Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix escape

Browse Source
This commit is contained in:
Laurent Destailleur
2020-09-19 21:19:04 +02:00
parent 7dd69a2b2b
commit 54c0f742b1
32 changed files with 118 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/core/lib/functions.lib.php
View File

@@ -4857,10 +4857,10 @@ function get_localtax($vatrate, $local, $thirdparty_buyer = "", $thirdparty_sell
// By default, search value of local tax on line of common tax
$sql = "SELECT t.localtax1, t.localtax2, t.localtax1_type, t.localtax2_type";
$sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c";
$sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$thirdparty_seller->country_code."'";
$sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$db->escape($thirdparty_seller->country_code)."'";
$sql .= " AND t.taux = ".((float) $vatratecleaned)." AND t.active = 1";
if ($vatratecode) $sql .= " AND t.code ='".$vatratecode."'"; // If we have the code, we use it in priority
else $sql .= " AND t.recuperableonly ='".$vatnpr."'";
if ($vatratecode) $sql .= " AND t.code ='".$db->escape($vatratecode)."'"; // If we have the code, we use it in priority
else $sql .= " AND t.recuperableonly ='".$db->escape($vatnpr)."'";
dol_syslog("get_localtax", LOG_DEBUG);
$resql = $db->query($sql);