Keine direkt vom Browser stammenden Strings bei open() verwenden.

[kivitendo-erp.git] / bin / mozilla / ir.pl

diff --git a/bin/mozilla/ir.pl b/bin/mozilla/ir.pl
index 1fcc25c..e6f035d 100644 (file)
--- a/bin/mozilla/ir.pl
+++ b/bin/mozilla/ir.pl
@@ -223,7 +223,7 @@ sub form_header {
   $lxdebug->enter_sub();
 
   # set option selected
-  foreach $item (qw(AP vendor currency department employee)) {
+  foreach $item (qw(AP vendor currency department)) {
     $form->{"select$item"} =~ s/ selected//;
     $form->{"select$item"} =~
       s/option>\Q$form->{$item}\E/option selected>$form->{$item}/;
@@ -276,7 +276,8 @@ sub form_header {
                                    "old_id" => \@old_project_ids },
                    "taxzones" => "ALL_TAXZONES",
                    "employees" => "ALL_SALESMEN",
-                   "currencies" => "ALL_CURRENCIES");
+                   "currencies" => "ALL_CURRENCIES",
+                   "vendors" => "ALL_VENDORS");
 
   my %labels;
   my @values = (undef);
@@ -318,7 +319,6 @@ sub form_header {
       </td>
     </tr>|;
     
-    
   %labels = ();
   @values = ();
   my $i = 0;
@@ -330,11 +330,26 @@ sub form_header {
       <tr>
       <th align="right">| . $locale->text('Employee') . qq|</th>
       <td>| .
-        NTI($cgi->popup_menu('-name' => 'employee', '-default' => $form->{"employee"},
+        NTI($cgi->popup_menu('-name' => 'employee_id', '-default' => $form->{"employee_id"},
                              '-values' => \@values, '-labels' => \%labels)) . qq|
       </td>
       </tr>|;
   
+  %labels = ();
+  @values = ();
+  my $i = 0;
+  foreach my $item (@{ $form->{"ALL_VENDORS"} }) {
+    push(@values, $item->{name}.qq|--|.$item->{"id"});
+    $labels{$item->{"id"}} = $item->{"name"}.qq|--|.$item->{"id"};
+  }
+  my $vendors = qq|
+      <th align="right">| . $locale->text('Vendor') . qq|</th>
+      <td>| .
+        NTI($cgi->popup_menu('-name' => 'vendor', '-default' => $form->{"vendor"},
+                             '-onChange' => 'document.getElementById(\'update_button\').click();',
+                             '-values' => \@values, '-labels' => \%labels)) . qq|
+      </td>|;
+
   %labels = ();
   @values = ();
   foreach my $item (@{ $form->{"ALL_TAXZONES"} }) {
@@ -363,14 +378,6 @@ sub form_header {
     </tr>|;
   }
 
-  $vendor =
-    ($form->{selectvendor})
-    ? qq|<select name="vendor"
-onchange="document.getElementById('update_button').click();">| .
-    qq|$form->{selectvendor}</select>\n<input type="hidden" name="selectvendor" value="| .
-    Q($form->{selectvendor}) . qq|">|
-    : qq|<input name="vendor" value="$form->{vendor}" size="35">|;
-
   $department = qq|
               <tr>
              <th align="right" nowrap>| . $locale->text('Department') . qq|</th>
@@ -459,15 +466,14 @@ onchange="document.getElementById('update_button').click();">| .
          <td>
            <table>
              <tr>
-               <th align=right nowrap>| . $locale->text('Vendor') . qq|</th>
-               <td colspan=3>$vendor</td>
-
+    $vendors
                 <th align=richt nowrap>|
     . $locale->text('Contact Person') . qq|</th>
                 <td colspan=3>$contact</td>
 
-                <input type=hidden name=vendor_id value=$form->{vendor_id}>
-               <input type=hidden name=oldvendor value="$form->{oldvendor}">
+                <input type="hidden" name="vendor_id" value="$form->{vendor_id}">
+               <input type="hidden" name="oldvendor" value="$form->{oldvendor}">
+    <input type="hidden" name="selectvendor" value= "1">
              </tr>
              <tr>
                <td></td>
@@ -824,6 +830,10 @@ sub form_footer {
   $invdate  = $form->datetonum($form->{invdate},  \%myconfig);
   $closedto = $form->datetonum($form->{closedto}, \%myconfig);
 
+  print qq|<input class=submit type=submit name=action id=update_button value="|
+    . $locale->text('Update') . qq|">
+|;
+
   if ($form->{id}) {
     my $show_storno = !$form->{storno} && !IS->has_storno(\%myconfig, $form, "ap");
 
@@ -845,9 +855,6 @@ sub form_footer {
 
   }
 
-  print qq|<input class=submit type=submit name=action id=update_button value="|
-    . $locale->text('Update') . qq|">|;
-
   if (!$form->{id} && ($invdate > $closedto)) {
     print qq| <input class=submit type=submit name=action value="|
       . $locale->text('Post') . qq|"> | .
@@ -1007,9 +1014,14 @@ sub storno {
     $form->error($locale->text("Invoice has already been storno'd!"));
   }
 
+  my $employee_id = $form->{employee_id};
   invoice_links();
   prepare_invoice();
   relink_accounts();
+
+  # Payments must not be recorded for the new storno invoice.
+  $form->{paidaccounts} = 0;
+  map { my $key = $_; delete $form->{$key} if grep { $key =~ /^$_/ } qw(datepaid_ source_ memo_ paid_ exchangerate_ AR_paid_) } keys %{ $form };
   
   # saving the history
   if(!exists $form->{addition} && $form->{id} ne "") {
@@ -1024,7 +1036,8 @@ sub storno {
   $form->{id} = "";
   $form->{invnumber} = "Storno zu " . $form->{invnumber};
   $form->{rowcount}++;
-  &post();
+  $form->{employee_id} = $employee_id;
+  post();
   $lxdebug->leave_sub();
 
 }
@@ -1087,6 +1100,9 @@ sub post {
   $form->isblank("invdate", $locale->text('Invoice Date missing!'));
   $form->isblank("vendor",  $locale->text('Vendor missing!'));
 
+  $form->{invnumber} =~ s/^\s*//g;
+  $form->{invnumber} =~ s/\s*$//g;
+
   # if the vendor changed get new values
   if (&check_name(vendor)) {
     &update;