mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2026-02-14 08:54:21 +01:00
Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into develop
This commit is contained in:
Laurent Destailleur
@@ -185,13 +185,13 @@ class AdvanceTargetingMailing extends CommonObject
|
||||
$sql .= "fk_user_mod";
|
||||
$sql .= ") VALUES (";
|
||||
$sql .= " ".(!isset($this->name) ? 'NULL' : "'".$this->db->escape($this->name)."'").",";
|
||||
$sql .= " ".$conf->entity.",";
|
||||
$sql .= " ".((int) $conf->entity).",";
|
||||
$sql .= " ".(!isset($this->fk_element) ? 'NULL' : "'".$this->db->escape($this->fk_element)."'").",";
|
||||
$sql .= " ".(!isset($this->type_element) ? 'NULL' : "'".$this->db->escape($this->type_element)."'").",";
|
||||
$sql .= " ".(!isset($this->filtervalue) ? 'NULL' : "'".$this->db->escape($this->filtervalue)."'").",";
|
||||
$sql .= " ".$user->id.",";
|
||||
$sql .= " ".((int) $user->id).",";
|
||||
$sql .= " '".$this->db->idate(dol_now())."',";
|
||||
$sql .= " ".$user->id;
|
||||
$sql .= " ".((int) $user->id);
|
||||
$sql .= ")";
|
||||
|
||||
$this->db->begin();
|
||||
@@ -429,11 +429,11 @@ class AdvanceTargetingMailing extends CommonObject
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_advtarget SET";
|
||||
|
||||
$sql .= " name=".(isset($this->name) ? "'".$this->db->escape($this->name)."'" : "''").",";
|
||||
$sql .= " entity=".$conf->entity.",";
|
||||
$sql .= " entity=".((int) $conf->entity).",";
|
||||
$sql .= " fk_element=".(isset($this->fk_element) ? $this->fk_element : "null").",";
|
||||
$sql .= " type_element=".(isset($this->type_element) ? "'".$this->db->escape($this->type_element)."'" : "null").",";
|
||||
$sql .= " filtervalue=".(isset($this->filtervalue) ? "'".$this->db->escape($this->filtervalue)."'" : "null").",";
|
||||
$sql .= " fk_user_mod=".$user->id;
|
||||
$sql .= " fk_user_mod=".((int) $user->id);
|
||||
|
||||
$sql .= " WHERE rowid=".((int) $this->id);
|
||||
|
||||
|
||||
@@ -300,7 +300,7 @@ class CashControl extends CommonObject
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."pos_cash_fence";
|
||||
$sql .= " SET status = ".self::STATUS_VALIDATED.",";
|
||||
$sql .= " date_valid='".$this->db->idate($now)."',";
|
||||
$sql .= " fk_user_valid = ".$user->id;
|
||||
$sql .= " fk_user_valid = ".((int) $user->id);
|
||||
$sql .= " WHERE rowid=".((int) $this->id);
|
||||
|
||||
$this->db->begin();
|
||||
|
||||
@@ -41,7 +41,8 @@ require_once DOL_DOCUMENT_ROOT.'/margin/lib/margins.lib.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/class/commonsignedobject.class.php';
|
||||
|
||||
/**
|
||||
* Class to manage contracts
|
||||
* Class to manage contracts
|
||||
*
|
||||
* @property int $signed_status
|
||||
* @static array<int> $SIGNED_STATUSES
|
||||
*/
|
||||
@@ -551,7 +552,6 @@ class Contrat extends CommonObject
|
||||
|
||||
if ($num) {
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."contrat SET ref = '".$this->db->escape($num)."', statut = 1";
|
||||
//$sql.= ", fk_user_valid = ".$user->id.", date_valid = '".$this->db->idate($now)."'";
|
||||
$sql .= " WHERE rowid = ".((int) $this->id)." AND statut = 0";
|
||||
|
||||
dol_syslog(get_class($this)."::validate", LOG_DEBUG);
|
||||
@@ -1397,7 +1397,7 @@ class Contrat extends CommonObject
|
||||
$sql .= " ref_customer=".(isset($this->ref_customer) ? "'".$this->db->escape($this->ref_customer)."'" : "null").",";
|
||||
$sql .= " ref_supplier=".(isset($this->ref_supplier) ? "'".$this->db->escape($this->ref_supplier)."'" : "null").",";
|
||||
$sql .= " ref_ext=".(isset($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null").",";
|
||||
$sql .= " entity=".$conf->entity.",";
|
||||
$sql .= " entity=".((int) $conf->entity).",";
|
||||
$sql .= " date_contrat=".(dol_strlen($this->date_contrat) != 0 ? "'".$this->db->idate($this->date_contrat)."'" : 'null').",";
|
||||
$sql .= " statut=".(isset($this->statut) ? $this->statut : (isset($this->status) ? $this->status : "null")).",";
|
||||
$sql .= " fk_soc=".($this->socid > 0 ? $this->socid : "null").",";
|
||||
|
||||
@@ -722,11 +722,11 @@ class ContratLigne extends CommonObjectLine
|
||||
$sql .= " fk_remise_except = ".($this->fk_remise_except > 0 ? $this->fk_remise_except : "null").",";
|
||||
$sql .= " subprice = ".($this->subprice != '' ? $this->subprice : "null").",";
|
||||
$sql .= " price_ht = ".($this->price_ht != '' ? $this->price_ht : "null").",";
|
||||
$sql .= " total_ht = ".$this->total_ht.",";
|
||||
$sql .= " total_tva = ".$this->total_tva.",";
|
||||
$sql .= " total_localtax1 = ".$this->total_localtax1.",";
|
||||
$sql .= " total_localtax2 = ".$this->total_localtax2.",";
|
||||
$sql .= " total_ttc = ".$this->total_ttc.",";
|
||||
$sql .= " total_ht = ".((float) $this->total_ht).",";
|
||||
$sql .= " total_tva = ".((float) $this->total_tva).",";
|
||||
$sql .= " total_localtax1 = ".((float) $this->total_localtax1).",";
|
||||
$sql .= " total_localtax2 = ".((float) $this->total_localtax2).",";
|
||||
$sql .= " total_ttc = ".((float) $this->total_ttc).",";
|
||||
$sql .= " fk_product_fournisseur_price = ".(!empty($this->fk_fournprice) ? $this->fk_fournprice : "NULL").",";
|
||||
$sql .= " buy_price_ht = '".price2num($this->pa_ht)."',";
|
||||
$sql .= " info_bits = '".$this->db->escape($this->info_bits)."',";
|
||||
|
||||
