Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Merge pull request #20495 from atm-john/new_fix_regression_select_extrafield_search

Browse Source 
FIX : regression select extrafield search + fix function name
This commit is contained in:
Laurent Destailleur
2022-05-24 21:55:33 +02:00
committed by GitHub
parent daccf603e5 1452e74431
commit 4c10c04f9f
21 changed files with 164 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/api/class/api.class.php
View File

@@ -88,9 +88,9 @@ class DolibarrApi
// phpcs:enable // phpcs:enable
// TODO Use type detected in $object->fields // TODO Use type detected in $object->fields
if (in_array($field, array('note', 'note_private', 'note_public', 'desc', 'description'))) { if (in_array($field, array('note', 'note_private', 'note_public', 'desc', 'description'))) {
return checkVal($value, 'restricthtml'); return sanitizeVal($value, 'restricthtml');
} else { } else {
return checkVal($value, 'alphanohtml'); return sanitizeVal($value, 'alphanohtml');
} }
} }

2
htdocs/categories/class/categorie.class.php
View File

@@ -919,7 +919,7 @@ class Categorie extends CommonObject
$categories = array(); $categories = array();
$type = checkVal($type, 'aZ09'); $type = sanitizeVal($type, 'aZ09');
$sub_type = $type; $sub_type = $type;
$subcol_name = "fk_".$type; $subcol_name = "fk_".$type;

8
htdocs/comm/propal/class/api_proposals.class.php
View File

@@ -351,8 +351,8 @@ class Proposals extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label); $request_data->label = sanitizeVal($request_data->label);
$updateRes = $this->propal->addline( $updateRes = $this->propal->addline(
$request_data->desc, $request_data->desc,
@@ -496,8 +496,8 @@ class Proposals extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label); $request_data->label = sanitizeVal($request_data->label);
$propalline = new PropaleLigne($this->db); $propalline = new PropaleLigne($this->db);
$result = $propalline->fetch($lineid); $result = $propalline->fetch($lineid);

8
htdocs/commande/class/api_orders.class.php
View File

@@ -350,8 +350,8 @@ class Orders extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label); $request_data->label = sanitizeVal($request_data->label);
$updateRes = $this->commande->addline( $updateRes = $this->commande->addline(
$request_data->desc, $request_data->desc,
@@ -418,8 +418,8 @@ class Orders extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label); $request_data->label = sanitizeVal($request_data->label);
$updateRes = $this->commande->updateline( $updateRes = $this->commande->updateline(
$lineid, $lineid,

22
htdocs/compta/bank/class/api_bankaccounts.class.php
View File

@@ -250,7 +250,7 @@ class BankAccounts extends DolibarrApi
} }
// Clean data // Clean data
$description = checkVal($description, 'alphanohtml'); $description = sanitizeVal($description, 'alphanohtml');
/** /**
@@ -498,13 +498,13 @@ class BankAccounts extends DolibarrApi
throw new RestException(404, 'account not found'); throw new RestException(404, 'account not found');
} }
$type = checkVal($type); $type = sanitizeVal($type);
$label = checkVal($label); $label = sanitizeVal($label);
$cheque_number = checkVal($cheque_number); $cheque_number = sanitizeVal($cheque_number);
$cheque_writer = checkVal($cheque_writer); $cheque_writer = sanitizeVal($cheque_writer);
$cheque_bank = checkVal($cheque_bank); $cheque_bank = sanitizeVal($cheque_bank);
$accountancycode = checkVal($accountancycode); $accountancycode = sanitizeVal($accountancycode);
$num_releve = checkVal($num_releve); $num_releve = sanitizeVal($num_releve);
$result = $account->addline( $result = $account->addline(
$date, $date,
@@ -557,9 +557,9 @@ class BankAccounts extends DolibarrApi
throw new RestException(404, 'account line not found'); throw new RestException(404, 'account line not found');
} }
$url = checkVal($url); $url = sanitizeVal($url);
$label = checkVal($label); $label = sanitizeVal($label);
$type = checkVal($type); $type = sanitizeVal($type);
$result = $account->add_url_line($line_id, $url_id, $url, $label, $type); $result = $account->add_url_line($line_id, $url_id, $url, $label, $type);
if ($result < 0) { if ($result < 0) {

