Copyright (C) 2011 Laurent Destailleur
* Copyright (C) 2011 Juanjo Menent
+ * Copyright (C) 2015 Regis Houssin
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -43,8 +44,8 @@ $langs->load("cashdesk");