Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-10 03:28:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add more robust php unit to detect not escaped sql. Fix not escaped sql

Browse Source
This commit is contained in:
Laurent Destailleur
2017-09-15 15:41:07 +02:00
parent 77056d9adb
commit 5e34b121dd
63 changed files with 420 additions and 438 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
htdocs/compta/tva/class/tva.class.php
View File

@@ -106,12 +106,12 @@ class Tva extends CommonObject
$sql.= " '".$this->db->idate($now)."',";
$sql.= " '".$this->db->idate($this->datep)."',";
$sql.= " '".$this->db->idate($this->datev)."',";
$sql.= " '".$this->amount."',";
$sql.= " '".$this->label."',";
$sql.= " '".$this->note."',";
$sql.= " ".($this->fk_bank <= 0 ? "NULL" : "'".$this->fk_bank."'").",";
$sql.= " '".$this->fk_user_creat."',";
$sql.= " '".$this->fk_user_modif."'";
$sql.= " '".$this->db->escape($this->amount)."',";
$sql.= " '".$this->db->escape($this->label)."',";
$sql.= " '".$this->db->escape($this->note)."',";
$sql.= " ".($this->fk_bank <= 0 ? "NULL" : "'".$this->db->escape($this->fk_bank)."'").",";
$sql.= " '".$this->db->escape($this->fk_user_creat)."',";
$sql.= " '".$this->db->escape($this->fk_user_modif)."'";
$sql.= ")";
@@ -535,11 +535,11 @@ class Tva extends CommonObject
$sql.= "'".$this->db->idate($this->datep)."'";
$sql.= ", '".$this->db->idate($this->datev)."'";
$sql.= ", ".$this->amount;
$sql.= ", '".$this->type_payment."'";
$sql.= ", '".$this->num_payment."'";
$sql.= ", '".$this->db->escape($this->type_payment)."'";
$sql.= ", '".$this->db->escape($this->num_payment)."'";
if ($this->note) $sql.=", '".$this->db->escape($this->note)."'";
if ($this->label) $sql.=", '".$this->db->escape($this->label)."'";
$sql.= ", '".$user->id."'";
$sql.= ", '".$this->db->escape($user->id)."'";
$sql.= ", NULL";
$sql.= ", ".$conf->entity;
$sql.= ")";