forked from Wavyzz/dolibarr
Add more robust php unit to detect not escaped sql. Fix not escaped sql
This commit is contained in:
Laurent Destailleur
@@ -88,11 +88,11 @@ class Ccountry // extends CommonObject
|
||||
$sql.= "label,";
|
||||
$sql.= "active";
|
||||
$sql.= ") VALUES (";
|
||||
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->rowid."'").",";
|
||||
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->db->escape($this->rowid)."'").",";
|
||||
$sql.= " ".(! isset($this->code)?'NULL':"'".$this->db->escape($this->code)."'").",";
|
||||
$sql.= " ".(! isset($this->code_iso)?'NULL':"'".$this->db->escape($this->code_iso)."'").",";
|
||||
$sql.= " ".(! isset($this->label)?'NULL':"'".$this->db->escape($this->label)."'").",";
|
||||
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->active."'")."";
|
||||
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->db->escape($this->active)."'")."";
|
||||
$sql.= ")";
|
||||
|
||||
$this->db->begin();
|
||||
|
||||
@@ -580,8 +580,8 @@ abstract class CommonObject
|
||||
$sql = "SELECT tc.rowid";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."c_type_contact as tc";
|
||||
$sql.= " WHERE tc.element='".$this->db->escape($this->element)."'";
|
||||
$sql.= " AND tc.source='".$source."'";
|
||||
$sql.= " AND tc.code='".$type_contact."' AND tc.active=1";
|
||||
$sql.= " AND tc.source='".$this->db->escape($source)."'";
|
||||
$sql.= " AND tc.code='".$this->db->escape($type_contact)."' AND tc.active=1";
|
||||
//print $sql;
|
||||
$resql=$this->db->query($sql);
|
||||
if ($resql)
|
||||
@@ -2475,9 +2475,9 @@ abstract class CommonObject
|
||||
$sql.= ", targettype";
|
||||
$sql.= ") VALUES (";
|
||||
$sql.= $origin_id;
|
||||
$sql.= ", '".$origin."'";
|
||||
$sql.= ", '".$this->db->escape($origin)."'";
|
||||
$sql.= ", ".$this->id;
|
||||
$sql.= ", '".$this->element."'";
|
||||
$sql.= ", '".$this->db->escape($this->element)."'";
|
||||
$sql.= ")";
|
||||
|
||||
dol_syslog(get_class($this)."::add_object_linked", LOG_DEBUG);
|
||||
@@ -3812,11 +3812,11 @@ abstract class CommonObject
|
||||
$sql.= ", mandatory";
|
||||
$sql.= ") VALUES (";
|
||||
$sql.= $resource_id;
|
||||
$sql.= ", '".$resource_type."'";
|
||||
$sql.= ", '".$this->id."'";
|
||||
$sql.= ", '".$this->element."'";
|
||||
$sql.= ", '".$busy."'";
|
||||
$sql.= ", '".$mandatory."'";
|
||||
$sql.= ", '".$this->db->escape($resource_type)."'";
|
||||
$sql.= ", '".$this->db->escape($this->id)."'";
|
||||
$sql.= ", '".$this->db->escape($this->element)."'";
|
||||
$sql.= ", '".$this->db->escape($busy)."'";
|
||||
$sql.= ", '".$this->db->escape($mandatory)."'";
|
||||
$sql.= ")";
|
||||
|
||||
dol_syslog(get_class($this)."::add_element_resource", LOG_DEBUG);
|
||||
|
||||
@@ -85,10 +85,10 @@ class Cstate // extends CommonObject
|
||||
$sql.= "nom,";
|
||||
$sql.= "active";
|
||||
$sql.= ") VALUES (";
|
||||
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->rowid."'").",";
|
||||
$sql.= " ".(! isset($this->rowid)?'NULL':"'".$this->db->escape($this->rowid)."'").",";
|
||||
$sql.= " ".(! isset($this->code_departement)?'NULL':"'".$this->db->escape($this->code_departement)."'").",";
|
||||
$sql.= " ".(! isset($this->nom)?'NULL':"'".$this->db->escape($this->nom)."'").",";
|
||||
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->active."'")."";
|
||||
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->db->escape($this->active)."'")."";
|
||||
$sql.= ")";
|
||||
|
||||
$this->db->begin();
|
||||
|
||||
@@ -91,10 +91,10 @@ class Ctypent // extends CommonObject
|
||||
|
||||
$sql.= ") VALUES (";
|
||||
|
||||
$sql.= " ".(! isset($this->id)?'NULL':"'".$this->id."'").",";
|
||||
$sql.= " ".(! isset($this->id)?'NULL':"'".$this->db->escape($this->id)."'").",";
|
||||
$sql.= " ".(! isset($this->code)?'NULL':"'".$this->db->escape($this->code)."'").",";
|
||||
$sql.= " ".(! isset($this->libelle)?'NULL':"'".$this->db->escape($this->libelle)."'").",";
|
