diff --git a/htdocs/accountancy/customer/lines.php b/htdocs/accountancy/customer/lines.php index 0cd01315d9f..f52bc45f635 100644 --- a/htdocs/accountancy/customer/lines.php +++ b/htdocs/accountancy/customer/lines.php @@ -129,7 +129,7 @@ if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->acco $sql1 = "UPDATE ".MAIN_DB_PREFIX."facturedet as l"; $sql1 .= " SET l.fk_code_ventilation=".(GETPOST('account_parent', 'int') > 0 ? GETPOST('account_parent', 'int') : '0'); - $sql1 .= ' WHERE l.rowid IN ('.implode(',', $changeaccount).')'; + $sql1 .= ' WHERE l.rowid IN ('.$db->sanitize(implode(',', $changeaccount)).')'; dol_syslog('accountancy/customer/lines.php::changeaccount sql= '.$sql1); $resql1 = $db->query($sql1); diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index 7014474ce4f..177b33f3ded 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -283,11 +283,11 @@ if (strlen(trim($search_country))) { if ($search_country == 'special_allnotme') { $sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'"; } elseif ($search_country == 'special_eec') { - $sql .= " AND co.code IN (".$country_code_in_EEC.")"; + $sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC).")"; } elseif ($search_country == 'special_eecnotme') { - $sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")"; + $sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me).")"; } elseif ($search_country == 'special_noteec') { - $sql .= " AND co.code NOT IN (".$country_code_in_EEC.")"; + $sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC).")"; } else { $sql .= natural_search("co.code", $search_country); } diff --git a/htdocs/accountancy/expensereport/lines.php b/htdocs/accountancy/expensereport/lines.php index d29e39d7f37..df50eaaff87 100644 --- a/htdocs/accountancy/expensereport/lines.php +++ b/htdocs/accountancy/expensereport/lines.php @@ -119,7 +119,7 @@ if (is_array($changeaccount) && count($changeaccount) > 0 && $user->rights->acco $sql1 = "UPDATE ".MAIN_DB_PREFIX."expensereport_det as erd"; $sql1 .= " SET erd.fk_code_ventilation=".(GETPOST('account_parent', 'int') > 0 ? GETPOST('account_parent', 'int') : '0'); - $sql1 .= ' WHERE erd.rowid IN ('.implode(',', $changeaccount).')'; + $sql1 .= ' WHERE erd.rowid IN ('.$db->sanitize(implode(',', $changeaccount)).')'; dol_syslog('accountancy/expensereport/lines.php::changeaccount sql= '.$sql1); $resql1 = $db->query($sql1); diff --git a/htdocs/accountancy/supplier/lines.php b/htdocs/accountancy/supplier/lines.php index 343d42bab84..530ed189e19 100644 --- a/htdocs/accountancy/supplier/lines.php +++ b/htdocs/accountancy/supplier/lines.php @@ -130,7 +130,7 @@ if (is_array($changeaccount) && count($changeaccount) > 0) { $sql1 = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det as l"; $sql1 .= " SET l.fk_code_ventilation=".(GETPOST('account_parent', 'int') > 0 ? GETPOST('account_parent', 'int') : '0'); - $sql1 .= ' WHERE l.rowid IN ('.implode(',', $changeaccount).')'; + $sql1 .= ' WHERE l.rowid IN ('.$db->sanitize(implode(',', $changeaccount)).')'; dol_syslog('accountancy/supplier/lines.php::changeaccount sql= '.$sql1); $resql1 = $db->query($sql1); diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index 812561a63b1..156dbafbf2a 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -106,7 +106,7 @@ if ($user->socid) { if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } -$sql .= " AND p.fk_statut IN (".implode(" ,", $listofstatus).")"; +$sql .= " AND p.fk_statut IN (".$db->sanitize(implode(" ,", $listofstatus)).")"; $sql .= " GROUP BY p.fk_statut"; $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index 4c8ee0894f5..b4c63365bf8 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -565,7 +565,7 @@ if ($socid > 0) { $sql .= ' AND s.rowid = '.$socid; } if ($search_status != '' && $search_status != '-1') { - $sql .= ' AND p.fk_statut IN ('.$db->sanitize($db->escape($search_status)).')'; + $sql .= ' AND p.fk_statut IN ('.$db->sanitize($search_status).')'; } if ($search_date_start) { $sql .= " AND p.datep >= '".