@@ -350,9 +350,9 @@ class CGenericDic extends CommonDict
|
||||
// Update request
|
||||
$sql = "UPDATE ".$this->db->prefix().$this->table_element.' SET';
|
||||
$sql .= " code = ".(isset($this->code) ? "'".$this->db->escape($this->code)."'" : "null").',';
|
||||
$sql .= " ".$fieldlabel." = ".(isset($this->label) ? "'".$this->db->escape($this->label)."'" : "null").',';
|
||||
$sql .= " ".$this->db->sanitize($fieldlabel)." = ".(isset($this->label) ? "'".$this->db->escape($this->label)."'" : "null").',';
|
||||
$sql .= " active = ".(isset($this->active) ? $this->active : "null");
|
||||
$sql .= " WHERE ".$fieldrowid." = ".((int) $this->id);
|
||||
$sql .= " WHERE ".$this->db->sanitize($fieldrowid)." = ".((int) $this->id);
|
||||
|
||||
$this->db->begin();
|
||||
|
||||
|
||||
@@ -249,14 +249,14 @@ class Comment extends CommonObject
|
||||
|
||||
// Update request
|
||||
$sql = "UPDATE ".$this->db->prefix().$this->table_element." SET";
|
||||
$sql .= " description=".(isset($this->description) ? "'".$this->db->escape($this->description)."'" : "null").",";
|
||||
$sql .= " datec=".($this->datec != '' ? "'".$this->db->idate($this->datec)."'" : 'null').",";
|
||||
$sql .= " fk_element=".(isset($this->fk_element) ? $this->fk_element : "null").",";
|
||||
$sql .= " element_type='".$this->db->escape($this->element_type)."',";
|
||||
$sql .= " fk_user_modif=".$user->id.",";
|
||||
$sql .= " entity=".(!empty($this->entity) ? $this->entity : '1').",";
|
||||
$sql .= " import_key=".(!empty($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null");
|
||||
$sql .= " WHERE rowid=".((int) $this->id);
|
||||
$sql .= " description = ".(isset($this->description) ? "'".$this->db->escape($this->description)."'" : "null").",";
|
||||
$sql .= " datec = ".($this->datec != '' ? "'".$this->db->idate($this->datec)."'" : 'null').",";
|
||||
$sql .= " fk_element = ".(isset($this->fk_element) ? $this->fk_element : "null").",";
|
||||
$sql .= " element_type = '".$this->db->escape($this->element_type)."',";
|
||||
$sql .= " fk_user_modif = ".((int) $user->id).",";
|
||||
$sql .= " entity = ".(!empty($this->entity) ? $this->entity : '1').",";
|
||||
$sql .= " import_key = ".(!empty($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null");
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
$this->db->begin();
|
||||
|
||||
|
||||
@@ -1369,7 +1369,7 @@ abstract class CommonObject
|
||||
// phpcs:enable
|
||||
// Insert into database
|
||||
$sql = "UPDATE ".$this->db->prefix()."element_contact set";
|
||||
$sql .= " statut = ".$statut;
|
||||
$sql .= " statut = ".((int) $statut);
|
||||
if ($type_contact_id) {
|
||||
$sql .= ", fk_c_type_contact = ".((int) $type_contact_id);
|
||||
}
|
||||
@@ -1377,6 +1377,7 @@ abstract class CommonObject
|
||||
$sql .= ", fk_socpeople = ".((int) $fk_socpeople);
|
||||
}
|
||||
$sql .= " where rowid = ".((int) $rowid);
|
||||
|
||||
$resql = $this->db->query($sql);
|
||||
if ($resql) {
|
||||
return 0;
|
||||
@@ -4102,11 +4103,11 @@ abstract class CommonObject
|
||||
|
||||
if (!$error && empty($nodatabaseupdate)) {
|
||||
$sql = "UPDATE ".$this->db->prefix().$this->table_element.' SET';
|
||||
$sql .= " ".$fieldht." = ".((float) price2num($this->total_ht, 'MT', 1)).",";
|
||||
$sql .= " ".$fieldtva." = ".((float) price2num($this->total_tva, 'MT', 1)).",";
|
||||
$sql .= " ".$fieldlocaltax1." = ".((float) price2num($this->total_localtax1, 'MT', 1)).",";
|
||||
$sql .= " ".$fieldlocaltax2." = ".((float) price2num($this->total_localtax2, 'MT', 1)).",";
|
||||
$sql .= " ".$fieldttc." = ".((float) price2num($this->total_ttc, 'MT', 1));
|
||||
$sql .= " ".$this->db->sanitize($fieldht)." = ".((float) price2num($this->total_ht, 'MT', 1)).",";
|
||||
$sql .= " ".$this->db->sanitize($fieldtva)." = ".((float) price2num($this->total_tva, 'MT', 1)).",";
|
||||
$sql .= " ".$this->db->sanitize($fieldlocaltax1)." = ".((float) price2num($this->total_localtax1, 'MT', 1)).",";
|
||||
$sql .= " ".$this->db->sanitize($fieldlocaltax2)." = ".((float) price2num($this->total_localtax2, 'MT', 1)).",";
|
||||
$sql .= " ".$this->db->sanitize($fieldttc)." = ".((float) price2num($this->total_ttc, 'MT', 1));
|
||||
$sql .= ", multicurrency_total_ht = ".((float) price2num($this->multicurrency_total_ht, 'MT', 1));
|
||||
$sql .= ", multicurrency_total_tva = ".((float) price2num($this->multicurrency_total_tva, 'MT', 1));
|
||||
$sql .= ", multicurrency_total_ttc = ".((float) price2num($this->multicurrency_total_ttc, 'MT', 1));
|
||||
|
||||
@@ -360,10 +360,10 @@ class ExtraFields
|
||||
'default' => $default_value
|
||||
);
|
||||
|
||||
$result = $this->db->DDLAddField($this->db->prefix().$table, $attrname, $field_desc);
|
||||
$result = $this->db->DDLAddField($this->db->prefix().$this->db->sanitize($table), $attrname, $field_desc);
|
||||
if ($result > 0) {
|
||||
if ($unique) {
|
||||
$sql = "ALTER TABLE ".$this->db->prefix().$table." ADD UNIQUE INDEX uk_".$table."_".$attrname." (".$attrname.")";
|
||||
$sql = "ALTER TABLE ".$this->db->prefix().$this->db->sanitize($table)." ADD UNIQUE INDEX uk_".$this->db->sanitize($table)."_".$attrname." (".$attrname.")";
|
||||
$resql = $this->db->query($sql, 1, 'dml');
|
||||
}
|
||||
return 1;
|
||||
@@ -927,11 +927,11 @@ class ExtraFields
|
||||
$sql .= " '".$this->db->escape($type)."',";
