diff --git a/htdocs/accountancy/class/accountingaccount.class.php b/htdocs/accountancy/class/accountingaccount.class.php index 8bf7dfe0c44..a526f9171a6 100644 --- a/htdocs/accountancy/class/accountingaccount.class.php +++ b/htdocs/accountancy/class/accountingaccount.class.php @@ -251,12 +251,12 @@ class AccountingAccount extends CommonObject $sql .= " SET fk_pcg_version = " . ($this->fk_pcg_version ? "'" . $this->db->escape($this->fk_pcg_version) . "'" : "null"); $sql .= " , pcg_type = " . ($this->pcg_type ? "'" . $this->db->escape($this->pcg_type) . "'" : "null"); $sql .= " , pcg_subtype = " . ($this->pcg_subtype ? "'" . $this->db->escape($this->pcg_subtype) . "'" : "null"); - $sql .= " , account_number = '" . $this->account_number . "'"; - $sql .= " , account_parent = '" . $this->account_parent . "'"; + $sql .= " , account_number = '" . $this->db->escape($this->account_number) . "'"; + $sql .= " , account_parent = '" . $this->db->escape($this->account_parent) . "'"; $sql .= " , label = " . ($this->label ? "'" . $this->db->escape($this->label) . "'" : "null"); - $sql .= " , fk_accounting_category = '" . $this->account_category . "'"; + $sql .= " , fk_accounting_category = '" . $this->db->escape($this->account_category) . "'"; $sql .= " , fk_user_modif = " . $user->id; - $sql .= " , active = '" . $this->active . "'"; + $sql .= " , active = " . $this->active; $sql .= " WHERE rowid = " . $this->id; dol_syslog(get_class($this) . "::update sql=" . $sql, LOG_DEBUG); diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 8f31b40bc54..a59d92eb63a 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -189,10 +189,10 @@ class BookKeeping extends CommonObject // First check if line not yet already in bookkeeping $sql = "SELECT count(*) as nb"; $sql .= " FROM " . MAIN_DB_PREFIX . $this->table_element; - $sql .= " WHERE doc_type = '" . $this->doc_type . "'"; + $sql .= " WHERE doc_type = '" . $this->db->escape($this->doc_type) . "'"; $sql .= " AND fk_doc = " . $this->fk_doc; $sql .= " AND fk_docdet = " . $this->fk_docdet; // This field can be 0 is record is for several lines - $sql .= " AND numero_compte = '" . $this->numero_compte . "'"; + $sql .= " AND numero_compte = '" . $this->db->escape($this->numero_compte) . "'"; $sql .= " AND entity IN (" . getEntity("accountancy", 1) . ")"; $resql = $this->db->query($sql); @@ -204,9 +204,9 @@ class BookKeeping extends CommonObject // Determine piece_num $sqlnum = "SELECT piece_num"; $sqlnum .= " FROM " . MAIN_DB_PREFIX . $this->table_element; - $sqlnum .= " WHERE doc_type = '" . $this->doc_type . "'"; // For example doc_type = 'bank' - $sqlnum .= " AND fk_docdet = '" . $this->fk_docdet . "'"; // fk_docdet is rowid into llx_bank or llx_facturedet or llx_facturefourndet, or ... - $sqlnum .= " AND doc_ref = '" . $this->doc_ref . "'"; // ref of source object + $sqlnum .= " WHERE doc_type = '" . $this->db->escape($this->doc_type) . "'"; // For example doc_type = 'bank' + $sqlnum .= " AND fk_docdet = " . $this->db->escape($this->fk_docdet); // fk_docdet is rowid into llx_bank or llx_facturedet or llx_facturefourndet, or ... + $sqlnum .= " AND doc_ref = '" . $this->db->escape($this->doc_ref) . "'"; // ref of source object $sqlnum .= " AND entity IN (" . getEntity("accountancy", 1) . ")"; dol_syslog(get_class($this) . ":: create sqlnum=" . $sqlnum, LOG_DEBUG); diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index 17fad129d80..92449005d1f 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -345,7 +345,7 @@ class Adherent extends CommonObject { // Add link to user $sql = "UPDATE ".MAIN_DB_PREFIX."user SET"; - $sql.= " fk_member = '".$this->id."'"; + $sql.= " fk_member = ".$this->id; $sql.= " WHERE rowid = ".$this->user_id; dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1099,7 +1099,7 @@ class Adherent extends CommonObject elseif ($ref || $fk_soc) { $sql.= " AND d.entity IN (".getEntity().")"; if ($ref) $sql.= " AND d.rowid='".$this->db->escape($ref)."'"; - elseif ($fk_soc) $sql.= " AND d.fk_soc='".$fk_soc."'"; + elseif ($fk_soc > 0) $sql.= " AND d.fk_soc=".$fk_soc; } elseif ($ref_ext) { diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index c756cc51949..d6ee9958162 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -123,9 +123,9 @@ class AdherentType extends CommonObject $sql.= "SET "; $sql.= "statut = ".$this->statut.","; $sql.= "libelle = '".$this->db->escape($this->libelle) ."',"; - $sql.= "subscription = '".$this->subscription."',"; + $sql.= "subscription = '".$this->db->escape($this->subscription)."',"; $sql.= "note = '".$this->db->escape($this->note)."',"; - $sql.= "vote = '".$this->vote."',"; + $sql.= "vote = '".$this->db->escape($this->vote)."',"; $sql.= "mail_valid = '".$this->db->escape($this->mail_valid)."'"; $sql .= " WHERE rowid =".$this->id; diff --git a/htdocs/bookmarks/class/bookmark.class.php b/htdocs/bookmarks/class/bookmark.class.php index 0e0d6df5f35..26eabc5a5ed 100644 --- a/htdocs/bookmarks/class/bookmark.class.php +++ b/htdocs/bookmarks/class/bookmark.class.php @@ -173,10 +173,10 @@ class Bookmark extends CommonObject $sql.= " SET fk_user = ".($this->fk_user > 0?"'".$this->fk_user."'":"0"); $sql.= " ,dateb = '".$this->db->idate($this->datec)."'"; $sql.= " ,url = '".$this->db->escape($this->url)."'"; - $sql.= " ,target = '".$this->target."'"; + $sql.= " ,target = '".$this->db->escape($this->target)."'"; $sql.= " ,title = '".$this->db->escape($this->title)."'"; - $sql.= " ,favicon = '".$this->favicon."'"; - $sql.= " ,position = '".$this->position."'"; + $sql.= " ,favicon = '".$this->db->escape($this->favicon)."'"; + $sql.= " ,position = '".$this->db->escape($this->position)."'"; $sql.= " WHERE rowid = ".$this->id; dol_syslog("Bookmark::update", LOG_DEBUG); diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index b2cd3d3dd31..518c3faa683 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -189,9 +189,9 @@ class Categorie extends CommonObject $sql = "SELECT rowid, fk_parent, entity, label, description, color, fk_soc, visible, type"; $sql.= " FROM ".MAIN_DB_PREFIX."categorie"; - if ($id) + if ($id > 0) { - $sql.= " WHERE rowid = '".$id."'"; + $sql.= " WHERE rowid = ".$id; } else { @@ -399,7 +399,7 @@ class Categorie extends CommonObject { $sql .= ", fk_soc = ".($this->socid != -1 ? $this->socid : 'null'); } - $sql .= ", visible = '".$this->visible."'"; + $sql .= ", visible = '".$this->db->escape($this->visible)."'"; $sql .= ", fk_parent = ".$this->fk_parent; $sql .= " WHERE rowid = ".$this->id; @@ -1670,7 +1670,7 @@ class Categorie extends CommonObject $sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang"; $sql2.= " SET label='".$this->db->escape($this->label)."',"; $sql2.= " description='".$this->db->escape($this->description)."'"; - $sql2.= " WHERE fk_category=".$this->id." AND lang='".$key."'"; + $sql2.= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'"; } else { @@ -1692,7 +1692,7 @@ class Categorie extends CommonObject $sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang"; $sql2.= " SET label='".$this->db->escape($this->multilangs["$key"]["label"])."',"; $sql2.= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'"; - $sql2.= " WHERE fk_category=".$this->id." AND lang='".$key."'"; + $sql2.= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'"; } else { diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index fc0bbebb901..a9695abcb35 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -753,8 +753,8 @@ class ActionComm extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."actioncomm "; - $sql.= " SET percent = '".$this->percentage."'"; - if ($this->fk_action > 0) $sql.= ", fk_action = '".$this->fk_action."'"; + $sql.= " SET percent = '".$this->db->escape($this->percentage)."'"; + if ($this->fk_action > 0) $sql.= ", fk_action = '".$this->db->escape($this->fk_action)."'"; $sql.= ", label = ".($this->label ? "'".$this->db->escape($this->label)."'":"null"); $sql.= ", datep = ".(strval($this->datep)!='' ? "'".$this->db->idate($this->datep)."'" : 'null'); $sql.= ", datep2 = ".(strval($this->datef)!='' ? "'".$this->db->idate($this->datef)."'" : 'null'); @@ -763,11 +763,11 @@ class ActionComm extends CommonObject $sql.= ", fk_project =". ($this->fk_project > 0 ? "'".$this->fk_project."'":"null"); $sql.= ", fk_soc =". ($socid > 0 ? "'".$socid."'":"null"); $sql.= ", fk_contact =". ($contactid > 0 ? "'".$contactid."'":"null"); - $sql.= ", priority = '".$this->priority."'"; - $sql.= ", fulldayevent = '".$this->fulldayevent."'"; + $sql.= ", priority = '".$this->db->escape($this->priority)."'"; + $sql.= ", fulldayevent = '".$this->db->escape($this->fulldayevent)."'"; $sql.