$db->idate($search_date_start)."'"; diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php index 3cb6de90a8d..4ae18df12f8 100644 --- a/htdocs/comm/propal/stats/index.php +++ b/htdocs/comm/propal/stats/index.php @@ -103,7 +103,7 @@ dol_mkdir($dir); $stats = new PropaleStats($db, $socid, ($userid > 0 ? $userid : 0), $mode, ($typent_id > 0 ? $typent_id : 0), ($categ_id > 0 ? $categ_id : 0)); if ($object_status != '' && $object_status >= 0) { - $stats->where .= ' AND p.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')'; + $stats->where .= ' AND p.fk_statut IN ('.$db->sanitize($object_status).')'; } // Build graphic number of object diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index 73ac91c7098..117f7557db3 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -426,10 +426,10 @@ if ($search_state) { $sql .= natural_search("state.nom", $search_state); } if ($search_country) { - $sql .= " AND s.fk_pays IN (".$search_country.')'; + $sql .= " AND s.fk_pays IN (".$db->sanitize($search_country).')'; } if ($search_type_thirdparty) { - $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')'; + $sql .= " AND s.fk_typent IN (".$db->sanitize($search_type_thirdparty).')'; } if ($search_company) { $sql .= natural_search('s.nom', $search_company); diff --git a/htdocs/commande/stats/index.php b/htdocs/commande/stats/index.php index 0c9b80c3883..090d07baf81 100644 --- a/htdocs/commande/stats/index.php +++ b/htdocs/commande/stats/index.php @@ -96,12 +96,12 @@ dol_mkdir($dir); $stats = new CommandeStats($db, $socid, $mode, ($userid > 0 ? $userid : 0), ($typent_id > 0 ? $typent_id : 0), ($categ_id > 0 ? $categ_id : 0)); if ($mode == 'customer') { if ($object_status != '' && $object_status >= -1) { - $stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')'; + $stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($object_status).')'; } } if ($mode == 'supplier') { if ($object_status != '' && $object_status >= 0) { - $stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')'; + $stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($object_status).')'; } } diff --git a/htdocs/compta/accounting-files.php b/htdocs/compta/accounting-files.php index fed0e025f4c..d369f36c32f 100644 --- a/htdocs/compta/accounting-files.php +++ b/htdocs/compta/accounting-files.php @@ -173,7 +173,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= "SELECT t.rowid as id, t.entity, t.ref, t.paye as paid, t.total as total_ht, t.total_ttc, t.tva as total_vat, t.multicurrency_code as currency, t.fk_soc, t.datef as date, t.date_lim_reglement as date_due, 'Invoice' as item, s.nom as thirdparty_name, s.code_client as thirdparty_code, c.code as country_code, s.tva_intra as vatnum, ".PAY_CREDIT." as sens"; $sql .= " FROM ".MAIN_DB_PREFIX."facture as t LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = t.fk_soc LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = s.fk_pays"; $sql .= " WHERE datef between ".$wheretail; - $sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')'; + $sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')'; $sql .= " AND t.fk_statut <> ".Facture::STATUS_DRAFT; } // Vendor invoices @@ -184,7 +184,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " SELECT t.rowid as id, t.entity, t.ref, t.paye as paid, t.total_ht, t.total_ttc, t.total_tva as total_vat, t.multicurrency_code as currency, t.fk_soc, t.datef as date, t.date_lim_reglement as date_due, 'SupplierInvoice' as item, s.nom as thirdparty_name, s.code_fournisseur as thirdparty_code, c.code as country_code, s.tva_intra as vatnum, ".PAY_DEBIT." as sens"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as t LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = t.fk_soc LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = s.fk_pays"; $sql .= " WHERE datef between ".$wheretail; - $sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')'; + $sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')'; $sql .