login nicht aus $::form nehmen. Teil 1

[kivitendo-erp.git] / bin / mozilla / cp.pl

diff --git a/bin/mozilla/cp.pl b/bin/mozilla/cp.pl
index b9aed48..888bf8a 100644 (file)
--- a/bin/mozilla/cp.pl
+++ b/bin/mozilla/cp.pl
@@ -72,12 +72,12 @@ sub payment {
   # für bugfix 1771 (doppelte Leerzeichen werden nicht 'gepostet')
   $form->{"select$form->{vc}"} = "";
 
-  $form->{selectcustomer} .= "<option value=\"\"></option>\n" if $form->{vc} eq "customer";
-
   if ($form->{"all_$form->{vc}"}) {
+    $form->{"select$form->{vc}"} .= "<option value=\"\"></option>\n";
     # s.o. jb 12.10.2010
     $form->{"$form->{vc}_id"} = $form->{"all_$form->{vc}"}->[0]->{id};
-    map { $form->{"select$form->{vc}"} .= "<option value=\"$_->{name}--$_->{id}\">$_->{name}--$_->{id}</option>\n" }
+    # hotfix for 2450. TODO remove legacy code and use L
+    map { $form->{"select$form->{vc}"} .= "<option value=\"" . H($_->{name}) . "--$_->{id}\">" . H($_->{name}) . "--$_->{id}</option>\n" }
       @{ $form->{"all_$form->{vc}"} };
   }
   CP->paymentaccounts(\%myconfig, \%$form);
@@ -138,7 +138,7 @@ sub form_header {
 
   # sometimes it happens that values in customer arrive without the signs '--'
   # but in order to select the right option field we need values with '--'
-  if ($form->{vc} eq "customer"){
+  if ($form->{vc} eq "customer" && $form->{"all_$form->{vc}"}){
     my ($customername) = split /--/, $form->{ $form->{vc} };
     $form->{ $form->{vc} } = $customername . "--" . $form->{customer_id};
   }
@@ -148,6 +148,7 @@ sub form_header {
   #              <option value="asdf--2929">asdf--2929</option>
   # offen: $form->{ARAP} kann raus?
   for my $item ($form->{vc}, "account", "currency", $form->{ARAP}) {
+    $form->{$item} = H($form->{$item});
     $form->{"select$item"} =~ s/ selected//;
     $form->{"select$item"} =~ s/option value="\Q$form->{$item}\E">\Q$form->{$item}\E/option selected value="$form->{$item}">$form->{$item}/;
   }