Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-08 02:28:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add more robust php unit to detect not escaped sql. Fix not escaped sql

Browse Source
This commit is contained in:
Laurent Destailleur
2017-09-15 15:41:07 +02:00
parent 77056d9adb
commit 5e34b121dd
63 changed files with 420 additions and 438 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/bookmarks/class/bookmark.class.php
View File

@@ -120,11 +120,11 @@ class Bookmark extends CommonObject
$sql.= ",title,favicon,position";
$sql.= ",entity";
$sql.= ") VALUES (";
$sql.= ($this->fk_user > 0?"'".$this->fk_user."'":"0").",";
$sql.= ($this->fk_user > 0 ? $this->fk_user:"0").",";
$sql.= " '".$this->db->idate($now)."',";
$sql.= " '".$this->url."', '".$this->target."',";
$sql.= " '".$this->db->escape($this->title)."', '".$this->favicon."', '".$this->position."'";
$sql.= ", '".$conf->entity."'";
$sql.= " '".$this->db->escape($this->url)."', '".$this->db->escape($this->target)."',";
$sql.= " '".$this->db->escape($this->title)."', '".$this->db->escape($this->favicon)."', '".$this->db->escape($this->position)."'";
$sql.= ", ".$this->db->escape($conf->entity);
$sql.= ")";
dol_syslog("Bookmark::update", LOG_DEBUG);
@@ -168,7 +168,7 @@ class Bookmark extends CommonObject
if (empty($this->position)) $this->position=0;
$sql = "UPDATE ".MAIN_DB_PREFIX."bookmark";
$sql.= " SET fk_user = ".($this->fk_user > 0?"'".$this->fk_user."'":"0");
$sql.= " SET fk_user = ".($this->fk_user > 0 ? $this->fk_user :"0");
$sql.= " ,dateb = '".$this->db->idate($this->datec)."'";
$sql.= " ,url = '".$this->db->escape($this->url)."'";
$sql.= " ,target = '".$this->db->escape($this->target)."'";