Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Add more robust php unit to detect not escaped sql. Fix not escaped sql

Browse Source
This commit is contained in:
Laurent Destailleur
2017-09-15 15:41:07 +02:00
parent 77056d9adb
commit 5e34b121dd
63 changed files with 420 additions and 438 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
htdocs/compta/facture/class/paymentterm.class.php
View File

@@ -85,13 +85,11 @@ class PaymentTerm // extends CommonObject
if (isset($this->decalage)) $this->decalage=trim($this->decalage);
// Check parameters
// Put here code to add control on parameters values
// Insert request
$sql = "INSERT INTO ".MAIN_DB_PREFIX."c_payment_term(";
$sql.= "rowid,";
$sql.= "code,";
$sql.= "sortorder,";
@@ -101,21 +99,16 @@ class PaymentTerm // extends CommonObject
$sql.= "type_cdr,";
$sql.= "nbjour,";
$sql.= "decalage";
$sql.= ") VALUES (";
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->rowid."'").",";
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->db->escape($this->rowid)."'").",";
$sql.= " ".(! isset($this->code)?'NULL':"'".$this->db->escape($this->code)."'").",";
$sql.= " ".(! isset($this->sortorder)?'NULL':"'".$this->sortorder."'").",";
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->active."'").",";
$sql.= " ".(! isset($this->sortorder)?'NULL':"'".$this->db->escape($this->sortorder)."'").",";
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->db->escape($this->active)."'").",";
$sql.= " ".(! isset($this->libelle)?'NULL':"'".$this->db->escape($this->libelle)."'").",";
$sql.= " ".(! isset($this->libelle_facture)?'NULL':"'".$this->db->escape($this->libelle_facture)."'").",";
$sql.= " ".(! isset($this->type_cdr)?'NULL':"'".$this->type_cdr."'").",";
$sql.= " ".(! isset($this->nbjour)?'NULL':"'".$this->nbjour."'").",";
$sql.= " ".(! isset($this->decalage)?'NULL':"'".$this->decalage."'")."";
$sql.= " ".(! isset($this->type_cdr)?'NULL':"'".$this->db->escape($this->type_cdr)."'").",";
$sql.= " ".(! isset($this->nbjour)?'NULL':"'".$this->db->escape($this->nbjour)."'").",";
$sql.= " ".(! isset($this->decalage)?'NULL':"'".$this->db->escape($this->decalage)."'")."";
$sql.= ")";
$this->db->begin();
@@ -285,7 +278,6 @@ class PaymentTerm // extends CommonObject
// Update request
$sql = "UPDATE ".MAIN_DB_PREFIX."c_payment_term SET";
$sql.= " code=".(isset($this->code)?"'".$this->db->escape($this->code)."'":"null").",";
$sql.= " sortorder=".(isset($this->sortorder)?$this->sortorder:"null").",";
$sql.= " active=".(isset($this->active)?$this->active:"null").",";
@@ -294,8 +286,6 @@ class PaymentTerm // extends CommonObject
$sql.= " type_cdr=".(isset($this->type_cdr)?$this->type_cdr:"null").",";
$sql.= " nbjour=".(isset($this->nbjour)?$this->nbjour:"null").",";
$sql.= " decalage=".(isset($this->decalage)?$this->decalage:"null")."";
$sql.= " WHERE rowid=".$this->id;
$this->db->begin();