diff options
| author | einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> | 2007-04-26 20:28:38 +0000 |
|---|---|---|
| committer | einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> | 2007-04-26 20:28:38 +0000 |
| commit | 6c5c1c36fa682244c355f6c06808ec715f0a2baa (patch) | |
| tree | 632efc981a5735f7b8d424a680469b71597dd495 /LedgerSMB | |
| parent | 6a118bd31a09a9b8aaabd84f8876952e1cdd6459 (diff) | |
Merging bugfixes from current branches/1.2
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1105 4979c152-3d1c-0410-bac9-87ea11338e46
Diffstat (limited to 'LedgerSMB')
| -rw-r--r-- | LedgerSMB/AA.pm | 10 | ||||
| -rw-r--r-- | LedgerSMB/AM.pm | 52 | ||||
| -rw-r--r-- | LedgerSMB/Form.pm | 186 | ||||
| -rw-r--r-- | LedgerSMB/IC.pm | 22 | ||||
| -rw-r--r-- | LedgerSMB/IR.pm | 14 | ||||
| -rw-r--r-- | LedgerSMB/IS.pm | 41 | ||||
| -rw-r--r-- | LedgerSMB/Locale.pm | 14 | ||||
| -rw-r--r-- | LedgerSMB/Menu.pm | 9 | ||||
| -rw-r--r-- | LedgerSMB/OE.pm | 77 | ||||
| -rw-r--r-- | LedgerSMB/Sysconfig.pm | 13 | ||||
| -rw-r--r-- | LedgerSMB/Tax.pm | 16 | ||||
| -rw-r--r-- | LedgerSMB/User.pm | 74 |
12 files changed, 273 insertions, 255 deletions
diff --git a/LedgerSMB/AA.pm b/LedgerSMB/AA.pm index e6d7b573..dde35958 100644 --- a/LedgerSMB/AA.pm +++ b/LedgerSMB/AA.pm @@ -394,7 +394,7 @@ sub post_transaction { INSERT INTO acc_trans (trans_id, chart_id, amount, transdate) VALUES (?, (SELECT id FROM chart - WHERE accno = '?'), + WHERE accno = ?), ?, ?)|; @queryargs = ( $form->{id}, $accno, $invamount * -1 * $ml, $form->{transdate} ); @@ -455,7 +455,7 @@ sub post_transaction { ?, ?)|; @queryargs = ( - $form->{id}, + $form->{id}, $accno, $paid{amount}{$i} * $ml, $form->{"datepaid_$i"} ); @@ -480,7 +480,7 @@ sub post_transaction { cleared) VALUES (?, (SELECT id FROM chart WHERE accno = ?), - ? * -1 * $ml, ?, ?, ?, ?)|; + ?, ?, ?, ?, ?)|; @queryargs = ( $form->{id}, $accno, @@ -545,7 +545,8 @@ sub post_transaction { FROM chart WHERE accno = ?), - ?, ?, '1', ?, ?)|; + ?, ?, + '1', ?, ?)|; @queryargs = ( $form->{id}, $accno, @@ -870,7 +871,6 @@ sub transactions { $query .= "WHERE $where ORDER BY $sortorder"; - my $sth = $dbh->prepare($query); $sth->execute(@paidargs) || $form->dberror($query); diff --git a/LedgerSMB/AM.pm b/LedgerSMB/AM.pm index 1219c50c..696b370b 100644 --- a/LedgerSMB/AM.pm +++ b/LedgerSMB/AM.pm @@ -247,7 +247,7 @@ sub delete_account { # set inventory_accno_id, income_accno_id, expense_accno_id to defaults $query = qq| UPDATE parts - SET inventory_accno_id = (SELECT value + SET inventory_accno_id = (SELECT value::int FROM defaults WHERE setting_key = 'inventory_accno_id') @@ -259,7 +259,7 @@ sub delete_account { for (qw(income_accno_id expense_accno_id)) { $query = qq| UPDATE parts - SET $_ = (SELECT value + SET $_ = (SELECT value::int FROM defaults WHERE setting_key = '$_') WHERE $_ = ?|; @@ -1247,12 +1247,12 @@ sub check_template_name { my ( $self, $myconfig, $form ) = @_; my @allowedsuff = qw(css tex txt html xml); - if ( $form->{file} =~ /^(.:)*?\/|\.\.\/|^\// ) { + if ( $form->{file} =~ /^(.:)*?\/|:|\.\.\/|^\// ) { $form->error("Directory transversal not allowed."); } - if ( $form->{file} =~ /^${LedgerSMB::Sysconfig::userspath}\// ) { + if ( $form->{file} =~ /^${LedgerSMB::Sysconfig::backuppath}\// ) { $form->error( -"Not allowed to access ${LedgerSMB::Sysconfig::userspath}/ with this method" +"Not allowed to access ${LedgerSMB::Sysconfig::backuppath}/ with this method" ); } my $whitelisted = 0; @@ -1353,10 +1353,6 @@ sub save_preferences { company menuwidth countrycode address timeout stylesheet printer password); - foreach my $item ( keys %$form ) { - $myconfig->{$item} = $form->{$item}; - } - $myconfig->{password} = $form->{new_password} if ( $form->{old_password} ne $form->{new_password} ); @@ -1614,8 +1610,7 @@ sub backup { my $boundary = time; my $tmpfile = -"${LedgerSMB::Sysconfig::userspath}/$boundary.$myconfig->{dbname}-$form->{dbversion}-$t[5]$t[4]$t[3].sql"; - $tmpfile .= ".gz" if ${LedgerSMB::Sysconfig::gzip}; +"${LedgerSMB::Sysconfig::backuppath}/$boundary.