8
htdocs/compta/facture/class/api_invoices.class.php
View File

@@ -428,8 +428,8 @@ class Invoices extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label); $request_data->label = sanitizeVal($request_data->label);
$updateRes = $this->invoice->updateline( $updateRes = $this->invoice->updateline(
$lineid, $lineid,
@@ -718,8 +718,8 @@ class Invoices extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label); $request_data->label = sanitizeVal($request_data->label);
// Reset fk_parent_line for no child products and special product // Reset fk_parent_line for no child products and special product
if (($request_data->product_type != 9 && empty($request_data->fk_parent_line)) || $request_data->product_type == 9) { if (($request_data->product_type != 9 && empty($request_data->fk_parent_line)) || $request_data->product_type == 9) {

1
htdocs/compta/facture/list.php
View File

@@ -141,7 +141,6 @@ $search_btn = GETPOST('button_search', 'alpha');
$search_remove_btn = GETPOST('button_removefilter', 'alpha'); $search_remove_btn = GETPOST('button_removefilter', 'alpha');
$optioncss = GETPOST('optioncss', 'alpha'); $optioncss = GETPOST('optioncss', 'alpha');
$option = GETPOST('search_option'); $option = GETPOST('search_option');
if ($option == 'late') { if ($option == 'late') {
$search_status = '1'; $search_status = '1';

8
htdocs/contrat/class/api_contracts.class.php
View File

@@ -278,8 +278,8 @@ class Contracts extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$request_data->price_base_type = checkVal($request_data->price_base_type); $request_data->price_base_type = sanitizeVal($request_data->price_base_type);
$updateRes = $this->contract->addline( $updateRes = $this->contract->addline(
$request_data->desc, $request_data->desc,
@@ -336,8 +336,8 @@ class Contracts extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$request_data->price_base_type = checkVal($request_data->price_base_type); $request_data->price_base_type = sanitizeVal($request_data->price_base_type);
$updateRes = $this->contract->updateline( $updateRes = $this->contract->updateline(
$lineid, $lineid,

