X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=assistants%2Fsell.inc.php;h=33b08e57cb62e12cca50f7c6962896469ad1866f;hb=a5094502005a6f99b8e4533e4107490868500411;hp=20444e06819f83f8918840bcd8dfb745d312b2e1;hpb=253705f2193c14e1f4162a37e8d1550d79efe5ec;p=mirrors%2FSokoMan.git
diff --git a/assistants/sell.inc.php b/assistants/sell.inc.php
index 20444e0..33b08e5 100644
--- a/assistants/sell.inc.php
+++ b/assistants/sell.inc.php
@@ -14,8 +14,9 @@ $hide_cols_common = array_merge($hide_cols_additional,array('status_id','item_pr
switch($SUBPATH[0]) {
default: case 1:
+ $serial = isset($_GET['serial']) ? htmlspecialchars($_GET['serial']) : ''; //TODO: XSS
echo $this->html->form("$URL/2", 'GET', array(
- array('serial','','text',false,'autofocus','item_serial:'),
+ array('serial',$serial,'text',false,'autofocus','item_serial:'),
array('quantity','1','text',false,false,'quantity:'),
array(false,$button_label,'submit')
));
@@ -52,8 +53,8 @@ switch($SUBPATH[0]) {
echo("Stock: ".$quantity_stored."
Disposing/Selling: ".$quantity_removed."
Keeping: ".$item_quantity);
$current[$item_id]['item_quantity'] = $item_quantity;
- $current[$item_id]['item_price_in'] = $item_quantity * $model_price_in;
- $current[$item_id]['item_price_out'] = $item_quantity * $model_price_out;
+ $current[$item_id]['item_price_in'] -= $quantity_removed * $model_price_in;
+ $current[$item_id]['item_price_out'] -= $quantity_removed * $model_price_out;
$forked_item[$item_id]['item_id'] = '';
$forked_item[$item_id]['item_serial'] .= '@'.time();