From d59ee064382ca2d4a7a89516e3bc806cc1edb0a0 Mon Sep 17 00:00:00 2001
From: Florian Mortgat <florian.mortgat@atm-consulting.fr>
Date: Thu, 25 Feb 2021 14:51:57 +0100
Subject: [PATCH 1/4] FIX 11.0 - $this->socid injected in query without
 checking for empty value

---
 htdocs/contact/class/contact.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php
index dadb41179ca..030d2417853 100644
--- a/htdocs/contact/class/contact.class.php
+++ b/htdocs/contact/class/contact.class.php
@@ -1686,7 +1686,7 @@ class Contact extends CommonObject
 
 		$this->db->begin();
 
-		$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".$this->socid." AND fk_socpeople=".$this->id; ;
+		$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".intval($this->socid)." AND fk_socpeople=".$this->id; ;
 
 		dol_syslog(__METHOD__, LOG_DEBUG);
 		$result = $this->db->query($sql);

From 8e8efce7d173346fe52c8374500b49190a83da6c Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 26 Feb 2021 10:23:53 +0100
Subject: [PATCH 2/4] Fix sql syntax

---
 htdocs/contact/class/contact.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php
index 030d2417853..e0239da6142 100644
--- a/htdocs/contact/class/contact.class.php
+++ b/htdocs/contact/class/contact.class.php
@@ -1686,7 +1686,7 @@ class Contact extends CommonObject
 
 		$this->db->begin();
 
-		$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".intval($this->socid)." AND fk_socpeople=".$this->id; ;
+		$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".((int) $this->socid)." AND fk_socpeople=".$this->id;
 
 		dol_syslog(__METHOD__, LOG_DEBUG);
 		$result = $this->db->query($sql);

From 99a17cadb7377f82ecb409ee0304785c0fcc4675 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 26 Feb 2021 10:25:08 +0100
Subject: [PATCH 3/4] Fix sql syntax

---
 htdocs/contact/class/contact.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php
index e0239da6142..06b436fc0c8 100644
--- a/htdocs/contact/class/contact.class.php
+++ b/htdocs/contact/class/contact.class.php
@@ -1704,7 +1704,7 @@ class Contact extends CommonObject
 					$sql .= "fk_socpeople) ";
 					$sql .= " VALUES (".$conf->entity.",";
 					$sql .= "'".$this->db->idate(dol_now())."',";
-					$sql .= $this->socid.", ";
+					$sql .= ((int) $this->socid).", ";
 					$sql .= $valRoles." , ";
 					$sql .= $this->id;
 					$sql .= ")";

From 549136efebebdb1e33fbfe224c53b19a15afe6ed Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 26 Feb 2021 10:25:30 +0100
Subject: [PATCH 4/4] Removed useless log

---
 htdocs/contact/class/contact.class.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php
index 06b436fc0c8..ac415afce6c 100644
--- a/htdocs/contact/class/contact.class.php
+++ b/htdocs/contact/class/contact.class.php
@@ -1708,7 +1708,6 @@ class Contact extends CommonObject
 					$sql .= $valRoles." , ";
 					$sql .= $this->id;
 					$sql .= ")";
-					dol_syslog(__METHOD__, LOG_DEBUG);
 
 					$result = $this->db->query($sql);
 					if (!$result)