79
htdocs/core/class/extrafields.class.php
View File

@@ -1067,35 +1067,56 @@ class ExtraFields
$out = '<input type="text" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" value="'.$value.'" '.($moreparam ? $moreparam : '').'> '; $out = '<input type="text" class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" value="'.$value.'" '.($moreparam ? $moreparam : '').'> ';
} elseif ($type == 'select') { } elseif ($type == 'select') {
$out = ''; $out = '';
if (!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_EXTRAFIELDS_DISABLE_SELECT2)) { if ($mode) {
include_once DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php'; $options = array();
$out .= ajax_combobox($keyprefix.$key.$keysuffix, array(), 0); foreach ($param['options'] as $okey => $val) {
} if ((string) $okey == '') {
continue;
}
$out .= '<select class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" '.($moreparam ? $moreparam : '').'>'; if ($langfile && $val) {
$out .= '<option value="0">&nbsp;</option>'; $options[$okey] = $langs->trans($val);
foreach ($param['options'] as $key => $val) { } else {
if ((string) $key == '') { $options[$okey] = $val;
continue; }
} }
$valarray = explode('|', $val); $selected = array();
$val = $valarray[0]; if (!is_array($value)) {
$parent = ''; $selected = explode(',', $value);
if (!empty($valarray[1])) {
$parent = $valarray[1];
} }
$out .= '<option value="'.$key.'"';
$out .= (((string) $value == (string) $key) ? ' selected' : ''); $out .= $form->multiselectarray($keyprefix.$key.$keysuffix, $options, $selected, 0, 0, $morecss, 0, 0, '', '', '', !empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_EXTRAFIELDS_DISABLE_SELECT2));
$out .= (!empty($parent) ? ' parent="'.$parent.'"' : ''); } else {
$out .= '>'; if (!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_EXTRAFIELDS_DISABLE_SELECT2)) {
if ($langfile && $val) { include_once DOL_DOCUMENT_ROOT.'/core/lib/ajax.lib.php';
$out .= $langs->trans($val); $out .= ajax_combobox($keyprefix.$key.$keysuffix, array(), 0);
} else {
$out .= $val;
} }
$out .= '</option>';
$out .= '<select class="flat '.$morecss.' maxwidthonsmartphone" name="'.$keyprefix.$key.$keysuffix.'" id="'.$keyprefix.$key.$keysuffix.'" '.($moreparam ? $moreparam : '').'>';
$out .= '<option value="0">&nbsp;</option>';
foreach ($param['options'] as $key => $val) {
if ((string) $key == '') {
continue;
}
$valarray = explode('|', $val);
$val = $valarray[0];
$parent = '';
if (!empty($valarray[1])) {
$parent = $valarray[1];
}
$out .= '<option value="'.$key.'"';
$out .= (((string) $value == (string) $key) ? ' selected' : '');
$out .= (!empty($parent) ? ' parent="'.$parent.'"' : '');
$out .= '>';
if ($langfile && $val) {
$out .= $langs->trans($val);
} else {
$out .= $val;
}
$out .= '</option>';
}
$out .= '</select>';
} }
$out .= '</select>';
} elseif ($type == 'sellist') { } elseif ($type == 'sellist') {
$out = ''; $out = '';
if (!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_EXTRAFIELDS_DISABLE_SELECT2)) { if (!empty($conf->use_javascript_ajax) && empty($conf->global->MAIN_EXTRAFIELDS_DISABLE_SELECT2)) {
@@ -2133,6 +2154,16 @@ class ExtraFields
} else { } else {
continue; // Value was not provided, we should not set it. continue; // Value was not provided, we should not set it.
} }
} elseif ($key_type == 'select') {
// to detect if we are in search context
if (GETPOSTISARRAY($keysuffix."options_".$key.$keyprefix)) {
$value_arr = GETPOST($keysuffix."options_".$key.$keyprefix, 'array:aZ09');
// Make sure we get an array even if there's only one selected
$value_arr = (array) $value_arr;
$value_key = implode(',', $value_arr);
} else {
$value_key = GETPOST($keysuffix."options_".$key.$keyprefix);
}
} elseif (in_array($key_type, array('checkbox', 'chkbxlst'))) { } elseif (in_array($key_type, array('checkbox', 'chkbxlst'))) {
if (!GETPOSTISSET($keysuffix."options_".$key.$keyprefix)) { if (!GETPOSTISSET($keysuffix."options_".$key.$keyprefix)) {
continue; // Value was not provided, we should not set it. continue; // Value was not provided, we should not set it.

