diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 310f141fc1c..061332c2e8b 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -597,12 +597,12 @@ class DiscountAbsolute $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture as f'; $sql .= ' WHERE rc.fk_facture_source=f.rowid AND rc.fk_facture = '.$invoice->id; - $sql .= ' AND f.type IN ('.$invoice::TYPE_STANDARD.', '.$invoice::TYPE_CREDIT_NOTE.', '.$invoice::TYPE_SITUATION.')'; // Find discount coming from credit note or excess received + $sql .= ' AND f.type IN ('.$this->db->sanitize($invoice::TYPE_STANDARD.', '.$invoice::TYPE_CREDIT_NOTE.', '.$invoice::TYPE_SITUATION).')'; // Find discount coming from credit note or excess received } elseif ($invoice->element == 'invoice_supplier') { $sql = 'SELECT sum(rc.amount_ttc) as amount, sum(rc.multicurrency_amount_ttc) as multicurrency_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe_remise_except as rc, '.MAIN_DB_PREFIX.'facture_fourn as f'; $sql .= ' WHERE rc.fk_invoice_supplier_source=f.rowid AND rc.fk_invoice_supplier = '.$invoice->id; - $sql .= ' AND f.type IN ('.$invoice::TYPE_STANDARD.', '.$invoice::TYPE_CREDIT_NOTE.')'; // Find discount coming from credit note or excess paid + $sql .= ' AND f.type IN ('.$this->db->sanitize($invoice::TYPE_STANDARD.', '.$invoice::TYPE_CREDIT_NOTE).')'; // Find discount coming from credit note or excess paid } else { $this->error = get_class($this)."::getSumCreditNotesUsed was called with a bad object as a first parameter"; dol_print_error($this->error); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index b3bac2a0e1d..021ca10ebb9 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1887,7 +1887,7 @@ class Form if (!empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && !$user->entity) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."entity as e ON e.rowid=u.entity"; if ($force_entity) { - $sql .= " WHERE u.entity IN (0,".$force_entity.")"; + $sql .= " WHERE u.entity IN (0, ".$force_entity.")"; } else { $sql .= " WHERE u.entity IS NOT NULL"; } @@ -1897,7 +1897,7 @@ class Form $sql .= " ON ug.fk_user = u.rowid"; $sql .= " WHERE ug.entity = ".$conf->entity; } else { - $sql .= " WHERE u.entity IN (0,".$conf->entity.")"; + $sql .= " WHERE u.entity IN (0, ".$conf->entity.")"; } } if (!empty($user->socid)) { @@ -8314,11 +8314,11 @@ class Form // Permettre l'exclusion de groupes if (is_array($exclude)) { - $excludeGroups = implode("','", $exclude); + $excludeGroups = implode(",", $exclude); } // Permettre l'inclusion de groupes if (is_array($include)) { - $includeGroups = implode("','", $include); + $includeGroups = implode(",", $include); } if (!is_array($selected)) { @@ -8344,10 +8344,10 @@ class Form $sql .= " WHERE ug.entity IN (0, ".$conf->entity.")"; } if (is_array($exclude) && $excludeGroups) { - $sql .= " AND ug.rowid NOT IN ('".$excludeGroups."')"; + $sql .= " AND ug.rowid NOT IN (".$this->db->sanitize($excludeGroups).")"; } if (is_array($include) && $includeGroups) { - $sql .= " AND ug.rowid IN ('".$includeGroups."')"; + $sql .= " AND ug.rowid IN (".$this->db->sanitize($includeGroups).")"; } $sql .= " ORDER BY ug.nom ASC"; @@ -8709,7 +8709,7 @@ class Form $sql .= ' '.MAIN_DB_PREFIX.'facture as f'; $sql .= " WHERE p.entity IN (".getEntity('project').")"; $sql .= " AND f.fk_projet = p.rowid AND f.fk_statut=0"; //Brouillons seulement - //if ($projectsListId) $sql.= " AND p.rowid IN (".$projectsListId.")"; + //if ($projectsListId) $sql.= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; //if ($socid == 0) $sql.= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)"; //if ($socid > 0) $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)"; $sql .= " GROUP BY f.ref ORDER BY p.ref, f.ref ASC"; diff --git a/htdocs/core/class/html.formcontract.class.php b/htdocs/core/class/html.formcontract.class.php index 46a1e240cf6..eb0f1baaef1 100644 --- a/htdocs/core/class/html.formcontract.class.php +++ b/htdocs/core/class/html.formcontract.class.php @@ -76,7 +76,7 @@ class FormContract $sql .= ' c.ref_customer, c.ref_supplier'; $sql .= ' FROM '.MAIN_DB_PREFIX.'contrat as c'; $sql .= " WHERE c.entity = ".$conf->entity; - //if ($contratListId) $sql.= " AND c.rowid IN (".$contratListId.")"; + //if ($contratListId) $sql.= " AND c.rowid IN (".