|
||||
$sql .= " '".$this->db->escape($size)."',";
|
||||
$sql .= " '".$this->db->escape($elementtype)."',";
|
||||
$sql .= " ".$unique.",";
|
||||
$sql .= " ".$required.",";
|
||||
$sql .= " ".((int) $unique).",";
|
||||
$sql .= " ".((int) $required).",";
|
||||
$sql .= " ".($perms ? "'".$this->db->escape($perms)."'" : "null").",";
|
||||
$sql .= " ".($langfile ? "'".$this->db->escape($langfile)."'" : "null").",";
|
||||
$sql .= " ".$pos.",";
|
||||
$sql .= " ".((int) $pos).",";
|
||||
$sql .= " '".$this->db->escape($alwayseditable)."',";
|
||||
$sql .= " '".$this->db->escape($params)."',";
|
||||
$sql .= " '".$this->db->escape($list)."',";
|
||||
@@ -939,8 +939,8 @@ class ExtraFields
|
||||
$sql .= " ".($totalizable ? 'TRUE' : 'FALSE').",";
|
||||
$sql .= " ".(($default != '') ? "'".$this->db->escape($default)."'" : "null").",";
|
||||
$sql .= " ".($computed ? "'".$this->db->escape($computed)."'" : "null").",";
|
||||
$sql .= " ".$user->id.",";
|
||||
$sql .= " ".$user->id.",";
|
||||
$sql .= " ".((int) $user->id).",";
|
||||
$sql .= " ".((int) $user->id).",";
|
||||
$sql .= "'".$this->db->idate(dol_now())."',";
|
||||
$sql .= "'".$this->db->escape($enabled)."',";
|
||||
$sql .= " ".($help ? "'".$this->db->escape($help)."'" : "null").",";
|
||||
|
||||
@@ -192,7 +192,7 @@ class Link extends CommonObject
|
||||
$this->db->begin();
|
||||
|
||||
$sql = "UPDATE ".$this->db->prefix()."links SET ";
|
||||
$sql .= "entity = ".$conf->entity;
|
||||
$sql .= "entity = ".((int) $conf->entity);
|
||||
$sql .= ", datea = '".$this->db->idate(dol_now())."'";
|
||||
$sql .= ", url = '".$this->db->escape($this->url)."'";
|
||||
$sql .= ", label = '".$this->db->escape($this->label)."'";
|
||||
|
||||
@@ -980,7 +980,7 @@ class DoliDBMysqli extends DoliDB
|
||||
$sql .= " ".$this->sanitize($field_desc['attribute']);
|
||||
}
|
||||
if (isset($field_desc['null']) && preg_match("/^[^\s]/i", $field_desc['null'])) {
|
||||
$sql .= " ".$field_desc['null'];
|
||||
$sql .= " ".$this->sanitize($field_desc['null']);
|
||||
}
|
||||
if (isset($field_desc['default']) && preg_match("/^[^\s]/i", $field_desc['default'])) {
|
||||
if (in_array($field_desc['type'], array('tinyint', 'smallint', 'int', 'double'))) {
|
||||
|
||||
@@ -1213,7 +1213,7 @@ class DoliDBPgsql extends DoliDB
|
||||
$sql .= " ".$this->sanitize($field_desc['attribute']);
|
||||
}
|
||||
if (isset($field_desc['null']) && preg_match("/^[^\s]/i", $field_desc['null'])) {
|
||||
$sql .= " ".$field_desc['null'];
|
||||
$sql .= " ".$this->sanitize($field_desc['null']);
|
||||
}
|
||||
if (isset($field_desc['default']) && preg_match("/^[^\s]/i", $field_desc['default'])) {
|
||||
if (in_array($field_desc['type'], array('tinyint', 'smallint', 'int', 'double'))) {
|
||||
|
||||
@@ -450,7 +450,7 @@ class Delivery extends CommonObject
|
||||
$sql .= " ref='".$this->db->escape($numref)."'";
|
||||
$sql .= ", fk_statut = 1";
|
||||
$sql .= ", date_valid = '".$this->db->idate($now)."'";
|
||||
$sql .= ", fk_user_valid = ".$user->id;
|
||||
$sql .= ", fk_user_valid = ".((int) $user->id);
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
$sql .= " AND fk_statut = 0";
|
||||
|
||||
|
||||
@@ -303,7 +303,7 @@ class EcmDirectory extends CommonObject
|
||||
if (preg_match('/[0-9]+/', $value)) {
|
||||
$sql .= " cachenbofdoc = ".(int) $value;
|
||||
} else {
|
||||
$sql .= " cachenbofdoc = cachenbofdoc ".$value." 1";
|
||||
$sql .= " cachenbofdoc = cachenbofdoc ".preg_replace('/[^\-\+]/', '', $value)." 1";
|
||||
}
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
|
||||
@@ -635,7 +635,7 @@ class ConferenceOrBoothAttendee extends CommonObject
|
||||
$sql .= ", date_validation = '".$this->db->idate($now)."'";
|
||||
}
|
||||
if (!empty($this->fields['fk_user_valid'])) { // @phan-suppress-current-line PhanTypeMismatchProperty
|
||||
$sql .= ", fk_user_valid = ".$user->id;
|
||||
$sql .= ", fk_user_valid = ".((int) $user->id);
|
||||
}
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
|
||||
@@ -846,7 +846,7 @@ class Expedition extends CommonObject
|
||||
$sql .= " ref='".$this->db->escape($numref)."'";
|
||||
$sql .= ", fk_statut = 1";
|
||||
$sql .= ", date_valid = '".$this->db->idate($now)."'";
|
||||
$sql .= ", fk_user_valid = ".$user->id;
|
||||
$sql .= ", fk_user_valid = ".((int) $user->id);
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
dol_syslog(get_class($this)."::valid update expedition", LOG_DEBUG);
|
||||
@@ -893,7 +893,7 @@ class Expedition extends CommonObject
|
||||
$this->error = $this->db->lasterror();
|
||||
}
|
||||
$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filepath = 'expedition/sending/".$this->db->escape($this->newref)."'";
|
||||
$sql .= " WHERE filepath = 'expedition/sending/".$this->db->escape($this->ref)."' and entity = ".$conf->entity;
|
||||
$sql .= " WHERE filepath = 'expedition/sending/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity);
|
||||
$resql = $this->db->query($sql);
|
||||
if (!$resql) {
|
||||
$error++;
|
||||
@@ -1212,32 +1212,32 @@ class Expedition extends CommonObject
|
||||
|
||||
// Update request
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."expedition SET";
|
||||
$sql .= " ref=".(isset($this->ref) ? "'".$this->db->escape($this->ref)."'" : "null").",";
|
||||
