X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FRP.pm;h=fbfd4746a675126168f01652f051cbc88932df09;hb=691a12938bb3c3d1f6be31f93764d02fc3be6b71;hp=5554916c4d784e80274bab2fc1c19c32d44620a1;hpb=fc1e397330501fecd1ea62511c0965f0a5ef27b6;p=kivitendo-erp.git

diff --git a/SL/RP.pm b/SL/RP.pm
index 5554916c4..fbfd4746a 100644
--- a/SL/RP.pm
+++ b/SL/RP.pm
@@ -1873,12 +1873,8 @@ sub erfolgsrechnung {
   my ($self, $myconfig, $form) = @_;
   $form->{company} = $::instance_conf->get_company;
   $form->{address} = $::instance_conf->get_address;
-  #injection-filter
-  $form->{fromdate} =~ s/[^0-9\.]//g;
-  $form->{todate} =~ s/[^0-9\.]//g;
-  #input validation
-  $form->{fromdate} = "01.01.2000" if $form->{fromdate} !~ m/[0-9]*\.[0-9]*\.[0-9]*/;
-  $form->{todate} = $form->current_date(%{$myconfig}) if $form->{todate} !~ m/[0-9]*\.[0-9]*\.[0-9]*/;
+  $form->{fromdate} = DateTime->new(year => 2000, month => 1, day => 1)->to_kivitendo unless $form->{fromdate};
+  $form->{todate} = $form->current_date(%{$myconfig}) unless $form->{todate};
 
   my %categories = (I => "ERTRAG", E => "AUFWAND");
   my $fromdate = conv_dateq($form->{fromdate});
@@ -1914,9 +1910,9 @@ sub get_accounts_ch {
   my ($inclusion);
 
   if ($category eq 'I') {
-    $inclusion = "AND pos_er = NULL OR pos_er > '0' AND pos_er <= '5'";
+    $inclusion = "AND pos_er = NULL OR pos_er = '1'";
   } elsif ($category eq 'E') {
-    $inclusion = "AND pos_er = NULL OR pos_er >= '6' AND pos_er < '100'";
+    $inclusion = "AND pos_er = NULL OR pos_er = '6'";
   } else {
     $inclusion = "";
   }
@@ -1924,10 +1920,10 @@ sub get_accounts_ch {
   my $query = qq|
     SELECT id, accno, description, category
     FROM chart
-    WHERE category = '$category' $inclusion
+    WHERE category = ? $inclusion
     ORDER BY accno
   |;
-  my $accounts = _query($query);
+  my $accounts = _query($query, $category);
 
   $main::lxdebug->leave_sub();
   return $accounts;
@@ -1941,11 +1937,11 @@ sub get_total_ch {
   my $query = qq|
     SELECT SUM(amount)
     FROM acc_trans
-    WHERE chart_id = '$chart_id'
-      AND transdate >= $fromdate
-      AND transdate <= $todate
+    WHERE chart_id = ?
+      AND transdate >= ?
+      AND transdate <= ?
   |;
-  $total += _query($query)->[0]->{sum};
+  $total += _query($query, $chart_id, $fromdate, $todate)->[0]->{sum};
 
   $main::lxdebug->leave_sub();
   return $total;