Fix CSRF for more GET

2021-03-29 22:51:36 +02:00
parent ce5bea7b34
commit b702d2b534
5 changed files with 12 additions and 12 deletions
--- a/htdocs/commande/class/commande.class.php
+++ b/htdocs/commande/class/commande.class.php
@@ -2413,10 +2413,10 @@ class Commande extends CommonOrder

 			$this->db->begin();

-			$remise = price2num($remise);
+			$remise = price2num($remise, 2);

 			$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
-			$sql .= ' SET remise_percent = '.$remise;
+			$sql .= ' SET remise_percent = '.((float) $remise);
 			$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;';

 			dol_syslog(__METHOD__, LOG_DEBUG);
@@ -2867,7 +2867,7 @@ class Commande extends CommonOrder
 			$this->db->begin();

 			$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET';
-			$sql .= ' ref_client = '.(empty($ref_client) ? 'NULL' : '\''.$this->db->escape($ref_client).'\'');
+			$sql .= ' ref_client = '.(empty($ref_client) ? 'NULL' : "'".$this->db->escape($ref_client)."'");
 			$sql .= ' WHERE rowid = '.$this->id;

 			dol_syslog(__METHOD__.' this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG);