diff options
author | einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> | 2007-12-13 21:27:59 +0000 |
---|---|---|
committer | einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> | 2007-12-13 21:27:59 +0000 |
commit | 03bfa825f47a35ff8fac5c9a0ffa95107687901c (patch) | |
tree | b34647425df248a3ca0699f7b59ec7b7c131883e | |
parent | 536b29fa6ca68c26012785df5ad6807ce96acc40 (diff) |
Added a routine to sanitize the CGI variables. Needed for some CSV exports routines.
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1978 4979c152-3d1c-0410-bac9-87ea11338e46
-rwxr-xr-x | LedgerSMB.pm | 13 | ||||
-rw-r--r-- | LedgerSMB/DBObject/Payment.pm | 24 | ||||
-rw-r--r-- | UI/payments/check_job.html | 6 | ||||
-rw-r--r-- | UI/payments/payments_detail.html | 26 | ||||
-rw-r--r-- | UI/payments/payments_filter.html | 13 | ||||
-rw-r--r-- | sql/modules/Payment.sql | 15 | ||||
-rw-r--r-- | sql/modules/Voucher.sql | 25 |
7 files changed, 83 insertions, 39 deletions
diff --git a/LedgerSMB.pm b/LedgerSMB.pm index 49126940..30c3b2b8 100755 --- a/LedgerSMB.pm +++ b/LedgerSMB.pm @@ -94,6 +94,11 @@ non-numbers. Copies the given key=>vars to $self. Allows for finer control of merging hashes into self. +=item remove_cgi_globals() + +Removes all elements starting with a . because these elements conflict with the +ability to hide the entire structure for things like CSV lookups. + =back =head1 Copyright (C) 2006, The LedgerSMB core team. @@ -796,6 +801,14 @@ sub set { } +sub remove_cgi_globals { + my ($self) = @_; + for my $key (keys %$self){ + if ($key =~ /^\./){ + delete $self->{key} + } + } +} 1; diff --git a/LedgerSMB/DBObject/Payment.pm b/LedgerSMB/DBObject/Payment.pm index 8bf22ee9..2d4ced79 100644 --- a/LedgerSMB/DBObject/Payment.pm +++ b/LedgerSMB/DBObject/Payment.pm @@ -75,6 +75,11 @@ sub get_metadata { ); @{$self->{debt_accounts}} = $self->exec_method( funcname => 'chart_get_ar_ap'); + @{$self->{cash_accounts}} = $self->exec_method( + funcname => 'chart_list_cash'); + for my $ref(@{$self->{cash_accounts}}){ + $ref->{text} = "$ref->{accno}--$ref->{description}"; + } } sub get_open_accounts { @@ -351,8 +356,6 @@ This method sets appropriate project, department, etc. fields. sub get_payment_detail_data { my ($self) = @_; - @{$self->{cash_accounts}} = $self->exec_method( - funcname => 'chart_list_cash'); $self->get_metadata(); my $source_inc; @@ -385,11 +388,17 @@ sub get_payment_detail_data { sub post_bulk { my ($self) = @_; my $total_count = 0; - my ($ref) = $self->callproc( + my ($ref) = $self->call_procedure( procname => 'setting_get', args => ['queue_payments'], ); my $queue_payments = $ref->{setting_get}; + if ($queue_payments){ + my ($job_ref) = $self->exec_method( + funcname => 'job__create' + ); + $self->{job_id} = $job_ref->{job__create}; + } $self->{payment_date} = $self->{datepaid}; for my $contact_row (1 .. $self->{contact_count}){ my $contact_id = $self->{"contact_$contact_row"}; @@ -414,12 +423,11 @@ sub post_bulk { $self->{transactions} = $invoice_array; $self->{source} = $self->{"source_$contact_id"}; if ($queue_payments){ - my ($job_ref) = $self->exec_method( - funcname => 'job__create' - ); - $self->{job_id} = $job_ref->{job__create}; $self->exec_method( - funcname => 'payment_bulk_queue_entry' + funcname => 'payment_bulk_queue' + ); + ($self->{job}) = $self->exec_method( + funcname => 'job__status' ); } else { $self->exec_method(funcname => 'payment_bulk_post'); diff --git a/UI/payments/check_job.html b/UI/payments/check_job.html index 18f786cc..b59caeab 100644 --- a/UI/payments/check_job.html +++ b/UI/payments/check_job.html @@ -6,7 +6,7 @@ ] titlebar = text('Checking Job') # ' refresh = { - url = "payment.pl?job_id=${job_id}&account_class=${account_class}" + url = "payment.pl?job_id=${job_id}&account_class=${account_class}&action=check_job" delay = 20 } ?> @@ -18,19 +18,17 @@ ELSE; text('Status: Complete'); END ?></div> - <?lsmb IF job.completed ?> + <?lsmb IF ! job.completed ?> <div class="info"> <?lsmb IF job.success; text('Completed Successfully'); ELSE; text('Job Failed'); END ?></div> - <?lsmb IF ! job.success ?> <div class="info"> <?lsmb text('Error:') ?><br /> <?lsmb job.error_condition ?> </div> - <?lsmb END # if ! job.success ?> <?lsmb END # if job.completed ?> </body> </html> diff --git a/UI/payments/payments_detail.html b/UI/payments/payments_detail.html index f926c041..0e931ddc 100644 --- a/UI/payments/payments_detail.html +++ b/UI/payments/payments_detail.html @@ -137,14 +137,18 @@ <?lsmb END # foreach b ?