$this->db->sanitize($contratListId).")"; if ($socid > 0) { // CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY is 'all' or a list of ids separated by coma. if (empty($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY)) { diff --git a/htdocs/core/class/html.formprojet.class.php b/htdocs/core/class/html.formprojet.class.php index af611605095..aff77ce7285 100644 --- a/htdocs/core/class/html.formprojet.class.php +++ b/htdocs/core/class/html.formprojet.class.php @@ -175,7 +175,7 @@ class FormProjets if (empty($conf->global->PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY)) { $sql .= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)"; } elseif ($conf->global->PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY != 'all') { // PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY is 'all' or a list of ids separated by coma. - $sql .= " AND (p.fk_soc IN (".((int) $socid).", ".((int) $conf->global->PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY).") OR p.fk_soc IS NULL)"; + $sql .= " AND (p.fk_soc IN (".$this->db->sanitize(((int) $socid).", ".$conf->global->PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY).") OR p.fk_soc IS NULL)"; } } if (!empty($filterkey)) { diff --git a/htdocs/core/modules/mailings/advthirdparties.modules.php b/htdocs/core/modules/mailings/advthirdparties.modules.php index d067f43c273..cbf668b6c67 100644 --- a/htdocs/core/modules/mailings/advthirdparties.modules.php +++ b/htdocs/core/modules/mailings/advthirdparties.modules.php @@ -79,7 +79,7 @@ class mailing_advthirdparties extends MailingTargets $sql = "SELECT s.rowid as id, s.email as email, s.nom as name, null as fk_contact"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s LEFT OUTER JOIN ".MAIN_DB_PREFIX."societe_extrafields se ON se.fk_object=s.rowid"; $sql .= " WHERE s.entity IN (".getEntity('societe').")"; - $sql .= " AND s.rowid IN (".implode(',', $socid).")"; + $sql .= " AND s.rowid IN (".$this->db->sanitize(implode(',', $socid)).")"; $sql .= " ORDER BY email"; // Stock recipients emails into targets table diff --git a/htdocs/eventorganization/conferenceorbooth_list.php b/htdocs/eventorganization/conferenceorbooth_list.php index f4cda255cdb..ea189d4be9b 100644 --- a/htdocs/eventorganization/conferenceorbooth_list.php +++ b/htdocs/eventorganization/conferenceorbooth_list.php @@ -265,7 +265,7 @@ if ($projectid > 0) { // Define a complementary filter for search of next/prev ref. if (!$user->rights->project->all->lire) { $objectsListId = $project->getProjectsAuthorizedForUser($user, 0, 0); - $project->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $project->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ? join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($project, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 243d65b5078..4b5c742b3f1 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -479,7 +479,7 @@ class Holiday extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."holiday as cp, ".MAIN_DB_PREFIX."user as uu, ".MAIN_DB_PREFIX."user as ua"; $sql .= " WHERE cp.entity IN (".getEntity('holiday').")"; $sql .= " AND cp.fk_user = uu.rowid AND cp.fk_validator = ua.rowid"; // Hack pour la recherche sur le tableau - $sql .= " AND cp.fk_user IN (".$user_id.")"; + $sql .= " AND cp.fk_user IN (".$this->db->sanitize($user_id).")"; // Selection filter if (!empty($filter)) { diff --git a/htdocs/holiday/month_report.php b/htdocs/holiday/month_report.php index 37497fd1810..62991a6e0ee 100644 --- a/htdocs/holiday/month_report.php +++ b/htdocs/holiday/month_report.php @@ -154,7 +154,7 @@ if (!empty($search_employee)) { $sql .= " AND cp.fk_user = '".$db->escape($search_employee)."'"; } if (!empty($search_type)) { - $sql .= ' AND cp.fk_type IN ('.$db->escape($search_type).')'; + $sql .= ' AND cp.fk_type IN ('.$db->sanitize($search_type).')'; } if (!empty($search_description)) { $sql .= natural_search('cp.description', $search_description); diff --git a/htdocs/hrm/index.php b/htdocs/hrm/index.php index e40ceb3f9ba..f169ce60b37 100644 --- a/htdocs/hrm/index.php +++ b/htdocs/hrm/index.php @@ -182,7 +182,7 @@ if (!empty($conf->holiday->enabled) && $user->rights->holiday->read) { $sql .= " WHERE u.rowid = x.fk_user"; $sql .= " AND x.entity = ".$conf->entity; if (empty($user->rights->holiday->readall)) { - $sql .= ' AND x.fk_user IN ('.join(',', $childids).')'; + $sql .= ' AND x.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; //if (!empty($socid)) $sql.= " AND x.fk_soc = ".$socid; @@ -263,7 +263,7 @@ if (!empty($conf->expensereport->enabled) && $user->rights->expensereport->lire) $sql .= " WHERE u.rowid = x.fk_user_author"; $sql .= " AND x.entity = ".$conf->entity; if (empty($user->rights->expensereport->readall) && empty($user->rights->expensereport->lire_tous)) { - $sql .= ' AND x.fk_user_author IN ('.join(',', $childids).')'; + $sql .