From 26495fb6983b9684a63aa88b97b826b0f3fd9ec3 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sun, 1 Jul 2018 18:49:37 +0200 Subject: [PATCH] Fix: !!!! Dont't use entity if you use rowid in fetch or others !!!! --- htdocs/comm/propal/class/propal.class.php | 7 +++++-- htdocs/commande/class/commande.class.php | 6 ++++-- htdocs/compta/facture/class/facture.class.php | 6 ++++-- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index c32f206ec52..8cbc4ca220e 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1335,8 +1335,11 @@ class Propal extends CommonObject $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_input_reason as dr ON p.fk_input_reason = dr.rowid'; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON p.fk_incoterms = i.rowid'; $sql.= " WHERE p.fk_statut = c.id"; - $sql.= " AND p.entity IN (".getEntity('propal').")"; - if ($ref) $sql.= " AND p.ref='".$ref."'"; + + if ($ref) { + $sql.= " AND p.entity IN (".getEntity('propal').")"; // Dont't use entity if you use rowid + $sql.= " AND p.ref='".$ref."'"; + } else $sql.= " AND p.rowid=".$rowid; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index a9970a95a51..17e4387c4de 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -1591,8 +1591,10 @@ class Commande extends CommonOrder $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_availability as ca ON c.fk_availability = ca.rowid'; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_input_reason as dr ON c.fk_input_reason = ca.rowid'; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON c.fk_incoterms = i.rowid'; - $sql.= " WHERE c.entity IN (".getEntity('commande').")"; - if ($id) $sql.= " AND c.rowid=".$id; + + if ($id) $sql.= " WHERE c.rowid=".$id; + else $sql.= " WHERE c.entity IN (".getEntity('commande').")"; // Dont't use entity if you use rowid + if ($ref) $sql.= " AND c.ref='".$this->db->escape($ref)."'"; if ($ref_ext) $sql.= " AND c.ref_ext='".$this->db->escape($ref_ext)."'"; if ($ref_int) $sql.= " AND c.ref_int='".$this->db->escape($ref_int)."'"; diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index b7d86cf630a..c6e43206c78 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -1274,8 +1274,10 @@ class Facture extends CommonInvoice $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_payment_term as c ON f.fk_cond_reglement = c.rowid'; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as p ON f.fk_mode_reglement = p.id'; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON f.fk_incoterms = i.rowid'; - $sql.= ' WHERE f.entity IN ('.getEntity('facture').')'; - if ($rowid) $sql.= " AND f.rowid=".$rowid; + + if ($rowid) $sql.= " WHERE f.rowid=".$rowid; + else $sql.= ' WHERE f.entity IN ('.getEntity('facture').')'; // Dont't use entity if you use rowid + if ($ref) $sql.= " AND f.facnumber='".$this->db->escape($ref)."'"; if ($ref_ext) $sql.= " AND f.ref_ext='".$this->db->escape($ref_ext)."'"; if ($ref_int) $sql.= " AND f.ref_int='".$this->db->escape($ref_int)."'";