Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-12 04:21:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add more robust php unit to detect not escaped sql. Fix not escaped sql

Browse Source
This commit is contained in:
Laurent Destailleur
2017-09-15 15:41:07 +02:00
parent 77056d9adb
commit 5e34b121dd
63 changed files with 420 additions and 438 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/holiday/class/holiday.class.php
View File

@@ -143,14 +143,14 @@ class Holiday extends CommonObject
$sql.= "fk_user_create,";
$sql.= "entity";
$sql.= ") VALUES (";
$sql.= "'".$this->fk_user."',";
$sql.= "'".$this->db->escape($this->fk_user)."',";
$sql.= " '".$this->db->idate($now)."',";
$sql.= " '".$this->db->escape($this->description)."',";
$sql.= " '".$this->db->idate($this->date_debut)."',";
$sql.= " '".$this->db->idate($this->date_fin)."',";
$sql.= " ".$this->halfday.",";
$sql.= " '1',";
$sql.= " '".$this->fk_validator."',";
$sql.= " '".$this->db->escape($this->fk_validator)."',";
$sql.= " ".$this->fk_type.",";
$sql.= " ".$user->id.",";
$sql.= " ".$conf->entity;