Pick something say from 100 to 250 - check what the standard existing plugins use and choose something different f you do not want the system to pick one out of it's convenience in case of a clash with existing ones.
3,401 08/12/2016 04:05:25 pm
Re: Define statement in hooks.php (3 replies, posted in Modules Add-on's)
3,402 08/12/2016 04:03:25 pm
Re: Credit Card Processing (7 replies, posted in Setup)
FA sports a variety of APIs - SOAP / Restful APIs are listed in the wiki.
You can engage a developer to do it and submit it back to the project or better still, ask those at Stripe if they will make a plugin for FA for the community to use their payment services.
3,403 08/11/2016 07:55:48 am
Re: Credit Card Processing (7 replies, posted in Setup)
If there is a url for the specific e-commerce payment gateway, then it can replace the PayPal link in FA.
3,404 08/10/2016 02:20:26 pm
Re: How can I transfer a customer payment from customer A to customer B? (5 replies, posted in Accounts Receivable)
You can allocate customer payment to only their own bills in FA.
To allocate one customer's payment to another's bills, pass a journal voucher:
By Customer A Credit $ 3000
To Customer B Debit $ 3000
The above must have supporting documents from both parties agreeing to the above transfer on your books of account.
Then allocate the $3000/- from Customer A to their own bill.
3,405 08/10/2016 01:39:18 pm
Re: Define statement in hooks.php (3 replies, posted in Modules Add-on's)
The "<<" is the binary bit left shift operator. The index 150 decimal is 96 hex which when shifted left by 8 bits (those in the first 8 bit range are reserved for system application security roles) will be 9600 hex which is 38400 dec. It is this number that you will see in the security_roles table's sections and areas fields for the various roles.
In case the said index has already been assigned, then the system automatically assigns the next available one.
Read the Wiki for more info. Read this post for insights.
add_access_extensions() have to be called inside extension files to have security areas maintained by core source code. This way module access areas does not interfere with core nor any other module security areas.
3,406 08/08/2016 10:10:41 am
Topic: Backup function code analysis (0 replies, posted in Setup)
The Wiki has this post's contents.
Backup Code Analysis
The key file where the backup originates is admin/db/maintenance_db.inc
In it, the key function that starts the backup is function db_backup()
Parameter $tbpref makes it generic enabling usage of other prefixes possibly within extensions or in customisations
Creates the name of the backup sql file and goes to function db_export()
The actual backing up is done in the function db_export()
Parameter $tbpref makes it generic enabling usage of other prefixes possibly within extensions or in customisations
If no prefix is there for a company and other companies data resides in the same db, then all tables in the db including those of other companies in it too will get backed up!
Sets max chunk size before writing to sql backup file to 2MB or if present, from memory_limit value in php.ini
Writes standard parameters to sql backup as comments
Writes user comments to sql backup as comments
Acquire all table names in db and shortlist them based on prefix or all on no prefix!
SQL comment character hardcoded as "#" throughout
If your backup is taking too long, then tune the MySQL server with mysqltuner. In debian, install with apt-get install mysqltuner. Usage:
mysqlcheck -o mydbname
mysqltunerand monitor with:
tail -fn0 /var/log/mysql.err
tail -n15 /var/log/mysql.err
vmstat 5 53,407 08/08/2016 05:52:08 am
Re: Saving text with apostrophe converts to 's (20 replies, posted in Translations)
@jnunez: Hope the reports display correctly, in which case make sure that double-encoding does not take place when it is saved again.
BTW, for me, it prints and displays on screen correctly though it is stored encoded in the table field for both the sys_prefs table records and the item_codes table as well.
Tested on XAMPP v1.7.3 on WinXP SP3 (and Debian 6) and FF 37 browser.
3,408 08/07/2016 12:49:23 pm
Re: How to design invoice form (23 replies, posted in Reporting)
You're most welcome and in your turn you too can help other newbies getting their feet wet in FA.
Since you have managed to make and test such a version of the header2.inc, you can submit it in 2 parts to the project - one having just the lines to make pre-printed stationery, and another for use with such pre-printed stationery.
3,409 08/06/2016 01:34:06 pm
Re: Fix for bug in suppliers.php (3 replies, posted in Report Bugs here)
@joe: Thanks. Commit Link.
3,410 08/06/2016 01:31:54 pm
Re: How to design invoice form (23 replies, posted in Reporting)
Most, if not all lines are in the reporting/includes/header2.inc file. Try commenting out sets of lines at a time and see what disappears in the resulting invoice.... Also see what is necessary to manage the position ($x, $y co-ordinates) of the subsequent printing....