= ' AND x.fk_user_author IN ('.$db->sanitize(join(',', $childids)).')'; } //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; //if (!empty($socid)) $sql.= " AND x.fk_soc = ".$socid; diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index 80678abe24f..ccb787680b3 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -1175,7 +1175,7 @@ if ($ok && GETPOST('clean_perm_table', 'alpha')) { foreach ($conf->modules as $key => $val) { $listofmods .= ($listofmods ? ',' : '')."'".$val."'"; } - $sql = 'SELECT id, libelle as label, module from '.MAIN_DB_PREFIX.'rights_def WHERE module not in ('.$listofmods.') AND id > 100000'; + $sql = 'SELECT id, libelle as label, module from '.MAIN_DB_PREFIX.'rights_def WHERE module NOT IN ('.$db->sanitize($listofmods).') AND id > 100000'; $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index 5d0f197568c..3999e448730 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -978,7 +978,7 @@ if ($action == 'create' && $user->rights->projet->creer) { // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $object->getProjectsAuthorizedForUser($user, 0, 0); - $object->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $object->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ? join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 5d6c4b4825a..8bf9c727f4e 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -2055,7 +2055,7 @@ class Project extends CommonObject $sql .= " p.entity IN (".getEntity('project').")"; if (!$user->rights->projet->all->lire) { $projectsListId = $this->getProjectsAuthorizedForUser($user, 0, 1); - $sql .= "AND p.rowid IN (".$projectsListId.")"; + $sql .= "AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; } $resql = $this->db->query($sql); diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index c9762c0043c..44638c00f46 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -868,13 +868,13 @@ class Task extends CommonObject $sql .= " AND p.fk_soc = ".$socid; } if ($projectid) { - $sql .= " AND p.rowid in (".$projectid.")"; + $sql .= " AND p.rowid IN (".$this->db->sanitize($projectid).")"; } if ($filteronproj) { $sql .= natural_search(array("p.ref", "p.title"), $filteronproj); } if ($filteronprojstatus && $filteronprojstatus != '-1') { - $sql .= " AND p.fk_statut IN (".$filteronprojstatus.")"; + $sql .= " AND p.fk_statut IN (".$this->db->sanitize($filteronprojstatus).")"; } if ($morewherefilter) { $sql .= $morewherefilter; @@ -1062,10 +1062,10 @@ class Task extends CommonObject $sql .= " AND ctc.source = 'internal'"; if ($projectid) { if ($userp) { - $sql .= " AND pt.rowid in (".$projectid.")"; + $sql .= " AND pt.rowid IN (".$this->db->sanitize($projectid).")"; } if ($usert) { - $sql .= " AND pt.fk_projet in (".$projectid.")"; + $sql .= " AND pt.fk_projet IN (".$this->db->sanitize($projectid).")"; } } if ($taskid) { @@ -1073,7 +1073,7 @@ class Task extends CommonObject $sql .= " ERROR SHOULD NOT HAPPENS"; } if ($usert) { - $sql .= " AND pt.rowid = ".$taskid; + $sql .= " AND pt.rowid = ".((int) $taskid); } } //print $sql; diff --git a/htdocs/projet/comment.php b/htdocs/projet/comment.php index ac00e0adfad..5ddd2cd163b 100644 --- a/htdocs/projet/comment.php +++ b/htdocs/projet/comment.php @@ -112,7 +112,7 @@ $morehtmlref .= ''; // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $object->getProjectsAuthorizedForUser($user, 0, 0); - $object->next_prev_filter = " rowid in (".(count($objectsListId) ? join(',', array_keys($objectsListId)) : '0').")"; + $object->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ? join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($object, 'project_ref', $linkback, 1, 'ref', 'ref', $morehtmlref); diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php index 8fc018ab8ab..fe434891fa9 100644 --- a/htdocs/projet/contact.php +++ b/htdocs/projet/contact.php @@ -300,7 +300,7 @@ if ($id > 0 || !empty($ref)) { // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $object->getProjectsAuthorizedForUser($user, 0, 0); - $object->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $object->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php index 795e10f2739..d7bcd722988 100644 --- a/htdocs/projet/document.php +++ b/htdocs/projet/document.php @@ -141,7 +141,7 @@ if ($object->id > 0) { // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $object->getProjectsAuthorizedForUser($user, 0, 0); - $object->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $object->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); diff --git a/htdocs/projet/element.php b/htdocs/projet/element.php index f72b1eba7d2..a71d8c4a602 100644 --- a/htdocs/projet/element.php +++ b/htdocs/projet/element.php @@ -222,7 +222,7 @@ $morehtmlref .