webERP Forum

GLBalanceSheet.php

PHP Code:
$ActEnquiryURL = '<a href="' . $RootPath . '/GLAccountInquiry.php?Period=' . $_POST['BalancePeriodEnd'] . '&amp;Account=' . $myrow['accountcode'] . '">' . $myrow['accountcode'] . '</a>'; 

Should be:

PHP Code:
$ActEnquiryURL = '<a href="'. $RootPath . '/GLAccountInquiry.php?FromPeriod=-24&amp;ToPeriod=' . $_POST['BalancePeriodEnd'] . '&amp;Account=' . $myrow['accountcode'] . '&amp;Show=Yes">' . $myrow['accountcode'] . '</a>'; 

Will fix this tomorrow.

Change committed.

(12-07-2018, 11:00 PM)VortecCPI Wrote: [ -> ]
PHP Code:
$ActEnquiryURL = '<a href="'. $RootPath . '/GLAccountInquiry.php?FromPeriod=-24&ToPeriod=' . $_POST['BalancePeriodEnd'] . '&Account=' . $myrow['accountcode'] . '&Show=Yes">' . $myrow['accountcode'] . '</a>';

We should be sanitising the url parameters for security. Some are and some aren't yet so this should read:

PHP Code:
$ActEnquiryURL = '<a href="'. $RootPath . '/GLAccountInquiry.php?FromPeriod=-24&amp;ToPeriod=' . urlencode($_POST['BalancePeriodEnd']) . '&amp;Account=' . urlencode($myrow['accountcode']) . '&amp;Show=Yes">' . $myrow['accountcode'] . '</a>'; 

Tim

Yes, that's true. I'll update that. (I'll keep this in mind going forward)

Change applying urlencode committed.

Actually looking at this change deeper why is the FromPeriod being hard coded as -24?

The most logical value would be the starting period for the financial period that the balance sheet refers to.

I was curious about that too, actually, but I do not know the GL area as well as others.
No problem to apply a correction for what should be the replacement.

Paul B., any info on the -24 within the link?

Not too sure about that. When I added it our new company was only a few months old so perhaps I did it for test and forgot all about it.

Should not a Balance Sheet default to Fiscal Year?

VortecCPI

TurboPT

TurboPT

TimSchofield

TurboPT

TurboPT

TimSchofield

TurboPT

TurboPT

VortecCPI