= " AND t.fk_statut <> ".FactureFournisseur::STATUS_DRAFT; } // Expense reports @@ -195,7 +195,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " SELECT t.rowid as id, t.entity, t.ref, t.paid, t.total_ht, t.total_ttc, t.total_tva as total_vat, t.multicurrency_code as currency, t.fk_user_author as fk_soc, t.date_fin as date, t.date_fin as date_due, 'ExpenseReport' as item, CONCAT(CONCAT(u.lastname, ' '), u.firstname) as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum, ".PAY_DEBIT." as sens"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as t LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = t.fk_user_author LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = u.fk_country"; $sql .= " WHERE date_fin between ".$wheretail; - $sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')'; + $sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')'; $sql .= " AND t.fk_statut <> ".ExpenseReport::STATUS_DRAFT; } // Donations @@ -206,7 +206,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " SELECT t.rowid as id, t.entity, t.ref, paid, amount as total_ht, amount as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, 0 as fk_soc, t.datedon as date, t.datedon as date_due, 'Donation' as item, t.societe as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum, ".PAY_CREDIT." as sens"; $sql .= " FROM ".MAIN_DB_PREFIX."don as t LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = t.fk_country"; $sql .= " WHERE datedon between ".$wheretail; - $sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')'; + $sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')'; $sql .= " AND t.fk_statut <> ".Don::STATUS_DRAFT; } // Payments of salaries @@ -217,7 +217,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " SELECT t.rowid as id, t.entity, t.label as ref, 1 as paid, amount as total_ht, amount as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, t.fk_user as fk_soc, t.datep as date, t.dateep as date_due, 'SalaryPayment' as item, CONCAT(CONCAT(u.lastname, ' '), u.firstname) as thirdparty_name, '' as thirdparty_code, c.code as country_code, '' as vatnum, ".PAY_DEBIT." as sens"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as t LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = t.fk_user LEFT JOIN ".MAIN_DB_PREFIX."c_country as c ON c.rowid = u.fk_country"; $sql .= " WHERE datep between ".$wheretail; - $sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')'; + $sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')'; //$sql.=" AND fk_statut <> ".PaymentSalary::STATUS_DRAFT; } // Social contributions @@ -228,7 +228,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " SELECT t.rowid as id, t.entity, t.libelle as ref, t.paye as paid, t.amount as total_ht, t.amount as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, 0 as fk_soc, t.date_ech as date, t.periode as date_due, 'SocialContributions' as item, '' as thirdparty_name, '' as thirdparty_code, '' as country_code, '' as vatnum, ".PAY_DEBIT." as sens"; $sql .= " FROM ".MAIN_DB_PREFIX."chargesociales as t"; $sql .= " WHERE t.date_ech between ".$wheretail; - $sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')'; + $sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')'; //$sql.=" AND fk_statut <> ".ChargeSociales::STATUS_DRAFT; } // Various payments @@ -239,7 +239,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " SELECT t.rowid as id, t.entity, t.ref, 1 as paid, t.amount as total_ht, t.amount as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, 0 as fk_soc, t.datep as date, t.datep as date_due, 'VariousPayment' as item, '' as thirdparty_name, '' as thirdparty_code, '' as country_code, '' as vatnum, sens"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_various as t"; $sql .= " WHERE datep between ".$wheretail; - $sql .= " AND t.entity IN (".($entity == 1 ? '0,1' : $entity).')'; + $sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')'; } // Loan payments if (GETPOST('selectloanspayment') && !empty($listofchoices['selectloanspayment']['perms'])) { @@ -249,7 +249,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " SELECT t.rowid as id, l.entity, l.label as ref, 1 as paid, (t.amount_capital+t.amount_insurance+t.amount_interest) as total_ht, (t.amount_capital+t.amount_insurance+t.amount_interest) as total_ttc, 0 as total_vat, '".