= ''; // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $object->getProjectsAuthorizedForUser($user, 0, 0); - $object->next_prev_filter = " te.rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $object->next_prev_filter = " te.rowid IN (".$db->sanitize(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); diff --git a/htdocs/projet/ganttview.php b/htdocs/projet/ganttview.php index b4dbc21e894..c5e5b20fb88 100644 --- a/htdocs/projet/ganttview.php +++ b/htdocs/projet/ganttview.php @@ -123,7 +123,7 @@ if (($id > 0 && is_numeric($id)) || !empty($ref)) { // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $object->getProjectsAuthorizedForUser($user, 0, 0); - $object->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $object->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); diff --git a/htdocs/projet/info.php b/htdocs/projet/info.php index d99da02caa6..b8c6ae046cf 100644 --- a/htdocs/projet/info.php +++ b/htdocs/projet/info.php @@ -136,7 +136,7 @@ $morehtmlref .= ''; // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $object->getProjectsAuthorizedForUser($user, 0, 0); - $object->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $object->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index 3e81b529ac8..a9849ef9f20 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -414,7 +414,7 @@ if ($search_opp_status) { $sql .= " AND p.fk_opp_status IS NOT NULL AND p.fk_opp_status <> -1 AND p.fk_opp_status NOT IN (SELECT rowid FROM ".MAIN_DB_PREFIX."c_lead_status WHERE code IN ('WON','LOST'))"; } if ($search_opp_status == 'notopenedopp') { - $sql .= " AND (p.fk_opp_status IS NULL OR p.fk_opp_status = -1 OR p.fk_opp_status IN (SELECT rowid FROM ".MAIN_DB_PREFIX."c_lead_status WHERE code IN ('WON')))"; + $sql .= " AND (p.fk_opp_status IS NULL OR p.fk_opp_status = -1 OR p.fk_opp_status IN (SELECT rowid FROM ".MAIN_DB_PREFIX."c_lead_status WHERE code = 'WON'))"; } if ($search_opp_status == 'none') { $sql .= " AND (p.fk_opp_status IS NULL OR p.fk_opp_status = -1)"; @@ -431,7 +431,7 @@ if ($search_sale > 0) { // No check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; if ($search_project_user > 0) { - $sql .= " AND ecp.fk_c_type_contact IN (".join(',', array_keys($listofprojectcontacttype)).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".$search_project_user; + $sql .= " AND ecp.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listofprojectcontacttype))).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".$search_project_user; } if ($search_opp_amount != '') { $sql .= natural_search('p.opp_amount', $search_opp_amount, 1); diff --git a/htdocs/projet/note.php b/htdocs/projet/note.php index a1ef737ddc7..8b65156570a 100644 --- a/htdocs/projet/note.php +++ b/htdocs/projet/note.php @@ -101,7 +101,7 @@ if ($id > 0 || !empty($ref)) { // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $object->getProjectsAuthorizedForUser($user, 0, 0); - $object->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $object->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index 07724753f2d..cb2f92c34a4 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -450,7 +450,7 @@ if ($id > 0 || !empty($ref)) { // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $object->getProjectsAuthorizedForUser($user, 0, 0); - $object->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $object->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); diff --git a/htdocs/projet/tasks/comment.php b/htdocs/projet/tasks/comment.php index 8ce97133493..c0ebc6850cc 100644 --- a/htdocs/projet/tasks/comment.php +++ b/htdocs/projet/tasks/comment.php @@ -135,7 +135,7 @@ if ($id > 0 || !empty($ref)) { // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 0); - $projectstatic->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $projectstatic->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ? join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($projectstatic, 'project_ref', $linkback, 1, 'ref', 'ref', $morehtmlref); @@ -289,7 +289,7 @@ if ($id > 0 || !empty($ref)) { if (!GETPOST('withproject') || empty($projectstatic->id)) { $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1); - $object->next_prev_filter = " fk_projet in (".$projectsListId.")"; + $object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")"; } else { $object->next_prev_filter = " fk_projet = ".