$globalDBname-$form->{dbversion}-$t[5]$t[4]$t[3].sql"; $form->{OUT} = "$tmpfile"; open( OUT, '>', "$form->{OUT}" ) or $form->error("$form->{OUT} : $!"); @@ -1624,24 +1619,12 @@ sub backup { my $today = scalar localtime; - $myconfig->{dbhost} = 'localhost' unless $myconfig->{dbhost}; - - $ENV{PGPASSWD} = $myconfig->{dbpasswd}; - - # drop tables and sequences - # compress backup if gzip defined - my $suffix = ""; + my $suffix = "c"; if ( $form->{media} eq 'email' ) { - if ( ${LedgerSMB::Sysconfig::gzip} ) { - print OUT -`pg_dump -U $myconfig->{dbuser} -h $myconfig->{dbhost} $myconfig->{dbname} | ${LedgerSMB::Sysconfig::gzip}`; - } - else { - print OUT -`pg_dump -U $myconfig->{dbuser} -h $myconfig->{dbhost} $myconfig->{dbname}`; - } + print OUT +qx(PGPASSWORD="$myconfig->{dbpasswd}" pg_dump -U $myconfig->{dbuser} -h $myconfig->{dbhost} -Fc -p $myconfig->{dbport} $myconfig->{dbname}); close OUT; use LedgerSMB::Mailer; $mail = new Mailer; @@ -1649,12 +1632,12 @@ sub backup { $mail->{to} = qq|"$myconfig->{name}" <$myconfig->{email}>|; $mail->{from} = qq|"$myconfig->{name}" <$myconfig->{email}>|; $mail->{subject} = -"LedgerSMB Backup / $myconfig->{dbname}-$form->{dbversion}-$t[5]$t[4]$t[3].sql$suffix"; +"LedgerSMB Backup / $globalDBname-$form->{dbversion}-$t[5]$t[4]$t[3].sql$suffix"; @{ $mail->{attachments} } = ($tmpfile); $mail->{version} = $form->{version}; $mail->{fileid} = "$boundary."; $mail->{format} = "plain"; - $mail->{format} = "octet-stream" if ${LedgerSMB::Sysconfig::gzip}; + $mail->{format} = "octet-stream"; $myconfig->{signature} =~ s/\\n/\n/g; $mail->{message} = "-- \n$myconfig->{signature}"; @@ -1669,15 +1652,8 @@ sub backup { print OUT qq|Content-Type: application/file;\n| . qq|Content-Disposition: attachment; filename="$myconfig->{dbname}-$form->{dbversion}-$t[5]$t[4]$t[3].sql$suffix"\n\n|; - if ( ${LedgerSMB::Sysconfig::gzip} ) { - print OUT -`pg_dump -U $myconfig->{dbuser} -h $myconfig->{dbhost} $myconfig->{dbname} | ${LedgerSMB::Sysconfig::gzip}`; - } - else { - print OUT -`pg_dump -U $myconfig->{dbuser} -h $myconfig->{dbhost} $myconfig->{dbname}`; - } - + print OUT +qx(PGPASSWORD="$myconfig->{dbpasswd}" pg_dump -U $myconfig->{dbuser} -h $myconfig->{dbhost} -Fc -p $myconfig->{dbport} $myconfig->{dbname}); } unlink "$tmpfile"; @@ -1716,7 +1692,7 @@ sub closebooks { for (qw(revtrans closedto audittrail)) { if ( $form->{$_} ) { - $val = 1; + $val = $form->{$_}; } else { $val = 0; diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm index 76f4877f..a7955240 100644 --- a/LedgerSMB/Form.pm +++ b/LedgerSMB/Form.pm @@ -35,6 +35,11 @@ use Math::BigFloat lib => 'GMP'; use LedgerSMB::Sysconfig; +use List::Util qw(first); +use LedgerSMB::Mailer; +use Time::Local; +use Cwd; +use File::Copy; package Form; @@ -68,35 +73,32 @@ sub new { $self->{nextsub} =~ s/( |-|,|\#|\/|\.$)/_/g; } + $self->{login} =~ s/[^a-zA-Z0-9._+@'-]//g; + $self->{menubar} = 1 if $self->{path} =~ /lynx/i; #menubar will be deprecated, replaced with below $self->{lynx} = 1 if $self->{path} =~ /lynx/i; - $self->{version} = "1.3.0 Alpha 0 Pre"; + $self->{version} = "1.2.5"; $self->{dbversion} = "1.2.0"; bless $self, $type; - if ( $self->{path} eq "bin/lynx" ) { - $self->{menubar} = 1; - - #menubar will be deprecated, replaced with below - $self->{lynx} = 1; - $self->{path} = "bin/lynx"; - } - else { - $self->{path} = "bin/mozilla"; + if ( $self->{path} ne 'bin/lynx' ) { $self->{path} = 'bin/mozilla'; } + if ( ( $self->{script} ) + and not List::Util::first { $_ eq $self->{script} } + @{LedgerSMB::Sysconfig::scripts} ) + { + $self->error( 'Access Denied', __line__, __file__ ); } - if ( ( $self->{script} =~ m#(\.\.