фикс модуля couriers stats

diff --git a/erp24/modul/orders/couriersStats.php b/erp24/modul/orders/couriersStats.php
index b34ef08c631b13812722f39e54260cc2cecd207e..c05564b895d880dee227a9d7b7cf5948740ee99b 100644 (file)
--- a/erp24/modul/orders/couriersStats.php
+++ b/erp24/modul/orders/couriersStats.php
@@ -21,15 +21,13 @@ if (!empty($_REQUEST["delivery"]) and $_REQUEST["delivery"] != "-1") {
     $delivery = htmlentities($_REQUEST["delivery"]);
     $where .= " AND delivery='$delivery' ";
 }
-if (!empty($_REQUEST["dostavka_povtor_tip"]) and $_REQUEST["dostavka_povtor_tip"] != "-1") {
+if (!empty($_REQUEST["dostavka_povtor_tip"]) && $_REQUEST["dostavka_povtor_tip"] != "-1") {
     $dostavka_povtor_tip = htmlentities($_REQUEST["dostavka_povtor_tip"]);
     $where .= " AND dostavka_povtor_tip='$dostavka_povtor_tip' ";
 }
-
-
-if (!empty($_REQUEST["courier_id"]) and $_REQUEST["courier_id"] != "-1") {
-    $where .= " AND courier_id='$courier_id'";
+if (!empty($_REQUEST["courier_id"]) && $_REQUEST["courier_id"] != "-1") {
     $courier_id = (int)$_REQUEST["courier_id"];
+    $where .= " AND courier_id='$courier_id'";
 }
 
 
@@ -39,6 +37,7 @@ foreach ($data as $row)
 
 echo "<h1>Доставки курьеров</h1>
 <form method=post role=\"form\" class=\"form-horizontal\" action=\"\">
+<input type=\"hidden\" name=\"_csrf\" value=\"" . Yii::$app->request->getCsrfToken() . "\"/>
 <table><td>Дата доставки</td><td> <input type=date class=\"form-control datetime\" value=\"$date1\" name=delivery_date1>
 </td><td>-</td><td><input type=date class=\"form-control datetime\" value=\"$date2\" name=delivery_date2></td>
 <td><select class=\"form-control\" name=delivery>
@@ -82,8 +81,7 @@ echo ">Доставка</option>
 <select name=courier_id class=\"form-control\">
 <option value=\"-1\"";
 if ($courier_id == "-1") echo " selected";
-echo ">-все-</option>
-";
+echo ">-все-</option>";
 foreach ($cur_arr as $id => $name) {
     echo "<option value=$id";
     if ($id == $courier_id) echo " selected";
@@ -93,10 +91,9 @@ echo "
 </select></td><td><button type=submit class=\"btn btn-success\" name=show>
 поиск</button></td></table>";
 echo "</form>";
-$query = "SELECT * FROM orders_amo  WHERE (status_id=142 or (status_id=143 and (price_dostavka_zatrat>0) ) )
- AND delivery_date>='$date1' AND delivery_date<='$date2' $where order by delivery_date desc,delivery_time ASC ";
 
-$data = $db::getRows($query);
+$data = $db::getRows("SELECT * FROM orders_amo  WHERE (status_id=142 or (status_id=143 and (price_dostavka_zatrat>0) ) )
+ AND delivery_date>='$date1' AND delivery_date<='$date2' $where order by delivery_date desc,delivery_time ASC");
 
 echo "<table class=\"table table-hover\">
 <thead>