$sql .= " ref_ext=".(isset($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null").",";
|
||||
$sql .= " ref_customer=".(isset($this->ref_customer) ? "'".$this->db->escape($this->ref_customer)."'" : "null").",";
|
||||
$sql .= " fk_soc=".(isset($this->socid) ? $this->socid : "null").",";
|
||||
$sql .= " date_creation=".(dol_strlen($this->date_creation) != 0 ? "'".$this->db->idate($this->date_creation)."'" : 'null').",";
|
||||
$sql .= " fk_user_author=".(isset($this->fk_user_author) ? $this->fk_user_author : "null").",";
|
||||
$sql .= " date_valid=".(dol_strlen($this->date_valid) != 0 ? "'".$this->db->idate($this->date_valid)."'" : 'null').",";
|
||||
$sql .= " fk_user_valid=".(isset($this->fk_user_valid) ? $this->fk_user_valid : "null").",";
|
||||
$sql .= " date_expedition=".(dol_strlen($this->date_expedition) != 0 ? "'".$this->db->idate($this->date_expedition)."'" : 'null').",";
|
||||
$sql .= " date_delivery=".(dol_strlen($this->date_delivery) != 0 ? "'".$this->db->idate($this->date_delivery)."'" : 'null').",";
|
||||
$sql .= " fk_address=".(isset($this->fk_delivery_address) ? $this->fk_delivery_address : "null").",";
|
||||
$sql .= " fk_shipping_method=".((isset($this->shipping_method_id) && $this->shipping_method_id > 0) ? $this->shipping_method_id : "null").",";
|
||||
$sql .= " tracking_number=".(isset($this->tracking_number) ? "'".$this->db->escape($this->tracking_number)."'" : "null").",";
|
||||
$sql .= " fk_statut=".(isset($this->statut) ? $this->statut : "null").",";
|
||||
$sql .= " fk_projet=".(isset($this->fk_project) ? $this->fk_project : "null").",";
|
||||
$sql .= " height=".(($this->trueHeight != '') ? $this->trueHeight : "null").",";
|
||||
$sql .= " width=".(($this->trueWidth != '') ? $this->trueWidth : "null").",";
|
||||
$sql .= " size_units=".(isset($this->size_units) ? $this->size_units : "null").",";
|
||||
$sql .= " size=".(($this->trueDepth != '') ? $this->trueDepth : "null").",";
|
||||
$sql .= " weight_units=".(isset($this->weight_units) ? $this->weight_units : "null").",";
|
||||
$sql .= " weight=".(($this->trueWeight != '') ? $this->trueWeight : "null").",";
|
||||
$sql .= " note_private=".(isset($this->note_private) ? "'".$this->db->escape($this->note_private)."'" : "null").",";
|
||||
$sql .= " note_public=".(isset($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "null").",";
|
||||
$sql .= " model_pdf=".(isset($this->model_pdf) ? "'".$this->db->escape($this->model_pdf)."'" : "null").",";
|
||||
$sql .= " entity=".$conf->entity;
|
||||
$sql .= " WHERE rowid=".((int) $this->id);
|
||||
$sql .= " ref = ".(isset($this->ref) ? "'".$this->db->escape($this->ref)."'" : "null").",";
|
||||
$sql .= " ref_ext = ".(isset($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null").",";
|
||||
$sql .= " ref_customer = ".(isset($this->ref_customer) ? "'".$this->db->escape($this->ref_customer)."'" : "null").",";
|
||||
$sql .= " fk_soc = ".(isset($this->socid) ? $this->socid : "null").",";
|
||||
$sql .= " date_creation = ".(dol_strlen($this->date_creation) != 0 ? "'".$this->db->idate($this->date_creation)."'" : 'null').",";
|
||||
$sql .= " fk_user_author = ".(isset($this->fk_user_author) ? $this->fk_user_author : "null").",";
|
||||
$sql .= " date_valid = ".(dol_strlen($this->date_valid) != 0 ? "'".$this->db->idate($this->date_valid)."'" : 'null').",";
|
||||
$sql .= " fk_user_valid = ".(isset($this->fk_user_valid) ? $this->fk_user_valid : "null").",";
|
||||
$sql .= " date_expedition = ".(dol_strlen($this->date_expedition) != 0 ? "'".$this->db->idate($this->date_expedition)."'" : 'null').",";
|
||||
$sql .= " date_delivery = ".(dol_strlen($this->date_delivery) != 0 ? "'".$this->db->idate($this->date_delivery)."'" : 'null').",";
|
||||
$sql .= " fk_address = ".(isset($this->fk_delivery_address) ? $this->fk_delivery_address : "null").",";
|
||||
$sql .= " fk_shipping_method = ".((isset($this->shipping_method_id) && $this->shipping_method_id > 0) ? $this->shipping_method_id : "null").",";
|
||||
$sql .= " tracking_number = ".(isset($this->tracking_number) ? "'".$this->db->escape($this->tracking_number)."'" : "null").",";
|
||||
$sql .= " fk_statut = ".(isset($this->statut) ? $this->statut : "null").",";
|
||||
$sql .= " fk_projet = ".(isset($this->fk_project) ? $this->fk_project : "null").",";
|
||||
$sql .= " height = ".(($this->trueHeight != '') ? $this->trueHeight : "null").",";
|
||||
$sql .= " width = ".(($this->trueWidth != '') ? $this->trueWidth : "null").",";
|
||||
$sql .= " size_units = ".(isset($this->size_units) ? $this->size_units : "null").",";
|
||||
$sql .= " size = ".(($this->trueDepth != '') ? $this->trueDepth : "null").",";
|
||||
$sql .= " weight_units = ".(isset($this->weight_units) ? $this->weight_units : "null").",";
|
||||
$sql .= " weight = ".(($this->trueWeight != '') ? $this->trueWeight : "null").",";
|
||||
$sql .= " note_private = ".(isset($this->note_private) ? "'".$this->db->escape($this->note_private)."'" : "null").",";
|
||||
$sql .= " note_public = ".(isset($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "null").",";
|
||||
$sql .= " model_pdf = ".(isset($this->model_pdf) ? "'".$this->db->escape($this->model_pdf)."'" : "null").",";
|
||||
$sql .= " entity = ".((int) $conf->entity);
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