$db->escape($conf->currency)."' as currency, 0 as fk_soc, t.datep as date, t.datep as date_due, 'LoanPayment' as item, '' as thirdparty_name, '' as thirdparty_code, '' as country_code, '' as vatnum, ".PAY_DEBIT." as sens"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as t LEFT JOIN ".MAIN_DB_PREFIX."loan as l ON l.rowid = t.fk_loan"; $sql .= " WHERE datep between ".$wheretail; - $sql .= " AND l.entity IN (".($entity == 1 ? '0,1' : $entity).')'; + $sql .= " AND l.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')'; } if ($sql) { diff --git a/htdocs/compta/bank/graph.php b/htdocs/compta/bank/graph.php index e2be937aace..4c0efec57d2 100644 --- a/htdocs/compta/bank/graph.php +++ b/htdocs/compta/bank/graph.php @@ -166,7 +166,7 @@ if ($result < 0) { $sql .= " AND ba.entity IN (".getEntity('bank_account').")"; $sql .= " AND b.datev < '".$db->escape($year)."-".sprintf("%02s", $month)."-01'"; if ($account && $_GET["option"] != 'all') { - $sql .= " AND b.fk_account IN (".$account.")"; + $sql .= " AND b.fk_account IN (".$db->sanitize($account).")"; } $resql = $db->query($sql); diff --git a/htdocs/compta/deplacement/class/deplacementstats.class.php b/htdocs/compta/deplacement/class/deplacementstats.class.php index bb99b477584..64cee98c33b 100644 --- a/htdocs/compta/deplacement/class/deplacementstats.class.php +++ b/htdocs/compta/deplacement/class/deplacementstats.class.php @@ -64,13 +64,13 @@ class DeplacementStats extends Stats $this->where = " fk_statut > 0"; $this->where .= " AND entity = ".$conf->entity; - if ($this->socid) { - $this->where .= " AND fk_soc = ".$this->socid; + if ($this->socid > 0) { + $this->where .= " AND fk_soc = ".((int) $this->socid); } if (is_array($this->userid) && count($this->userid) > 0) { - $this->where .= ' AND fk_user IN ('.join(',', $this->userid).')'; + $this->where .= ' AND fk_user IN ('.$this->db->sanitize(join(',', $this->userid)).')'; } elseif ($this->userid > 0) { - $this->where .= ' AND fk_user = '.$this->userid; + $this->where .= ' AND fk_user = '.((int) $this->userid); } } diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php index 780835b0c5e..659eada708b 100644 --- a/htdocs/compta/deplacement/index.php +++ b/htdocs/compta/deplacement/index.php @@ -76,7 +76,7 @@ $sql = "SELECT count(d.rowid) as nb, sum(d.km) as km, d.type"; $sql .= " FROM ".MAIN_DB_PREFIX."deplacement as d"; $sql .= " WHERE d.entity = ".$conf->entity; if (empty($user->rights->deplacement->readall) && empty($user->rights->deplacement->lire_tous)) { - $sql .= ' AND d.fk_user IN ('.join(',', $childids).')'; + $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } $sql .= " GROUP BY d.type"; $sql .= " ORDER BY d.type"; @@ -156,7 +156,7 @@ if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " WHERE u.rowid = d.fk_user"; $sql .= " AND d.entity = ".$conf->entity; if (empty($user->rights->deplacement->readall) && empty($user->rights->deplacement->lire_tous)) { - $sql .= ' AND d.fk_user IN ('.join(',', $childids).')'; + $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; diff --git a/htdocs/compta/deplacement/list.php b/htdocs/compta/deplacement/list.php index 46d17c30e96..a36d7867716 100644 --- a/htdocs/compta/deplacement/list.php +++ b/htdocs/compta/deplacement/list.php @@ -102,7 +102,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE d.fk_user = u.rowid"; $sql .= " AND d.entity = ".$conf->entity; if (empty($user->rights->deplacement->readall) && empty($user->rights->deplacement->lire_tous)) { - $sql .= ' AND d.fk_user IN ('.join(',', $childids).')'; + $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND (sc.fk_user = ".$user->id." OR d.fk_soc IS NULL) "; diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 925885e4e7a..fd8a9c1045d 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -2571,7 +2571,7 @@ if (empty($reshook)) { $sql .= ' SET situation_cycle_ref='.$newCycle; $sql .= ' , situation_final=0'; $sql .= ' , situation_counter='.$object->situation_counter; - $sql .= ' WHERE rowid IN ('.implode(',', $linkedCreditNotesList).')'; + $sql .= ' WHERE rowid IN ('.$db->sanitize(implode(',', $linkedCreditNotesList)).')'; $resql = $db->query($sql); if (!