$projectstatic->id; } diff --git a/htdocs/projet/tasks/contact.php b/htdocs/projet/tasks/contact.php index 7916c236fb3..c6a7fcb3b45 100644 --- a/htdocs/projet/tasks/contact.php +++ b/htdocs/projet/tasks/contact.php @@ -197,7 +197,7 @@ if ($id > 0 || !empty($ref)) { // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 0); - $projectstatic->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $projectstatic->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($projectstatic, 'project_ref', $linkback, 1, 'ref', 'ref', $morehtmlref); @@ -320,7 +320,7 @@ if ($id > 0 || !empty($ref)) { if (!GETPOST('withproject') || empty($projectstatic->id)) { $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1); - $object->next_prev_filter = " fk_projet in (".$projectsListId.")"; + $object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")"; } else { $object->next_prev_filter = " fk_projet = ".$projectstatic->id; } diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php index afa63f7eee4..967cc0438da 100644 --- a/htdocs/projet/tasks/document.php +++ b/htdocs/projet/tasks/document.php @@ -154,7 +154,7 @@ if ($object->id > 0) { // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 0); - $projectstatic->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $projectstatic->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($projectstatic, 'project_ref', $linkback, 1, 'ref', 'ref', $morehtmlref); @@ -278,7 +278,7 @@ if ($object->id > 0) { if (!GETPOST('withproject') || empty($projectstatic->id)) { $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1); - $object->next_prev_filter = " fk_projet in (".$projectsListId.")"; + $object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")"; } else { $object->next_prev_filter = " fk_projet = ".$projectstatic->id; } diff --git a/htdocs/projet/tasks/note.php b/htdocs/projet/tasks/note.php index 2452cc71d86..4d581afc30a 100644 --- a/htdocs/projet/tasks/note.php +++ b/htdocs/projet/tasks/note.php @@ -129,7 +129,7 @@ if ($object->id > 0) { // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 0); - $projectstatic->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $projectstatic->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($projectstatic, 'project_ref', $linkback, 1, 'ref', 'ref', $morehtmlref); @@ -247,7 +247,7 @@ if ($object->id > 0) { if (!GETPOST('withproject') || empty($projectstatic->id)) { $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1); - $object->next_prev_filter = " fk_projet in (".$projectsListId.")"; + $object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")"; } else { $object->next_prev_filter = " fk_projet = ".$projectstatic->id; } diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 828b32c599f..6ec9f7d3126 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -240,7 +240,7 @@ if ($id > 0 || !empty($ref)) { // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 0); - $projectstatic->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $projectstatic->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($projectstatic, 'project_ref', $linkback, 1, 'ref', 'ref', $morehtmlref); @@ -479,7 +479,7 @@ if ($id > 0 || !empty($ref)) { if (!GETPOST('withproject') || empty($projectstatic->id)) { $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1); - $object->next_prev_filter = " fk_projet in (".$projectsListId.")"; + $object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")"; } else { $object->next_prev_filter = " fk_projet = ".$projectstatic->id; } diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index 597d885d088..883fe737e56 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -429,7 +429,7 @@ if ($action == 'confirm_generateinvoice') { // Update lineid into line of timespent $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; - $sql .= ' WHERE rowid in ('.join(',', $toselect).') AND fk_user = '.$userid; + $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).') AND fk_user = '.((int) $userid); $result = $db->query($sql); if (!$result) { $error++; @@ -468,7 +468,7 @@ if ($action == 'confirm_generateinvoice') { // Update lineid into line of timespent $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; - $sql .= ' WHERE rowid in ('.join(',', $toselect).') AND fk_user = '.$userid; + $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).') AND fk_user = '.((int) $userid); $result = $db->query($sql); if (!$result) { $error++; @@ -504,7 +504,7 @@ if ($action == 'confirm_generateinvoice') { // Update lineid into line of timespent $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; - $sql .