Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Merge pull request #9202 from atm-florian/7.0

Browse Source 
fix bad use of test_sql_and_script_inject return int not value tested
This commit is contained in:
Laurent Destailleur
2018-08-12 18:24:54 +02:00
committed by GitHub
parent 56d8935976 9024ed9e61
commit be7a764de7
2 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/core/class/html.form.class.php
View File

@@ -1070,7 +1070,11 @@ class Form
$outarray=array();
// Clean $filter that may contains sql conditions so sql code
if (function_exists('test_sql_and_script_inject')) $filter = test_sql_and_script_inject($filter, 3);
if (function_exists('test_sql_and_script_inject')) {
if (test_sql_and_script_inject($filter, 3)>0) {
$filter ='';
}
}
// On recherche les societes
$sql = "SELECT s.rowid, s.nom as name, s.name_alias, s.client, s.fournisseur, s.code_client, s.code_fournisseur";

11
htdocs/holiday/card.php
View File

@@ -452,10 +452,15 @@ if ($action == 'confirm_valid')
$newSolde = $soldeActuel - ($nbopenedday * $object->getConfCP('nbHolidayDeducted'));
// On ajoute la modification dans le LOG
$object->addLogCP($user->id, $object->fk_user, $langs->transnoentitiesnoconv("Holidays"), $newSolde, $object->fk_type);
$result=$object->addLogCP($user->id, $object->fk_user, $langs->transnoentitiesnoconv("Holidays"), $newSolde, $object->fk_type);
if ($result<0) {
setEventMessages(null, $object->errors,'errors');
}
// Mise à jour du solde
$object->updateSoldeCP($object->fk_user, $newSolde, $object->fk_type);
$result=$object->updateSoldeCP($object->fk_user, $newSolde, $object->fk_type);
if ($result<0) {
setEventMessages(null, $object->errors,'errors');
}
// To
$destinataire = new User($db);