||||
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->active."'").",";
|
||||
$sql.= " ".(! isset($this->active)?'NULL':"'".$this->db->active($this->active)."'").",";
|
||||
$sql.= " ".(! isset($this->module)?'NULL':"'".$this->db->escape($this->module)."'")."";
|
||||
|
||||
|
||||
|
||||
@@ -158,7 +158,7 @@ class DiscountAbsolute
|
||||
$sql.= ")";
|
||||
$sql.= " VALUES (".$conf->entity.", '".$this->db->idate($this->datec!=''?$this->datec:dol_now())."', ".$this->fk_soc.", ".$user->id.", '".$this->db->escape($this->description)."',";
|
||||
$sql.= " ".$this->amount_ht.", ".$this->amount_tva.", ".$this->amount_ttc.", ".$this->tva_tx.",";
|
||||
$sql.= " ".($this->fk_facture_source?"'".$this->fk_facture_source."'":"null");
|
||||
$sql.= " ".($this->fk_facture_source ? "'".$this->db->escape($this->fk_facture_source)."'":"null");
|
||||
$sql.= ")";
|
||||
|
||||
dol_syslog(get_class($this)."::create", LOG_DEBUG);
|
||||
|
||||
@@ -126,12 +126,12 @@ class Events // extends CommonObject
|
||||
$sql.= "fk_user,";
|
||||
$sql.= "description";
|
||||
$sql.= ") VALUES (";
|
||||
$sql.= " '".$this->type."',";
|
||||
$sql.= " '".$this->db->escape($this->type)."',";
|
||||
$sql.= " ".$conf->entity.",";
|
||||
$sql.= " '".$_SERVER['REMOTE_ADDR']."',";
|
||||
$sql.= " ".($_SERVER['HTTP_USER_AGENT']?"'".dol_trunc($_SERVER['HTTP_USER_AGENT'],250)."'":'NULL').",";
|
||||
$sql.= " '".$this->db->escape($_SERVER['REMOTE_ADDR'])."',";
|
||||
$sql.= " ".($_SERVER['HTTP_USER_AGENT']?"'".$this->db->escape(dol_trunc($_SERVER['HTTP_USER_AGENT'],250))."'":'NULL').",";
|
||||
$sql.= " '".$this->db->idate($this->dateevent)."',";
|
||||
$sql.= " ".($user->id?"'".$user->id."'":'NULL').",";
|
||||
$sql.= " ".($user->id?"'".$this->db->escape($user->id)."'":'NULL').",";
|
||||
$sql.= " '".$this->db->escape(dol_trunc($this->description,250))."'";
|
||||
$sql.= ")";
|
||||
|
||||
|
||||
@@ -89,7 +89,7 @@ class Link extends CommonObject
|
||||
$sql .= " VALUES ('".$conf->entity."', '".$this->db->idate($this->datea)."'";
|
||||
$sql .= ", '" . $this->db->escape($this->url) . "'";
|
||||
$sql .= ", '" . $this->db->escape($this->label) . "'";
|
||||
$sql .= ", '" . $this->objecttype . "'";
|
||||
$sql .= ", '" . $this->db->escape($this->objecttype) . "'";
|
||||
$sql .= ", " . $this->objectid . ")";
|
||||
|
||||
dol_syslog(get_class($this)."::create", LOG_DEBUG);
|
||||
@@ -100,7 +100,7 @@ class Link extends CommonObject
|
||||
if ($this->id > 0) {
|
||||
// Call trigger
|
||||
$result=$this->call_trigger('LINK_CREATE',$user);
|
||||
if ($result < 0) $error++;
|
||||
if ($result < 0) $error++;
|
||||
// End call triggers
|
||||
} else {
|
||||
$error++;
|
||||
@@ -283,20 +283,20 @@ class Link extends CommonObject
|
||||
public static function count($db, $objecttype, $objectid)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
|
||||
$sql = "SELECT COUNT(rowid) as nb FROM " . MAIN_DB_PREFIX . "links";
|
||||
$sql .= " WHERE objecttype = '" . $objecttype . "' AND objectid = " . $objectid;
|
||||
if ($conf->entity != 0) $sql .= " AND entity = " . $conf->entity;
|
||||
|
||||
|
||||
$resql = $db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
$obj = $db->fetch_object($resql);
|
||||
if ($obj) return $obj->nb;
|
||||
}
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Loads a link from database
|
||||
*
|
||||
@@ -354,8 +354,8 @@ class Link extends CommonObject
|
||||
|
||||
// Call trigger
|
||||
$result=$this->call_trigger('LINK_DELETE',$user);
|
||||
if ($result < 0) return -1;
|
||||
// End call triggers
|
||||
if ($result < 0) return -1;
|
||||
// End call triggers
|
||||
|
||||
$this->db->begin();
|
||||
|
||||
|
||||
@@ -144,15 +144,15 @@ class Menubase
|
||||
$sql.= "enabled,";
|
||||
$sql.= "usertype";
|
||||
$sql.= ") VALUES (";
|
||||
$sql.= " '".$this->menu_handler."',";
|
||||
$sql.= " '".$conf->entity."',";
|
||||
$sql.= " '".$this->module."',";
|
||||
$sql.= " '".$this->type."',";