= ", location = ".($this->location ? "'".$this->db->escape($this->location)."'":"null"); - $sql.= ", transparency = '".$this->transparency."'"; - $sql.= ", fk_user_mod = '".$user->id."'"; + $sql.= ", transparency = '".$this->db->escape($this->transparency)."'"; + $sql.= ", fk_user_mod = ".$user->id; $sql.= ", fk_user_action=".($userownerid > 0 ? "'".$userownerid."'":"null"); $sql.= ", fk_user_done=".($userdoneid > 0 ? "'".$userdoneid."'":"null"); if (! empty($this->fk_element)) $sql.= ", fk_element=".($this->fk_element?$this->fk_element:"null"); diff --git a/htdocs/comm/mailing/class/mailing.class.php b/htdocs/comm/mailing/class/mailing.class.php index 43a3cdcb78d..93c47f8aa51 100644 --- a/htdocs/comm/mailing/class/mailing.class.php +++ b/htdocs/comm/mailing/class/mailing.class.php @@ -159,11 +159,11 @@ class Mailing extends CommonObject $sql .= " SET titre = '".$this->db->escape($this->titre)."'"; $sql .= ", sujet = '".$this->db->escape($this->sujet)."'"; $sql .= ", body = '".$this->db->escape($this->body)."'"; - $sql .= ", email_from = '".$this->email_from."'"; - $sql .= ", email_replyto = '".$this->email_replyto."'"; - $sql .= ", email_errorsto = '".$this->email_errorsto."'"; - $sql .= ", bgcolor = '".($this->bgcolor?$this->bgcolor:null)."'"; - $sql .= ", bgimage = '".($this->bgimage?$this->bgimage:null)."'"; + $sql .= ", email_from = '".$this->db->escape($this->email_from)."'"; + $sql .= ", email_replyto = '".$this->db->escape($this->email_replyto)."'"; + $sql .= ", email_errorsto = '".$this->db->escape($this->email_errorsto)."'"; + $sql .= ", bgcolor = '".($this->bgcolor?$this->db->escape($this->bgcolor):null)."'"; + $sql .= ", bgimage = '".($this->bgimage?$this->db->escape($this->bgimage):null)."'"; $sql .= " WHERE rowid = ".$this->id; dol_syslog("Mailing::Update", LOG_DEBUG); diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index dfb53b07621..224cb77eee1 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1021,7 +1021,7 @@ class Propal extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; $sql.= " SET fk_delivery_address = ".$this->fk_delivery_address; - $sql.= " WHERE ref = '".$this->ref."'"; + $sql.= " WHERE ref = '".$this->db->escape($this->ref)."'"; $sql.= " AND entity = ".$conf->entity; $result=$this->db->query($sql); diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index e2ad8c64bd1..9fdd329fd3d 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -701,8 +701,8 @@ class Account extends CommonObject $sql.= ",clos = ".$this->clos; $sql.= ",rappro = ".$this->rappro; $sql.= ",url = ".($this->url?"'".$this->url."'":"null"); - $sql.= ",account_number = '".$this->account_number."'"; - $sql.= ",fk_accountancy_journal = '".$this->fk_accountancy_journal."'"; + $sql.= ",account_number = '".$this->db->escape($this->account_number)."'"; + $sql.= ",fk_accountancy_journal = '".$this->db->escape($this->fk_accountancy_journal)."'"; $sql.= ",bank = '".$this->db->escape($this->bank)."'"; $sql.= ",code_banque='".$this->db->escape($this->code_banque)."'"; @@ -1858,7 +1858,7 @@ class AccountLine extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."bank SET"; $sql.= " rappro = 1"; - $sql.= ", num_releve = '".$this->num_releve."'"; + $sql.= ", num_releve = '".$this->db->escape($this->num_releve)."'"; $sql.= ", fk_user_rappro = ".$user->id; $sql.= " WHERE rowid = ".$this->id; diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index 2cbd75146df..d0c0d61a954 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -88,19 +88,19 @@ class PaymentVarious extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."payment_salary SET"; $sql.= " tms=".$this->db->idate($this->tms).","; - $sql.= " fk_user='".$this->fk_user."',"; + $sql.= " fk_user=".$this->fk_user.","; $sql.= " datep=".$this->db->idate($this->datep).","; $sql.= " datev=".$this->db->idate($this->datev).","; $sql.= " sens=".$this->sens.","; - $sql.= " amount='".$this->amount."',"; + $sql.= " amount=".price2num($this->amount).","; $sql.= " fk_typepayment=".$this->fk_typepayment."',"; - $sql.= " num_payment='".$this->num_payment."',"; + $sql.= " num_payment='".$this->db->escape($this->num_payment)."',"; $sql.= " label='".$this->db->escape($this->label)."',"; $sql.= " note='".$this->db->escape($this->note)."',"; $sql.= " accountancy_code='".$this->db->escape($this->accountancy_code)."',"; - $sql.= " fk_bank=".($this->fk_bank > 0 ? "'".$this->fk_bank."'":"null").","; - $sql.= " fk_user_author='".$this->fk_user_author."',"; - $sql.= " fk_user_modif='".$this->fk_user_modif."'"; + $sql.= " fk_bank=".($this->fk_bank > 0 ? $this->fk_bank:"null").","; + $sql.= " fk_user_author=".$this->fk_user_author.","; + $sql.= " fk_user_modif=".$this->fk_user_modif; $sql.= " WHERE rowid=".$this->id; diff --git a/htdocs/compta/deplacement/class/deplacement.class.php b/htdocs/compta/deplacement/class/deplacement.class.php index 4b2dce9f14e..fa8911cecf7 100644 --- a/htdocs/compta/deplacement/class/deplacement.class.php +++ b/htdocs/compta/deplacement/class/deplacement.class.php @@ -187,8 +187,8 @@ class Deplacement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."deplacement "; $sql .= " SET km = ".$this->km; // This is a distance or amount $sql .= " , dated = '".$this->db->idate($this->date)."'"; - $sql .= " , type = '".$this->type."'"; - $sql .= " , fk_statut = '".$this->statut."'"; + $sql .= " , type = '".$this->db->escape($this->type)."'"; + $sql .= " , fk_statut = '".$this->db->escape($this->statut)."'"; $sql .= " , fk_user = ".$this->fk_user; $sql .= " , fk_user_modif = ".$user->id; $sql .= " , fk_soc = ".($this->socid > 0?$this->socid:'null'); diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php index 6aa0714d5c9..4889693857b 100644 --- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php @@ -308,7 +308,7 @@ class RemiseCheque extends CommonObject if ( $this->errno === 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; $sql.= " SET fk_bordereau = 0"; - $sql.= " WHERE fk_bordereau = '".$this->id."'"; + $sql.= " WHERE fk_bordereau = ".$this->id; $resql = $this->db->query($sql); if (!$resql) diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index d7489b8aca0..90ba6a22431 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -1082,19 +1082,19 @@ class BonPrelevement extends CommonObject { $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = '".$this->id."')"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id.")"; $resql1=$this->db->query($sql); if (! $resql1) dol_print_error($this->db); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = '".$this->id."'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id; $resql2=$this->db->query($sql); if (! $resql2) dol_print_error($this->db); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = '".$this->id."'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".$this->id; $resql3=$this->db->query($sql); if (! $resql3) dol_print_error($this->db); - $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = '".$this->id."'"; + $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".$this->id; $resql4=$this->db->query($sql); if (! $resql4) dol_print_error($this->db); diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 216cce41171..b80a300431a 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -317,7 +317,7 @@ class Contact extends CommonObject $sql .= ", phone_perso = ".(isset($this->phone_perso)?"'".$this->db->escape($this->phone_perso)."'":"null"); $sql .= ", phone_mobile = ".(isset($this->phone_mobile)?"'".$this->db->escape($this->phone_mobile)."'":"null"); $sql .= ", jabberid = ".(isset($this->jabberid)?"'".$this->db->escape($this->jabberid)."'":"null"); - $sql .= ", priv = '".$this->priv."'"; + $sql .= ", priv = '".$this->db->escape($this->priv)."'"; $sql .= ", statut = ".$this->statut; $sql .= ", fk_user_modif=".($user->id > 0 ? "'".$user->id."'":"NULL"); $sql .= ", default_lang=".($this->default_lang?"'".$this->default_lang."'":"NULL"); diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 8564edd6ddf..db6464edb6a 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -2801,10 +2801,10 @@ class ContratLigne extends CommonObjectLine $sql.= " tva_tx=".price2num($this->tva_tx).","; $sql.= " localtax1_tx=".price2num($this->localtax1_tx).","; $sql.= " localtax2_tx=".price2num($this->localtax2_tx).","; - $sql.= " qty='".$this->qty."',"; + $sql.= " qty=".price2num($this->qty).","; $sql.= " remise_percent=".price2num($this->remise_percent).","; - $sql.= " remise=".($this->remise?"'".$this->remise."'":"null").","; - $sql.= " fk_remise_except=".($this->fk_remise_except?"'".$this->fk_remise_except."'":"null").","; + $sql.= " remise=".