pridany dalsi relacni linky

diff --git a/assistants/sell.inc.php b/assistants/sell.inc.php
index 26f963150170a6a13b4130a04e3eaaa47d2d54a0..33b08e57cb62e12cca50f7c6962896469ad1866f 100644 (file)
--- a/assistants/sell.inc.php
+++ b/assistants/sell.inc.php
@@ -14,8 +14,9 @@ $hide_cols_common = array_merge($hide_cols_additional,array('status_id','item_pr
 
 switch($SUBPATH[0]) {
        default: case 1:
+               $serial = isset($_GET['serial']) ? htmlspecialchars($_GET['serial']) : ''; //TODO: XSS
                echo $this->html->form("$URL/2", 'GET', array(
-                       array('serial','','text',false,'autofocus','item_serial:'),
+                       array('serial',$serial,'text',false,'autofocus','item_serial:'),
                        array('quantity','1','text',false,false,'quantity:'),
                        array(false,$button_label,'submit')
                ));

diff --git a/index.php b/index.php
index b37ab51d93f729142d5a1274cd1d818aa6ef1587..7361d3053532e26d7fabcfa3ad96a5c668253b14 100755 (executable)
--- a/index.php
+++ b/index.php
@@ -298,6 +298,9 @@ EOF;
                                'model_id' => array(array('item',$where_url)),
                                'model_barcode' => array(array('store','assistant/%d?barcode=%v'))
                        ),
+                       'item' => array(
+                               'item_serial' => array(array('dispose','assistant/%d?serial=%v'),array('sell','assistant/%d?serial=%v'))
+                       ),
                        'category' => array('category_id' => array(array('item',$where_url))),
                        'producer' => array('producer_id' => array(array('item',$where_url))),
                        'vendor' => array('vendor_id' => array(array('item',$where_url))),