Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Replaced addslashes with $this->db->escape

Browse Source
This commit is contained in:
Marcos García
2013-05-04 20:17:05 +02:00
parent 0b228b3a87
commit e2a73839bc
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/holiday/class/holiday.class.php
View File

@@ -124,7 +124,7 @@ class Holiday extends CommonObject
// User // User
$sql.= "'".$this->fk_user."',"; $sql.= "'".$this->fk_user."',";
$sql.= " '".$this->db->idate($now)."',"; $sql.= " '".$this->db->idate($now)."',";
$sql.= " '".addslashes($this->description)."',"; $sql.= " '".$this->db->escape($this->description)."',";
$sql.= " '".$this->db->idate($this->date_debut)."',"; $sql.= " '".$this->db->idate($this->date_debut)."',";
$sql.= " '".$this->db->idate($this->date_fin)."',"; $sql.= " '".$this->db->idate($this->date_fin)."',";
$sql.= " ".$this->halfday.","; $sql.= " ".$this->halfday.",";
@@ -473,7 +473,7 @@ class Holiday extends CommonObject
// Update request // Update request
$sql = "UPDATE ".MAIN_DB_PREFIX."holiday SET"; $sql = "UPDATE ".MAIN_DB_PREFIX."holiday SET";
$sql.= " description= '".addslashes($this->description)."',"; $sql.= " description= '".$this->db->escape($this->description)."',";
if(!empty($this->date_debut)) { if(!empty($this->date_debut)) {
$sql.= " date_debut = '".$this->db->idate($this->date_debut)."',"; $sql.= " date_debut = '".$this->db->idate($this->date_debut)."',";
@@ -527,7 +527,7 @@ class Holiday extends CommonObject
$sql.= " fk_user_cancel = NULL,"; $sql.= " fk_user_cancel = NULL,";
} }
if(!empty($this->detail_refuse)) { if(!empty($this->detail_refuse)) {
$sql.= " detail_refuse = '".addslashes($this->detail_refuse)."'"; $sql.= " detail_refuse = '".$this->db->escape($this->detail_refuse)."'";
} else { } else {
$sql.= " detail_refuse = NULL"; $sql.= " detail_refuse = NULL";
} }
@@ -1394,7 +1394,7 @@ class Holiday extends CommonObject
$sql.= ") VALUES ("; $sql.= ") VALUES (";
$sql.= " '".addslashes($this->optName)."',"; $sql.= " '".$this->db->escape($this->optName)."',";
$sql.= " '".$this->optValue."'"; $sql.= " '".$this->optValue."'";
$sql.= ")"; $sql.= ")";
@@ -1441,7 +1441,7 @@ class Holiday extends CommonObject
function updateEventCP($rowid, $name, $value) { function updateEventCP($rowid, $name, $value) {
$sql = "UPDATE ".MAIN_DB_PREFIX."holiday_events SET"; $sql = "UPDATE ".MAIN_DB_PREFIX."holiday_events SET";
$sql.= " name = '".addslashes($name)."', value = '".$value."'"; $sql.= " name = '".$this->db->escape($name)."', value = '".$value."'";
$sql.= " WHERE rowid = '".$rowid."'"; $sql.= " WHERE rowid = '".$rowid."'";
$result = $this->db->query($sql); $result = $this->db->query($sql);
@@ -1564,7 +1564,7 @@ class Holiday extends CommonObject
*/ */
function addLogCP($fk_user_action,$fk_user_update,$type,$new_solde) { function addLogCP($fk_user_action,$fk_user_update,$type,$new_solde) {
global $conf, $langs, $db; global $conf, $langs;
$error=0; $error=0;
@@ -1586,7 +1586,7 @@ class Holiday extends CommonObject
$sql.= " NOW(), "; $sql.= " NOW(), ";
$sql.= " '".$fk_user_action."',"; $sql.= " '".$fk_user_action."',";
$sql.= " '".$fk_user_update."',"; $sql.= " '".$fk_user_update."',";
$sql.= " '".addslashes($type)."',"; $sql.= " '".$this->db->escape($type)."',";
$sql.= " '".$prev_solde."',"; $sql.= " '".$prev_solde."',";
$sql.= " '".$new_solde."'"; $sql.= " '".$new_solde."'";
$sql.= ")"; $sql.= ")";