X-Git-Url: https://git.harvie.cz/?a=blobdiff_plain;f=assistants%2Fsell.inc.php;h=33b08e57cb62e12cca50f7c6962896469ad1866f;hb=4e9289ea286705d3464eb5224716cd006cbf3a15;hp=26f963150170a6a13b4130a04e3eaaa47d2d54a0;hpb=fbf1a4e63bb82818dcebfa9b7a26a71c1c8de17e;p=mirrors%2FSokoMan.git

diff --git a/assistants/sell.inc.php b/assistants/sell.inc.php
index 26f9631..33b08e5 100644
--- a/assistants/sell.inc.php
+++ b/assistants/sell.inc.php
@@ -14,8 +14,9 @@ $hide_cols_common = array_merge($hide_cols_additional,array('status_id','item_pr
 
 switch($SUBPATH[0]) {
 	default: case 1:
+		$serial = isset($_GET['serial']) ? htmlspecialchars($_GET['serial']) : ''; //TODO: XSS
 		echo $this->html->form("$URL/2", 'GET', array(
-			array('serial','','text',false,'autofocus','item_serial:'),
+			array('serial',$serial,'text',false,'autofocus','item_serial:'),
 			array('quantity','1','text',false,false,'quantity:'),
 			array(false,$button_label,'submit')
 		));