datev templates escaping

[mfinanz.git] / SL / Form.pm

diff --git a/SL/Form.pm b/SL/Form.pm
index a95f4e0db103ec6a4682ab3cc64674a56cc51423..a01e9a8c669697a0035f97195080945731e03498 100644 (file)
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -59,6 +59,7 @@ use SL::CVar;
 use SL::DB;
 use SL::DBConnect;
 use SL::DBUtils;
+use SL::DB::AdditionalBillingAddress;
 use SL::DB::Customer;
 use SL::DB::Default;
 use SL::DB::PaymentTerm;
@@ -2955,7 +2956,7 @@ sub get_history {
       qq|SELECT h.employee_id, h.itime::timestamp(0) AS itime, h.addition, h.what_done, emp.name, h.snumbers, h.trans_id AS id | .
       qq|FROM history_erp h | .
       qq|LEFT JOIN employee emp ON (emp.id = h.employee_id) | .
-      qq|WHERE (trans_id = | . $trans_id . qq|) $restriction | .
+      qq|WHERE (trans_id = | . $dbh->quote($trans_id) . qq|) $restriction | .
       $order;
 
     my $sth = $dbh->prepare($query) || $self->dberror($query);
@@ -3154,6 +3155,8 @@ sub prepare_for_printing {
     IS->invoice_details(\%::myconfig, $self, $::locale);
   }
 
+  $self->set_addition_billing_address_print_variables;
+
   # Chose extension & set source file name
   my $extension = 'html';
   if ($self->{format} eq 'postscript') {
@@ -3221,6 +3224,17 @@ sub prepare_for_printing {
   return $self;
 }
 
+sub set_addition_billing_address_print_variables {
+  my ($self) = @_;
+
+  return if !$self->{billing_address_id};
+
+  my $address = SL::DB::Manager::AdditionalBillingAddress->find_by(id => $self->{billing_address_id});
+  return if !$address;
+
+  $self->{"billing_address_${_}"} = $address->$_ for map { $_->name } @{ $address->meta->columns };
+}
+
 sub substitute_placeholders_in_template_arrays {
   my ($self, @fields) = @_;