></span> </div> <?lsmb END # if business ?> - <div class="input" id="cash_account_div"> - <select name="cash_accno" id="cash_account"> - <?lsmb FOREACH a = cash_accounts ?> - <option value="<?lsmb a.accno ?>"> - <?lsmb a.accno ?>--<?lsmb a.description ?> - </option> - <?lsmb END # foreach a ?> - </select> + <div class="info" id="cash_account_div"> + <?lsmb INCLUDE input element_data = { + type = "hidden" + name = "cash_accno" + value = cash_accno + } ?> + <label><?lsmb text('Pay From') ?></label> + <?lsmb FOR c = cash_accounts -?> + <?lsmb IF c.accno == cash_accno -?> + <?lsmb c.accno ?>--<?lsmb c.description ?> + <?lsmb END # if c.accno -?> + <?lsmb END # for c -?> </div> <table id="payments_table"> <tr class="listheading"> @@ -270,6 +274,12 @@ class = "submit" name = 'action' } ?> + <?lsmb INCLUDE button element_data = { + text = text('Add Payment Fees') # ' + value = 'paycom_add_fees' + class = 'submit' + name = 'action' + } ?> </form> </body> </html> diff --git a/UI/payments/payments_filter.html b/UI/payments/payments_filter.html index 6ae341dd..c92a57c2 100644 --- a/UI/payments/payments_filter.html +++ b/UI/payments/payments_filter.html @@ -105,22 +105,15 @@ </select> </div> </div> -<div class="listtop"> - <!-- <?lsmb INCLUDE select element_data = { +<div class="listtop"><?lsmb text('Payment Processing') ?></div> + <?lsmb INCLUDE select element_data = { name = "cash_accno" default_values = [cash_accno] options = cash_accounts value_attr = "accno" text_attr = "text" label = text('Pay From:') # ' - } ?> --> - <select name="cash_accno" id="cash_account"> - <?lsmb FOREACH a = cash_accounts ?> - <option value="<?lsmb a.accno ?>"> - <?lsmb a.accno ?>--<?lsmb a.description ?> - </option> - <?lsmb END # foreach a ?> - </select> + } ?> <div class = "input"> <?lsmb INCLUDE input element_data = { type = "text" diff --git a/sql/modules/Payment.sql b/sql/modules/Payment.sql index f48bd22f..77a48045 100644 --- a/sql/modules/Payment.sql +++ b/sql/modules/Payment.sql @@ -207,10 +207,6 @@ This then returns a set of contact information with a 2 dimensional array cnsisting of outstanding invoices. $$; -CREATE OR REPLACE FUNCTION payment_create_queue_entry() RETURNS int AS -$$ -$$ LANGUAGE PLPGSQL; - CREATE OR REPLACE FUNCTION payment_bulk_queue (in_transactions numeric[], in_batch_id int, in_source text, in_total numeric, in_ar_ap_accno text, in_cash_accno text, @@ -233,21 +229,22 @@ $$ LANGUAGE PLPGSQL; CREATE OR REPLACE FUNCTION job__process_payment(in_job_id int) RETURNS bool AS $$ DECLARE - queue_record RECORD - t_auth_name text, + queue_record RECORD; + t_auth_name text; BEGIN -- TODO: Move the set session authorization into a utility function - SELECT created_by INTO t_auth_name FROM pending_jobs + SELECT entered_by INTO t_auth_name FROM pending_job WHERE id = in_job_id; - EXECUTE 'SET SESSION AUTHORIZATION ' quote_ident(t_auth_name); + EXECUTE 'SET SESSION AUTHORIZATION ' || quote_ident(t_auth_name); FOR queue_record IN SELECT * from payments_queue WHERE job_id = in_job_id LOOP PERFORM payment_bulk_post (transactions, batch_id, source, total, ar_ap_accno, cash_accno, - payment_date, account_class); + payment_date, account_class) + FROM payments_queue WHERE job_id = in_job_id; END LOOP; UPDATE pending_job SET completed_at = timeofday()::timestamp, diff --git a/sql/modules/Voucher.sql b/sql/modules/Voucher.sql index 5227a848..0633ab5d 100644 --- a/sql/modules/Voucher.sql +++ b/sql/modules/Voucher.sql @@ -221,3 +221,28 @@ BEGIN return currval('batch_id_seq'); END; $$ LANGUAGE PLPGSQL; + +CREATE OR REPLACE FUNCTION batch_delete(in_batch_id int) RETURNS int AS +$$ +DECLARE + t_transaction_ids int[]; +BEGIN + + -- voucher_id is only set in acc_trans on payment/receipt vouchers and + -- their reversals. -CT + DELETE FROM acc_trans WHERE voucher_id IN + (select voucher_id FROM voucher where batch_id = in_batch_id); + + SELECT as_array(trans_id) INTO t_transaction_ids + FROM voucher WHERE batch_id = in_batch_id AND batch_class IN (1, 2, 5); + + DELETE FROM acc_trans WHERE trans_id = ANY(t_transaction_ids); + DELETE FROM ap WHERE id = ANY(t_transaction_ids); + DELETE FROM gl WHERE id = ANY(t_transaction_ids); + DELETE FROM voucher WHERE batch_id = in_batch_id; + DELETE FROM batch WHERE id = in_batch_id; + DELETE FROM transactions WHERE id = ANY(t_transaction_ids); + + RETURN 1; +END; +$$ language plpgsql; |