$this->db->begin();
|
||||
|
||||
|
||||
@@ -622,9 +622,9 @@ class ExpenseReport extends CommonObject
|
||||
$this->db->begin();
|
||||
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET";
|
||||
$sql .= " total_ht = ".$this->total_ht;
|
||||
$sql .= " , total_ttc = ".$this->total_ttc;
|
||||
$sql .= " , total_tva = ".$this->total_tva;
|
||||
$sql .= " total_ht = ".((float) $this->total_ht);
|
||||
$sql .= " , total_ttc = ".((float) $this->total_ttc);
|
||||
$sql .= " , total_tva = ".((float) $this->total_tva);
|
||||
$sql .= " , date_debut = '".$this->db->idate($this->date_debut)."'";
|
||||
$sql .= " , date_fin = '".$this->db->idate($this->date_fin)."'";
|
||||
if ($userofexpensereport && is_object($userofexpensereport)) {
|
||||
@@ -633,7 +633,7 @@ class ExpenseReport extends CommonObject
|
||||
$sql .= " , fk_user_validator = ".($this->fk_user_validator > 0 ? $this->fk_user_validator : "null");
|
||||
$sql .= " , fk_user_valid = ".($this->fk_user_valid > 0 ? $this->fk_user_valid : "null");
|
||||
$sql .= " , fk_user_approve = ".($this->fk_user_approve > 0 ? $this->fk_user_approve : "null");
|
||||
$sql .= " , fk_user_modif = ".$user->id;
|
||||
$sql .= " , fk_user_modif = ".((int) $user->id);
|
||||
$sql .= " , fk_statut = ".($this->fk_statut >= 0 ? $this->fk_statut : '0');
|
||||
$sql .= " , fk_c_paiement = ".($this->fk_c_paiement > 0 ? $this->fk_c_paiement : "null");
|
||||
$sql .= " , note_public = ".(!empty($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "''");
|
||||
@@ -1906,9 +1906,9 @@ class ExpenseReport extends CommonObject
|
||||
$this->total_ttc += $this->total_tva;
|
||||
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET";
|
||||
$sql .= " total_ht = ".$this->total_ht;
|
||||
$sql .= " , total_ttc = ".$this->total_ttc;
|
||||
$sql .= " , total_tva = ".$this->total_tva;
|
||||
$sql .= " total_ht = ".((float) $this->total_ht);
|
||||
$sql .= " , total_ttc = ".((float) $this->total_ttc);
|
||||
$sql .= " , total_tva = ".((float) $this->total_tva);
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
$result = $this->db->query($sql);
|
||||
|
||||
@@ -1237,7 +1237,7 @@ class Fichinter extends CommonObject
|
||||
if ($user->hasRight('ficheinter', 'creer')) {
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."fichinter ";
|
||||
$sql .= " SET description = '".$this->db->escape($description)."',";
|
||||
$sql .= " fk_user_modif = ".$user->id;
|
||||
$sql .= " fk_user_modif = ".((int) $user->id);
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
if ($this->db->query($sql)) {
|
||||
|
||||
@@ -1273,8 +1273,8 @@ class CommandeFournisseur extends CommonOrder
|
||||
$sql .= " SET ref='".$this->db->escape($num)."',";
|
||||
if (empty($secondlevel)) { // standard or first level approval
|
||||
$sql .= " date_approve='".$this->db->idate($now)."',";
|
||||
$sql .= " fk_user_approve = ".$user->id;
|
||||
if (getDolGlobalString('SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED') && $this->total_ht >= $conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED) {
|
||||
$sql .= " fk_user_approve = ".((int) $user->id);
|
||||
if (getDolGlobalString('SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED') && $this->total_ht >= getDolGlobalFloat('SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED')) {
|
||||
if (empty($this->user_approve_id2)) {
|
||||
$movetoapprovestatus = false; // second level approval not done
|
||||
$comment = ' (first level)';
|
||||
|
||||
@@ -3132,7 +3132,7 @@ class FactureFournisseur extends CommonInvoice
|
||||
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
|
||||
$clause = "AND";
|
||||
}
|
||||
$sql .= " ".$clause." f.entity = ".$conf->entity;
|
||||
$sql .= " ".$clause." f.entity = ".((int) $conf->entity);
|
||||
|
||||
$resql = $this->db->query($sql);
|
||||
if ($resql) {
|
||||
|
||||
@@ -537,14 +537,14 @@ class ProductFournisseur extends Product
|
||||
$sql .= " multicurrency_tx = ".(isset($multicurrency_tx) ? "'".$this->db->escape($multicurrency_tx)."'" : '1').",";
|
||||
$sql .= " fk_multicurrency = ".(isset($fk_multicurrency) ? (int) $fk_multicurrency : 'null').",";
|
||||
$sql .= " multicurrency_code = ".(isset($multicurrency_code) ? "'".$this->db->escape($multicurrency_code)."'" : 'null').",";
|
||||
$sql .= " entity = ".$conf->entity.",";
|
||||
$sql .= " tva_tx = ".price2num($tva_tx).",";
|
||||
$sql .= " entity = ".((int) $conf->entity).",";
|
||||
$sql .= " tva_tx = ".((float) price2num($tva_tx)).",";
|
||||
// TODO Add localtax1 and localtax2
|
||||
//$sql.= " localtax1_tx=".($localtax1>=0?$localtax1:'NULL').",";
|
||||
//$sql.= " localtax2_tx=".($localtax2>=0?$localtax2:'NULL').",";
|
||||
//$sql.= " localtax1_type=".($localtaxtype1!=''?"'".$this->db->escape($localtaxtype1)."'":"'0'").",";
|
||||
//$sql.= " localtax2_type=".($localtaxtype2!=''?"'".$this->db->escape($localtaxtype2)."'":"'0'").",";
|
||||
$sql .= " default_vat_code=".($newdefaultvatcode ? "'".$this->db->escape($newdefaultvatcode)."'" : "null").",";
|
||||
$sql .= " default_vat_code = ".($newdefaultvatcode ? "'".$this->db->escape($newdefaultvatcode)."'" : "null").",";
|
||||
$sql .= " info_bits = ".((int) $newnpr).",";
|
||||
$sql .= " charges = ".((float) $charges).","; // deprecated
|
||||
$sql .= " delivery_time_days = ".($delivery_time_days != '' ? ((int) $delivery_time_days) : 'null').",";
