Fix: Duplicate escaping when using encrypt

2010-09-01 22:45:10 +00:00
parent 439f5134ab
commit abd19f59ba
5 changed files with 31 additions and 24 deletions
--- a/htdocs/lib/admin.lib.php
+++ b/htdocs/lib/admin.lib.php
@@ -346,7 +346,7 @@ function dolibarr_get_const($db, $name, $entity=1)

 	$sql = "SELECT ".$db->decrypt('value')." as value";
 	$sql.= " FROM ".MAIN_DB_PREFIX."const";
-	$sql.= " WHERE name = ".$db->encrypt($db->escape($name),1);
+	$sql.= " WHERE name = ".$db->encrypt($name,1);
 	$sql.= " AND entity = ".$entity;

 	dol_syslog("admin.lib::dolibarr_get_const sql=".$sql);
@@ -391,7 +391,7 @@ function dolibarr_set_const($db, $name, $value, $type='chaine', $visible=0, $not
 	$db->begin();

 	$sql = "DELETE FROM ".MAIN_DB_PREFIX."const";
-	$sql.= " WHERE name = ".$db->encrypt($db->escape($name),1);
+	$sql.= " WHERE name = ".$db->encrypt($name,1);
 	$sql.= " AND entity = ".$entity;

 	dol_syslog("admin.lib::dolibarr_set_const sql=".$sql, LOG_DEBUG);
@@ -401,11 +401,13 @@ function dolibarr_set_const($db, $name, $value, $type='chaine', $visible=0, $not
 	{
 		$sql = "INSERT INTO llx_const(name,value,type,visible,note,entity)";
 		$sql.= " VALUES (";
-		$sql.= $db->encrypt($db->escape($name),1);
-		$sql.= ", ".$db->encrypt($db->escape($value),1);
+		$sql.= $db->encrypt($name,1);
+		$sql.= ", ".$db->encrypt($value,1);
 		$sql.= ",'".$type."',".$visible.",'".$db->escape($note)."',".$entity.")";

 		//print "sql".$value."-".pg_escape_string($value)."-".$sql;exit;
+        //print "xx".$db->escape($value);
+        //print $sql;exit;
 		dol_syslog("admin.lib::dolibarr_set_const sql=".$sql, LOG_DEBUG);
 		$resql=$db->query($sql);
 	}