Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-10 19:41:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add more robust php unit to detect not escaped sql. Fix not escaped sql

Browse Source
This commit is contained in:
Laurent Destailleur
2017-09-15 15:41:07 +02:00
parent 77056d9adb
commit 5e34b121dd
63 changed files with 420 additions and 438 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/core/class/events.class.php
View File

@@ -126,12 +126,12 @@ class Events // extends CommonObject
$sql.= "fk_user,";
$sql.= "description";
$sql.= ") VALUES (";
$sql.= " '".$this->type."',";
$sql.= " '".$this->db->escape($this->type)."',";
$sql.= " ".$conf->entity.",";
$sql.= " '".$_SERVER['REMOTE_ADDR']."',";
$sql.= " ".($_SERVER['HTTP_USER_AGENT']?"'".dol_trunc($_SERVER['HTTP_USER_AGENT'],250)."'":'NULL').",";
$sql.= " '".$this->db->escape($_SERVER['REMOTE_ADDR'])."',";
$sql.= " ".($_SERVER['HTTP_USER_AGENT']?"'".$this->db->escape(dol_trunc($_SERVER['HTTP_USER_AGENT'],250))."'":'NULL').",";
$sql.= " '".$this->db->idate($this->dateevent)."',";
$sql.= " ".($user->id?"'".$user->id."'":'NULL').",";
$sql.= " ".($user->id?"'".$this->db->escape($user->id)."'":'NULL').",";
$sql.= " '".$this->db->escape(dol_trunc($this->description,250))."'";
$sql.= ")";