pridany dalsi relacni linky

[mirrors/SokoMan.git] / assistants / sell.inc.php

diff --git a/assistants/sell.inc.php b/assistants/sell.inc.php
index 26f963150170a6a13b4130a04e3eaaa47d2d54a0..33b08e57cb62e12cca50f7c6962896469ad1866f 100644 (file)
--- a/assistants/sell.inc.php
+++ b/assistants/sell.inc.php
@@ -14,8 +14,9 @@ $hide_cols_common = array_merge($hide_cols_additional,array('status_id','item_pr
 
 switch($SUBPATH[0]) {
        default: case 1:
+               $serial = isset($_GET['serial']) ? htmlspecialchars($_GET['serial']) : ''; //TODO: XSS
                echo $this->html->form("$URL/2", 'GET', array(
-                       array('serial','','text',false,'autofocus','item_serial:'),
+                       array('serial',$serial,'text',false,'autofocus','item_serial:'),
                        array('quantity','1','text',false,false,'quantity:'),
                        array(false,$button_label,'submit')
                ));