X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FCP.pm;h=46cebfebf5dea4aa28849dd60295f0c551525686;hb=f0ce00ebc34b16381f25c9ce75d36521bd046e1f;hp=e0cefd314045694208d55701dfccc719989480c6;hpb=6dde80b7b32967d54aace8241d686fd35db1f890;p=kivitendo-erp.git

diff --git a/SL/CP.pm b/SL/CP.pm
index e0cefd314..46cebfebf 100644
--- a/SL/CP.pm
+++ b/SL/CP.pm
@@ -158,10 +158,12 @@ sub get_openinvoices {
   my $buysell = $form->{vc} eq 'customer' ? "buy" : "sell";
   my $arap = $form->{arap} eq "ar" ? "ar" : "ap";
 
+  my $curr_null = $form->{curreny} ? '' : ' OR a.curr IS NULL'; # fix: after sql-injection fix, curr is inserted as NULL, before that as ''
+
   my $query =
      qq|SELECT a.id, a.invnumber, a.transdate, a.amount, a.paid, a.curr | .
 	   qq|FROM $arap a | .
-     qq|WHERE (a.${vc}_id = ?) AND (a.curr = ?) AND NOT (a.amount = paid)|;
+     qq|WHERE (a.${vc}_id = ?) AND (a.curr = ? $curr_null) AND NOT (a.amount = paid)|;
 		 qq|ORDER BY a.id|;
   my $sth = prepare_execute_query($form, $dbh, $query,
                                   conv_i($form->{"${vc}_id"}),