Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 17:48:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add more robust php unit to detect not escaped sql. Fix not escaped sql

Browse Source
This commit is contained in:
Laurent Destailleur
2017-09-15 15:41:07 +02:00
parent 77056d9adb
commit 5e34b121dd
63 changed files with 420 additions and 438 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/compta/deplacement/class/deplacement.class.php
View File

@@ -107,7 +107,7 @@ class Deplacement extends CommonObject
$sql.= ", ".$conf->entity;
$sql.= ", ".$user->id;
$sql.= ", ".$this->fk_user;
$sql.= ", '".$this->type."'";
$sql.= ", '".$this->db->escape($this->type)."'";
$sql.= ", ".($this->note_private?"'".$this->db->escape($this->note_private)."'":"null");
$sql.= ", ".($this->note_public?"'".$this->db->escape($this->note_public)."'":"null");
$sql.= ", ".($this->fk_project > 0? $this->fk_project : 0);