X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FForm.pm;h=3719515c3335f67b2c2eeb1e556eeab37f763741;hb=6b293028a4c1f27bcb07c665a4f43f5362debf1f;hp=1c1956241e14fc61c5c398bc2ffc09d0418adfd7;hpb=142f7c2cd402db32f71bef206a6399c62c56bdfa;p=kivitendo-erp.git

diff --git a/SL/Form.pm b/SL/Form.pm
index 1c1956241..3719515c3 100644
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -43,6 +43,7 @@ use HTML::Template;
 use SL::Template;
 use CGI::Ajax;
 use SL::DBUtils;
+use SL::Mailer;
 use SL::Menu;
 use SL::User;
 use SL::Common;
@@ -69,61 +70,77 @@ sub _request_to_hash {
   $main::lxdebug->enter_sub(2);
 
   my ($input) = @_;
-  my ($i,        $loc,  $key,    $val);
-  my (%ATTACH,   $f,    $header, $header_body, $len, $buf);
-  my ($boundary, @list, $size,   $body, $x, $blah, $name);
-
-  if ($ENV{'CONTENT_TYPE'}
-      && ($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)) {
-    $boundary = quotemeta('--' . $1);
-    @list     = split(/$boundary/, $input);
-
-    # For some reason there are always 2 extra, that are empty
-    $size = @list - 2;
-
-    for ($x = 1; $x <= $size; $x++) {
-      $header_body = $list[$x];
-      $header_body =~ /\r\n\r\n|\n\n/;
-
-      # Here we split the header and body
-      $header = $`;
-      $body   = $';    #'
-      $body =~ s/\r\n$//;
-
-      # Now we try to get the file name
-      $name = $header;
-      $name =~ /name=\"(.+)\"/;
-      ($name, $blah) = split(/\"/, $1);
-
-      # If the form name is not attach, then we need to parse this like
-      # regular form data
-      if ($name ne "attach") {
-        $body =~ s/%([0-9a-fA-Z]{2})/pack("c",hex($1))/eg;
-        $ATTACH{$name} = $body;
-
-        # Otherwise it is an attachment and we need to finish it up
-      } elsif ($name eq "attach") {
-        $header =~ /filename=\"(.+)\"/;
-        $ATTACH{'FILE_NAME'} = $1;
-        $ATTACH{'FILE_NAME'} =~ s/\"//g;
-        $ATTACH{'FILE_NAME'} =~ s/\s//g;
-        $ATTACH{'FILE_CONTENT'} = $body;
-
-        for ($i = $x; $list[$i]; $i++) {
-          $list[$i] =~ s/^.+name=$//;
-          $list[$i] =~ /\"(\w+)\"/;
-          $ATTACH{$1} = $';    #'
+
+  if (!$ENV{'CONTENT_TYPE'}
+      || ($ENV{'CONTENT_TYPE'} !~ /multipart\/form-data\s*;\s*boundary\s*=\s*(.+)$/)) {
+    $main::lxdebug->leave_sub(2);
+    return _input_to_hash($input);
+  }
+
+  my ($name, $filename, $headers_done, $content_type, $boundary_found, $need_cr);
+  my %params;
+
+  my $boundary = '--' . $1;
+
+  foreach my $line (split m/\n/, $input) {
+    last if (($line eq "${boundary}--") || ($line eq "${boundary}--\r"));
+
+    if (($line eq $boundary) || ($line eq "$boundary\r")) {
+      $params{$name} =~ s|\r?\n$|| if $name;
+
+      undef $name, $filename;
+
+      $headers_done   = 0;
+      $content_type   = "text/plain";
+      $boundary_found = 1;
+      $need_cr        = 0;
+
+      next;
+    }
+
+    next unless $boundary_found;
+
+    if (!$headers_done) {
+      $line =~ s/[\r\n]*$//;
+
+      if (!$line) {
+        $headers_done = 1;
+        next;
+      }
+
+      if ($line =~ m|^content-disposition\s*:.*?form-data\s*;|i) {
+        if ($line =~ m|filename\s*=\s*"(.*?)"|i) {
+          $filename = $1;
+          substr $line, $-[0], $+[0] - $-[0], "";
         }
+
+        if ($line =~ m|name\s*=\s*"(.*?)"|i) {
+          $name = $1;
+          substr $line, $-[0], $+[0] - $-[0], "";
+        }
+
+        $params{$name}    = "";
+        $params{FILENAME} = $filename if ($filename);
+
+        next;
       }
+
+      if ($line =~ m|^content-type\s*:\s*(.*?)$|i) {
+        $content_type = $1;
+      }
+
+      next;
     }
 