3,411 08/06/2016 01:26:52 pm
Re: Saving text with apostrophe converts to 's (20 replies, posted in Translations)
Backport of @itronix fix above is in my FA 2.3 repo.
The fix in my post above will not need any rewriting of the code for displayed back to browser as simple sql escaping will not be touched by the db_escape's decoding code.
You're right about the XSS vulnerability and hence my earlier post's fix should not normally be used. Thanks @itronics for the explanation.
@jnunex: please test with my backport in this post without the earlier post's fix and see if all is well.
3,412 08/06/2016 01:36:07 am
Re: Fix for bug in suppliers.php (3 replies, posted in Report Bugs here)
@joe: Please fix this in the official unstable repo - error known for around 18 hours.
3,413 08/06/2016 01:32:47 am
Re: Unchecked checkbox form value not set in Ajax call (3 replies, posted in Report Bugs here)
Thanks @cambell and @itronics.
Lesson: New modules and code modifiers should keep this fact in mind when using / dealing with checkboxes - in FA, use check_value() before using it....
3,414 08/06/2016 01:25:09 am
Re: Saving text with apostrophe converts to 's (20 replies, posted in Translations)
In some installs, the
'gets displayed as is without being decoded on screen / in screen field.
It will be better if it is stored as:
UPDATE sys_prefs SET value = 'Carmen\'s' WHERE name='coy_name';1. Store 3/4" nuts and 4' 2" bolt as a new item in inventory.
2. Edit it and see what you get in the Name field.
3. Make some change say 3/4" nuts with 4' 2" bolt and save.
4. View the item on screen and in the report and check if it gets mangled with double encoding....
What is the problem with using backslashes for single quotes as it is more readable in the sql backup?
What benefit do we get by using htmlspecialchars() when mysql_real_escape_string() is used alone?
What other characters are usefully modified when iso-8859-2 encoding is switched to iso-8859-1 in htmlspecialchars()?
3,415 08/05/2016 03:55:35 am
Re: How to display Items in List View? (1 replies, posted in Items and Inventory)
Setup -> Company Setup -> Search Item List -> Tick
On the Items List page, you will need to enter a few characters of the code / name and the shortlist will come up. It uses ajax filtering. Companies with 100 times as many items use FA this way.
3,416 08/04/2016 03:59:08 pm
Re: Saving text with apostrophe converts to 's (20 replies, posted in Translations)
Yes, wonder what characters other than the 5 listed are handled by htmlspecialchars() in iso-8859-1 encoding languages like Polish. Also how would the boolean variables be escaped as they would fit the non string / non numeric conditions and return an error - hence the usage of the db_escape function would have to be prudent.
These filters may be useful.
Example filter_input() from the php manual (List of available Filters):
<?php
$search_html = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS);
$search_url = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_ENCODED);
echo "You have searched for $search_html.\n";
echo "<a href='?search=$search_url'>Search again.</a>";
?>The above example will output something similar to:
You have searched for Me & son.
<a href='?search=Me%20%26%20son'>Search again.</a>3,417 08/04/2016 03:46:37 pm
Re: Tax Inquiry - Tax not showing (18 replies, posted in Reporting)
@joe/itronics: please advise way forward - for now use the config variable but check with voided table as well.
3,418 08/04/2016 10:58:57 am
Re: How to Add new things in Manufacturing? (2 replies, posted in Manufactoring)
Add your menu entries in applications/manufacturing.php file.
3,419 08/04/2016 10:56:52 am
Re: How to customize the shortcut menus (7 replies, posted in Setup)
Whilst the look and feel are definitely part of the theme, the shortcuts are part of the string it shows for example in applications/customers.php which is the sales / order application tab:
class customers_app extends application
{
function customers_app()
{
$this->application("orders", _($this->help_context = "&Sales"));
$this->add_module(_("Transactions"));
$this->add_lapp_function(0, _("Sales &Quotation Entry"),
"sales/sales_order_entry.php?NewQuotation=Yes", 'SA_SALESQUOTE', MENU_TRANSACTION);
$this->add_lapp_function(0, _("Sales &Order Entry"),
..
..The character that succeeds "&" character in the strings above are the shortcuts. If the same character is there more than once in a page, it will cycle thru them on each choice.
Attached your file here.
3,420 08/04/2016 10:49:17 am
Re: Tax Inquiry - Tax not showing (18 replies, posted in Reporting)
@joe: what policy do we follow - stick with 0 as void entry and mix 0 non-void entries with it or choose voids from the voided table?
3,421 08/04/2016 10:47:07 am
Re: Saving text with apostrophe converts to 's (20 replies, posted in Translations)
These functions are part of the db_escape() function.
