SQL-Injection vermeiden. Fix für Revisionen 2936, 2937.

[kivitendo-erp.git] / SL / ReportGenerator.pm

diff --git a/SL/ReportGenerator.pm b/SL/ReportGenerator.pm
index b02ab35..67d69a9 100644 (file)
--- a/SL/ReportGenerator.pm
+++ b/SL/ReportGenerator.pm
@@ -268,20 +268,33 @@ sub prepare_html_content {
   }
 
   my ($outer_idx, $inner_idx) = (0, 0);
+  my $next_border_top;
   my @rows;
 
   foreach my $row_set (@{ $self->{data} }) {
     if ('HASH' eq ref $row_set) {
+      if ($row_set->{type} eq 'separator') {
+        if (! scalar @rows) {
+          $next_border_top = 1;
+        } else {
+          $rows[-1]->{BORDER_BOTTOM} = 1;
+        }
+
+        next;
+      }
+
       my $row_data = {
         'IS_CONTROL'      => 1,
-        'IS_SEPARATOR'    => $row_set->{type} eq 'separator',
         'IS_COLSPAN_DATA' => $row_set->{type} eq 'colspan_data',
         'NUM_COLUMNS'     => scalar @visible_columns,
+        'BORDER_TOP'      => $next_border_top,
         'data'            => $row_set->{data},
       };
 
       push @rows, $row_data;
 
+      $next_border_top = 0;
+
       next;
     }
 
@@ -298,7 +311,15 @@ sub prepare_html_content {
             'data' => $self->html_format($col->{data}->[$i]),
             'link' => $col->{link}->[$i],
           };
-        };
+        }
+
+        # Force at least a   to be displayed so that browsers
+        # will format the table cell (e.g. borders etc).
+        if (!scalar @{ $col->{CELL_ROWS} }) {
+          push @{ $col->{CELL_ROWS} }, { 'data' => ' ' };
+        } elsif ((1 == scalar @{ $col->{CELL_ROWS} }) && !$col->{CELL_ROWS}->[0]->{data}) {
+          $col->{CELL_ROWS}->[0]->{data} = ' ';
+        }
       }
 
       my $row_data = {
@@ -306,9 +327,12 @@ sub prepare_html_content {
         'outer_idx'     => $outer_idx,
         'outer_idx_odd' => $outer_idx % 2,
         'inner_idx'     => $inner_idx,
+        'BORDER_TOP'    => $next_border_top,
       };
 
       push @rows, $row_data;
+
+      $next_border_top = 0;
     }
   }
 
@@ -344,7 +368,7 @@ sub generate_html_content {
   my $self      = shift;
   my $variables = $self->prepare_html_content();
 
-  return $self->{form}->parse_html_template2('report_generator/html_report', $variables);
+  return $self->{form}->parse_html_template('report_generator/html_report', $variables);
 }
 
 sub verify_paper_size {