|\\|/)# ) ) { - $self->error("Access Denied"); + if ( ( $self->{action} =~ /(:|')/ ) || ( $self->{nextsub} =~ /(:|')/ ) ) { + $self->error( "Access Denied", __line__, __file__ ); } - if ( ( $self->{action} =~ /:/ ) || ( $self->{nextsub} =~ /:/ ) ) { - $self->error("Access Denied"); - } + for ( keys %$self ) { $self->{$_} =~ s/\000//g } $self; } @@ -116,6 +118,16 @@ sub debug { } +sub encode_all { + + # TODO; +} + +sub decode_all { + + # TODO +} + sub escape { my ( $self, $str, $beenthere ) = @_; @@ -155,24 +167,6 @@ sub quote { } -sub format_date { - - # takes an iso date in, and converts it to the date for printing - my ( $self, $date ) = @_; - my $datestring; - if ( $date =~ /^\d{4}\D/ ) { # is an ISO date - $datestring = $self->{db_dateformat}; - my ( $yyyy, $mm, $dd ) = split( /\W/, $date ); - $datestring =~ s/y+/$yyyy/; - $datestring =~ s/mm/$mm/; - $datestring =~ s/dd/$dd/; - } - else { # return date - $datestring = $date; - } - $datestring; -} - sub unquote { my ( $self, $str ) = @_; @@ -234,9 +228,7 @@ sub error { if ( $ENV{error_function} ) { &{ $ENV{error_function} }($msg); } - else { - die "Error: $msg\n"; - } + die "Error: $msg\n"; } } @@ -343,7 +335,6 @@ qq|<meta http-equiv="content-type" content="text/html; charset=$self->{charset}" sub redirect { my ( $self, $msg ) = @_; - use List::Util qw(first); if ( $self->{callback} || !$msg ) { @@ -524,8 +515,8 @@ sub parse_amount { my ( $self, $myconfig, $amount ) = @_; - if ( $amount eq '' or $amount == undef ) { - return 0; + if ( ( $amount eq '' ) or ( ! defined $amount ) ) { + $amount = 0; } if ( UNIVERSAL::isa( $amount, 'Math::BigFloat' ) ) @@ -557,7 +548,14 @@ sub parse_amount { $amount = $1 * -1; } $amount =~ s/\s?CR//; + + $amount =~ /(\d*)\.(\d*)/; + + my $decimalplaces = length $1 + length $2; + $amount = new Math::BigFloat($amount); + $amount->accuracy($decimalplaces); + return ( $amount * 1 ); } @@ -661,21 +659,28 @@ sub parse_template { my $fileid = time; my $tmpfile = $self->{IN}; $tmpfile =~ s/\./_$self->{fileid}./ if $self->{fileid}; - $self->{tmpfile} = - "${LedgerSMB::Sysconfig::userspath}/${fileid}_${tmpfile}"; - - my %temphash; + $self->{tmpfile} = "${LedgerSMB::Sysconfig::tempdir}/${fileid}_${tmpfile}"; + my $temphash; if ( $self->{format} =~ /(postscript|pdf)/ || $self->{media} eq 'email' ) { - $temphash{out} = $self->{OUT}; - $self->{OUT} = "$self->{tmpfile}"; + $temphash{out} = $self->{OUT}; + $self->{OUT} = "$self->{tmpfile}"; + File::Copy::copy( + "$self->{templates}/logo.png", + "${LedgerSMB::Sysconfig::tempdir}/" + ); + File::Copy::copy( + "$self->{templates}/logo.eps", + "${LedgerSMB::Sysconfig::tempdir}/" + ); $temphash{printmode} = $self->{printmode}; - $self->{printmode} = '>'; + $self->{printmode} = '>'; } if ( $self->{OUT} ) { open( OUT, $self->{printmode}, "$self->{OUT}" ) or $self->error("$self->{OUT} : $!"); + chmod( 0600, "$self->{OUT}" ); } else { @@ -826,13 +831,19 @@ sub parse_template { chop; s/.*?<\?lsmb if (.+?) \?>/$1/; - if (/\s/) { - @a = split; - $ok = eval "$self->{$a[0]} $a[1] $a[2]"; - } - else { - $ok = $self->{$_}; - } + # commenting this out for security reasons. If needed, + # please uncomment. Functionality below will be in 1.3 + # Chris Travers + #if (/\s/) { + # @args = split; + # if ($args[1] !~ /^(==|eq|>|gt|>|lt|>=|ge|le|<=|ne|!=)$/){ + # $self->error("Unknown/forbidden operator"); + # } + # $ok = eval "$self->{$args[0]} $args[1] $args[2]"; + #} else { + $ok = $self->{$_}; + + #} if ($ok) { while ( $_ = shift ) { @@ -898,19 +909,15 @@ sub parse_template { # Convert the tex file to postscript if ( $self->{format} =~ /(postscript|pdf)/ ) { - use Cwd; - $self->{cwd} = cwd(); - $self->{tmpdir} = "$self->{cwd}/${LedgerSMB::Sysconfig::userspath}"; - $self->{tmpdir} = "${LedgerSMB::Sysconfig::userspath}" - if ${LedgerSMB::Sysconfig::userspath} =~ /^\//; + $self->{tmpdir} = "${LedgerSMB::Sysconfig::tempdir}"; - unless ( chdir("${LedgerSMB::Sysconfig::userspath}") ) { + unless ( chdir( $self->{tmpdir} ) ) { $err = $!; $self->cleanup; - $self->error("chdir : $err"); + $self->error("chdir : $self->{tmpdir} : $err"); } - $self->{tmpfile} =~ s/${LedgerSMB::Sysconfig::userspath}\///g; + $self->{tmpfile} =~ s/$self->{tmpdir}\///g; $self->{errfile} = $self->{tmpfile}; $self->{errfile} =~ s/tex$/err/; @@ -958,8 +965,6 @@ sub parse_template { if ( $self->{media} eq 'email' ) { - use LedgerSMB::Mailer; - my $mail = new Mailer; for (qw(cc bcc