X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FVK.pm;h=c056aac6516d94e37bc7081e7b7d667e69886c2e;hb=b632cee8434442efd8ae3962126c34123172daac;hp=63eecfd85bb829afe2ecd989f8a7c2a225d845ed;hpb=a521b29b7f07b940afb392ccbd22f6373dfa0b7e;p=kivitendo-erp.git

diff --git a/SL/VK.pm b/SL/VK.pm
index 63eecfd85..c056aac65 100644
--- a/SL/VK.pm
+++ b/SL/VK.pm
@@ -51,7 +51,7 @@ sub invoice_transactions {
   my @values;
 
   my $query =
-    qq|SELECT ct.id as customerid, ct.name as customername,ct.customernumber,ct.country,ar.invnumber,ar.id,ar.transdate,p.partnumber,pg.partsgroup,i.parts_id,i.qty,i.price_factor,i.discount,i.description as description,i.lastcost,i.sellprice,i.marge_total,i.marge_percent,i.unit,b.description as business,e.name as employee,e2.name as salesman, to_char(ar.transdate,'Month') as month | .
+    qq|SELECT ct.id as customerid, ct.name as customername,ct.customernumber,ct.country,ar.invnumber,ar.id,ar.transdate,p.partnumber,pg.partsgroup,i.parts_id,i.qty,i.price_factor,i.discount,i.description as description,i.lastcost,i.sellprice,i.fxsellprice,i.marge_total,i.marge_percent,i.unit,b.description as business,e.name as employee,e2.name as salesman, to_char(ar.transdate,'Month') as month, to_char(ar.transdate, 'YYYYMM') as nummonth, p.unit as parts_unit, p.weight | .
     qq|FROM invoice i | .  
     qq|JOIN ar on (i.trans_id = ar.id) | .
     qq|JOIN parts p on (i.parts_id = p.id) | .
@@ -77,25 +77,30 @@ sub invoice_transactions {
   # Bestandteile von Erzeugnissen herausfiltern
   $where .= " AND i.assemblyitem is not true ";
 
+  # filter allowed parameters for mainsort and subsort as passed by POST
+  my @databasefields = qw(description customername country partsgroup business salesman month);
+  my ($mainsort) = grep { /^$form->{mainsort}$/ } @databasefields;
+  my ($subsort) = grep { /^$form->{subsort}$/ } @databasefields;
+  die "illegal parameter for mainsort or subsort" unless $mainsort and $subsort;
+
   my $sortorder;
-  # sorting by month is a special case:
-  # Sorting by month, using salesman as an example:
-  # Sorting with month as mainsort: ORDER BY month,salesman,ar.transdate,ar.invnumber
-  # Sorting with month as subsort:  ORDER BY salesman,ar.transdate,month,ar.invnumber
+  # sorting by month is a special case, we don't want to sort alphabetically by
+  # month name, so we also extract a numerical month in the from YYYYMM to sort
+  # by in case of month sorting
+  # Sorting by month, using description as an example:
+  # Sorting with month as mainsort: ORDER BY nummonth,description,ar.transdate,ar.invnumber
+  # Sorting with month as subsort:  ORDER BY description,nummonth,ar.transdate,ar.invnumber
   if ($form->{mainsort} eq 'month') {
-    $sortorder .= "ar.transdate,month,"
+    $sortorder .= "nummonth,"
   } else {
-    $sortorder .= $form->{mainsort} . ",";
+    $sortorder .= $mainsort . ",";
   };
   if ($form->{subsort} eq 'month') {
-    $sortorder .= "ar.transdate,month,"
+    $sortorder .= "nummonth,"
   } else {
-    $sortorder .= $form->{subsort} . ",";
+    $sortorder .= $subsort . ",";
   };
-  $sortorder .= 'ar.transdate,' unless $form->{subsort} eq 'month';
-  $sortorder .= 'ar.invnumber';
-
-#  $sortorder =~ s/month/ar.transdate/;
+  $sortorder .= 'ar.transdate,ar.invnumber';  # Default sorting order after mainsort und subsort
 
   if ($form->{customer_id}) {
     $where .= " AND ar.customer_id = ?";