49
htdocs/core/lib/functions.lib.php
View File

@@ -370,6 +370,32 @@ function GETPOSTISSET($paramname)
return $isset; return $isset;
} }
/**
* Return true if the parameter $paramname is submit from a POST OR GET as an array.
* Can be used before GETPOST to know if the $check param of GETPOST need to check an array or a string
*
* @param string $paramname Name or parameter to test
* @param int $method Type of method (0 = get then post, 1 = only get, 2 = only post, 3 = post then get)
* @return bool True if we have just submit a POST or GET request with the parameter provided (even if param is empty)
*/
function GETPOSTISARRAY($paramname, $method = 0)
{
// for $method test need return the same $val as GETPOST
if (empty($method)) {
$val = isset($_GET[$paramname]) ? $_GET[$paramname] : (isset($_POST[$paramname]) ? $_POST[$paramname] : '');
} elseif ($method == 1) {
$val = isset($_GET[$paramname]) ? $_GET[$paramname] : '';
} elseif ($method == 2) {
$val = isset($_POST[$paramname]) ? $_POST[$paramname] : '';
} elseif ($method == 3) {
$val = isset($_POST[$paramname]) ? $_POST[$paramname] : (isset($_GET[$paramname]) ? $_GET[$paramname] : '');
} else {
$val = 'BadFirstParameterForGETPOST';
}
return is_array($val);
}
/** /**
* Return value of a param into GET or POST supervariable. * Return value of a param into GET or POST supervariable.
* Use the property $user->default_values[path]['createform'] and/or $user->default_values[path]['filters'] and/or $user->default_values[path]['sortorder'] * Use the property $user->default_values[path]['createform'] and/or $user->default_values[path]['filters'] and/or $user->default_values[path]['sortorder']
@@ -660,11 +686,11 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
$tmpcheck = 'alphanohtml'; $tmpcheck = 'alphanohtml';
} }
foreach ($out as $outkey => $outval) { foreach ($out as $outkey => $outval) {
$out[$outkey] = checkVal($outval, $tmpcheck, $filter, $options); $out[$outkey] = sanitizeVal($outval, $tmpcheck, $filter, $options);
} }
} }
} else { } else {
$out = checkVal($out, $check, $filter, $options); $out = sanitizeVal($out, $check, $filter, $options);
} }
// Sanitizing for special parameters. // Sanitizing for special parameters.
@@ -713,9 +739,11 @@ function GETPOSTINT($paramname, $method = 0)
return (int) GETPOST($paramname, 'int', $method, null, null, 0); return (int) GETPOST($paramname, 'int', $method, null, null, 0);
} }
/** /**
* Return a value after checking on a rule. A sanitization may also have been done. * Return a sanitized or empty value after checking value against a rule.
* *
* @deprecated
* @param string|array $out Value to check/clear. * @param string|array $out Value to check/clear.
* @param string $check Type of check/sanitizing * @param string $check Type of check/sanitizing
* @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails) * @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails)
@@ -723,9 +751,24 @@ function GETPOSTINT($paramname, $method = 0)
* @return string|array Value sanitized (string or array). It may be '' if format check fails. * @return string|array Value sanitized (string or array). It may be '' if format check fails.
*/ */
function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = null) function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = null)
{
return sanitizeVal($out, $check, $filter, $options);
}
/**
* Return a sanitized or empty value after checking value against a rule.
*
* @param string|array $out Value to check/clear.
* @param string $check Type of check/sanitizing
* @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails)
* @param mixed $options Options to pass to filter_var when $check is set to 'custom'
* @return string|array Value sanitized (string or array). It may be '' if format check fails.
*/
function sanitizeVal($out = '', $check = 'alphanohtml', $filter = null, $options = null)
{ {
global $conf; global $conf;
// TODO : use class "Validate" to perform tests (and add missing tests) if needed for factorize
// Check is done after replacement // Check is done after replacement
switch ($check) { switch ($check) {
case 'none': case 'none':