subject message version format charset)) { @@ -1017,8 +1022,8 @@ sub parse_template { } else { - $self->{OUT} = $temphash{out}; - $self->{printmode} = $temphash{printmode}; + $self->{OUT} = $temphash{out}; + $self->{printmode} = $temphash{printmode} if $temphash{printmode}; unless ( open( IN, '<', $self->{tmpfile} ) ) { $err = $!; @@ -1040,6 +1045,7 @@ sub parse_template { $self->cleanup; $self->error("$self->{OUT} : $err"); } + chmod( 0600, "$self->{OUT}" ); } else { @@ -1339,8 +1345,6 @@ sub add_date { my ( $self, $myconfig, $date, $repeat, $unit ) = @_; - use Time::Local; - my $diff = 0; my $spc = $myconfig->{dateformat}; $spc =~ s/\w//g; @@ -1435,6 +1439,16 @@ qq|<button class="submit" type="submit" name="action" value="$name" accesskey="$ sub db_init { my ( $self, $myconfig ) = @_; $self->{dbh} = $self->dbconnect_noauto($myconfig) || $self->dberror(); + %date_query = ( + 'mm/dd/yy' => 'set DateStyle to \'SQL, US\'', + 'mm-dd-yy' => 'set DateStyle to \'POSTGRES, US\'', + 'dd/mm/yy' => 'set DateStyle to \'SQL, EUROPEAN\'', + 'dd-mm-yy' => 'set DateStyle to \'POSTGRES, EUROPEAN\'', + 'dd.mm.yy' => 'set DateStyle to \'GERMAN\'' + ); + + $self->{dbh}->do( $date_query{ $myconfig->{dateformat} } ); + $self->{db_dateformat} = $myconfig->{dateformat}; #shim my $query = "SELECT t.extends, coalesce (t.table_name, 'custom_' || extends) @@ -1653,6 +1667,9 @@ sub update_exchangerate { @queryargs = ($sell); } + if ( !$set ) { + $self->error("Exchange rate missing!"); + } if ( $sth->fetchrow_array ) { $query = qq|UPDATE exchangerate SET $set @@ -2326,9 +2343,8 @@ sub lastname_used { my ( $self, $myconfig, $dbh2, $vc, $module ) = @_; - $vc ||= $self->{vc}; my $dbh = $self->{dbh}; - + $vc ||= $self->{vc}; # add default to correct for improper passing my $arap = ( $vc eq 'customer' ) ? "ar" : "ap"; my $where = "1 = 1"; my $sth; @@ -2395,8 +2411,8 @@ sub current_date { $dateformat = 'yyyymmdd'; } - $query = qq|SELECT to_date(?, ?) - + ?::interval AS thisdate|; + $query = qq|SELECT (to_date(?, ?) + + ?::interval)::date AS thisdate|; @queryargs = ( $thisdate, $dateformat, $days ); } @@ -2415,6 +2431,7 @@ sub current_date { sub like { my ( $self, $str ) = @_; + "%$str%"; } @@ -2523,7 +2540,9 @@ sub update_status { my %queued = split / +/, $self->{queued}; my $spoolfile = - ( $queued{ $self->{formname} } ) ? "'$queued{$self->{formname}}'" : undef; + ( $queued{ $self->{formname} } ) + ? "'$queued{$self->{formname}}'" + : 'NULL'; my $query = qq|DELETE FROM status WHERE formname = ? @@ -2706,9 +2725,10 @@ sub save_recurring { $s{print}, $s{email}, $s{message} ) = split /,/, $self->{recurring}; - if ( $s{howmany} == 0 ) { + if ($s{howmany} == 0){ $self->error("Cannot set to recur 0 times"); } + for (qw(reference message)) { $s{$_} = $self->unescape( $s{$_} ) } for (qw(repeat howmany payment)) { $s{$_} *= 1 } @@ -2840,7 +2860,7 @@ sub save_intnotes { # no id return return unless $self->{id}; - my $dbh = $self->dbconnect($myconfig); + my $dbh = $self->{dbh}; my $query = qq|UPDATE $vc SET intnotes = ? WHERE id = ?|; @@ -3093,6 +3113,24 @@ sub split_date { ( $rv, $yy, $mm, $dd ); } +sub format_date { + + # takes an iso date in, and converts it to the date for printing + my ( $self, $date ) = @_; + my $datestring; + if ( $date =~ /^\d{4}\D/ ) { # is an ISO date + $datestring = $self->{db_dateformat}; + my ( $yyyy, $mm, $dd ) = split( /\W/, $date ); + $datestring =~ s/y+/$yyyy/; + $datestring =~ s/mm/$mm/; + $datestring =~ s/dd/$dd/; + } + else { # return date + $datestring = $date; + } + $datestring; +} + sub from_to { my ( $self, $yyyy, $mm, $interval ) = @_; diff --git a/LedgerSMB/IC.pm b/LedgerSMB/IC.pm index 943f6b36..89f7d1cd 100644 --- a/LedgerSMB/IC.pm +++ b/LedgerSMB/IC.pm @@ -485,8 +485,8 @@ sub save { if ( $form->{"id_$i"} && $form->{"qty_$i"} ) { $sth->execute( - $form->{id}, $form->{"id_$i"}, - $form->{"qty_$i"}, $form->{"bom_$i"}, + $form->{id}, $form->{"id_$i"}, + $form->{"qty_$i"}, $form->{"bom_$i"} || 0, $form->{"adj_$i"} ) || $form->dberror($query); } @@ -603,24 +603,22 @@ sub