|
||||
$sql.= " ".($this->mainmenu?"'".$this->mainmenu."'":"''").","; // Can't be null
|
||||
$sql.= " ".($this->leftmenu?"'".$this->leftmenu."'":"null").",";
|
||||
$sql.= " '".$this->fk_menu."',";
|
||||
$sql.= " ".($this->fk_mainmenu?"'".$this->fk_mainmenu."'":"null").",";
|
||||
$sql.= " ".($this->fk_leftmenu?"'".$this->fk_leftmenu."'":"null").",";
|
||||
$sql.= " '".$this->db->escape($this->menu_handler)."',";
|
||||
$sql.= " '".$this->db->escape($conf->entity)."',";
|
||||
$sql.= " '".$this->db->escape($this->module)."',";
|
||||
$sql.= " '".$this->db->escape($this->type)."',";
|
||||
$sql.= " ".($this->mainmenu?"'".$this->db->escape($this->mainmenu)."'":"''").","; // Can't be null
|
||||
$sql.= " ".($this->leftmenu?"'".$this->db->escape($this->leftmenu)."'":"null").",";
|
||||
$sql.= " '".$this->db->escape($this->fk_menu)."',";
|
||||
$sql.= " ".($this->fk_mainmenu?"'".$this->db->escape($this->fk_mainmenu)."'":"null").",";
|
||||
$sql.= " ".($this->fk_leftmenu?"'".$this->db->escape($this->fk_leftmenu)."'":"null").",";
|
||||
$sql.= " '".(int) $this->position."',";
|
||||
$sql.= " '".$this->db->escape($this->url)."',";
|
||||
$sql.= " '".$this->db->escape($this->target)."',";
|
||||
@@ -160,7 +160,7 @@ class Menubase
|
||||
$sql.= " '".$this->db->escape($this->langs)."',";
|
||||
$sql.= " '".$this->db->escape($this->perms)."',";
|
||||
$sql.= " '".$this->db->escape($this->enabled)."',";
|
||||
$sql.= " '".$this->user."'";
|
||||
$sql.= " '".$this->db->escape($this->user)."'";
|
||||
$sql.= ")";
|
||||
|
||||
dol_syslog(get_class($this)."::create", LOG_DEBUG);
|
||||
@@ -220,8 +220,8 @@ class Menubase
|
||||
$sql.= " mainmenu='".$this->db->escape($this->mainmenu)."',";
|
||||
$sql.= " leftmenu='".$this->db->escape($this->leftmenu)."',";
|
||||
$sql.= " fk_menu='".$this->db->escape($this->fk_menu)."',";
|
||||
$sql.= " fk_mainmenu=".($this->fk_mainmenu?"'".$this->fk_mainmenu."'":"null").",";
|
||||
$sql.= " fk_leftmenu=".($this->fk_leftmenu?"'".$this->fk_leftmenu."'":"null").",";
|
||||
$sql.= " fk_mainmenu=".($this->fk_mainmenu?"'".$this->db->escape($this->fk_mainmenu)."'":"null").",";
|
||||
$sql.= " fk_leftmenu=".($this->fk_leftmenu?"'".$this->db->escape($this->fk_leftmenu)."'":"null").",";
|
||||
$sql.= " position=".($this->position > 0 ? $this->position : 0).",";
|
||||
$sql.= " url='".$this->db->escape($this->url)."',";
|
||||
$sql.= " target='".$this->db->escape($this->target)."',";
|
||||
|
||||
@@ -1426,7 +1426,7 @@ class DolibarrModules // Can not be abstract, because we need to insta
|
||||
$err=0;
|
||||
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."const";
|
||||
$sql.= " WHERE ".$this->db->decrypt('name')." like '".$this->const_name."_TABS_%'";
|
||||
$sql.= " WHERE ".$this->db->decrypt('name')." like '".$this->db->escape($this->const_name)."_TABS_%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
dol_syslog(get_class($this)."::delete_tabs", LOG_DEBUG);
|
||||
@@ -2019,7 +2019,7 @@ class DolibarrModules // Can not be abstract, because we need to insta
|
||||
$err=0;
|
||||
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."const";
|
||||
$sql.= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->const_name."_DIR_%'";
|
||||
$sql.= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->db->escape($this->const_name)."_DIR_%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
dol_syslog(get_class($this)."::delete_dirs", LOG_DEBUG);
|
||||
@@ -2128,7 +2128,7 @@ class DolibarrModules // Can not be abstract, because we need to insta
|
||||
if (is_array($value) && isset($value['entity'])) $entity = $value['entity'];
|
||||
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."const";
|
||||
$sql.= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->const_name."_".strtoupper($key)."'";
|
||||
$sql.= " WHERE ".$this->db->decrypt('name')." LIKE '".$this->db->escape($this->const_name)."_".strtoupper($key)."'";
|
||||
