From 6f35dd1b17ec10ff33f0355d29c15419f80a792a Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Tue, 15 Sep 2009 20:56:35 +0000
Subject: [PATCH] Fix: addslashes for data with quotes

---
 htdocs/lib/databases/mysql.lib.php  | 6 +++---
 htdocs/lib/databases/mysqli.lib.php | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/htdocs/lib/databases/mysql.lib.php b/htdocs/lib/databases/mysql.lib.php
index 2b9ab1edaaf..ba02df7d773 100644
--- a/htdocs/lib/databases/mysql.lib.php
+++ b/htdocs/lib/databases/mysql.lib.php
@@ -694,15 +694,15 @@ class DoliDb
 		{
 			if ($cryptType == 2)
 			{
-				$return = 'AES_ENCRYPT('.($withQuotes?"'":"").$fieldorvalue.($withQuotes?"'":"").',\''.$cryptKey.'\')';
+				$return = 'AES_ENCRYPT('.($withQuotes?"'":"").addslashes($fieldorvalue).($withQuotes?"'":"").',\''.$cryptKey.'\')';
 			}
 			else if ($cryptType == 1)
 			{
-				$return = 'DES_ENCRYPT('.($withQuotes?"'":"").$fieldorvalue.($withQuotes?"'":"").',\''.$cryptKey.'\')';
+				$return = 'DES_ENCRYPT('.($withQuotes?"'":"").addslashes($fieldorvalue).($withQuotes?"'":"").',\''.$cryptKey.'\')';
 			}
 		}
 
-		return ($withQuotes?"'":"").$return.($withQuotes?"'":"");
+		return $return;
 	}
 
 	/**
diff --git a/htdocs/lib/databases/mysqli.lib.php b/htdocs/lib/databases/mysqli.lib.php
index b29d0dcb9f9..929238f825c 100644
--- a/htdocs/lib/databases/mysqli.lib.php
+++ b/htdocs/lib/databases/mysqli.lib.php
@@ -704,11 +704,11 @@ class DoliDb
 		{
 			if ($cryptType == 2)
 			{
-				$return = 'AES_ENCRYPT('.($withQuotes?"'":"").$fieldorvalue.($withQuotes?"'":"").',\''.$cryptKey.'\')';
+				$return = 'AES_ENCRYPT('.($withQuotes?"'":"").addslashes($fieldorvalue).($withQuotes?"'":"").',\''.$cryptKey.'\')';
 			}
 			else if ($cryptType == 1)
 			{
-				$return = 'DES_ENCRYPT('.($withQuotes?"'":"").$fieldorvalue.($withQuotes?"'":"").',\''.$cryptKey.'\')';
+				$return = 'DES_ENCRYPT('.($withQuotes?"'":"").addslashes($fieldorvalue).($withQuotes?"'":"").',\''.$cryptKey.'\')';
 			}
 		}