X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/fc1e397330501fecd1ea62511c0965f0a5ef27b6..f82e94c7cbbea66d902e286c531d2282fc69f67c:/SL/RP.pm

diff --git a/SL/RP.pm b/SL/RP.pm
index 5554916c4..425dfa1c2 100644
--- a/SL/RP.pm
+++ b/SL/RP.pm
@@ -1465,7 +1465,7 @@ sub paymentaccounts {
   my ($self, $myconfig, $form) = @_;
 
   # connect to database, turn AutoCommit off
-  my $dbh = $form->dbconnect_noauto($myconfig);
+  my $dbh = SL::DB->client->dbh;
 
   my $ARAP = $form->{db} eq "ar" ? "AR" : "AP";
 
@@ -1476,8 +1476,6 @@ sub paymentaccounts {
        WHERE link LIKE '%${ARAP}_paid%'|;
   $form->{PR} = selectall_hashref_query($form, $dbh, $query);
 
-  $dbh->disconnect;
-
   $main::lxdebug->leave_sub();
 }
 
@@ -1487,7 +1485,7 @@ sub payments {
   my ($self, $myconfig, $form) = @_;
 
   # connect to database, turn AutoCommit off
-  my $dbh = $form->dbconnect_noauto($myconfig);
+  my $dbh = SL::DB->client->dbh;
 
   my $ml = 1;
   my $arap;
@@ -1608,8 +1606,6 @@ sub payments {
     $sth_details->finish();
   }
 
-  $dbh->disconnect;
-
   $main::lxdebug->leave_sub();
 }
 
@@ -1873,12 +1869,8 @@ sub erfolgsrechnung {
   my ($self, $myconfig, $form) = @_;
   $form->{company} = $::instance_conf->get_company;
   $form->{address} = $::instance_conf->get_address;
-  #injection-filter
-  $form->{fromdate} =~ s/[^0-9\.]//g;
-  $form->{todate} =~ s/[^0-9\.]//g;
-  #input validation
-  $form->{fromdate} = "01.01.2000" if $form->{fromdate} !~ m/[0-9]*\.[0-9]*\.[0-9]*/;
-  $form->{todate} = $form->current_date(%{$myconfig}) if $form->{todate} !~ m/[0-9]*\.[0-9]*\.[0-9]*/;
+  $form->{fromdate} = DateTime->new(year => 2000, month => 1, day => 1)->to_kivitendo unless $form->{fromdate};
+  $form->{todate} = $form->current_date(%{$myconfig}) unless $form->{todate};
 
   my %categories = (I => "ERTRAG", E => "AUFWAND");
   my $fromdate = conv_dateq($form->{fromdate});
@@ -1914,9 +1906,9 @@ sub get_accounts_ch {
   my ($inclusion);
 
   if ($category eq 'I') {
-    $inclusion = "AND pos_er = NULL OR pos_er > '0' AND pos_er <= '5'";
+    $inclusion = "AND pos_er = NULL OR pos_er = '1'";
   } elsif ($category eq 'E') {
-    $inclusion = "AND pos_er = NULL OR pos_er >= '6' AND pos_er < '100'";
+    $inclusion = "AND pos_er = NULL OR pos_er = '6'";
   } else {
     $inclusion = "";
   }
@@ -1924,10 +1916,10 @@ sub get_accounts_ch {
   my $query = qq|
     SELECT id, accno, description, category
     FROM chart
-    WHERE category = '$category' $inclusion
+    WHERE category = ? $inclusion
     ORDER BY accno
   |;
-  my $accounts = _query($query);
+  my $accounts = _query($query, $category);
 
   $main::lxdebug->leave_sub();
   return $accounts;
@@ -1941,11 +1933,11 @@ sub get_total_ch {
   my $query = qq|
     SELECT SUM(amount)
     FROM acc_trans
-    WHERE chart_id = '$chart_id'
-      AND transdate >= $fromdate
-      AND transdate <= $todate
+    WHERE chart_id = ?
+      AND transdate >= ?
+      AND transdate <= ?
   |;
-  $total += _query($query)->[0]->{sum};
+  $total += _query($query, $chart_id, $fromdate, $todate)->[0]->{sum};
 
   $main::lxdebug->leave_sub();
   return $total;