9
htdocs/core/tpl/extrafields_list_search_sql.tpl.php
View File

@@ -48,7 +48,7 @@ if (!empty($extrafieldsobjectkey) && !empty($search_array_options) && is_array($
} }
$sql .= ")"; $sql .= ")";
} }
} elseif ($crit != '' && (!in_array($typ, array('select', 'sellist')) || $crit != '0') && (!in_array($typ, array('link')) || $crit != '-1')) { } elseif ($crit != '' && (!in_array($typ, array('select', 'sellist', 'select')) || $crit != '0') && (!in_array($typ, array('link')) || $crit != '-1')) {
$mode_search = 0; $mode_search = 0;
if (in_array($typ, array('int', 'double', 'real', 'price'))) { if (in_array($typ, array('int', 'double', 'real', 'price'))) {
$mode_search = 1; // Search on a numeric $mode_search = 1; // Search on a numeric
@@ -59,13 +59,14 @@ if (!empty($extrafieldsobjectkey) && !empty($search_array_options) && is_array($
if (in_array($typ, array('sellist')) && !is_numeric($crit)) { if (in_array($typ, array('sellist')) && !is_numeric($crit)) {
$mode_search = 0;// Search on a foreign key string $mode_search = 0;// Search on a foreign key string
} }
if (in_array($typ, array('chkbxlst', 'checkbox'))) { if (in_array($typ, array('chkbxlst', 'checkbox', 'select'))) {
$mode_search = 4; // Search on a multiselect field with sql type = text $mode_search = 4; // Search on a multiselect field with sql type = text
} }
if (is_array($crit)) { if (is_array($crit)) {
$crit = implode(' ', $crit); // natural_search() expects a string $crit = implode(' ', $crit); // natural_search() expects a string
} elseif ($typ === 'select' and is_string($crit) and strpos($crit, ' ') === false) { } elseif ($typ === 'select' and is_string($crit) and strpos($crit, ',') === false) {
$sql .= " AND (".$extrafieldsobjectprefix.$tmpkey." = '".$db->escape($crit)."')"; $critSelect = "'".implode("','", array_map(array($db, 'escape'), explode(',', $crit)))."'";
$sql .= " AND (".$extrafieldsobjectprefix.$tmpkey." IN (".$db->sanitize($critSelect, 1).") )";
continue; continue;
} }
$sql .= natural_search($extrafieldsobjectprefix.$tmpkey, $crit, $mode_search); $sql .= natural_search($extrafieldsobjectprefix.$tmpkey, $crit, $mode_search);

8
htdocs/expedition/class/api_shipments.class.php
View File

@@ -279,8 +279,8 @@ class Shipments extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label); $request_data->label = sanitizeVal($request_data->label);
$updateRes = $this->shipment->addline( $updateRes = $this->shipment->addline(
$request_data->desc, $request_data->desc,
@@ -347,8 +347,8 @@ class Shipments extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label); $request_data->label = sanitizeVal($request_data->label);
$updateRes = $this->shipment->updateline( $updateRes = $this->shipment->updateline(
$lineid, $lineid,

8
htdocs/expensereport/class/api_expensereports.class.php
View File

@@ -251,8 +251,8 @@ class ExpenseReports extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label); $request_data->label = sanitizeVal($request_data->label);
$updateRes = $this->expensereport->addline( $updateRes = $this->expensereport->addline(
$request_data->desc, $request_data->desc,
@@ -319,8 +319,8 @@ class ExpenseReports extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$request_data->label = checkVal($request_data->label); $request_data->label = sanitizeVal($request_data->label);
$updateRes = $this->expensereport->updateline( $updateRes = $this->expensereport->updateline(
$lineid, $lineid,

2
htdocs/exports/class/export.class.php
View File

@@ -302,7 +302,7 @@ class Export
public function build_filterQuery($TypeField, $NameField, $ValueField) public function build_filterQuery($TypeField, $NameField, $ValueField)
{ {
// phpcs:enable // phpcs:enable
$NameField = checkVal($NameField, 'aZ09'); $NameField = sanitizeVal($NameField, 'aZ09');
$szFilterQuery = ''; $szFilterQuery = '';
//print $TypeField." ".$NameField." ".$ValueField; //print $TypeField." ".$NameField." ".$ValueField;

8
htdocs/fourn/class/api_supplier_invoices.class.php
View File

@@ -558,8 +558,8 @@ class SupplierInvoices extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->description = checkVal($request_data->description, 'restricthtml'); $request_data->description = sanitizeVal($request_data->description, 'restricthtml');
$request_data->ref_supplier = checkVal($request_data->ref_supplier); $request_data->ref_supplier = sanitizeVal($request_data->ref_supplier);
$updateRes = $this->invoice->addline( $updateRes = $this->invoice->addline(
$request_data->description, $request_data->description,
@@ -625,8 +625,8 @@ class SupplierInvoices extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->description = checkVal($request_data->description, 'restricthtml'); $request_data->description = sanitizeVal($request_data->description, 'restricthtml');
$request_data->ref_supplier = checkVal($request_data->ref_supplier); $request_data->ref_supplier = sanitizeVal($request_data->ref_supplier);
$updateRes = $this->invoice->updateline( $updateRes = $this->invoice->updateline(
$lineid, $lineid,