$sql.= " AND entity = ".$entity;
|
||||
|
||||
dol_syslog(get_class($this)."::delete_const_".$key."", LOG_DEBUG);
|
||||
|
||||
@@ -73,7 +73,7 @@ class mod_chequereceipt_mint extends ModeleNumRefChequeReceipts
|
||||
$posindice=9;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."bordereau_cheque";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -107,7 +107,7 @@ class mod_chequereceipt_mint extends ModeleNumRefChequeReceipts
|
||||
$posindice=9;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."bordereau_cheque";
|
||||
$sql.= " WHERE ref like '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref like '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@@ -73,7 +73,7 @@ class mod_commande_marbre extends ModeleNumRefCommandes
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."commande";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -107,7 +107,7 @@ class mod_commande_marbre extends ModeleNumRefCommandes
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."commande";
|
||||
$sql.= " WHERE ref like '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@@ -72,7 +72,7 @@ class mod_contract_serpis extends ModelNumRefContracts
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."contrat";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -105,7 +105,7 @@ class mod_contract_serpis extends ModelNumRefContracts
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."contrat";
|
||||
$sql.= " WHERE ref like '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@@ -71,7 +71,7 @@ class mod_expedition_safor extends ModelNumRefExpedition
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."expedition";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -104,7 +104,7 @@ class mod_expedition_safor extends ModelNumRefExpedition
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."expedition";
|
||||
$sql.= " WHERE ref like '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@@ -72,7 +72,7 @@ class mod_expensereport_jade extends ModeleNumRefExpenseReport
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."expensereport";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -105,7 +105,7 @@ class mod_expensereport_jade extends ModeleNumRefExpenseReport
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."expensereport";
|
||||
$sql.= " WHERE ref like '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@@ -37,7 +37,7 @@ class mod_facture_mars extends ModeleNumRefFactures
|
||||
var $prefixcreditnote='AV';
|
||||
var $error='';
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*/
|
||||
@@ -48,7 +48,7 @@ class mod_facture_mars extends ModeleNumRefFactures
|
||||
$this->prefixinvoice = $conf->global->INVOICE_NUMBERING_MARS_FORCE_PREFIX;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Renvoi la description du modele de numerotation
|
||||
*
|
||||
@@ -89,7 +89,7 @@ class mod_facture_mars extends ModeleNumRefFactures
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(facnumber FROM ".$posindice.") AS SIGNED) as max"; // This is standard SQL
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."facture";
|
||||
$sql.= " WHERE facnumber LIKE '".$this->prefixinvoice."____-%'";
|
||||
$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixinvoice)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -111,7 +111,7 @@ class mod_facture_mars extends ModeleNumRefFactures
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(SUBSTRING(facnumber FROM ".$posindice.")) as max"; // This is standard SQL
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."facture";
|
||||
$sql.= " WHERE facnumber LIKE '".$this->prefixcreditnote."____-%'";
|
||||
$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixcreditnote)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@@ -35,7 +35,7 @@ class mod_facture_terre extends ModeleNumRefFactures
|
||||
var $prefixdeposit='AC';
|
||||
var $error='';
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*/