= ' WHERE rowid in ('.join(',', $toselect).')'; + $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).')'; $result = $db->query($sql); if (!$result) { $error++; @@ -600,7 +600,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0) { // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 0); - $projectstatic->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $projectstatic->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($projectstatic, 'project_ref', $linkback, 1, 'ref', 'ref', $morehtmlref); @@ -761,7 +761,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0) { if (!GETPOST('withproject') || empty($projectstatic->id)) { $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1); - $object->next_prev_filter = " fk_projet in (".$projectsListId.")"; + $object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")"; } else { $object->next_prev_filter = " fk_projet = ".$projectstatic->id; } diff --git a/htdocs/salaries/class/salariesstats.class.php b/htdocs/salaries/class/salariesstats.class.php index 0614f174416..f8a7d618fb0 100644 --- a/htdocs/salaries/class/salariesstats.class.php +++ b/htdocs/salaries/class/salariesstats.class.php @@ -67,7 +67,7 @@ class SalariesStats extends Stats $this->where .= " AND fk_soc = ".$this->socid; } if (is_array($this->userid) && count($this->userid) > 0) { - $this->where .= ' AND fk_user IN ('.$db->sanitize(join(',', $this->userid)).')'; + $this->where .= ' AND fk_user IN ('.$this->db->sanitize(join(',', $this->userid)).')'; } elseif ($this->userid > 0) { $this->where .= ' AND fk_user = '.$this->userid; } diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php index c5e27979121..da04a37dc93 100644 --- a/htdocs/ticket/card.php +++ b/htdocs/ticket/card.php @@ -804,7 +804,7 @@ if ($action == 'create' || $action == 'presend') { // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $projectstat->getProjectsAuthorizedForUser($user, $mine, 0); - $projectstat->next_prev_filter = " rowid in (".(count($objectsListId) ? join(',', array_keys($objectsListId)) : '0').")"; + $projectstat->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ? join(',', array_keys($objectsListId)) : '0').")"; } print $form->showrefnav($projectstat, 'ref', $linkback, 1, 'ref', 'ref', ''); print ''; diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index 53bc1281d5b..b774f659d0c 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -555,7 +555,7 @@ if ($projectid > 0 || $project_ref) { // Define a complementary filter for search of next/prev ref. if (!$user->rights->projet->all->lire) { $objectsListId = $object->getProjectsAuthorizedForUser($user, 0, 0); - $object->next_prev_filter = " rowid in (".(count($objectsListId) ?join(',', array_keys($objectsListId)) : '0').")"; + $object->next_prev_filter = " rowid IN (".$db->sanitize(count($objectsListId) ? join(',', array_keys($objectsListId)) : '0').")"; } dol_banner_tab($object, 'project_ref', $linkback, 1, 'ref', 'ref', $morehtmlref); diff --git a/htdocs/user/list.php b/htdocs/user/list.php index ec7b7335b02..75cea8b604d 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -411,7 +411,7 @@ if ($search_categ == -2) { $sql .= " AND cu.fk_categorie IS NULL"; } if ($mode == 'employee' && empty($user->rights->salaries->readall)) { - $sql .= " AND u.fk_user IN (".join(',', $childids).")"; + $sql .= " AND u.fk_user IN (".$db->sanitize(join(',', $childids)).")"; } // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 6fe5f0d8863..42470a1ddb6 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -171,7 +171,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $db=$this->savdb; include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; - $filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname'); + $filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname', SORT_ASC, 0, 0, '', 1); //$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname'); foreach ($filesarray as $key => $file) { @@ -314,7 +314,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Check string IN (".xxx with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request. preg_match_all('/ IN \([\'"]\s*\.\s*(.........)/i', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { - if (!in_array($val[1], array('$db->sani', '$this->db', 'getEntity', 'self::STA', 'Commande:', 'CommandeF', 'Facture::', 'FactureFo', 'ExpenseRe', 'Societe::'))) { + if (!in_array($val[1], array('$db->sani', '$this->db', 'getEntity', 'WON\',\'L', 'self::STA', 'Commande:', 'CommandeF', 'Entrepot:', 'Facture::', 'FactureFo', 'ExpenseRe', 'Societe::', 'Ticket::S'))) { $ok=false; break; }