4
htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php
View File

@@ -252,7 +252,7 @@ class KnowledgeManagement extends DolibarrApi
} }
// Clean data // Clean data
// $this->knowledgerecord->abc = checkVal($this->knowledgerecord->abc, 'alphanohtml'); // $this->knowledgerecord->abc = sanitizeVal($this->knowledgerecord->abc, 'alphanohtml');
if ($this->knowledgerecord->create(DolibarrApiAccess::$user)<0) { if ($this->knowledgerecord->create(DolibarrApiAccess::$user)<0) {
throw new RestException(500, "Error creating KnowledgeRecord", array_merge(array($this->knowledgerecord->error), $this->knowledgerecord->errors)); throw new RestException(500, "Error creating KnowledgeRecord", array_merge(array($this->knowledgerecord->error), $this->knowledgerecord->errors));
@@ -294,7 +294,7 @@ class KnowledgeManagement extends DolibarrApi
} }
// Clean data // Clean data
// $this->knowledgerecord->abc = checkVal($this->knowledgerecord->abc, 'alphanohtml'); // $this->knowledgerecord->abc = sanitizeVal($this->knowledgerecord->abc, 'alphanohtml');
if ($this->knowledgerecord->update(DolibarrApiAccess::$user, false) > 0) { if ($this->knowledgerecord->update(DolibarrApiAccess::$user, false) > 0) {
return $this->get($id); return $this->get($id);

4
htdocs/modulebuilder/template/class/api_mymodule.class.php
View File

@@ -218,7 +218,7 @@ class MyModuleApi extends DolibarrApi
} }
// Clean data // Clean data
// $this->myobject->abc = checkVal($this->myobject->abc, 'alphanohtml'); // $this->myobject->abc = sanitizeVal($this->myobject->abc, 'alphanohtml');
if ($this->myobject->create(DolibarrApiAccess::$user)<0) { if ($this->myobject->create(DolibarrApiAccess::$user)<0) {
throw new RestException(500, "Error creating MyObject", array_merge(array($this->myobject->error), $this->myobject->errors)); throw new RestException(500, "Error creating MyObject", array_merge(array($this->myobject->error), $this->myobject->errors));
@@ -260,7 +260,7 @@ class MyModuleApi extends DolibarrApi
} }
// Clean data // Clean data
// $this->myobject->abc = checkVal($this->myobject->abc, 'alphanohtml'); // $this->myobject->abc = sanitizeVal($this->myobject->abc, 'alphanohtml');
if ($this->myobject->update(DolibarrApiAccess::$user, false) > 0) { if ($this->myobject->update(DolibarrApiAccess::$user, false) > 0) {
return $this->get($id); return $this->get($id);

6
htdocs/product/class/api_products.class.php
View File

@@ -781,9 +781,9 @@ class Products extends DolibarrApi
} }
// Clean data // Clean data
$ref_fourn = checkVal($ref_fourn, 'alphanohtml'); $ref_fourn = sanitizeVal($ref_fourn, 'alphanohtml');
$desc_fourn = checkVal($desc_fourn, 'restricthtml'); $desc_fourn = sanitizeVal($desc_fourn, 'restricthtml');
$barcode = checkVal($barcode, 'alphanohtml'); $barcode = sanitizeVal($barcode, 'alphanohtml');
$result = $this->productsupplier->update_buyprice($qty, $buyprice, DolibarrApiAccess::$user, $price_base_type, $fourn, $availability, $ref_fourn, $tva_tx, $charges, $remise_percent, $remise, $newnpr, $delivery_time_days, $supplier_reputation, $localtaxes_array, $newdefaultvatcode, $multicurrency_buyprice, $multicurrency_price_base_type, $multicurrency_tx, $multicurrency_code, $desc_fourn, $barcode, $fk_barcode_type); $result = $this->productsupplier->update_buyprice($qty, $buyprice, DolibarrApiAccess::$user, $price_base_type, $fourn, $availability, $ref_fourn, $tva_tx, $charges, $remise_percent, $remise, $newnpr, $delivery_time_days, $supplier_reputation, $localtaxes_array, $newdefaultvatcode, $multicurrency_buyprice, $multicurrency_price_base_type, $multicurrency_tx, $multicurrency_code, $desc_fourn, $barcode, $fk_barcode_type);