($this->remise?price2num($this->remise):"null").","; + $sql.= " fk_remise_except=".($this->fk_remise_except > 0?$this->fk_remise_except:"null").","; $sql.= " subprice=".($this->subprice != '' ? $this->subprice : "null").","; $sql.= " price_ht=".($this->price_ht != '' ? $this->price_ht : "null").","; $sql.= " total_ht=".$this->total_ht.","; @@ -2818,8 +2818,8 @@ class ContratLigne extends CommonObjectLine $sql.= " fk_user_author=".($this->fk_user_author >= 0?$this->fk_user_author:"NULL").","; $sql.= " fk_user_ouverture=".($this->fk_user_ouverture > 0?$this->fk_user_ouverture:"NULL").","; $sql.= " fk_user_cloture=".($this->fk_user_cloture > 0?$this->fk_user_cloture:"NULL").","; - $sql.= " commentaire='".$this->db->escape($this->commentaire)."'"; - $sql.= ", fk_unit=".(!$this->fk_unit ? 'NULL' : $this->fk_unit); + $sql.= " commentaire='".$this->db->escape($this->commentaire)."',"; + $sql.= " fk_unit=".(!$this->fk_unit ? 'NULL' : $this->fk_unit); $sql.= " WHERE rowid=".$this->id; dol_syslog(get_class($this)."::update", LOG_DEBUG); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 947d99af545..f3f4e689467 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -579,7 +579,7 @@ abstract class CommonObject // On recherche id type_contact $sql = "SELECT tc.rowid"; $sql.= " FROM ".MAIN_DB_PREFIX."c_type_contact as tc"; - $sql.= " WHERE tc.element='".$this->element."'"; + $sql.= " WHERE tc.element='".$this->db->escape($this->element)."'"; $sql.= " AND tc.source='".$source."'"; $sql.= " AND tc.code='".$type_contact."' AND tc.active=1"; //print $sql; @@ -791,7 +791,7 @@ abstract class CommonObject if ($source == 'external'|| $source == 'thirdparty') $sql.=" LEFT JOIN ".MAIN_DB_PREFIX."socpeople t on ec.fk_socpeople = t.rowid"; $sql.= " WHERE ec.element_id =".$this->id; $sql.= " AND ec.fk_c_type_contact=tc.rowid"; - $sql.= " AND tc.element='".$this->element."'"; + $sql.= " AND tc.element='".$this->db->escape($this->element)."'"; if ($code) $sql.= " AND tc.code = '".$this->db->escape($code)."'"; if ($source == 'internal') $sql.= " AND tc.source = 'internal'"; if ($source == 'external' || $source == 'thirdparty') $sql.= " AND tc.source = 'external'"; @@ -852,7 +852,7 @@ abstract class CommonObject //$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as s ON ec.fk_socpeople=s.rowid"; // Si contact de type external, alors il est lie a une societe $sql.= " WHERE ec.rowid =".$rowid; $sql.= " AND ec.fk_c_type_contact=tc.rowid"; - $sql.= " AND tc.element = '".$this->element."'"; + $sql.= " AND tc.element = '".$this->db->escape($this->element)."'"; dol_syslog(get_class($this)."::swapContactStatus", LOG_DEBUG); $resql=$this->db->query($sql); @@ -893,10 +893,10 @@ abstract class CommonObject $tab = array(); $sql = "SELECT DISTINCT tc.rowid, tc.code, tc.libelle, tc.position"; $sql.= " FROM ".MAIN_DB_PREFIX."c_type_contact as tc"; - $sql.= " WHERE tc.element='".$this->element."'"; + $sql.= " WHERE tc.element='".$this->db->escape($this->element)."'"; if ($activeonly == 1) $sql.= " AND tc.active=1"; // only the active types - if (! empty($source) && $source != 'all') $sql.= " AND tc.source='".$source."'"; - if (! empty($code)) $sql.= " AND tc.code='".$code."'"; + if (! empty($source) && $source != 'all') $sql.= " AND tc.source='".$this->db->escape($source)."'"; + if (! empty($code)) $sql.= " AND tc.code='".$this->db->escape($code)."'"; $sql.= $this->db->order($order,'ASC'); //print "sql=".$sql; @@ -2691,16 +2691,16 @@ abstract class CommonObject if ($updatesource) { $sql.= "fk_source = ".$sourceid; - $sql.= ", sourcetype = '".$sourcetype."'"; + $sql.= ", sourcetype = '".$this->db->escape($sourcetype)."'"; $sql.= " WHERE fk_target = ".$this->id; - $sql.= " AND targettype = '".$this->element."'"; + $sql.= " AND targettype = '".$this->db->escape($this->element)."'"; } else if ($updatetarget) { $sql.= "fk_target = ".$targetid; - $sql.= ", targettype = '".$targettype."'"; + $sql.= ", targettype = '".$this->db->escape($targettype)."'"; $sql.= " WHERE fk_source = ".$this->id; - $sql.= " AND sourcetype = '".$this->element."'"; + $sql.= " AND sourcetype = '".$this->db->escape($this->element)."'"; } dol_syslog(get_class($this)."::updateObjectLinked", LOG_DEBUG); @@ -2749,19 +2749,19 @@ abstract class CommonObject { if ($deletesource) { - $sql.= " fk_source = ".$sourceid." AND sourcetype = '".$sourcetype."'"; - $sql.= " AND fk_target = ".$this->id." AND targettype = '".$this->element."'"; + $sql.= " fk_source = ".$sourceid." AND sourcetype = '".$this->db->escape($sourcetype)."'"; + $sql.= " AND fk_target = ".$this->id." AND targettype = '".$this->db->escape($this->element)."'"; } else if ($deletetarget) { - $sql.= " fk_target = ".$targetid." AND targettype = '".$targettype."'"; - $sql.= " AND fk_source = ".$this->id." AND sourcetype = '".$this->element."'"; + $sql.= " fk_target = ".$targetid." AND targettype = '".$this->db->escape($targettype)."'"; + $sql.= " AND fk_source = ".$this->id." AND sourcetype = '".$this->db->escape($this->element)."'"; } else { - $sql.= " (fk_source = ".$this->id." AND sourcetype = '".$this->element."')"; + $sql.= " (fk_source = ".$this->id." AND sourcetype = '".$this->db->escape($this->element)."')"; $sql.= " OR"; - $sql.= " (fk_target = ".$this->id." AND targettype = '".$this->element."')"; + $sql.= " (fk_target = ".$this->id." AND targettype = '".$this->db->escape($this->element)."')"; } } diff --git a/htdocs/core/class/events.class.php b/htdocs/core/class/events.class.php index e091743833c..2cfedfb7d1a 100644 --- a/htdocs/core/class/events.class.php +++ b/htdocs/core/class/events.class.php @@ -171,7 +171,7 @@ class Events // extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."events SET"; - $sql.= " type='".$this->type."',"; + $sql.= " type='".$this->db->escape($this->type)."',"; $sql.= " dateevent=".$this->db->idate($this->dateevent).","; $sql.= " description='".$this->db->escape($this->description)."'"; $sql.= " WHERE rowid=".$this->id; diff --git a/htdocs/core/class/fiscalyear.class.php b/htdocs/core/class/fiscalyear.class.php index 912c1e34879..22b26983bcc 100644 --- a/htdocs/core/class/fiscalyear.class.php +++ b/htdocs/core/class/fiscalyear.class.php @@ -142,10 +142,10 @@ class Fiscalyear extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."accounting_fiscalyear"; - $sql .= " SET label = '".$this->label."'"; + $sql .= " SET label = '".$this->db->escape($this->label)."'"; $sql .= ", date_start = '".$this->db->idate($this->date_start)."'"; $sql .= ", date_end = ".($this->date_end ? "'".$this->db->idate($this->date_end)."'" : "null"); - $sql .= ", statut = '".$this->statut."'"; + $sql .= ", statut = '".$this->db->escape($this->statut)."'"; $sql .= ", datec = " . ($this->datec != '' ? "'".$this->db->idate($this->datec)."'" : 'null'); $sql .= ", fk_user_modif = " . $user->id; $sql .= " WHERE rowid = ".$this->id; diff --git a/htdocs/core/class/link.class.php b/htdocs/core/class/link.class.php index 62bcf9d22c5..f604e85e11d 100644 --- a/htdocs/core/class/link.class.php +++ b/htdocs/core/class/link.class.php @@ -174,9 +174,9 @@ class Link extends CommonObject $sql .= ", datea = '" . $this->db->idate(dol_now()) . "'"; $sql .= ", url = '" . $this->db->escape($this->url) . "'"; $sql .= ", label = '" . $this->db->escape($this->label) . "'"; - $sql .= ", objecttype = '" . $this->objecttype . "'"; + $sql .= ", objecttype = '" . $this->db->escape($this->objecttype) . "'"; $sql .= ", objectid = " . $this->objectid; - $sql .= " WHERE rowid = '" . $this->id ."'"; + $sql .= " WHERE rowid = " . $this->id; dol_syslog(get_class($this)."::update sql = " .$sql); $resql = $this->db->query($sql); diff --git a/htdocs/core/class/menubase.class.php b/htdocs/core/class/menubase.class.php index 93037117cb8..ed6b9929a32 100644 --- a/htdocs/core/class/menubase.class.php +++ b/htdocs/core/class/menubase.class.php @@ -216,20 +216,20 @@ class Menubase $sql = "UPDATE ".MAIN_DB_PREFIX."menu SET"; $sql.= " menu_handler='".$this->db->escape($this->menu_handler)."',"; $sql.= " module='".$this->db->escape($this->module)."',"; - $sql.= " type='".$this->type."',"; + $sql.= " type='".$this->db->escape($this->type)."',"; $sql.= " mainmenu='".$this->db->escape($this->mainmenu)."',"; $sql.= " leftmenu='".$this->db->escape($this->leftmenu)."',"; - $sql.= " fk_menu='".$this->fk_menu."',"; + $sql.= " fk_menu='".$this->db->escape($this->fk_menu)."',"; $sql.= " fk_mainmenu=".($this->fk_mainmenu?"'".$this->fk_mainmenu."'":"null").","; $sql.= " fk_leftmenu=".($this->fk_leftmenu?"'".$this->fk_leftmenu."'":"null").","; - $sql.= " position='".$this->position."',"; + $sql.= " position=".($this->position > 0 ? $this->position : 0).","; $sql.