update_assembly { } $sth->finish; $qty = $dbh->quote($qty); - $formlistprice = $dbh->quote($formlistprice); - $listprice = $dbh->quote($listprice); - $formsellprice = $dbh->quote($formsellprice); - $formlastcost = $dbh->quote( $form->{lastcost} ); - $lastcost = $dbh->quote($lastcost); - $weight = $dbh->quote($weight); + $formlistprice = $dbh->quote( $formlistprice - $listprice ); + $formsellprice = $dbh->quote( $formsellprice - $sellprice ); + $formlastcost = $dbh->quote( $form->{lastcost} - $lastcost ); + $weight = $dbh->quote( $form->{weight} - $weight ); $id = $dbh->quote($id); $query = qq| UPDATE parts SET listprice = listprice + - $qty * ($formlistprice - $listprice), + $qty * cast($formlistprice AS numeric), sellprice = sellprice + - $qty * ($formsellprice - $sellprice), + $qty * cast($formsellprice AS numeric), lastcost = lastcost + - $qty * ($form->{lastcost} - $lastcost), + $qty * cast($formlastcost AS numeric), weight = weight + - $qty * ($form->{weight} - $weight) + $qty * cast($weight AS numeric) WHERE id = $id|; $dbh->do($query) || $form->dberror($query); diff --git a/LedgerSMB/IR.pm b/LedgerSMB/IR.pm index 1dab91d7..8523b870 100644 --- a/LedgerSMB/IR.pm +++ b/LedgerSMB/IR.pm @@ -213,7 +213,11 @@ sub post_invoice { my $linetotal = $form->round_amount( $amount, 2 ); $fxdiff += $amount - $linetotal; - @taxaccounts = Tax::init_taxes( $form, $form->{"taxaccounts_$i"} ); + @taxaccounts = Tax::init_taxes( + $form, + $form->{"taxaccounts_$i"}, + $form->{'taxaccounts'} + ); $tax = Math::BigFloat->bzero(); $fxtax = Math::BigFloat->bzero(); @@ -265,8 +269,6 @@ sub post_invoice { WHERE description = '$uid'|; ($invoice_id) = $dbh->selectrow_array($query); - $form->debug; - $query = qq| UPDATE invoice SET trans_id = ?, @@ -721,8 +723,6 @@ sub post_invoice { $form->audittrail( $dbh, "", \%audittrail ); - my $rc = $dbh->commit; - foreach $item ( keys %updparts ) { $item = $dbh->quote($item); $query = qq| @@ -731,8 +731,8 @@ sub post_invoice { lastcost = lastcost($item) WHERE id = $item|; $dbh->prepare($query) || $form->dberror($query); - $dbh->commit; } + my $rc = $dbh->commit; $rc; @@ -1244,7 +1244,6 @@ sub retrieve_item { } $sth->finish; - $dbh->commit; } @@ -1321,7 +1320,6 @@ sub vendor_details { } $sth->finish; - $dbh->commit; } diff --git a/LedgerSMB/IS.pm b/LedgerSMB/IS.pm index be4cbcb1..13f83793 100644 --- a/LedgerSMB/IS.pm +++ b/LedgerSMB/IS.pm @@ -333,7 +333,6 @@ sub invoice_details { ? $form->format_amount( $myconfig, $discount * -1, $decimalplaces ) : " "; - $linetotal = ($linetotal) ? $linetotal : " "; push( @{ $form->{discount} }, $discount ); push( @@ -348,10 +347,15 @@ sub invoice_details { $form->{"linetotal_$i"} = $form->format_amount( $myconfig, $linetotal, 2 ); + $form->{"linetotal_$i"} = '0.00' unless $form->{"linetotal_$i"}; push( @{ $form->{linetotal} }, $form->{"linetotal_$i"} ); - @taxaccounts = Tax::init_taxes( $form, $form->{"taxaccounts_$i"} ); + @taxaccounts = Tax::init_taxes( + $form, + $form->{"taxaccounts_$i"}, + $form->{"taxaccounts"} + ); my $ml = 1; my @taxrates = (); @@ -598,6 +602,7 @@ sub invoice_details { $form->{$_} = $form->format_amount( $myconfig, $form->{$_} ); } $form->{subtotal} = $form->format_amount( $myconfig, $form->{total}, 2 ); + $form->{subtotal} = '0.00' unless $form->{subtotal}; $form->{invtotal} = ( $form->{taxincluded} ) ? $form->{total} : $form->{total} + $tax; @@ -794,7 +799,6 @@ sub customer_details { for ( keys %$ref ) { $form->{$_} = $ref->{$_} } $sth->finish; - $dbh->commit; } @@ -947,11 +951,14 @@ sub post_invoice { $amount = $fxlinetotal * $form->{exchangerate}; my $linetotal = $form->round_amount( $amount, 2 ); $fxdiff += $amount - $linetotal; - - @taxaccounts = Tax::init_taxes( $form, $form->{"taxaccounts_$i"} ); - $ml = 1; - $tax = 0; - $fxtax = 0; + @taxaccounts = Tax::init_taxes( + $form, + $form->{"taxaccounts_$i"}, + $form->{"taxaccounts"} + ); + $ml = 1; + $tax = Math::BigFloat->bzero(); + $fxtax = Math::BigFloat->bzero(); if ( $form->{taxincluded} ) { $tax += $amount = @@ -964,10 +971,13 @@ sub post_invoice { else { $tax += $amount = Tax::calculate_taxes( \@taxaccounts, $form, $linetotal, 0 ); - $fxtax += Tax::calculate_taxes( \@taxaccounts, $form, $linetotal, 0 ); } + for (@taxaccounts) { + $form->{acc_trans}{ $form->{id} }{ $_->account }{amount} += + $_->value; + } $grossamount = $form->round_amount( $linetotal, 2 ); @@ -1115,7 +1125,6 @@ sub post_invoice { $invnetamount = $amount; $amount = 0; - for ( split / /, $form->{taxaccounts} ) { $amount += $form->{acc_trans}{ $form->{id} }{$_}{amount} = $form->round_amount( $form->{acc_trans}{ $form->{id} }{$_}{amount}, @@ -1400,7 +1409,7 @@ sub post_invoice { $form->{terms}, $form->{notes}, $form->{intnotes}, $form->{taxincluded}, $form->{currency}, $form->{department_id}, - $form->{employee_id}, $till, + $form->{employee_id}, $form->{till}, $form->{language_code}, $form->{ponumber}, $form->{id} ) || $form->dberror($query); @@ -1547,7 +1556,6 @@ sub cogs { $sth->finish; $allocated; - $dbh->commit; } sub reverse_invoice { @@ -1666,7 +1674,7 @@ sub delete_invoice { # delete spool files $query = qq| SELECT spoolfile FROM status - WHERE trans_id = $form->{id} AND spoolfile IS NOT NULL|; + WHERE trans_id = ? AND spoolfile IS NOT NULL|; $sth = $dbh->prepare($query); $sth->execute( $form->{id} ) || $form->dberror($query); @@ -1692,8 +1700,6 @@ sub delete_invoice { } } - $dbh->commit; - $rc; } @@ -1869,8 +1875,7 @@ sub retrieve_item { if ( $form->{"partsgroup_$i"} ne "" ) { ( $null, $var ) = split /--/, $form->{"partsgroup_$i"}; - $var = $dbh->quote($var); - if ( $var == 0 ) { + if ( ! $var ) { # search by partsgroup, this is for the POS $where .= @@ -1878,6 +1883,7 @@ sub retrieve_item { . $dbh->quote( $form->{"partsgroup_$i"} ); } else { + $var = $dbh->quote($var); $where .= qq| AND p.partsgroup_id = $var|; } } @@ -1960,7 +1966,6 @@ sub retrieve_item { } $sth->finish; - $dbh->commit; } diff --git a/LedgerSMB/Locale.pm b/LedgerSMB/Locale.pm index 122794b4..c89fbef0 100644 --- a/LedgerSMB/Locale.pm +++ b/LedgerSMB/Locale.pm @@ -27,6 +27,7 @@ package LedgerSMB::Locale; use base 'Locale::Maketext'; use Locale::Maketext::Lexicon; +use HTML::Entities; use Encode; Locale::Maketext::Lexicon->import( @@ -39,7 +40,7 @@ Locale::Maketext::Lexicon->import( sub text { my ( $self, $text, @params ) = @_; - return $self->maketext( $text, @params ); + return encode_entities( $self->maketext( $text, @params ) ); } ##sub date { @@ -119,10 +120,6 @@ sub date { $mm = substr( "0$mm", -2 ); $longdate = "$yy$spc$mm$spc$dd"; - if ( defined $longformat ) { - $longdate = &text( $self, $longmonth[ --$mm ] ) . " $dd $yy"; - } - } else { @@ -131,10 +128,11 @@ sub date { $mm = substr( "0$mm", -2 ); $longdate = "$mm$spc$dd$spc$yy"; - if ( defined $longformat ) { - $longdate = &text( $self, $longmonth[ --$mm ] ) . " $dd $yy"; - } } + if ( defined $longformat ) { + $longdate = &text( $self, $longmonth[ --$mm ] ) . " $dd $yy"; + } + $longdate; } 1; diff --git a/LedgerSMB/Menu.pm b/LedgerSMB/Menu.pm index d8aad77c..57c83245 100644 --- a/LedgerSMB/Menu.pm +++ b/LedgerSMB/Menu.pm @@ -46,8 +46,15 @@ sub menuitem { my $target = ( $self->{$item}{target} ) ? $self->{$item}{target} : ""; my $level = $form->escape($item); + my $style; + if ( $form->{menubar} ) { + $style = ""; + } + else { + $style = "display:block;"; + } my $str = - qq|<a style="display:block;"| + qq|<a style="$style"| . qq|href="$module?path=$form->{path}&action=$action&| . qq|level=$level&login=$form->{login}&| . qq|timeout=$form->{timeout}&sessionid=$form->{sessionid}| diff --git a/LedgerSMB/OE.pm b/LedgerSMB/OE.pm index 9dc7cea3..ab431769 100644 --- a/LedgerSMB/OE.pm +++ b/LedgerSMB/OE.pm @@ -387,11 +387,9 @@ sub save { my $rowcount = $form->{rowcount}; for my $i ( 1 .. $rowcount ) { - $form->db_prepare_vars( - "orderitems_id_$i", "id_$i", - "description_$i", "project_id_$i", - "ship_$i" - ); + $form->{"ship_$i"} = 0 unless $form->{"ship_$i"}; + $form->db_prepare_vars( "orderitems_id_$i", "id_$i", "description_$i", + "project_id_$i" ); for (qw(qty ship)) { $form->{"${_}_$i"} = @@ -428,7 +426,8 @@ sub save { $form->round_amount( $form->{"sellprice_$i"} * $form->{"qty_$i"}, 2 ); - @taxaccounts = Tax::init_taxes( $form, $form->{"taxaccounts_$i"} ); + @taxaccounts = Tax::init_taxes( $form, $form->{"taxaccounts_$i"}, + $form->{taxaccounts} ); if ( $form->{taxincluded} ) { $taxamount = Tax::calculate_taxes( \@taxaccounts, $form, $linetotal, 1 ); @@ -485,18 +484,11 @@ sub save { # save detail record in orderitems table $query = qq|INSERT INTO orderitems (|; - if ( $form->{"orderitems_id_$i"} ) { - $query .= "id, "; - } $query .= qq| trans_id, parts_id, description, qty, sellprice, discount, unit, reqdate, project_id, ship, serialnumber, notes) VALUES (|; - if ( $form->{"orderitems_id_$i"} ) { - $query .= "?, "; - push @queryargs, $form->{"orderitems_id_$i"}; - } $query .= qq| ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)|; $sth = $dbh->prepare($query); push( @queryargs, @@ -905,7 +897,6 @@ sub retrieve { $form->get_recurring; @queries = $form->run_custom_queries( 'oe', 'SELECT' ); - $form->{dbh}->commit; } else { @@ -1735,8 +1726,6 @@ sub get_warehouses { } $sth->finish; - $dbh->commit; - } sub save_inventory { @@ -1825,11 +1814,11 @@ sub save_inventory { $query = qq| UPDATE orderitems SET - serialnumber = '$serialnumber', - ship = $ship, - reqdate = '$form->{shippingdate}' - WHERE trans_id = $form->{id} - AND id = $form->{"orderitems_id_$i"}|; + serialnumber = ?, + ship = ?, + reqdate = ? + WHERE trans_id = ? + AND id = ?|; $sth2 = $dbh->prepare($query); $sth2->execute( $serialnumber, $ship, $form->{shippingdate}, $form->{id}, $form->{"orderitems_id_$i"} ) @@ -2134,7 +2123,6 @@ sub transfer { } my $rc = $dbh->commit; - $dbh->commit; $rc; @@ -2521,7 +2509,7 @@ sub consolidate_orders { $amount += $ref->{amount}; $netamount += $ref->{netamount}; - $id = $dbh->quore($id); + $id = $dbh->quote($id); foreach $item ( @{ $oe{orderitems}{$curr}{$id} } ) { push @orderitems, $item; @@ -2562,33 +2550,24 @@ sub consolidate_orders { UPDATE oe SET ordnumber = | . $dbh->quote($ordnumber) . qq|, transdate = current_date, - vendor_id = ?, - customer_id = ?, - amount = ?, - netamount = ?, - reqdate = ?, - taxincluded = ?, - shippingpoint = ?, - notes = ?, - curr = ?, - employee_id = ?, - intnotes = ?, - shipvia = ?, - language_code = ?, - ponumber = ?, - department_id = ? - WHERE id = ?|; + vendor_id = $form->{vendor_id}, + customer_id = $form->{customer_id}, + amount = $amount, + netamount = $netamount, + reqdate = | . $form->dbquote( $ref->{reqdate}, SQL_DATE ) . qq|, + taxincluded = '$ref->{taxincluded}', + shippingpoint = | . $dbh->quote( $ref->{shippingpoint} ) . qq|, + notes = | . $dbh->quote( $ref->{notes} ) . qq|, + curr = '$curr', + employee_id = $ref->{employee_id}, + intnotes = | . $dbh->quote( $ref->{intnotes} ) . qq|, + shipvia = | . $dbh->quote( $ref->{shipvia} ) . qq|, + language_code = '$ref->{language_code}', + ponumber = | . $dbh->quote( $form->{ponumber} ) . qq|, + department_id = $department_id + WHERE id = $id|; $sth = $dbh->prepare($query); - $sth->execute( - $form->{vendor_id}, $form->{customer_id}, - $amount, $netamount, - $form->{reqdate}, $form->{taxincluded}, - $form->{shippingpoint}, $form->{notes}, - $curr, $ref->{employee_id}, - $form->{intnotes}, $form->{shipvia}, - $ref->{language_code}, $form->{po_number}, - $department_id, $id - ) || $form->dberror($query); + $sth->execute() || $form->dberror($query); # add items foreach $item (@orderitems) { diff --git a/LedgerSMB/Sysconfig.pm b/LedgerSMB/Sysconfig.pm index 361f3c6b..f8e1145f 100644 --- a/LedgerSMB/Sysconfig.pm +++ b/LedgerSMB/Sysconfig.pm @@ -1,6 +1,6 @@ # This is the new configuration file for LedgerSMB. Eventually all system # configuration directives will go here, This will probably not fully replace -# the ledger-smb.conf until 1.3, however. +# the ledgersmb.conf until 1.3, however. package LedgerSMB::Sysconfig; @@ -8,8 +8,6 @@ use LedgerSMB::Form; use Config::Std; use DBI qw(:sql_types); -binmode STDOUT, ':utf8'; - # For Win32, change $pathsep to ';'; $pathsep = ':'; @@ -38,12 +36,15 @@ $spool = "spool"; # path to user configuration files $userspath = "users"; -# images base directory -$images = "images"; - # templates base directory $templates = "templates"; +# Temporary files stored at" +$tempdir = ( $ENV{TEMP} || '/tmp' ); + +# Backup path +$backuppath = $tempdir; + # member file $memberfile = "users/members"; diff --git a/LedgerSMB/Tax.pm b/LedgerSMB/Tax.pm index edf3bccc..01bff4d4 100644 --- a/LedgerSMB/Tax.pm +++ b/LedgerSMB/Tax.pm @@ -30,10 +30,20 @@ package Tax; use Math::BigFloat; sub init_taxes { - my ( $form, $taxaccounts ) = @_; + my ( $form, $taxaccounts, $taxaccounts2 ) = @_; my $dbh = $form->{dbh}; @taxes = (); my @accounts = split / /, $taxaccounts; + if ( defined $taxaccounts2 ) { + my @tmpaccounts = @accounts; + $#accounts = -1; + for my $acct ( split / /, $taxaccounts2 ) { + if ( $taxaccounts =~ /\b$acct\b/ ) { + push @accounts, $acct; + } + } + + } my $query = qq|SELECT t.taxnumber, c.description, t.rate, t.chart_id, t.pass, m.taxmodulename FROM tax t INNER JOIN chart c ON (t.chart_id = c.id) @@ -41,6 +51,10 @@ sub init_taxes { WHERE c.accno = ?|; my $sth = $dbh->prepare($query); foreach $taxaccount (@accounts) { + next if ( !defined $taxaccount ); + if ( defined $taxaccounts2 ) { + next if $taxaccounts2 !~ /\b$taxaccount\b/; + } $sth->execute($taxaccount) || $form->dberror($query); my $ref = $sth->fetchrow_hashref; diff --git a/LedgerSMB/User.pm b/LedgerSMB/User.pm index 914bdfb9..c24eb98f 100644 --- a/LedgerSMB/User.pm +++ b/LedgerSMB/User.pm @@ -121,47 +121,51 @@ sub fetch_config { my ( $self, $login ) = @_; - if ( $login ne "" ) { + if ( !$login ) { + &error( $self, "Access Denied" ); + } - # use central db - my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH}; + # use central db + my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH}; - # for now, this is querying the table directly... ugly - my $fetchUserPrefs = $dbh->prepare( - "SELECT acs, address, businessnumber, - company, countrycode, currency, - dateformat, dbdriver, dbhost, dbname, - dboptions, dbpasswd, dbport, dbuser, - email, fax, menuwidth, name, numberformat, - password, print, printer, role, sid, - signature, stylesheet, tel, templates, - timeout, vclimit, u.username - FROM users_conf as uc, users as u - WHERE u.username = ? - AND u.id = uc.id;" - ); + # for now, this is querying the table directly... ugly + my $fetchUserPrefs = $dbh->prepare( + "SELECT acs, address, businessnumber, + company, countrycode, currency, + dateformat, dbdriver, dbhost, dbname, + dboptions, dbpasswd, dbport, dbuser, + email, fax, menuwidth, name, numberformat, + password, print, printer, role, sid, + signature, stylesheet, tel, templates, + timeout, vclimit, u.username + FROM users_conf as uc, users as u + WHERE u.username = ? + AND u.id = uc.id;" + ); - $fetchUserPrefs->execute($login); + $fetchUserPrefs->execute($login); - my $userHashRef = $fetchUserPrefs->fetchrow_hashref; + my $userHashRef = $fetchUserPrefs->fetchrow_hashref; + if ( !$userHashRef ) { + &error( $self, "Access Denied" ); + } - while ( my ( $key, $value ) = each( %{$userHashRef} ) ) { - $myconfig{$key} = $value; - } + while ( my ( $key, $value ) = each( %{$userHashRef} ) ) { + $myconfig{$key} = $value; + } - chomp( $myconfig{'dbport'} ); - chomp( $myconfig{'dbname'} ); - chomp( $myconfig{'dbhost'} ); + chomp( $myconfig{'dbport'} ); + chomp( $myconfig{'dbname'} ); + chomp( $myconfig{'dbhost'} ); - $myconfig{'login'} = $login; - $myconfig{'dbconnect'} = - 'dbi:Pg:dbname=' - . $myconfig{'dbname'} - . ';host=' - . $myconfig{'dbhost'} - . ';port=' - . $myconfig{'dbport'}; - } + $myconfig{'login'} = $login; + $myconfig{'dbconnect'} = + 'dbi:Pg:dbname=' + . $myconfig{'dbname'} + . ';host=' + . $myconfig{'dbhost'} + . ';port=' + . $myconfig{'dbport'}; return \%myconfig; } @@ -447,7 +451,7 @@ sub process_query { $ENV{PGUSER} = $form->{dbuser}; $ENV{PGDATABASE} = $form->{db}; $ENV{PGHOST} = $form->{dbhost}; - $ENV{PGPORT} = $form->{pgport}; + $ENV{PGPORT} = $form->{dbport}; $results = `psql -f $filename 2>&1`; if ($?) { |