|
||||
@@ -46,7 +46,7 @@ class mod_facture_terre extends ModeleNumRefFactures
|
||||
$this->prefixinvoice = $conf->global->INVOICE_NUMBERING_TERRE_FORCE_PREFIX;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Renvoi la description du modele de numerotation
|
||||
*
|
||||
@@ -87,7 +87,7 @@ class mod_facture_terre extends ModeleNumRefFactures
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(facnumber FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."facture";
|
||||
$sql.= " WHERE facnumber LIKE '".$this->prefixinvoice."____-%'";
|
||||
$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixinvoice)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -109,7 +109,7 @@ class mod_facture_terre extends ModeleNumRefFactures
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(facnumber FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."facture";
|
||||
$sql.= " WHERE facnumber LIKE '".$this->prefixcreditnote."____-%'";
|
||||
$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixcreditnote)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -130,7 +130,7 @@ class mod_facture_terre extends ModeleNumRefFactures
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(facnumber FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."facture";
|
||||
$sql.= " WHERE facnumber LIKE '".$this->prefixdeposit."____-%'";
|
||||
$sql.= " WHERE facnumber LIKE '".$this->db->escape($this->prefixdeposit)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@@ -74,7 +74,7 @@ class mod_pacific extends ModeleNumRefFicheinter
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."fichinter";
|
||||
$sql.= " WHERE ref like '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " WHERE entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -110,7 +110,7 @@ class mod_pacific extends ModeleNumRefFicheinter
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."fichinter";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@@ -80,7 +80,7 @@ class mod_livraison_jade extends ModeleNumRefDeliveryOrder
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."livraison";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -114,7 +114,7 @@ class mod_livraison_jade extends ModeleNumRefDeliveryOrder
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."livraison";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@@ -73,7 +73,7 @@ class mod_payment_cicada extends ModeleNumRefPayments
|
||||
$posindice=9;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."paiement";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -107,7 +107,7 @@ class mod_payment_cicada extends ModeleNumRefPayments
|
||||
$posindice=9;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."paiement";
|
||||
$sql.= " WHERE ref like '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@@ -75,7 +75,7 @@ class mod_project_simple extends ModeleNumRefProjects
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."projet";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
$resql=$db->query($sql);
|
||||
if ($resql)
|
||||
@@ -111,7 +111,7 @@ class mod_project_simple extends ModeleNumRefProjects
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."projet";
|
||||
$sql.= " WHERE ref like '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@@ -76,7 +76,7 @@ class mod_task_simple extends ModeleNumRefTask
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(task.ref FROM " . $posindice . ") AS SIGNED)) as max";
|
||||
$sql .= " FROM " . MAIN_DB_PREFIX . "projet_task AS task, ";
|
||||
$sql .= MAIN_DB_PREFIX . "projet AS project WHERE task.fk_projet=project.rowid";
|
||||
$sql .= " AND task.ref LIKE '" . $this->prefix . "____-%'";
|
||||
$sql .= " AND task.ref LIKE '" . $this->db->escape($this->prefix) . "____-%'";
|
||||
$sql .= " AND project.entity = " . $conf->entity;
|
||||
$resql=$db->query($sql);
|
||||
if ($resql)
|
||||
@@ -112,7 +112,7 @@ class mod_task_simple extends ModeleNumRefTask