|
||||
@@ -1524,7 +1524,7 @@ class ProductFournisseur extends Product
|
||||
$sql .= (isset($multicurrency_code) ? "'".$this->db->escape($multicurrency_code)."'" : 'null').",";
|
||||
$sql .= "'".$this->db->idate($datec)."',";
|
||||
$sql .= " ".((int) $this->product_fourn_price_id).",";
|
||||
$sql .= " ".$user->id.",";
|
||||
$sql .= " ".((int) $user->id).",";
|
||||
$sql .= " ".price2num($buyprice).",";
|
||||
$sql .= " ".price2num($qty);
|
||||
$sql .= ")";
|
||||
|
||||
@@ -1047,9 +1047,9 @@ class Holiday extends CommonObject
|
||||
} else {
|
||||
$error++;
|
||||
}
|
||||
$sql .= " halfday = ".$this->halfday.",";
|
||||
$sql .= " halfday = ".((int) $this->halfday).",";
|
||||
if (!empty($this->status) && is_numeric($this->status)) {
|
||||
$sql .= " statut = ".$this->status.",";
|
||||
$sql .= " statut = ".((int) $this->status).",";
|
||||
} else {
|
||||
$error++;
|
||||
}
|
||||
@@ -2275,13 +2275,13 @@ class Holiday extends CommonObject
|
||||
}
|
||||
|
||||
/**
|
||||
* Liste le log des congés payés
|
||||
* List log of leaves
|
||||
*
|
||||
* @param string $order Filtrage par ordre
|
||||
* @param string $filter Filtre de séléction
|
||||
* @param string $sqlorder SQL sort order
|
||||
* @param string $sqlwhere SQL where
|
||||
* @return int -1 si erreur, 1 si OK et 2 si pas de résultat
|
||||
*/
|
||||
public function fetchLog($order, $filter)
|
||||
public function fetchLog($sqlorder, $sqlwhere)
|
||||
{
|
||||
$sql = "SELECT";
|
||||
$sql .= " cpl.rowid,";
|
||||
@@ -2295,31 +2295,31 @@ class Holiday extends CommonObject
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."holiday_logs as cpl";
|
||||
$sql .= " WHERE cpl.rowid > 0"; // To avoid error with other search and criteria
|
||||
|
||||
// Filtrage de séléction
|
||||
if (!empty($filter)) {
|
||||
$sql .= " ".$filter;
|
||||
// Filter
|
||||
if (!empty($sqlwhere)) {
|
||||
$sql .= " ".$sqlwhere;
|
||||
}
|
||||
|
||||
// Ordre d'affichage
|
||||
if (!empty($order)) {
|
||||
$sql .= " ".$order;
|
||||
// Order
|
||||
if (!empty($sqlorder)) {
|
||||
$sql .= " ".$sqlorder;
|
||||
}
|
||||
|
||||
dol_syslog(get_class($this)."::fetchLog", LOG_DEBUG);
|
||||
$resql = $this->db->query($sql);
|
||||
|
||||
// Si pas d'erreur SQL
|
||||
// If no error SQL
|
||||
if ($resql) {
|
||||
$i = 0;
|
||||
$tab_result = $this->logs;
|
||||
$num = $this->db->num_rows($resql);
|
||||
|
||||
// Si pas d'enregistrement
|
||||
// If no record
|
||||
if (!$num) {
|
||||
return 2;
|
||||
}
|
||||
|
||||
// On liste les résultats et on les ajoutent dans le tableau
|
||||
// Loop on result to fill the array
|
||||
while ($i < $num) {
|
||||
$obj = $this->db->fetch_object($resql);
|
||||
|
||||
|
||||
@@ -2529,8 +2529,9 @@ function migrate_restore_missing_links($db, $langs, $conf)
|
||||
$obj = $db->fetch_object($resql);
|
||||
|
||||
print 'Line '.$obj->rowid.' in '.$table1.' is linked to record '.$obj->field.' in '.$table2.' that has no link to '.$table1.'. We fix this.<br>';
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX.$table2." SET";
|
||||
$sql .= " ".$field2." = '".$db->escape($obj->rowid)."'";
|
||||
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX.$db->sanitize($table2)." SET";
|
||||
$sql .= " ".$db->sanitize($field2)." = '".$db->escape($obj->rowid)."'";
|
||||
$sql .= " WHERE rowid = ".((int) $obj->field);
|
||||
|
||||
$resql2 = $db->query($sql);
|
||||
@@ -2588,8 +2589,9 @@ function migrate_restore_missing_links($db, $langs, $conf)
|
||||
$obj = $db->fetch_object($resql);
|
||||
|
||||
print 'Line '.$obj->rowid.' in '.$table1.' is linked to record '.$obj->field.' in '.$table2.' that has no link to '.$table1.'. We fix this.<br>';
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX.$table2." SET";
|
||||
$sql .= " ".$field2." = '".$db->escape($obj->rowid)."'";
|
||||
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX.$db->sanitize($table2)." SET";
|
||||
$sql .= " ".$db->sanitize($field2)." = '".$db->escape($obj->rowid)."'";
|
||||
$sql .= " WHERE rowid = ".((int) $obj->field);
|
||||
|
||||
$resql2 = $db->query($sql);
|
||||
@@ -3251,8 +3253,8 @@ function migrate_actioncomm_element($db, $langs, $conf)
|
||||
$db->begin();
|
||||
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."actioncomm SET ";
|
||||
$sql .= "fk_element = ".$field.", elementtype = '".$db->escape($type)."'";
|
||||
$sql .= " WHERE ".$field." IS NOT NULL";
|
||||
$sql .= "fk_element = ".$db->sanitize($field).", elementtype = '".$db->escape($type)."'";
|
||||
$sql .= " WHERE ".$db->sanitize($field)." IS NOT NULL";
|
||||
$sql .= " AND fk_element IS NULL";
|
||||
$sql .= " AND elementtype IS NULL";
|
||||
|
||||
|
||||
@@ -312,10 +312,10 @@ class Loan extends CommonObject
|
||||
$sql .= " '".$this->db->escape($this->account_capital)."',";
|
||||
$sql .= " '".$this->db->escape($this->account_insurance)."',";
|
||||
$sql .= " '".$this->db->escape($this->account_interest)."',";
|
||||
$sql .= " ".$conf->entity.",";
|
||||
$sql .= " ".((int) $conf->entity).",";
|
||||
$sql .= " '".$this->db->idate($now)."',";
|
||||
$sql .= " ".(empty($this->fk_project) ? 'NULL' : $this->fk_project).",";
|
||||
$sql .= " ".$user->id.",";
|
||||
$sql .= " ".((int) $user->id).",";
|
||||
$sql .= " '".price2num($newinsuranceamount)."'";