= " url='".$this->db->escape($this->url)."',"; $sql.= " target='".$this->db->escape($this->target)."',"; $sql.= " titre='".$this->db->escape($this->titre)."',"; $sql.= " langs='".$this->db->escape($this->langs)."',"; $sql.= " perms='".$this->db->escape($this->perms)."',"; $sql.= " enabled='".$this->db->escape($this->enabled)."',"; - $sql.= " usertype='".$this->user."'"; + $sql.= " usertype='".$this->db->escape($this->user)."'"; $sql.= " WHERE rowid=".$this->id; dol_syslog(get_class($this)."::update", LOG_DEBUG); diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index d0559268c52..f501d33c29a 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -779,7 +779,7 @@ class DolibarrModules // Can not be abstract, because we need to insta global $conf; $sql = "SELECT tms FROM ".MAIN_DB_PREFIX."const"; - $sql.= " WHERE ".$this->db->decrypt('name')." = '".$this->const_name."'"; + $sql.= " WHERE ".$this->db->decrypt('name')." = '".$this->db->escape($this->const_name)."'"; $sql.= " AND entity IN (0, ".$conf->entity.")"; dol_syslog(get_class($this)."::getLastActiveDate", LOG_DEBUG); @@ -805,7 +805,7 @@ class DolibarrModules // Can not be abstract, because we need to insta global $conf; $sql = "SELECT tms, note FROM ".MAIN_DB_PREFIX."const"; - $sql.= " WHERE ".$this->db->decrypt('name')." = '".$this->const_name."'"; + $sql.= " WHERE ".$this->db->decrypt('name')." = '".$this->db->escape($this->const_name)."'"; $sql.= " AND entity IN (0, ".$conf->entity.")"; dol_syslog(get_class($this)."::getLastActiveDate", LOG_DEBUG); @@ -841,7 +841,7 @@ class DolibarrModules // Can not be abstract, because we need to insta $entity = ((! empty($this->always_enabled) || ! empty($this->core_enabled)) ? 0 : $conf->entity); $sql = "DELETE FROM ".MAIN_DB_PREFIX."const"; - $sql.= " WHERE ".$this->db->decrypt('name')." = '".$this->const_name."'"; + $sql.= " WHERE ".$this->db->decrypt('name')." = '".$this->db->escape($this->const_name)."'"; $sql.= " AND entity IN (0, ".$entity.")"; dol_syslog(get_class($this)."::_active", LOG_DEBUG); @@ -879,7 +879,7 @@ class DolibarrModules // Can not be abstract, because we need to insta $entity = ((! empty($this->always_enabled) || ! empty($this->core_enabled)) ? 0 : $conf->entity); $sql = "DELETE FROM ".MAIN_DB_PREFIX."const"; - $sql.= " WHERE ".$this->db->decrypt('name')." = '".$this->const_name."'"; + $sql.= " WHERE ".$this->db->decrypt('name')." = '".$this->db->escape($this->const_name)."'"; $sql.= " AND entity IN (0, ".$entity.")"; dol_syslog(get_class($this)."::_unactive", LOG_DEBUG); @@ -1520,7 +1520,7 @@ class DolibarrModules // Can not be abstract, because we need to insta // Test if module is activated $sql_del = "SELECT ".$this->db->decrypt('value')." as value"; $sql_del.= " FROM ".MAIN_DB_PREFIX."const"; - $sql_del.= " WHERE ".$this->db->decrypt('name')." = '".$this->const_name."'"; + $sql_del.= " WHERE ".$this->db->decrypt('name')." = '".$this->db->escape($this->const_name)."'"; $sql_del.= " AND entity IN (0,".$entity.")"; dol_syslog(get_class($this)."::insert_permissions", LOG_DEBUG); @@ -1655,7 +1655,7 @@ class DolibarrModules // Can not be abstract, because we need to insta $err=0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."rights_def"; - $sql.= " WHERE module = '".$this->rights_class."'"; + $sql.= " WHERE module = '".$this->db->escape($this->rights_class)."'"; $sql.= " AND entity = ".$conf->entity; dol_syslog(get_class($this)."::delete_permissions", LOG_DEBUG); if (! $this->db->query($sql)) diff --git a/htdocs/core/modules/modAdherent.class.php b/htdocs/core/modules/modAdherent.class.php index 3081cc8c726..4b3d1e5d34f 100644 --- a/htdocs/core/modules/modAdherent.class.php +++ b/htdocs/core/modules/modAdherent.class.php @@ -369,8 +369,8 @@ class modAdherent extends DolibarrModules }*/ $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->const[0][2]."' AND type='member' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->const[0][2]."','member',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type='member' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','member',".$conf->entity.")" ); return $this->_init($sql,$options); diff --git a/htdocs/core/modules/modCommande.class.php b/htdocs/core/modules/modCommande.class.php index f9c10eef6de..1806bfdea71 100644 --- a/htdocs/core/modules/modCommande.class.php +++ b/htdocs/core/modules/modCommande.class.php @@ -256,8 +256,8 @@ class modCommande extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->const[0][2]."' AND type = 'order' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->const[0][2]."','order',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'order' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','order',".$conf->entity.")" ); return $this->_init($sql,$options); diff --git a/htdocs/core/modules/modDon.class.php b/htdocs/core/modules/modDon.class.php index 26dd397c913..881dd27e414 100644 --- a/htdocs/core/modules/modDon.class.php +++ b/htdocs/core/modules/modDon.class.php @@ -157,8 +157,8 @@ class modDon extends DolibarrModules global $conf; $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->const[0][2]."' AND type = 'donation' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->const[0][2]."','donation',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'donation' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','donation',".$conf->entity.")", ); return $this->_init($sql,$options); diff --git a/htdocs/core/modules/modExpedition.class.php b/htdocs/core/modules/modExpedition.class.php index 63f7b536c1b..7320eba6736 100644 --- a/htdocs/core/modules/modExpedition.class.php +++ b/htdocs/core/modules/modExpedition.class.php @@ -318,10 +318,10 @@ class modExpedition extends DolibarrModules $sql = array(); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->const[0][2]."' AND type = 'shipping' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->const[0][2]."','shipping',".$conf->entity.")", - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->const[3][2]."' AND type = 'delivery' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->const[3][2]."','delivery',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'shipping' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','shipping',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'delivery' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','delivery',".$conf->entity.")", ); return $this->_init($sql,$options); diff --git a/htdocs/core/modules/modFacture.class.php b/htdocs/core/modules/modFacture.class.php index 148dd965abb..7029b7ffd78 100644 --- a/htdocs/core/modules/modFacture.class.php +++ b/htdocs/core/modules/modFacture.class.php @@ -311,8 +311,8 @@ class modFacture extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->const[0][2]."' AND type = 'invoice' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->const[0][2]."','invoice',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'invoice' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','invoice',".$conf->entity.")" ); return $this->_init($sql,$options); diff --git a/htdocs/core/modules/modFicheinter.class.php b/htdocs/core/modules/modFicheinter.class.php index 98ac6f9b3f2..55deaf2403f 100644 --- a/htdocs/core/modules/modFicheinter.class.php +++ b/htdocs/core/modules/modFicheinter.class.php @@ -194,8 +194,8 @@ class modFicheinter extends DolibarrModules $this->remove($options); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->const[0][2]."' AND type = 'ficheinter' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->const[0][2]."','ficheinter',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'ficheinter' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','ficheinter',".$conf->entity.")", ); return $this->_init($sql,$options); diff --git a/htdocs/core/modules/modFournisseur.class.php b/htdocs/core/modules/modFournisseur.class.php index 269d4d04a17..fc2572d3669 100644 --- a/htdocs/core/modules/modFournisseur.class.php +++ b/htdocs/core/modules/modFournisseur.class.php @@ -572,8 +572,8 @@ class modFournisseur extends DolibarrModules $this->remove($options); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->const[0][2]."' AND type = 'order_supplier' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->const[0][2]."','order_supplier',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'order_supplier' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','order_supplier',".