-    $main::lxdebug->leave_sub(2);
-    return %ATTACH;
+    next unless $name;
 
-      } else {
-    $main::lxdebug->leave_sub(2);
-    return _input_to_hash($input);
+    $params{$name} .= "${line}\n";
   }
+
+  $params{$name} =~ s|\r?\n$|| if $name;
+
+  $main::lxdebug->leave_sub(2);
+  return %params;
 }
 
 sub new {
@@ -508,9 +525,9 @@ sub parse_html_template {
     $additional_params->{"myconfig_jsc_dateformat"} = $jsc_dateformat;
   }
 
-  $additional_params->{"conf_jscalendar"} = $main::jscalendar;
-  $additional_params->{"conf_lizenzen"} = $main::lizenzen;
-  $additional_params->{"conf_latex_templates"} = $main::latex;
+  $additional_params->{"conf_webdav"}                 = $main::webdav;
+  $additional_params->{"conf_lizenzen"}               = $main::lizenzen;
+  $additional_params->{"conf_latex_templates"}        = $main::latex;
   $additional_params->{"conf_opendocument_templates"} = $main::opendocument_templates;
 
   my @additional_param_names = keys(%{$additional_params});
@@ -731,7 +748,9 @@ sub parse_template {
   $main::lxdebug->enter_sub();
 
   my ($self, $myconfig, $userspath) = @_;
-  my $template;
+  my ($template, $out);
+
+  local (*IN, *OUT);
 
   $self->{"cwd"} = getcwd();
   $self->{"tmpdir"} = $self->{cwd} . "/${userspath}";
@@ -774,7 +793,19 @@ sub parse_template {
   # OUT is used for the media, screen, printer, email
   # for postscript we store a copy in a temporary file
   my $fileid = time;
-  $self->{tmpfile} ||= "$userspath/${fileid}.$self->{IN}";
+  my $prepend_userspath;
+
+  if (!$self->{tmpfile}) {
+    $self->{tmpfile}   = "${fileid}.$self->{IN}";
+    $prepend_userspath = 1;
+  }
+
+  $prepend_userspath = 1 if substr($self->{tmpfile}, 0, length $userspath) eq $userspath;
+
+  $self->{tmpfile} =~ s|.*/||;
+  $self->{tmpfile} =~ s/[^a-zA-Z0-9\._\ \-]//g;
+  $self->{tmpfile} = "$userspath/$self->{tmpfile}" if $prepend_userspath;
+
   if ($template->uses_temp_file() || $self->{media} eq 'email') {
     $out = $self->{OUT};
     $self->{OUT} = ">$self->{tmpfile}";
@@ -798,8 +829,6 @@ sub parse_template {
 
     if ($self->{media} eq 'email') {
 
-      use SL::Mailer;
-
       my $mail = new Mailer;
 
       map { $mail->{$_} = $self->{$_} }
@@ -841,7 +870,7 @@ sub parse_template {
 
       }
 
-      my $err = $mail->send($out);
+      my $err = $mail->send();
       $self->error($self->cleanup . "$err") if ($err);
 
     } else {
@@ -862,7 +891,9 @@ sub parse_template {
           open(OUT, $self->{OUT})
             or $self->error($self->cleanup . "$self->{OUT} : $!");
         } else {
-          $self->{attachment_filename} = $self->generate_attachment_filename();
+          $self->{attachment_filename} = ($self->{attachment_filename}) 
+                                       ? $self->{attachment_filename}
+                                       : $self->generate_attachment_filename();
 
