Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-12 12:31:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add more robust php unit to detect not escaped sql. Fix not escaped sql

Browse Source
This commit is contained in:
Laurent Destailleur
2017-09-15 15:41:07 +02:00
parent 77056d9adb
commit 5e34b121dd
63 changed files with 420 additions and 438 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
htdocs/compta/bank/class/account.class.php
View File

@@ -573,21 +573,21 @@ class Account extends CommonObject
$sql.= ", '".$this->db->escape($this->account_number)."'";
$sql.= ", ".($this->fk_accountancy_journal > 0 ? $this->db->escape($this->fk_accountancy_journal) : "null");
$sql.= ", '".$this->db->escape($this->bank)."'";
$sql.= ", '".$this->code_banque."'";
$sql.= ", '".$this->code_guichet."'";
$sql.= ", '".$this->number."'";
$sql.= ", '".$this->cle_rib."'";
$sql.= ", '".$this->bic."'";
$sql.= ", '".$this->iban."'";
$sql.= ", '".$this->db->escape($this->code_banque)."'";
$sql.= ", '".$this->db->escape($this->code_guichet)."'";
$sql.= ", '".$this->db->escape($this->number)."'";
$sql.= ", '".$this->db->escape($this->cle_rib)."'";
$sql.= ", '".$this->db->escape($this->bic)."'";
$sql.= ", '".$this->db->escape($this->iban)."'";
$sql.= ", '".$this->db->escape($this->domiciliation)."'";
$sql.= ", '".$this->db->escape($this->proprio)."'";
$sql.= ", '".$this->db->escape($this->owner_address)."'";
$sql.= ", '".$this->currency_code."'";
$sql.= ", '".$this->db->escape($this->currency_code)."'";
$sql.= ", ".$this->rappro;
$sql.= ", ".price2num($this->min_allowed);
$sql.= ", ".price2num($this->min_desired);
$sql.= ", '".$this->db->escape($this->comment)."'";
$sql.= ", ".($this->state_id>0?"'".$this->state_id."'":"null");
$sql.= ", ".($this->state_id>0?$this->state_id:"null");
$sql.= ", ".$this->country_id;
$sql.= ")";
@@ -702,7 +702,7 @@ class Account extends CommonObject
$sql.= ",courant = ".$this->courant;
$sql.= ",clos = ".$this->clos;
$sql.= ",rappro = ".$this->rappro;
$sql.= ",url = ".($this->url?"'".$this->url."'":"null");
$sql.= ",url = ".($this->url?"'".$this->db->escape($this->url)."'":"null");
$sql.= ",account_number = '".$this->db->escape($this->account_number)."'";
$sql.= ",fk_accountancy_journal = ".($this->fk_accountancy_journal > 0 ? $this->db->escape($this->fk_accountancy_journal) : "null");
$sql.= ",bank = '".$this->db->escape($this->bank)."'";
@@ -722,7 +722,7 @@ class Account extends CommonObject
$sql.= ",min_desired = ".($this->min_desired != '' ? price2num($this->min_desired) : "null");
$sql.= ",comment = '".$this->db->escape($this->comment)."'";
$sql.= ",state_id = ".($this->state_id>0?"'".$this->state_id."'":"null");
$sql.= ",state_id = ".($this->state_id>0?$this->state_id:"null");
$sql.= ",fk_pays = ".$this->country_id;
$sql.= " WHERE rowid = ".$this->id;
@@ -807,7 +807,7 @@ class Account extends CommonObject
$sql.= ",domiciliation='".$this->db->escape($this->domiciliation)."'";
$sql.= ",proprio = '".$this->db->escape($this->proprio)."'";
$sql.= ",owner_address = '".$this->db->escape($this->owner_address)."'";
$sql.= ",state_id = ".($this->state_id>0?"'".$this->state_id."'":"null");
$sql.= ",state_id = ".($this->state_id>0?$this->state_id:"null");
$sql.= ",fk_pays = ".$this->country_id;
$sql.= " WHERE rowid = ".$this->id;
$sql.= " AND entity = ".$conf->entity;
@@ -1694,9 +1694,9 @@ class AccountLine extends CommonObject
$sql .= ", '".$this->db->idate($this->datev)."'";
$sql .= ", '".$this->db->escape($this->label)."'";
$sql .= ", ".price2num($this->amount);
$sql .= ", ".($this->fk_user_author > 0 ? "'".$this->fk_user_author."'":"null");
$sql .= ", ".($this->num_chq ? "'".$this->num_chq."'" : "null");
$sql .= ", '".$this->fk_account."'";
$sql .= ", ".($this->fk_user_author > 0 ? $this->fk_user_author :"null");
$sql .= ", ".($this->num_chq ? "'".$this->db->escape($this->num_chq)."'" : "null");
$sql .= ", '".$this->db->escape($this->fk_account)."'";
$sql .= ", '".$this->db->escape($this->fk_type)."'";
$sql .= ", ".($this->emetteur ? "'".$this->db->escape($this->emetteur)."'" : "null");
$sql .= ", ".($this->bank_chq ? "'".$this->db->escape($this->bank_chq)."'" : "null");