X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/95155b0d6ddca4b62319edce20397a3ceebac346..d18a84dfd90b91c60093c77bbc5900408e0c5697:/SL/IS.pm

diff --git a/SL/IS.pm b/SL/IS.pm
index e5d61193d..1ee47f209 100644
--- a/SL/IS.pm
+++ b/SL/IS.pm
@@ -2226,13 +2226,17 @@ sub get_pricegroups_for_parts {
 sub has_storno {
   $main::lxdebug->enter_sub();
 
-  my ($self, $myconfig, $form) = @_;
+  my ($self, $myconfig, $form, $table) = @_;
 
   $main::lxdebug->leave_sub() and return 0 unless ($form->{id});
 
+  # make sure there's no funny stuff in $table
+  # ToDO: die when this happens and throw an error
+  $main::lxdebug->leave_sub() and return 0 if ($table =~ /\W/);
+
   my $dbh = $form->dbconnect($myconfig);
 
-  my $query = qq|SELECT storno FROM ar WHERE id = ?|;
+  my $query = qq|SELECT storno FROM $table WHERE id = ?|;
   my ($result) = selectrow_query($form, $dbh, $query, $form->{id});
 
   $dbh->disconnect();