           # launch application
           print qq|Content-Type: | . $template->get_mime_type() . qq|
@@ -1504,10 +1535,7 @@ sub _get_shipto {
   $key = "all_shipto" unless ($key);
 
   # get shipping addresses
-  my $query =
-    qq|SELECT shipto_id, shiptoname, shiptodepartment_1 | .
-    qq|FROM shipto | .
-    qq|WHERE trans_id = ?|;
+  my $query = qq|SELECT * FROM shipto WHERE trans_id = ?|;
 
   $self->{$key} = selectall_hashref_query($self, $dbh, $query, $vc_id);
 
@@ -1539,7 +1567,7 @@ sub _get_charts {
   my $transdate = quote_db_date($params->{transdate});
 
   my $query =
-    qq|SELECT c.accno, c.description, c.link, tk.taxkey_id, tk.tax_id | .
+    qq|SELECT c.id, c.accno, c.description, c.link, tk.taxkey_id, tk.tax_id | .
     qq|FROM chart c | .
     qq|LEFT JOIN taxkeys tk ON | .
     qq|(tk.id = (SELECT id FROM taxkeys | .
@@ -1667,7 +1695,7 @@ sub _get_customers {
 
   $key = "all_customers" unless ($key);
 
-  my $query = qq|SELECT * FROM customer LIMIT $main::myconfig{vclimit}|;
+  my $query = qq|SELECT * FROM customer|;
 
   $self->{$key} = selectall_hashref_query($self, $dbh, $query);
 
@@ -1681,7 +1709,21 @@ sub _get_vendors {
 
   $key = "all_vendors" unless ($key);
 
-  my $query = qq|SELECT * FROM vendor|; # LIMIT $main::myconfig{vclimit}|;
+  my $query = qq|SELECT * FROM vendor|;
+
+  $self->{$key} = selectall_hashref_query($self, $dbh, $query);
+
+  $main::lxdebug->leave_sub();
+}
+
+sub _get_departments {
+  $main::lxdebug->enter_sub();
+
+  my ($self, $dbh, $key) = @_;
+
+  $key = "all_departments" unless ($key);
+
+  my $query = qq|SELECT * FROM department|;
 
   $self->{$key} = selectall_hashref_query($self, $dbh, $query);
 
@@ -1762,6 +1804,10 @@ sub get_lists {
     $self->_get_payments($dbh, $params{"payments"});
   }
 
+  if($params{"departments"}) {
+    $self->_get_departments($dbh, $params{"departments"});
+  }
+
   $dbh->disconnect();
 
   $main::lxdebug->leave_sub();
@@ -2447,10 +2493,9 @@ sub save_history {
 sub get_history {
   $main::lxdebug->enter_sub();
 
-  my $self = shift();
-  my $dbh = shift();
-  my $trans_id = shift();
-  my $restriction = shift();
+  my ($self, $dbh, $trans_id, $restriction, $order) = @_;
+  my ($orderBy, $desc) = split(/\-\-/, $order);
+  $order = " ORDER BY " . ($order eq "" ? " h.itime " : ($desc == 1 ? $orderBy . " DESC " : $orderBy . " "));
   my @tempArray;
   my $i = 0;
   if ($trans_id ne "") {
@@ -2458,12 +2503,13 @@ sub get_history {
       qq|SELECT h.employee_id, h.itime::timestamp(0) AS itime, h.addition, h.what_done, emp.name, h.snumbers, h.trans_id AS id | .
       qq|FROM history_erp h | .
       qq|LEFT JOIN employee emp ON (emp.id = h.employee_id) | .
-      qq|WHERE trans_id = ? |
-      . $restriction;
-
+      qq|WHERE trans_id = | . $trans_id
+      . $restriction . qq| |
+      . $order;
+      
     my $sth = $dbh->prepare($query) || $self->dberror($query);
 
-    $sth->execute($trans_id) || $self->dberror("$query ($trans_id)");
+    $sth->execute() || $self->dberror("$query");
 
     while(my $hash_ref = $sth->fetchrow_hashref()) {
       $hash_ref->{addition} = $main::locale->text($hash_ref->{addition});