CP.pm auf die Verwendung von parametrisierten Queries zur Vermeidung von SQL injectio...

[kivitendo-erp.git] / SL / GL.pm

diff --git a/SL/GL.pm b/SL/GL.pm
index 527b69b..13a12ff 100644 (file)
--- a/SL/GL.pm
+++ b/SL/GL.pm
@@ -75,9 +75,6 @@ sub post_transaction {
   # check if debit and credit balances
 
   if ($form->{storno}) {
-    $debit               = $debit * -1;
-    $credit              = $credit * -1;
-    $tax                 = $tax * -1;
     $form->{reference}   = "Storno-" . $form->{reference};
     $form->{description} = "Storno-" . $form->{description};
   }
@@ -287,11 +284,6 @@ sub all_transactions {
     $arwhere .= " AND c.accno = '$form->{accno}'";
     $apwhere .= " AND c.accno = '$form->{accno}'";
   }
-  if ($form->{gifi_accno}) {
-    $glwhere .= " AND c.gifi_accno = '$form->{gifi_accno}'";
-    $arwhere .= " AND c.gifi_accno = '$form->{gifi_accno}'";
-    $apwhere .= " AND c.gifi_accno = '$form->{gifi_accno}'";
-  }
   if ($form->{category} ne 'X') {
     $glwhere .=
       " AND gl.id in (SELECT trans_id FROM acc_trans ac2 WHERE ac2.chart_id IN (SELECT id FROM chart c2 WHERE c2.category = '$form->{category}'))";
@@ -343,33 +335,6 @@ sub all_transactions {
     }
   }
 
-  if ($form->{gifi_accno}) {
-
-    # get category for account
-    $query = qq|SELECT c.category
-                FROM chart c
-               WHERE c.gifi_accno = '$form->{gifi_accno}'|;
-    $sth = $dbh->prepare($query);
-
-    $sth->execute || $form->dberror($query);
-    ($form->{ml}) = $sth->fetchrow_array;
-    $sth->finish;
-
-    if ($form->{datefrom}) {
-      $query = qq|SELECT SUM(ac.amount)
-                 FROM acc_trans ac, chart c
-                 WHERE ac.chart_id = c.id
-                 AND c.gifi_accno = '$form->{gifi_accno}'
-                 AND ac.transdate < date '$form->{datefrom}'
-                 |;
-      $sth = $dbh->prepare($query);
-      $sth->execute || $form->dberror($query);
-
-      ($form->{balance}) = $sth->fetchrow_array;
-      $sth->finish;
-    }
-  }
-
   my $false = ($myconfig->{dbdriver} eq 'Pg') ? FALSE: q|'0'|;
 
   my $sortorder = join ', ',
@@ -389,7 +354,7 @@ sub all_transactions {
   my $query =
     qq|SELECT ac.oid AS acoid, g.id, 'gl' AS type, $false AS invoice, g.reference, ac.taxkey, c.link,
                  g.description, ac.transdate, ac.source, ac.trans_id,
-                ac.amount, c.accno, c.gifi_accno, g.notes, t.chart_id, ac.oid
+                ac.amount, c.accno, g.notes, t.chart_id, ac.oid
                  $project_columns
                  FROM gl g, acc_trans ac $project_join, chart c LEFT JOIN tax t ON
                  (t.chart_id=c.id)
@@ -399,7 +364,7 @@ sub all_transactions {
        UNION
                 SELECT ac.oid AS acoid, a.id, 'ar' AS type, a.invoice, a.invnumber, ac.taxkey, c.link,
                 ct.name, ac.transdate, ac.source, ac.trans_id,
-                ac.amount, c.accno, c.gifi_accno, a.notes, t.chart_id, ac.oid
+                ac.amount, c.accno, a.notes, t.chart_id, ac.oid
                  $project_columns
                 FROM ar a, acc_trans ac $project_join, customer ct, chart c LEFT JOIN tax t ON
                  (t.chart_id=c.id)
@@ -410,7 +375,7 @@ sub all_transactions {
        UNION
                 SELECT ac.oid AS acoid, a.id, 'ap' AS type, a.invoice, a.invnumber, ac.taxkey, c.link,
                 ct.name, ac.transdate, ac.source, ac.trans_id,
-                ac.amount, c.accno, c.gifi_accno, a.notes, t.chart_id, ac.oid
+                ac.amount, c.accno, a.notes, t.chart_id, ac.oid
                  $project_columns
                 FROM ap a, acc_trans ac $project_join, vendor ct, chart c LEFT JOIN tax t ON
                  (t.chart_id=c.id)
@@ -418,7 +383,7 @@ sub all_transactions {
                 AND ac.chart_id = c.id
                 AND a.vendor_id = ct.id
                 AND a.id = ac.trans_id
-                ORDER BY $sortorder transdate,acoid, trans_id, taxkey DESC|;
+                ORDER BY $sortorder transdate, trans_id, acoid, taxkey DESC|;
 
   # Show all $query in Debuglevel LXDebug::QUERY
   $callingdetails = (caller (0))[3];
@@ -503,13 +468,13 @@ sub all_transactions {
           $ref->{debit}{$k}        = $ref->{amount} * -1;
           $ref->{debit_accno}{$k}  = $ref->{accno};
           $ref->{debit_taxkey}{$k} = $ref->{taxkey};
-          $ref->{transdate}{$k}    = $ref->{transdate};
+          $ref->{ac_transdate}{$k} = $ref->{transdate};
 
         } else {
           $ref->{credit}{$l}        = $ref->{amount} * 1;
           $ref->{credit_accno}{$l}  = $ref->{accno};
           $ref->{credit_taxkey}{$l} = $ref->{taxkey};
-          $ref->{transdate}{$l}     = $ref->{transdate};
+          $ref->{ac_transdate}{$l}  = $ref->{transdate};
 
 
         }
@@ -566,7 +531,7 @@ sub all_transactions {
           $ref->{debit}{$k}        = $ref2->{amount} * - 1;
           $ref->{debit_accno}{$k}  = $ref2->{accno};
           $ref->{debit_taxkey}{$k} = $ref2->{taxkey};
-          $ref->{transdate}{$k}    = $ref2->{transdate};
+          $ref->{ac_transdate}{$k} = $ref2->{transdate};
         } else {
           if ($ref->{credit_accno}{$l} ne "") {
             $l++;
@@ -574,7 +539,7 @@ sub all_transactions {
           $ref->{credit}{$l}        = $ref2->{amount};
           $ref->{credit_accno}{$l}  = $ref2->{accno};
           $ref->{credit_taxkey}{$l} = $ref2->{taxkey};
-          $ref->{transdate}{$l}     = $ref2->{transdate};
+          $ref->{ac_transdate}{$l}  = $ref2->{transdate};
         }
       }
     }
@@ -591,15 +556,7 @@ sub all_transactions {
     ($form->{account_description}) = $sth->fetchrow_array;
     $sth->finish;
   }
-  if ($form->{gifi_accno}) {
-    $query =
-      qq|SELECT g.description FROM gifi g WHERE g.accno = '$form->{gifi_accno}'|;
-    $sth = $dbh->prepare($query);
-    $sth->execute || $form->dberror($query);
 
-    ($form->{gifi_account_description}) = $sth->fetchrow_array;
-    $sth->finish;
-  }
   $main::lxdebug->leave_sub();
 
   $dbh->disconnect;