$conf->entity.")", ); return $this->_init($sql,$options); diff --git a/htdocs/core/modules/modPrelevement.class.php b/htdocs/core/modules/modPrelevement.class.php index 6be4022438c..542a02e7589 100644 --- a/htdocs/core/modules/modPrelevement.class.php +++ b/htdocs/core/modules/modPrelevement.class.php @@ -153,8 +153,8 @@ class modPrelevement extends DolibarrModules $this->remove($options); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->const[0][2]."' AND type = 'bankaccount' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->const[0][2]."','bankaccount',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'bankaccount' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','bankaccount',".$conf->entity.")", ); return $this->_init($sql,$options); diff --git a/htdocs/core/modules/modProjet.class.php b/htdocs/core/modules/modProjet.class.php index 4ad3a86771a..96e5a96b384 100644 --- a/htdocs/core/modules/modProjet.class.php +++ b/htdocs/core/modules/modProjet.class.php @@ -353,13 +353,13 @@ class modProjet extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->const[0][2]."' AND type = 'project' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->const[0][2]."','project',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'project' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','project',".$conf->entity.")", ); $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->const[3][2]."' AND type = 'task' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->const[3][2]."','task',".$conf->entity.")" + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'task' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','task',".$conf->entity.")" ); return $this->_init($sql,$options); diff --git a/htdocs/core/modules/modPropale.class.php b/htdocs/core/modules/modPropale.class.php index ce23e996e0a..3dd39b336bc 100644 --- a/htdocs/core/modules/modPropale.class.php +++ b/htdocs/core/modules/modPropale.class.php @@ -248,8 +248,8 @@ class modPropale extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->const[0][2]."' AND type = 'propal' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->const[0][2]."','propal',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'propal' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','propal',".$conf->entity.")", ); return $this->_init($sql,$options); diff --git a/htdocs/core/modules/modSupplierProposal.class.php b/htdocs/core/modules/modSupplierProposal.class.php index 054fdca6c90..8869f0cd343 100644 --- a/htdocs/core/modules/modSupplierProposal.class.php +++ b/htdocs/core/modules/modSupplierProposal.class.php @@ -227,8 +227,8 @@ class modSupplierProposal extends DolibarrModules } $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->const[0][2]."' AND type = 'supplier_proposal' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->const[0][2]."','supplier_proposal',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'supplier_proposal' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','supplier_proposal',".$conf->entity.")", ); return $this->_init($sql, $options); diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php index 74349a16271..bfcbd6b7059 100644 --- a/htdocs/don/class/don.class.php +++ b/htdocs/don/class/don.class.php @@ -464,11 +464,11 @@ class Don extends CommonObject $sql .= ",note_public=".(!empty($this->note_public)?("'".$this->db->escape($this->note_public)."'"):"NULL"); $sql .= ",datedon='".$this->db->idate($this->date)."'"; $sql .= ",date_valid=".($this->date_valid?"'".$this->db->idate($this->date)."'":"null"); - $sql .= ",email='".$this->email."'"; - $sql .= ",phone='".$this->phone."'"; - $sql .= ",phone_mobile='".$this->phone_mobile."'"; + $sql .= ",email='".$this->db->escape($this->email)."'"; + $sql .= ",phone='".$this->db->escape($this->phone)."'"; + $sql .= ",phone_mobile='".$this->db->escape($this->phone_mobile)."'"; $sql .= ",fk_statut=".$this->statut; - $sql .= " WHERE rowid = '".$this->id."'"; + $sql .= " WHERE rowid = ".$this->id; dol_syslog(get_class($this)."::Update", LOG_DEBUG); $resql=$this->db->query($sql); diff --git a/htdocs/ecm/class/ecmdirectory.class.php b/htdocs/ecm/class/ecmdirectory.class.php index 82fd7f49d58..31439fa5ba3 100644 --- a/htdocs/ecm/class/ecmdirectory.class.php +++ b/htdocs/ecm/class/ecmdirectory.class.php @@ -202,7 +202,7 @@ class EcmDirectory // extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."ecm_directories SET"; $sql.= " label='".$this->db->escape($this->label)."',"; - $sql.= " fk_parent='".$this->fk_parent."',"; + $sql.= " fk_parent='".$this->db->escape($this->fk_parent)."',"; $sql.= " description='".$this->db->escape($this->description)."'"; $sql.= " WHERE rowid=".$this->id; diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php index 2089a5b3bb8..a48d3171020 100644 --- a/htdocs/ecm/class/ecmfiles.class.php +++ b/htdocs/ecm/class/ecmfiles.class.php @@ -140,7 +140,7 @@ class EcmFiles //extends CommonObject if (empty($this->position)) // Get max used { $sql = "SELECT MAX(position) as maxposition FROM " . MAIN_DB_PREFIX . $this->table_element; - $sql.= " WHERE filepath ='".$this->filepath."'"; + $sql.= " WHERE filepath ='".$this->db->escape($this->filepath)."'"; $resql = $this->db->query($sql); if ($resql) diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index 99d81852734..8d6822fd360 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -487,7 +487,7 @@ class Expedition extends CommonObject $sql.= ', e.fk_incoterms, e.location_incoterms'; $sql.= ', i.libelle as libelle_incoterms'; $sql.= " FROM ".MAIN_DB_PREFIX."expedition as e"; - $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON el.fk_target = e.rowid AND el.targettype = '".$this->element."'"; + $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON el.fk_target = e.rowid AND el.targettype = '".$this->db->escape($this->element)."'"; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON e.fk_incoterms = i.rowid'; $sql.= " WHERE e.entity IN (".getEntity('expedition', 1).")"; if ($id) $sql.= " AND e.rowid=".$id; @@ -1753,10 +1753,10 @@ class Expedition extends CommonObject else { $sql = "UPDATE ".MAIN_DB_PREFIX."c_shipment_mode SET"; - $sql.= " code='".$this->update['code']."'"; - $sql.= ",libelle='".$this->update['libelle']."'"; - $sql.= ",description='".$this->update['description']."'"; - $sql.= ",tracking='".$this->update['tracking']."'"; + $sql.= " code='".$this->db->escape($this->update['code'])."'"; + $sql.= ",libelle='".$this->db->escape($this->update['libelle'])."'"; + $sql.= ",description='".$this->db->escape($this->update['description'])."'"; + $sql.= ",tracking='".$this->db->escape($this->update['tracking'])."'"; $sql.= " WHERE rowid=".$id; $resql = $this->db->query($sql); } diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index 898b5c4cd1f..eb16583df26 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -183,7 +183,7 @@ class ExpenseReport extends CommonObject $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX.$this->table_element); $this->ref='(PROV'.$this->id.')'; - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element." SET ref='".$this->ref."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element." SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id; $resql=$this->db->query($sql); if (!$resql) $error++; @@ -1078,7 +1078,7 @@ class ExpenseReport extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql.= " SET ref = '".$this->ref."', fk_statut = 2, fk_user_valid = ".$fuser->id.", date_valid='".$this->db->idate($now)."'"; + $sql.= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = 2, fk_user_valid = ".$fuser->id.", date_valid='".$this->db->idate($now)."'"; if ($update_number_int) { $sql.= ", ref_number_int = ".$ref_number_int; } @@ -1189,8 +1189,8 @@ class ExpenseReport extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql.= " SET ref = '".$this->ref."', fk_statut = 5, fk_user_approve = ".$fuser->id.","; - $sql.= " date_approve='".$this->date_approve."'"; + $sql.= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = 5, fk_user_approve = ".$fuser->id.","; + $sql.= " date_approve='".$this->db->idate($this->date_approve)."'"; $sql.= ' WHERE rowid = '.$this->id; if ($this->db->query($sql)) { @@ -1248,7 +1248,7 @@ class ExpenseReport extends CommonObject if ($this->fk_statut != 99) { $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql.= " SET ref = '".$this->ref."', fk_statut = 99, fk_user_refuse = ".$fuser->id.","; + $sql.= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = 99, fk_user_refuse = ".$fuser->id.","; $sql.= " date_refuse='".$this->db->idate($now)."',"; $sql.= " detail_refuse='".$this->db->escape($details)."',"; $sql.= " fk_user_approve = NULL"; @@ -1373,7 +1373,7 @@ class ExpenseReport extends CommonObject $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; $sql.= " SET fk_statut = 4, fk_user_cancel = ".