@joe: looks like you can commit it now.
3,422 08/04/2016 07:17:06 am
Re: Release 2.4.RC1 (20 replies, posted in Announcements)
If you can translate the empty.po files into Sinhala and submit it to the project, it might get added in. Tamil has yet to be added officially and resides only in my FA 2.3 repo. You can fork the repo on GitHub and add in your language files and submit a pull request as well. You can also consider contributing a Sinhala Chart of Accounts as well.
Checkout the links in the Wiki on Glotpress and transifex to translate online.
Read this post for what else needs to be done to get your language working.
3,423 08/04/2016 06:54:43 am
Re: Saving text with apostrophe converts to 's (20 replies, posted in Translations)
Thanks. Here is the solution:
All data stored in the tables pass through function db_escape(). The Setup -> Company Setup form acquires the data and stores it using function update_company_prefs() in admin/db/company_db.inc file.
It is the "ENT_QUOTES" parameter that causes the apostrophe to get encoded in the function htmlspecialchars().
The real solution will be to use the htmlspecialchars() function when the mysql_real_escape_string() is not available by altering the function db_excape() in includes/db/connect_db.inc :
function db_escape($value = "", $nullify = false)
{
$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
$value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding);
//reset default if second parameter is skipped
$nullify = ($nullify === null) ? (false) : ($nullify);
//check for null/unset/empty strings
if ((!isset($value)) || (is_null($value)) || ($value === "")) {
$value = ($nullify) ? ("NULL") : ("''");
} else {
if (is_string($value)) {
//value is a string and should be quoted; determine best method based on available extensions
if (function_exists('mysql_real_escape_string')) {
$value = "'" . mysql_real_escape_string($value) . "'";
} else {
$value = "'" . mysql_escape_string($value) . "'";
}
} else if (!is_numeric($value)) {
//value is not a string nor numeric
display_error("ERROR: incorrect data type send to sql query");
echo '<br><br>';
exit();
}
}
return $value;
}to be
function db_escape($value = "", $nullify = false)
{
$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
if ($_SESSION['language']->encoding=='iso-8859-2') $value = @htmlspecialchars($value, ENT_QUOTES, 'ISO-8859-1');
//reset default if second parameter is skipped
$nullify = ($nullify === null) ? (false) : ($nullify);
//check for null/unset/empty strings
if ((!isset($value)) || (is_null($value)) || ($value === "")) {
$value = ($nullify) ? ("NULL") : ("''");
} else {
if (is_string($value)) {
//value is a string and should be quoted; determine best method based on available extensions
if (function_exists('mysql_real_escape_string')) {
$value = "'" . mysql_real_escape_string($value) . "'";
} else {
$value = "'" . mysql_escape_string($value) . "'";
}
} else if (!is_numeric($value)) {
//value is not a string nor numeric
display_error("ERROR: incorrect data type send to sql query");
echo '<br><br>';
exit();
}
}
return $value;
}We are only conditionally using the line $value = @htmlspecialchars...... for Polish like languages and can later remove it altogether. The old mysql_escape_string() did not use the link identifier and the encoding charset and may have needed @htmlspecialchars in which case it can be moved to just above that function.
The htmlspecialchars() encodes &,',",<,> only.
@joe: want to commit it?
3,424 08/04/2016 05:49:12 am
Re: Saving text with apostrophe converts to 's (20 replies, posted in Translations)
What you have done is after the fact.
Manually correct the entry in the table field to be an apostrophe instead of it's encoded version and then see if it displays correctly in the reports without using the mb_convert_encoding() function.
If all is well, then we need to correct it where the field is INSERTed / REPLACEd / UPDATEd. This needs to be done in a generic manner where all string POST variables that need to populate VARCHAR / TEXT fields get correctly stored. Such a solution will also need to take care of special characters specific to certain languages in the text as well.
3,425 08/04/2016 05:41:41 am
Re: Tax Inquiry - Tax not showing (18 replies, posted in Reporting)
Lines 121-122 in gl/includes/db/gl_db_trans.inc use the value of the config.php variable $show_voided_gl_trans to decide by assuming all gl_trans.amount values of 0 to be those of voided transactions:
if (isset($show_voided_gl_trans) && $show_voided_gl_trans == 0)
$sql .= " AND ".TB_PREF."gl_trans.amount <> 0"; By using this config.php setting the risk of mixing actual zero value transactions with those of voided transactions is there as the account filter alone does not suffice here.
The Tax Configuration in the Wiki holds good.
@joe: we need another means of determining voided entries and a config / sys_prefs entry for choosing to display normal zero valued entries.