|
||||
$sql .= ")";
|
||||
|
||||
@@ -421,7 +421,7 @@ class Loan extends CommonObject
|
||||
$sql .= " accountancy_account_insurance = '".$this->db->escape($this->account_insurance)."',";
|
||||
$sql .= " accountancy_account_interest = '".$this->db->escape($this->account_interest)."',";
|
||||
$sql .= " fk_projet=".(empty($this->fk_project) ? 'NULL' : ((int) $this->fk_project)).",";
|
||||
$sql .= " fk_user_modif = ".$user->id.",";
|
||||
$sql .= " fk_user_modif = ".((int) $user->id).",";
|
||||
$sql .= " insurance_amount = '".price2num($this->db->escape($this->insurance_amount))."'";
|
||||
$sql .= " WHERE rowid=".((int) $this->id);
|
||||
|
||||
@@ -446,7 +446,7 @@ class Loan extends CommonObject
|
||||
public function setPaid($user)
|
||||
{
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."loan SET";
|
||||
$sql .= " paid = ".$this::STATUS_PAID;
|
||||
$sql .= " paid = ".((int) $this::STATUS_PAID);
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
$return = $this->db->query($sql);
|
||||
@@ -485,7 +485,7 @@ class Loan extends CommonObject
|
||||
public function setStarted($user)
|
||||
{
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."loan SET";
|
||||
$sql .= " paid = ".$this::STATUS_STARTED;
|
||||
$sql .= " paid = ".((int) $this::STATUS_STARTED);
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
$return = $this->db->query($sql);
|
||||
@@ -508,7 +508,7 @@ class Loan extends CommonObject
|
||||
public function setUnpaid($user)
|
||||
{
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."loan SET";
|
||||
$sql .= " paid = ".$this::STATUS_UNPAID;
|
||||
$sql .= " paid = ".((int) $this::STATUS_UNPAID);
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
$return = $this->db->query($sql);
|
||||
|
||||
@@ -1124,8 +1124,8 @@ class Mo extends CommonObject
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
|
||||
$sql .= " SET ref = '".$this->db->escape($num)."',";
|
||||
$sql .= " status = ".self::STATUS_VALIDATED.",";
|
||||
$sql .= " date_valid='".$this->db->idate($now)."',";
|
||||
$sql .= " fk_user_valid = ".$user->id;
|
||||
$sql .= " date_valid = '".$this->db->idate($now)."',";
|
||||
$sql .= " fk_user_valid = ".((int) $user->id);
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
dol_syslog(get_class($this)."::validate()", LOG_DEBUG);
|
||||
|
||||
@@ -804,12 +804,6 @@ class Partnership extends CommonObject
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
|
||||
$sql .= " SET ref = '".$this->db->escape($num)."',";
|
||||
$sql .= " status = ".self::STATUS_APPROVED;
|
||||
// if (!empty($this->fields['date_validation'])) {
|
||||
// $sql .= ", date_validation = '".$this->db->idate($now)."'";
|
||||
// }
|
||||
// if (!empty($this->fields['fk_user_valid'])) {
|
||||
// $sql .= ", fk_user_valid = ".$user->id;
|
||||
// }
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
dol_syslog(get_class($this)."::accept()", LOG_DEBUG);
|
||||
|
||||
@@ -824,7 +824,7 @@ class ProductCustomerPrice extends CommonObject
|
||||
// Update request
|
||||
$sql = "UPDATE ".$this->db->prefix()."product_customer_price SET";
|
||||
|
||||
$sql .= " entity=".$conf->entity.",";
|
||||
$sql .= " entity=".((int) $conf->entity).",";
|
||||
$sql .= " datec='".$this->db->idate(dol_now())."',";
|
||||
$sql .= " tms=".(dol_strlen((string) $this->tms) != 0 ? "'".$this->db->idate($this->tms)."'" : 'null').",";
|
||||
$sql .= " fk_product=".(isset($this->fk_product) ? $this->fk_product : "null").",";
|
||||
@@ -842,7 +842,7 @@ class ProductCustomerPrice extends CommonObject
|
||||
$sql .= " localtax2_tx=".(isset($this->localtax2_tx) ? (empty($this->localtax2_tx) ? 0 : $this->localtax2_tx) : "null").",";
|
||||
$sql .= " localtax1_type=".(!empty($this->localtax1_type) ? "'".$this->db->escape($this->localtax1_type)."'" : "'0'").",";
|
||||
$sql .= " localtax2_type=".(!empty($this->localtax2_type) ? "'".$this->db->escape($this->localtax2_type)."'" : "'0'").",";
|
||||
$sql .= " fk_user=".$user->id.",";
|
||||
$sql .= " fk_user=".((int) $user->id).",";
|
||||
$sql .= " price_label=".(isset($this->price_label) ? "'".$this->db->escape($this->price_label)."'" : "null").",";
|
||||
$sql .= " import_key=".(isset($this->import_key) ? "'".$this->db->escape($this->import_key)."'" : "null");
|
||||
|
||||
@@ -894,8 +894,6 @@ class ProductCustomerPrice extends CommonObject
|
||||
*/
|
||||
public function setPriceOnAffiliateThirdparty($user, $forceupdateaffiliate)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
if (getDolGlobalString('PRODUCT_DISABLE_PROPAGATE_CUSTOMER_PRICES_ON_CHILD_COMPANIES')) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -566,7 +566,7 @@ class ProductFournisseurPrice extends CommonObject
|
||||
$sql .= ", date_validation = '".$this->db->idate($now)."'";
|
||||
}
|
||||
if (!empty($this->fields['fk_user_valid'])) {
|
||||
$sql .= ", fk_user_valid = ".$user->id;
|
||||
$sql .= ", fk_user_valid = ".((int) $user->id);
|
||||
}
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
|
||||
@@ -329,15 +329,15 @@ class Propalmergepdfproduct extends CommonObject
|
||||
// Update request
|
||||
$sql = "UPDATE ".$this->db->prefix()."propal_merge_pdf_product SET";
|
||||
|
||||
$sql .= " fk_product=".(isset($this->fk_product) ? $this->fk_product : "null").",";
|