$fuser->id; - $sql.= ", date_cancel='".$this->date_cancel."'"; + $sql.= ", date_cancel='".$this->db->idate($this->date_cancel)."'"; $sql.= " ,detail_cancel='".$this->db->escape($detail)."'"; $sql.= ' WHERE rowid = '.$this->id; @@ -2154,8 +2154,8 @@ class ExpenseReportLine // Mise a jour ligne en base $sql = "UPDATE ".MAIN_DB_PREFIX."expensereport_det SET"; $sql.= " comments='".$this->db->escape($this->comments)."'"; - $sql.= ",value_unit=".$this->value_unit.""; - $sql.= ",qty=".$this->qty.""; + $sql.= ",value_unit=".$this->value_unit; + $sql.= ",qty=".$this->qty; $sql.= ",date='".$this->db->idate($this->date)."'"; $sql.= ",total_ht=".$this->total_ht.""; $sql.= ",total_tva=".$this->total_tva.""; diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index d9912edfca1..6142d87de7a 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -212,7 +212,7 @@ class Fichinter extends CommonObject if ($this->id) { $this->ref='(PROV'.$this->id.')'; - $sql = 'UPDATE '.MAIN_DB_PREFIX."fichinter SET ref='".$this->ref."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."fichinter SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id; dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql=$this->db->query($sql); @@ -1375,7 +1375,7 @@ class FichinterLigne extends CommonObjectLine $sql.= " description='".$this->db->escape($this->desc)."'"; $sql.= ",date='".$this->db->idate($this->datei)."'"; $sql.= ",duree=".$this->duration; - $sql.= ",rang='".$this->rang."'"; + $sql.= ",rang='".$this->db->escape($this->rang)."'"; $sql.= " WHERE rowid = ".$this->rowid; dol_syslog("FichinterLigne::update", LOG_DEBUG); diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 6b9ded02160..cb47a2d99df 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -3213,12 +3213,12 @@ class CommandeFournisseurLigne extends CommonOrderLine $sql.= ", tva_tx='".price2num($this->tva_tx)."'"; $sql.= ", localtax1_tx='".price2num($this->total_localtax1)."'"; $sql.= ", localtax2_tx='".price2num($this->total_localtax2)."'"; - $sql.= ", localtax1_type='".$this->localtax1_type."'"; - $sql.= ", localtax2_type='".$this->localtax2_type."'"; + $sql.= ", localtax1_type='".$this->db->escape($this->localtax1_type)."'"; + $sql.= ", localtax2_type='".$this->db->escape($this->localtax2_type)."'"; $sql.= ", qty='".price2num($this->qty)."'"; $sql.= ", date_start=".(! empty($this->date_start)?"'".$this->db->idate($this->date_start)."'":"null"); $sql.= ", date_end=".(! empty($this->date_end)?"'".$this->db->idate($this->date_end)."'":"null"); - $sql.= ", info_bits='".$this->info_bits."'"; + $sql.= ", info_bits='".$this->db->escape($this->info_bits)."'"; $sql.= ", total_ht='".price2num($this->total_ht)."'"; $sql.= ", total_tva='".price2num($this->total_tva)."'"; $sql.= ", total_localtax1='".price2num($this->total_localtax1)."'"; @@ -3295,7 +3295,7 @@ class CommandeFournisseurLigne extends CommonOrderLine $this->db->begin(); - $sql = 'DELETE FROM '.MAIN_DB_PREFIX."commande_fournisseurdet WHERE rowid='".$this->rowid."';"; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX."commande_fournisseurdet WHERE rowid=".$this->rowid; dol_syslog(__METHOD__, LOG_DEBUG); $resql=$this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 496c4660895..f9df07e96cc 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -300,7 +300,7 @@ class FactureFournisseur extends CommonInvoice // Update ref with new one $this->ref='(PROV'.$this->id.')'; - $sql = 'UPDATE '.MAIN_DB_PREFIX."facture_fourn SET ref='".$this->ref."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."facture_fourn SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id; dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql=$this->db->query($sql); @@ -2559,8 +2559,8 @@ class SupplierInvoiceLine extends CommonObjectLine $sql.= ", tva_tx = ".price2num($this->tva_tx); $sql.= ", localtax1_tx = ".price2num($this->localtax1_tx); $sql.= ", localtax2_tx = ".price2num($this->localtax2_tx); - $sql.= ", localtax1_type = '".$this->localtax1_type."'"; - $sql.= ", localtax2_type = '".$this->localtax2_type."'"; + $sql.= ", localtax1_type = '".$this->db->escape($this->localtax1_type)."'"; + $sql.= ", localtax2_type = '".$this->db->escape($this->localtax2_type)."'"; $sql.= ", total_ht = ".price2num($this->total_ht); $sql.= ", tva= ".price2num($this->total_tva); $sql.= ", total_localtax1= ".price2num($this->total_localtax1); diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index e69fd312f45..5f244dcb9bf 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -546,12 +546,12 @@ class Holiday extends CommonObject } $sql.= " halfday = ".$this->halfday.","; if(!empty($this->statut) && is_numeric($this->statut)) { - $sql.= " statut = '".$this->statut."',"; + $sql.= " statut = ".$this->statut.","; } else { $error++; } if(!empty($this->fk_validator)) { - $sql.= " fk_validator = '".$this->fk_validator."',"; + $sql.= " fk_validator = '".$this->db->escape($this->fk_validator)."',"; } else { $error++; } @@ -561,7 +561,7 @@ class Holiday extends CommonObject $sql.= " date_valid = NULL,"; } if(!empty($this->fk_user_valid)) { - $sql.= " fk_user_valid = '".$this->fk_user_valid."',"; + $sql.= " fk_user_valid = '".$this->db->escape($this->fk_user_valid)."',"; } else { $sql.= " fk_user_valid = NULL,"; } @@ -571,7 +571,7 @@ class Holiday extends CommonObject $sql.= " date_refuse = NULL,"; } if(!empty($this->fk_user_refuse)) { - $sql.= " fk_user_refuse = '".$this->fk_user_refuse."',"; + $sql.= " fk_user_refuse = '".$this->db->escape($this->fk_user_refuse)."',"; } else { $sql.= " fk_user_refuse = NULL,"; } @@ -581,7 +581,7 @@ class Holiday extends CommonObject $sql.= " date_cancel = NULL,"; } if(!empty($this->fk_user_cancel)) { - $sql.= " fk_user_cancel = '".$this->fk_user_cancel."',"; + $sql.= " fk_user_cancel = '".$this->db->escape($this->fk_user_cancel)."',"; } else { $sql.= " fk_user_cancel = NULL,"; } @@ -591,7 +591,7 @@ class Holiday extends CommonObject $sql.= " detail_refuse = NULL"; } - $sql.= " WHERE rowid= '".$this->id."'"; + $sql.= " WHERE rowid= ".$this->id; $this->db->begin(); diff --git a/htdocs/hrm/class/establishment.class.php b/htdocs/hrm/class/establishment.class.php index 4438f3ea6ad..a171a111889 100644 --- a/htdocs/hrm/class/establishment.class.php +++ b/htdocs/hrm/class/establishment.class.php @@ -153,12 +153,12 @@ class Establishment extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."establishment"; - $sql .= " SET name = '".$this->name."'"; - $sql .= ", address = '".$this->address."'"; - $sql .= ", zip = '".$this->zip."'"; - $sql .= ", town = '".$this->town."'"; + $sql .= " SET name = '".$this->db->escape($this->name)."'"; + $sql .= ", address = '".$this->db->escape($this->address)."'"; + $sql .= ", zip = '".$this->db->escape($this->zip)."'"; + $sql .= ", town = '".$this->db->escape($this->town)."'"; $sql .= ", fk_country = ".($this->country_id > 0 ? $this->country_id : 'null'); - $sql .= ", status = '".$this->status."'"; + $sql .= ", status = '".$this->db->escape($this->status)."'"; $sql .= ", fk_user_mod = " . $user->id; $sql .= " WHERE rowid = ".$this->id; diff --git a/htdocs/livraison/class/livraison.class.php b/htdocs/livraison/class/livraison.class.php index 3a18abf2cbb..383b2276d6c 100644 --- a/htdocs/livraison/class/livraison.class.php +++ b/htdocs/livraison/class/livraison.class.php @@ -263,7 +263,7 @@ class Livraison extends CommonObject $sql.= ', l.fk_incoterms, l.location_incoterms'; $sql.= ", i.libelle as libelle_incoterms"; $sql.= " FROM ".MAIN_DB_PREFIX."livraison as l"; - $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON el.fk_target = l.rowid AND el.targettype = '".$this->element."'"; + $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON el.fk_target = l.rowid AND el.targettype = '".$this->db->escape($this->element)."'"; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON l.fk_incoterms = i.rowid'; $sql.= " WHERE l.rowid = ".$id; diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php index d9d4da6fb20..734c2356b3a 100644 --- a/htdocs/loan/class/loan.class.php +++ b/htdocs/loan/class/loan.class.php @@ -236,7 +236,7 @@ class Loan extends CommonObject // Delete payments if (! $error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_loan where fk_loan='".$this->id."'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."payment_loan where fk_loan=".$this->id; dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql=$this->db->query($sql); if (! $resql) @@ -248,7 +248,7 @@ class Loan extends CommonObject if (! $error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."loan where rowid='".$this->id."'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."loan where rowid=".