4
htdocs/projet/class/api_projects.class.php
View File

@@ -333,7 +333,7 @@ class Projects extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$updateRes = $this->project->addline( $updateRes = $this->project->addline(
$request_data->desc, $request_data->desc,
@@ -400,7 +400,7 @@ class Projects extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$updateRes = $this->project->updateline( $updateRes = $this->project->updateline(
$lineid, $lineid,

4
htdocs/projet/class/api_tasks.class.php
View File

@@ -333,7 +333,7 @@ class Tasks extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$updateRes = $this->project->addline( $updateRes = $this->project->addline(
$request_data->desc, $request_data->desc,
@@ -400,7 +400,7 @@ class Tasks extends DolibarrApi
$request_data = (object) $request_data; $request_data = (object) $request_data;
$request_data->desc = checkVal($request_data->desc, 'restricthtml'); $request_data->desc = sanitizeVal($request_data->desc, 'restricthtml');
$updateRes = $this->project->updateline( $updateRes = $this->project->updateline(
$lineid, $lineid,

8
htdocs/recruitment/class/api_recruitment.class.php
View File

@@ -364,7 +364,7 @@ class Recruitment extends DolibarrApi
} }
// Clean data // Clean data
// $this->jobposition->abc = checkVal($this->jobposition->abc, 'alphanohtml'); // $this->jobposition->abc = sanitizeVal($this->jobposition->abc, 'alphanohtml');
if ($this->jobposition->create(DolibarrApiAccess::$user)<0) { if ($this->jobposition->create(DolibarrApiAccess::$user)<0) {
throw new RestException(500, "Error creating jobposition", array_merge(array($this->jobposition->error), $this->jobposition->errors)); throw new RestException(500, "Error creating jobposition", array_merge(array($this->jobposition->error), $this->jobposition->errors));
@@ -396,7 +396,7 @@ class Recruitment extends DolibarrApi
} }
// Clean data // Clean data
// $this->jobposition->abc = checkVal($this->jobposition->abc, 'alphanohtml'); // $this->jobposition->abc = sanitizeVal($this->jobposition->abc, 'alphanohtml');
if ($this->candidature->create(DolibarrApiAccess::$user)<0) { if ($this->candidature->create(DolibarrApiAccess::$user)<0) {
throw new RestException(500, "Error creating candidature", array_merge(array($this->candidature->error), $this->candidature->errors)); throw new RestException(500, "Error creating candidature", array_merge(array($this->candidature->error), $this->candidature->errors));
@@ -438,7 +438,7 @@ class Recruitment extends DolibarrApi
} }
// Clean data // Clean data
// $this->jobposition->abc = checkVal($this->jobposition->abc, 'alphanohtml'); // $this->jobposition->abc = sanitizeVal($this->jobposition->abc, 'alphanohtml');
if ($this->jobposition->update(DolibarrApiAccess::$user, false) > 0) { if ($this->jobposition->update(DolibarrApiAccess::$user, false) > 0) {
return $this->get($id); return $this->get($id);
@@ -481,7 +481,7 @@ class Recruitment extends DolibarrApi
} }
// Clean data // Clean data
// $this->jobposition->abc = checkVal($this->jobposition->abc, 'alphanohtml'); // $this->jobposition->abc = sanitizeVal($this->jobposition->abc, 'alphanohtml');
if ($this->candidature->update(DolibarrApiAccess::$user, false) > 0) { if ($this->candidature->update(DolibarrApiAccess::$user, false) > 0) {
return $this->get($id); return $this->get($id);