Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 09:38:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add more robust php unit to detect not escaped sql. Fix not escaped sql

Browse Source
This commit is contained in:
Laurent Destailleur
2017-09-15 15:41:07 +02:00
parent 77056d9adb
commit 5e34b121dd
63 changed files with 420 additions and 438 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/categories/class/categorie.class.php
View File

@@ -311,7 +311,7 @@ class Categorie extends CommonObject
$sql.= " import_key,";
$sql.= " entity";
$sql.= ") VALUES (";
$sql.= $this->fk_parent.",";
$sql.= $this->db->escape($this->fk_parent).",";
$sql.= "'".$this->db->escape($this->label)."',";
$sql.= "'".$this->db->escape($this->description)."',";
$sql.= "'".$this->db->escape($this->color)."',";
@@ -319,10 +319,10 @@ class Categorie extends CommonObject
{
$sql.= ($this->socid != -1 ? $this->socid : 'null').",";
}
$sql.= "'".$this->visible."',";
$sql.= $type.",";
$sql.= "'".$this->db->escape($this->visible)."',";
$sql.= $this->db->escape($type).",";
$sql.= (! empty($this->import_key)?"'".$this->db->escape($this->import_key)."'":'null').",";
$sql.= $conf->entity;
$sql.= $this->db->escape($conf->entity);
$sql.= ")";
$res = $this->db->query($sql);