$this->id; dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql=$this->db->query($sql); if (! $resql) diff --git a/htdocs/product/canvas/product/actions_card_product.class.php b/htdocs/product/canvas/product/actions_card_product.class.php index 8db1ae21469..a60694ca7cb 100644 --- a/htdocs/product/canvas/product/actions_card_product.class.php +++ b/htdocs/product/canvas/product/actions_card_product.class.php @@ -269,7 +269,7 @@ class ActionsCardProduct $sql = "SELECT rowid, name, alias, title, align, sort, search, enabled, rang"; $sql.= " FROM ".MAIN_DB_PREFIX."c_field_list"; - $sql.= " WHERE element = '".$this->fieldListName."'"; + $sql.= " WHERE element = '".$this->db->escape($this->fieldListName)."'"; $sql.= " AND entity = ".$conf->entity; $sql.= " ORDER BY rang ASC"; diff --git a/htdocs/product/canvas/service/actions_card_service.class.php b/htdocs/product/canvas/service/actions_card_service.class.php index af6fbccc320..970ac535273 100644 --- a/htdocs/product/canvas/service/actions_card_service.class.php +++ b/htdocs/product/canvas/service/actions_card_service.class.php @@ -248,7 +248,7 @@ class ActionsCardService $sql = "SELECT rowid, name, alias, title, align, sort, search, enabled, rang"; $sql.= " FROM ".MAIN_DB_PREFIX."c_field_list"; - $sql.= " WHERE element = '".$this->fieldListName."'"; + $sql.= " WHERE element = '".$this->db->escape($this->fieldListName)."'"; $sql.= " AND entity = ".$conf->entity; $sql.= " ORDER BY rang ASC"; diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 4e6c3f49738..4a8c1e9f8fb 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -494,7 +494,7 @@ class Product extends CommonObject $sql = "SELECT count(*) as nb"; $sql.= " FROM ".MAIN_DB_PREFIX."product"; $sql.= " WHERE entity IN (".getEntity('product', 1).")"; - $sql.= " AND ref = '" .$this->ref."'"; + $sql.= " AND ref = '" .$this->db->escape($this->ref)."'"; $result = $this->db->query($sql); if ($result) @@ -1212,14 +1212,14 @@ class Product extends CommonObject $sql2.= " label='".$this->db->escape($this->label)."',"; $sql2.= " description='".$this->db->escape($this->description)."'"; if (! empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) $sql2.= ", note='".$this->db->escape($this->note)."'"; - $sql2.= " WHERE fk_product=".$this->id." AND lang='".$key."'"; + $sql2.= " WHERE fk_product=".$this->id." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."product_lang (fk_product, lang, label, description"; if (! empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) $sql2.=", note"; $sql2.= ")"; - $sql2.= " VALUES(".$this->id.",'".$key."','". $this->db->escape($this->label)."',"; + $sql2.= " VALUES(".$this->id.",'".$this->db->escape($key)."','". $this->db->escape($this->label)."',"; $sql2.= " '".$this->db->escape($this->description)."'"; if (! empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) $sql2.= ", '".$this->db->escape($this->note)."'"; $sql2.= ")"; @@ -1247,14 +1247,14 @@ class Product extends CommonObject $sql2.= " label='".$this->db->escape($this->multilangs["$key"]["label"])."',"; $sql2.= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'"; if (! empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) $sql2.= ", note='".$this->db->escape($this->multilangs["$key"]["note"])."'"; - $sql2.= " WHERE fk_product=".$this->id." AND lang='".$key."'"; + $sql2.= " WHERE fk_product=".$this->id." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."product_lang (fk_product, lang, label, description"; if (! empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) $sql2.=", note"; $sql2.= ")"; - $sql2.= " VALUES(".$this->id.",'".$key."','". $this->db->escape($this->multilangs["$key"]["label"])."',"; + $sql2.= " VALUES(".$this->id.",'".$this->db->escape($key)."','". $this->db->escape($this->multilangs["$key"]["label"])."',"; $sql2.= " '".$this->db->escape($this->multilangs["$key"]["description"])."'"; if (! empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) $sql2.= ", '".$this->db->escape($this->note)."'"; $sql2.= ")"; @@ -1944,7 +1944,7 @@ class Product extends CommonObject $sql.= " FROM ".MAIN_DB_PREFIX."product_price"; $sql.= " WHERE entity IN (".getEntity('productprice', 1).")"; $sql.= " AND price_level=".$i; - $sql.= " AND fk_product = '".$this->id."'"; + $sql.= " AND fk_product = ".$this->id; $sql.= " ORDER BY date_price DESC, rowid DESC"; $sql.= " LIMIT 1"; $resql = $this->db->query($sql); @@ -1969,7 +1969,7 @@ class Product extends CommonObject { $sql = "SELECT rowid, price, unitprice, quantity, remise_percent, remise"; $sql.= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql.= " WHERE fk_product_price = '".$this->prices_by_qty_id[$i]."'"; + $sql.= " WHERE fk_product_price = ".$this->prices_by_qty_id[$i]; $sql.= " ORDER BY quantity ASC"; $resultat=array(); $resql = $this->db->query($sql); @@ -2006,7 +2006,7 @@ class Product extends CommonObject $sql = "SELECT price, price_ttc, price_min, price_min_ttc,"; $sql.= " price_base_type, tva_tx, default_vat_code, tosell, price_by_qty, rowid"; $sql.= " FROM ".MAIN_DB_PREFIX."product_price"; - $sql.= " WHERE fk_product = '".$this->id."'"; + $sql.= " WHERE fk_product = ".$this->id; $sql.= " ORDER BY date_price DESC, rowid DESC"; $sql.= " LIMIT 1"; $resql = $this->db->query($sql); @@ -2022,7 +2022,7 @@ class Product extends CommonObject { $sql = "SELECT rowid,price, unitprice, quantity, remise_percent, remise"; $sql.= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql.= " WHERE fk_product_price = '".$this->prices_by_qty_id[0]."'"; + $sql.= " WHERE fk_product_price = ".$this->prices_by_qty_id[0]; $sql.= " ORDER BY quantity ASC"; $resultat=array(); $resql = $this->db->query($sql); diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 309107ed233..5efaae1fd78 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -1113,7 +1113,7 @@ class Project extends CommonObject // Get id of types of contacts for projects (This list never contains a lot of elements) $listofprojectcontacttype=array(); $sql2 = "SELECT ctc.rowid, ctc.code FROM ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sql2.= " WHERE ctc.element = '" . $this->element . "'"; + $sql2.= " WHERE ctc.element = '" . $this->db->escape($this->element) . "'"; $sql2.= " AND ctc.source = 'internal'"; $resql = $this->db->query($sql2); if ($resql) diff --git a/htdocs/projet/class/projectstats.class.php b/htdocs/projet/class/projectstats.class.php index 88eb8ef5ced..4485117fb0f 100644 --- a/htdocs/projet/class/projectstats.class.php +++ b/htdocs/projet/class/projectstats.class.php @@ -143,7 +143,7 @@ class ProjectStats extends Stats if (! empty($this->socid)) $sqlwhere[] = ' t.fk_soc=' . $this->socid; if (! empty($this->year) && empty($this->yearmonth)) - $sqlwhere[] = " date_format(t.datec,'%Y')='" . $this->year . "'"; + $sqlwhere[] = " date_format(t.datec,'%Y')='" . $this->db->escape($this->year) . "'"; if (! empty($this->yearmonth)) $sqlwhere[] = " t.datec BETWEEN '" . $this->db->idate(dol_get_first_day($this->yearmonth)) . "' AND '" . $this->db->idate(dol_get_last_day($this->yearmonth)) . "'"; diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index 652cd8d5d7e..65c3ca37e0a 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -144,12 +144,12 @@ class CompanyBankAccount extends Account $sql = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET"; $sql.= " bank = '" .$this->db->escape($this->bank)."'"; - $sql.= ",code_banque='".$this->code_banque."'"; - $sql.= ",code_guichet='".$this->code_guichet."'"; - $sql.= ",number='".$this->number."'"; - $sql.= ",cle_rib='".$this->cle_rib."'"; - $sql.= ",bic='".$this->bic."'"; - $sql.= ",iban_prefix = '".$this->iban."'"; + $sql.= ",code_banque='".$this->db->escape($this->code_banque)."'"; + $sql.= ",code_guichet='".$this->db->escape($this->code_guichet)."'"; + $sql.= ",number='".$this->db->escape($this->number)."'"; + $sql.= ",cle_rib='".$this->db->escape($this->cle_rib)."'"; + $sql.= ",bic='".$this->db->escape($this->bic)."'"; + $sql.= ",iban_prefix = '".$this->db->escape($this->iban)."'"; $sql.= ",domiciliation='".$this->db->escape($this->domiciliation)."'"; $sql.= ",proprio = '".$this->db->escape($this->proprio)."'"; $sql.= ",owner_address = '".$this->db->escape($this->owner_address)."'"; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 6d3464ccc20..fb486629731 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -841,7 +841,7 @@ class Societe extends CommonObject $sql .= ",fk_effectif = ".(! empty($this->effectif_id)?"'".$this->db->escape($this->effectif_id)."'":"null"); if (isset($this->stcomm_id)) { - $sql .= ",fk_stcomm='".$this->stcomm_id."'"; + $sql .= ",fk_stcomm=".