||||
$sql .= " file_name=".(isset($this->file_name) ? "'".$this->db->escape($this->file_name)."'" : "null").",";
|
||||
$sql .= " fk_product = ".(isset($this->fk_product) ? $this->fk_product : "null").",";
|
||||
$sql .= " file_name = ".(isset($this->file_name) ? "'".$this->db->escape($this->file_name)."'" : "null").",";
|
||||
if (getDolGlobalInt('MAIN_MULTILANGS')) {
|
||||
$sql .= " lang=".(isset($this->lang) ? "'".$this->db->escape($this->lang)."'" : "null").",";
|
||||
$sql .= " lang = ".(isset($this->lang) ? "'".$this->db->escape($this->lang)."'" : "null").",";
|
||||
}
|
||||
$sql .= " fk_user_mod=".$user->id;
|
||||
$sql .= " fk_user_mod = ".((int) $user->id);
|
||||
|
||||
|
||||
$sql .= " WHERE rowid=".((int) $this->id);
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
$this->db->begin();
|
||||
|
||||
|
||||
@@ -576,7 +576,7 @@ class PriceGlobalVariableUpdater
|
||||
|
||||
// Update request
|
||||
$sql = "UPDATE ".$this->db->prefix().$this->table_element." SET";
|
||||
$sql .= " next_update = ".$this->next_update;
|
||||
$sql .= " next_update = ".((int) $this->next_update);
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
$this->db->begin();
|
||||
|
||||
@@ -649,7 +649,7 @@ class Project extends CommonObject
|
||||
$sql .= ", fk_user_close = ".($this->fk_user_close > 0 ? $this->fk_user_close : "null");
|
||||
$sql .= ", opp_amount = ".(strcmp($this->opp_amount, '') ? price2num($this->opp_amount) : "null");
|
||||
$sql .= ", budget_amount = ".(strcmp($this->budget_amount, '') ? price2num($this->budget_amount) : "null");
|
||||
$sql .= ", fk_user_modif = ".$user->id;
|
||||
$sql .= ", fk_user_modif = ".((int) $user->id);
|
||||
$sql .= ", usage_opportunity = ".($this->usage_opportunity ? 1 : 0);
|
||||
$sql .= ", usage_task = ".($this->usage_task ? 1 : 0);
|
||||
$sql .= ", usage_bill_time = ".($this->usage_bill_time ? 1 : 0);
|
||||
|
||||
@@ -596,7 +596,7 @@ class Reception extends CommonObject
|
||||
$sql .= " ref='".$this->db->escape($numref)."'";
|
||||
$sql .= ", fk_statut = 1";
|
||||
$sql .= ", date_valid = '".$this->db->idate($now)."'";
|
||||
$sql .= ", fk_user_valid = ".$user->id;
|
||||
$sql .= ", fk_user_valid = ".((int) $user->id);
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
dol_syslog(get_class($this)."::valid update reception", LOG_DEBUG);
|
||||
$resql = $this->db->query($sql);
|
||||
|
||||
@@ -573,7 +573,7 @@ class RecruitmentCandidature extends CommonObject
|
||||
$sql .= ", date_validation = '".$this->db->idate($now)."',";
|
||||
}
|
||||
if (!empty($this->fields['fk_user_valid'])) { // @phan-suppress-current-line PhanTypeMismatchProperty
|
||||
$sql .= ", fk_user_valid = ".$user->id;
|
||||
$sql .= ", fk_user_valid = ".((int) $user->id);
|
||||
}
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
|
||||
@@ -581,7 +581,7 @@ class RecruitmentJobPosition extends CommonObject
|
||||
$sql .= ", date_validation = '".$this->db->idate($now)."',";
|
||||
}
|
||||
if (!empty($this->fields['fk_user_valid'])) { // @phan-suppress-current-line PhanTypeMismatchProperty
|
||||
$sql .= ", fk_user_valid = ".$user->id;
|
||||
$sql .= ", fk_user_valid = ".((int) $user->id);
|
||||
}
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
|
||||
@@ -1594,7 +1594,7 @@ class Societe extends CommonObject
|
||||
dol_syslog(get_class($this)."::update verify ok or not done");
|
||||
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET ";
|
||||
$sql .= "entity = ".$this->db->escape($this->entity);
|
||||
$sql .= "entity = ".((int) $this->entity);
|
||||
$sql .= ",nom = '".$this->db->escape($this->name)."'"; // Required
|
||||
$sql .= ",name_alias = '".$this->db->escape($this->name_alias)."'";
|
||||
$sql .= ",ref_ext = ".(!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null");
|
||||
|
||||
@@ -331,6 +331,25 @@ class CodingPhpTest extends CommonClassTest
|
||||
$this->assertTrue($ok, 'Found a forged SQL string that contains the function NOW() in file '.$file['relativename'].' Using this SQL function is forbidden. See https://wiki.dolibarr.org/index.php?title=Language_and_development_rules#SQL_Coding_rules');
|
||||
//exit;
|
||||
|
||||
// Check bad casting on forge sql
|
||||
$ok = true;
|
||||
$matches = array();
|
||||
preg_match_all('/\$sql\s*\.?=\s*[\"\'][a-z\s=_]+[\'\"]\s*\.\$([a-z->_]+)/', $filecontent, $matches, PREG_SET_ORDER);
|
||||
foreach ($matches as $key => $val) {
|
||||
if (in_array($val[1], array('object->get', 'user', 'this->sanitize', 'this->db->sanitize', 'this->db->escape', 'this->db->encrypt', 'this->db->plimit', 'db->decrypt', 'db->sanitize', 'db->ifsql', 'this->db->prefix', 'clause', 'sqlwhere', 'sqlorder'))) { // exclude $db->escape( and $this->
|
||||
continue;
|
||||
}
|
||||
//if ($val[1] != '\'"' && $val[1] != '\'\'') {
|
||||
var_dump($matches);
|
||||
$ok = false;
|
||||
break;
|
||||
//}
|
||||
//if ($reg[0] != 'db') $ok=false;
|
||||
}
|
||||
//print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
|
||||
$this->assertTrue($ok, 'Found a forged SQL string that does not use escape or int cast for file '.$file['relativename']);
|
||||
//exit;
|
||||
|
||||
// Check that forged sql string is using ' instead of " as string PHP quotes
|
||||
$ok = true;
|
||||
$matches = array();
|
||||
|
||||
Reference in New Issue
Block a user