$resql) { diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index da3620165dd..84f97d61ef0 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -2248,7 +2248,7 @@ class Facture extends CommonInvoice if (count($list_rowid_det)) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_facture = NULL, fk_facture_line = NULL'; - $sql .= ' WHERE fk_facture_line IN ('.join(',', $list_rowid_det).')'; + $sql .= ' WHERE fk_facture_line IN ('.$this->db->sanitize(join(',', $list_rowid_det)).')'; dol_syslog(get_class($this)."::delete", LOG_DEBUG); if (!$this->db->query($sql)) { diff --git a/htdocs/compta/facture/stats/index.php b/htdocs/compta/facture/stats/index.php index 2818fa5f3b9..96c414db350 100644 --- a/htdocs/compta/facture/stats/index.php +++ b/htdocs/compta/facture/stats/index.php @@ -103,16 +103,16 @@ dol_mkdir($dir); $stats = new FactureStats($db, $socid, $mode, ($userid > 0 ? $userid : 0), ($typent_id > 0 ? $typent_id : 0), ($categ_id > 0 ? $categ_id : 0)); if ($mode == 'customer') { if ($object_status != '' && $object_status >= 0) { - $stats->where .= ' AND f.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')'; + $stats->where .= ' AND f.fk_statut IN ('.$db->sanitize($object_status).')'; } if (is_array($custcats) && !empty($custcats)) { $stats->from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cat ON (f.fk_soc = cat.fk_soc)'; - $stats->where .= ' AND cat.fk_categorie IN ('.implode(',', $custcats).')'; + $stats->where .= ' AND cat.fk_categorie IN ('.$db->sanitize(implode(',', $custcats)).')'; } } if ($mode == 'supplier') { if ($object_status != '' && $object_status >= 0) { - $stats->where .= ' AND f.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')'; + $stats->where .= ' AND f.fk_statut IN ('.$db->sanitize($object_status).')'; } } diff --git a/htdocs/core/class/defaultvalues.class.php b/htdocs/core/class/defaultvalues.class.php index 8c835ed649e..c6be235b89a 100644 --- a/htdocs/core/class/defaultvalues.class.php +++ b/htdocs/core/class/defaultvalues.class.php @@ -272,7 +272,7 @@ class DefaultValues extends CommonObject } elseif ($key == 'customsql') { $sqlwhere[] = $value; } elseif (is_array($value)) { - $sqlwhere[] = $key.' IN ('.implode(',', $value).')'; + $sqlwhere[] = $key.' IN ('.$this->db->sanitize(implode(',', $value)).')'; } else { $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; } diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index d03462d17e8..b3bac2a0e1d 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -8502,7 +8502,7 @@ class Form $sql = 'SELECT rowid, label FROM '.MAIN_DB_PREFIX.'c_exp_tax_cat WHERE active = 1'; $sql .= ' AND entity IN (0,'.getEntity('exp_tax_cat').')'; if (!empty($excludeid)) { - $sql .= ' AND rowid NOT IN ('.implode(',', $excludeid).')'; + $sql .= ' AND rowid NOT IN ('.$this->db->sanitize(implode(',', $excludeid)).')'; } $sql .= ' ORDER BY label'; diff --git a/htdocs/core/lib/invoice2.lib.php b/htdocs/core/lib/invoice2.lib.php index ca5fc61b60a..e6680293b64 100644 --- a/htdocs/core/lib/invoice2.lib.php +++ b/htdocs/core/lib/invoice2.lib.php @@ -130,7 +130,7 @@ function rebuild_merge_pdf($db, $langs, $conf, $diroutputpdf, $newlangid, $filte } else { $sqlwhere .= " AND"; } - $sqlwhere .= ' f.fk_soc NOT IN ('.join(',', $thirdpartiesid).')'; + $sqlwhere .= ' f.fk_soc NOT IN ('.$db->sanitize(join(',', $thirdpartiesid)).')'; } if (in_array('onlythirdparties', $filter) && is_array($thirdpartiesid)) { if (empty($sqlwhere)) { @@ -138,7 +138,7 @@ function rebuild_merge_pdf($db, $langs, $conf, $diroutputpdf, $newlangid, $filte } else { $sqlwhere .= " AND"; } - $sqlwhere .= ' f.fk_soc IN ('.join(',', $thirdpartiesid).')'; + $sqlwhere .= ' f.fk_soc IN ('.$db->sanitize(join(',', $thirdpartiesid)).')'; } if ($sqlwhere) { $sql .= $sqlwhere; diff --git a/htdocs/core/lib/website2.lib.php b/htdocs/core/lib/website2.lib.php index 2efeec151a3..e9a5aa6309f 100644 --- a/htdocs/core/lib/website2.lib.php +++ b/htdocs/core/lib/website2.lib.php @@ -214,7 +214,7 @@ function dolSavePageContent($filetpl, Website $object, WebsitePage $objectpage) } } // Add "has translation pages" - $sql = 'SELECT rowid as id, lang, pageurl from '.MAIN_DB_PREFIX.'website_page where fk_page IN ('.