($this->stcomm_id > 0 ? $this->stcomm_id : "null"); } $sql .= ",fk_typent = ".(! empty($this->typent_id)?"'".$this->db->escape($this->typent_id)."'":"0"); @@ -859,7 +859,7 @@ class Societe extends CommonObject $sql .= ",default_lang = ".(! empty($this->default_lang)?"'".$this->db->escape($this->default_lang)."'":"null"); $sql .= ",logo = ".(! empty($this->logo)?"'".$this->db->escape($this->logo)."'":"null"); $sql .= ",outstanding_limit= ".($this->outstanding_limit!=''?$this->outstanding_limit:'null'); - $sql .= ",fk_prospectlevel='".$this->fk_prospectlevel."'"; + $sql .= ",fk_prospectlevel='".$this->db->escape($this->fk_prospectlevel)."'"; $sql .= ",webservices_url = ".(! empty($this->webservices_url)?"'".$this->db->escape($this->webservices_url)."'":"null"); $sql .= ",webservices_key = ".(! empty($this->webservices_key)?"'".$this->db->escape($this->webservices_key)."'":"null"); @@ -2080,7 +2080,7 @@ class Societe extends CommonObject $sql = "SELECT rowid, email, statut, phone_mobile, lastname, poste, firstname"; $sql.= " FROM ".MAIN_DB_PREFIX."socpeople"; - $sql.= " WHERE fk_soc = '".$this->id."'"; + $sql.= " WHERE fk_soc = ".$this->id; $resql=$this->db->query($sql); if ($resql) @@ -2140,7 +2140,7 @@ class Societe extends CommonObject { $contacts = array(); - $sql = "SELECT rowid, lastname, firstname FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = '".$this->id."'"; + $sql = "SELECT rowid, lastname, firstname FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".$this->id; $resql=$this->db->query($sql); if ($resql) { @@ -2173,7 +2173,7 @@ class Societe extends CommonObject require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php'; $contacts = array(); - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = '".$this->id."'"; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."socpeople WHERE fk_soc = ".$this->id; $resql=$this->db->query($sql); if ($resql) { @@ -3157,7 +3157,7 @@ class Societe extends CommonObject { $sql = "SELECT t.localtax1, t.localtax2"; $sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c"; - $sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$this->country_code."'"; + $sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$this->db->escape($this->country_code)."'"; $sql .= " AND t.active = 1"; if (empty($localTaxNum)) $sql .= " AND (t.localtax1_type <> '0' OR t.localtax2_type <> '0')"; elseif ($localTaxNum == 1) $sql .= " AND t.localtax1_type <> '0'"; @@ -3181,7 +3181,7 @@ class Societe extends CommonObject { $sql = "SELECT t.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c"; - $sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$this->country_code."'"; + $sql .= " WHERE t.fk_pays = c.rowid AND c.code = '".$this->db->escape($this->country_code)."'"; $sql .= " AND t.active = 1 AND t.recuperableonly = 1"; dol_syslog("useNPR", LOG_DEBUG); @@ -3202,7 +3202,7 @@ class Societe extends CommonObject { $sql = "SELECT COUNT(*) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."c_revenuestamp as r, ".MAIN_DB_PREFIX."c_country as c"; - $sql .= " WHERE r.fk_pays = c.rowid AND c.code = '".$this->country_code."'"; + $sql .= " WHERE r.fk_pays = c.rowid AND c.code = '".$this->db->escape($this->country_code)."'"; $sql .= " AND r.active = 1"; dol_syslog("useRevenueStamp", LOG_DEBUG); diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 00ca20bcd5a..7019933fb9c 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -839,7 +839,7 @@ class SupplierProposal extends CommonObject if ($this->id) { $this->ref='(PROV'.$this->id.')'; - $sql = 'UPDATE '.MAIN_DB_PREFIX."supplier_proposal SET ref='".$this->ref."' WHERE rowid=".$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX."supplier_proposal SET ref='".$this->db->escape($this->ref)."' WHERE rowid=".$this->id; dol_syslog(get_class($this)."::create", LOG_DEBUG); $resql=$this->db->query($sql); @@ -3002,14 +3002,14 @@ class SupplierProposalLine extends CommonObjectLine $sql.= " , tva_tx='".price2num($this->tva_tx)."'"; $sql.= " , localtax1_tx=".price2num($this->localtax1_tx); $sql.= " , localtax2_tx=".price2num($this->localtax2_tx); - $sql.= " , localtax1_type='".$this->localtax1_type."'"; - $sql.= " , localtax2_type='".$this->localtax2_type."'"; + $sql.= " , localtax1_type='".$this->db->escape($this->localtax1_type)."'"; + $sql.= " , localtax2_type='".$this->db->escape($this->localtax2_type)."'"; $sql.= " , qty='".price2num($this->qty)."'"; $sql.= " , subprice=".price2num($this->subprice).""; $sql.= " , remise_percent=".price2num($this->remise_percent).""; $sql.= " , price=".price2num($this->price).""; // TODO A virer $sql.= " , remise=".price2num($this->remise).""; // TODO A virer - $sql.= " , info_bits='".$this->info_bits."'"; + $sql.= " , info_bits='".$this->db->escape($this->info_bits)."'"; if (empty($this->skip_update_total)) { $sql.= " , total_ht=".price2num($this->total_ht).""; diff --git a/htdocs/user/class/userbankaccount.class.php b/htdocs/user/class/userbankaccount.class.php index a7aba35fc64..00d350c3b0f 100644 --- a/htdocs/user/class/userbankaccount.class.php +++ b/htdocs/user/class/userbankaccount.class.php @@ -100,12 +100,12 @@ class UserBankAccount extends Account $sql = "UPDATE ".MAIN_DB_PREFIX."user_rib SET"; $sql.= " bank = '" .$this->db->escape($this->bank)."'"; - $sql.= ",code_banque='".$this->code_banque."'"; - $sql.= ",code_guichet='".$this->code_guichet."'"; - $sql.= ",number='".$this->number."'"; - $sql.= ",cle_rib='".$this->cle_rib."'"; - $sql.= ",bic='".$this->bic."'"; - $sql.= ",iban_prefix = '".$this->iban."'"; + $sql.= ",code_banque='".$this->db->escape($this->code_banque)."'"; + $sql.= ",code_guichet='".$this->db->escape($this->code_guichet)."'"; + $sql.= ",number='".$this->db->escape($this->number)."'"; + $sql.= ",cle_rib='".$this->db->escape($this->cle_rib)."'"; + $sql.= ",bic='".$this->db->escape($this->bic)."'"; + $sql.= ",iban_prefix = '".$this->db->escape($this->iban)."'"; $sql.= ",domiciliation='".$this->db->escape($this->domiciliation)."'"; $sql.= ",proprio = '".$this->db->escape($this->proprio)."'"; $sql.= ",owner_address = '".$this->db->escape($this->owner_address)."'"; diff --git a/test/phpunit/AllTests.php b/test/phpunit/AllTests.php index 99f9faf260d..812ec85117c 100644 --- a/test/phpunit/AllTests.php +++ b/test/phpunit/AllTests.php @@ -100,11 +100,14 @@ class AllTests require_once dirname(__FILE__).'/XCalLibTest.php'; $suite->addTestSuite('XCalLibTest'); + // Rules into source files content require_once dirname(__FILE__).'/LangTest.php'; $suite->addTestSuite('LangTest'); - require_once dirname(__FILE__).'/SqlTest.php'; - $suite->addTestSuite('SqlTest'); - + require_once dirname(__FILE__).'/CodingSqlTest.php'; + $suite->addTestSuite('CodingSqlTest'); + require_once dirname(__FILE__).'/CodingPhpTest.php'; + $suite->addTestSuite('PhpTest'); + require_once dirname(__FILE__).'/SecurityTest.php'; $suite->addTestSuite('SecurityTest'); diff --git a/test/phpunit/CodingPHPTest.php b/test/phpunit/CodingPhpTest.php similarity index 94% rename from test/phpunit/CodingPHPTest.php rename to test/phpunit/CodingPhpTest.php index b8d7bc90816..4860e5b5e38 100644 --- a/test/phpunit/CodingPHPTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -148,18 +148,19 @@ class CodingPhpTest extends PHPUnit_Framework_TestCase { if (preg_match('/\/htdocs\/includes\//', $file['fullname'])) continue; if (preg_match('/\/htdocs\/custom\//', $file['fullname'])) continue; - if (preg_match('/\/htdocs\/nltechno/', $file['fullname'])) continue; if (preg_match('/\/htdocs\/dolimed/', $file['fullname'])) continue; + if (preg_match('/\/htdocs\/nltechno/', $file['fullname'])) continue; + if (preg_match('/\/htdocs\/teclib/', $file['fullname'])) continue; print 'Check php file '.$file['fullname']."\n"; $filecontent=file_get_contents($file['fullname']); $ok=true; $matches=array(); - preg_match_all('/=\'".\$this->(..)/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('/=\s*\'"\s*\.\s*\$this->(....)/', $filecontent, $matches, PREG_SET_ORDER); foreach($matches as $key => $val) { - if ($val[1] != 'db') + if ($val[1] != 'db->' && $val[1] != 'esca') { $ok=false; break; @@ -167,7 +168,7 @@ class CodingPhpTest extends PHPUnit_Framework_TestCase //if ($reg[0] != 'db') $ok=false; } //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; - $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['fullname'].'. Bad.'); + $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['fullname'].' ('.$val[0].'). Bad.'); //exit; } diff --git a/test/phpunit/SqlTest.php b/test/phpunit/CodingSqlTest.php similarity index 100% rename from test/phpunit/SqlTest.php rename to test/phpunit/CodingSqlTest.php