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."projet_task";
|
||||
$sql.= " WHERE ref like '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
|
||||
$resql=$db->query($sql);
|
||||
if ($resql)
|
||||
|
||||
@@ -75,7 +75,7 @@ class mod_propale_marbre extends ModeleNumRefPropales
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."propal";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -112,7 +112,7 @@ class mod_propale_marbre extends ModeleNumRefPropales
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."propal";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@@ -82,7 +82,7 @@ class mod_facture_fournisseur_cactus extends ModeleNumRefSuppliersInvoices
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."facture_fourn";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefixinvoice."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefixinvoice)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
$resql=$db->query($sql);
|
||||
if ($resql)
|
||||
@@ -103,7 +103,7 @@ class mod_facture_fournisseur_cactus extends ModeleNumRefSuppliersInvoices
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."facture_fourn";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefixcreditnote."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefixcreditnote)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -124,7 +124,7 @@ class mod_facture_fournisseur_cactus extends ModeleNumRefSuppliersInvoices
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."facture_fourn";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefixdeposit."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefixdeposit)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -202,7 +202,7 @@ class mod_facture_fournisseur_cactus extends ModeleNumRefSuppliersInvoices
|
||||
{
|
||||
$date=$object->date; // This is invoice date (not creation date)
|
||||
$yymm = strftime("%y%m",$date);
|
||||
|
||||
|
||||
if ($max >= (pow(10, 4) - 1)) $num=$max+1; // If counter > 9999, we do not format on 4 chars, we take number as it is
|
||||
else $num = sprintf("%04s",$max+1);
|
||||
|
||||
|
||||
@@ -85,7 +85,7 @@ class mod_commande_fournisseur_muguet extends ModeleNumRefSuppliersOrders
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."commande_fournisseur";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
$resql=$db->query($sql);
|
||||
if ($resql)
|
||||
@@ -120,7 +120,7 @@ class mod_commande_fournisseur_muguet extends ModeleNumRefSuppliersOrders
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."commande_fournisseur";
|
||||
$sql.= " WHERE ref like '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@@ -73,7 +73,7 @@ class mod_supplier_payment_bronan extends ModeleNumRefSupplierPayments
|
||||
$posindice=9;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."paiementfourn";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -107,7 +107,7 @@ class mod_supplier_payment_bronan extends ModeleNumRefSupplierPayments
|
||||
$posindice=10;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."paiementfourn";
|
||||
$sql.= " WHERE ref like '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
@@ -75,7 +75,7 @@ class mod_supplier_proposal_marbre extends ModeleNumRefSupplierProposal
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."supplier_proposal";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
@@ -112,7 +112,7 @@ class mod_supplier_proposal_marbre extends ModeleNumRefSupplierProposal
|
||||
$posindice=8;
|
||||
$sql = "SELECT MAX(CAST(SUBSTRING(ref FROM ".$posindice.") AS SIGNED)) as max"; // This is standard SQL
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."supplier_proposal";
|
||||
$sql.= " WHERE ref LIKE '".$this->prefix."____-%'";
|
||||
$sql.= " WHERE ref LIKE '".$this->db->escape($this->prefix)."____-%'";
|
||||
$sql.= " AND entity = ".$conf->entity;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
|
||||
Reference in New Issue
Block a user