X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FIR.pm;h=301fe3b646e8ebc5e9cbe82f95e031c32d289658;hb=0a8ac1f354bb604a0e0988d3d2e43fe8a7f0386d;hp=e5e02f5bed4ce480dd0adc25d67e1f353cc296b1;hpb=15cfd696637c6734459068dc5ff8f97b8ebe9d25;p=kivitendo-erp.git

diff --git a/SL/IR.pm b/SL/IR.pm
index e5e02f5be..301fe3b64 100644
--- a/SL/IR.pm
+++ b/SL/IR.pm
@@ -42,6 +42,7 @@ use SL::DATEV qw(:CONSTANTS);
 use SL::DBUtils;
 use SL::DO;
 use SL::GenericTranslations;
+use SL::HTML::Restrict;
 use SL::IO;
 use SL::MoreCommon;
 use SL::DB::Default;
@@ -56,6 +57,8 @@ sub post_invoice {
 
   # connect to database, turn off autocommit
   my $dbh = $provided_dbh ? $provided_dbh : $form->dbconnect_noauto($myconfig);
+  my $restricter = SL::HTML::Restrict->create;
+
   $form->{defaultcurrency} = $form->get_default_currency($myconfig);
   my $defaultcurrency = $form->{defaultcurrency};
 
@@ -378,7 +381,7 @@ sub post_invoice {
                               project_id, serialnumber, price_factor_id, price_factor, marge_price_factor)
          VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, (SELECT factor FROM price_factors WHERE id = ?), ?)|;
     @values = ($invoice_id, conv_i($form->{id}), conv_i($form->{"id_$i"}),
-               $form->{"description_$i"}, $form->{"longdescription_$i"}, $form->{"qty_$i"} * -1,
+               $form->{"description_$i"}, $restricter->process($form->{"longdescription_$i"}), $form->{"qty_$i"} * -1,
                $baseqty * -1, $form->{"sellprice_$i"}, $fxsellprice, $form->{"discount_$i"}, $allocated,
                $form->{"unit_$i"}, conv_date($form->{deliverydate}),
                conv_i($form->{"project_id_$i"}), $form->{"serialnumber_$i"},