$objectpage->id.($translationof ? ", ".$translationof : "").")"; + $sql = 'SELECT rowid as id, lang, pageurl from '.MAIN_DB_PREFIX.'website_page where fk_page IN ('.$db->sanitize($objectpage->id.($translationof ? ', '.$translationof : '')).")"; $resql = $db->query($sql); if ($resql) { $num_rows = $db->num_rows($resql); diff --git a/htdocs/core/modules/modDeplacement.class.php b/htdocs/core/modules/modDeplacement.class.php index 0f92e8a7e6c..f0f06395565 100644 --- a/htdocs/core/modules/modDeplacement.class.php +++ b/htdocs/core/modules/modDeplacement.class.php @@ -143,7 +143,7 @@ class modDeplacement extends DolibarrModules $childids[] = $user->id; if (empty($user->rights->deplacement->readall) && empty($user->rights->deplacement->lire_tous)) { - $this->export_sql_end[$r] .= ' AND d.fk_user IN ('.join(',', $childids).')'; + $this->export_sql_end[$r] .= ' AND d.fk_user IN ('.$this->db->sanitize(join(',', $childids)).')'; } } } diff --git a/htdocs/core/modules/modExpedition.class.php b/htdocs/core/modules/modExpedition.class.php index ba8568ba13e..238eef2d6fe 100644 --- a/htdocs/core/modules/modExpedition.class.php +++ b/htdocs/core/modules/modExpedition.class.php @@ -313,7 +313,7 @@ class modExpedition extends DolibarrModules $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p on cd.fk_product = p.rowid'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extraprod ON p.rowid = extraprod.fk_object'; if ($idcontacts && !empty($conf->global->SHIPMENT_ADD_CONTACTS_IN_EXPORT)) { - $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'element_contact as ee ON ee.element_id = cd.fk_commande AND ee.fk_c_type_contact IN ('.$idcontacts.')'; + $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'element_contact as ee ON ee.element_id = cd.fk_commande AND ee.fk_c_type_contact IN ('.$this->db->sanitize($idcontacts).')'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'socpeople as sp ON sp.rowid = ee.fk_socpeople'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'socpeople_extrafields as extra3 ON sp.rowid = extra3.fk_object'; } diff --git a/htdocs/core/modules/modReception.class.php b/htdocs/core/modules/modReception.class.php index 247a4faeddc..02f17cf0fbe 100644 --- a/htdocs/core/modules/modReception.class.php +++ b/htdocs/core/modules/modReception.class.php @@ -236,7 +236,7 @@ class modReception extends DolibarrModules $this->export_sql_end[$r] .= ' , '.MAIN_DB_PREFIX.'commande_fournisseurdet as cd'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p on cd.fk_product = p.rowid'; if ($idcontacts && !empty($conf->global->RECEPTION_ADD_CONTACTS_IN_EXPORT)) { - $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'element_contact as ee ON ee.element_id = cd.fk_commande AND ee.fk_c_type_contact IN ('.$idcontacts.')'; + $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'element_contact as ee ON ee.element_id = cd.fk_commande AND ee.fk_c_type_contact IN ('.$this->db->sanitize($idcontacts).')'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'socpeople as sp ON sp.rowid = ee.fk_socpeople'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'socpeople_extrafields as extra3 ON sp.rowid = extra3.fk_object'; } diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index 38ca03ffe3b..f30709445b3 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -343,7 +343,7 @@ class modSociete extends DolibarrModules $this->export_sql_end[$r] .= ' AND (sc.fk_user = '.$user->id.' '; if (!empty($conf->global->SOCIETE_EXPORT_SUBORDINATES_CHILDS)) { $subordinatesids = $user->getAllChildIds(); - $this->export_sql_end[$r] .= count($subordinatesids) > 0 ? ' OR (sc.fk_user IN ('.implode(',', $subordinatesids).')' : ''; + $this->export_sql_end[$r] .= count($subordinatesids) > 0 ? ' OR (sc.fk_user IN ('.$this->db->sanitize(implode(',', $subordinatesids)).')' : ''; } $this->export_sql_end[$r] .= ')'; } @@ -413,7 +413,7 @@ class modSociete extends DolibarrModules $this->export_sql_end[$r] .= ' AND (sc.fk_user = '.$user->id.' '; if (!empty($conf->global->SOCIETE_EXPORT_SUBORDINATES_CHILDS)) { $subordinatesids = $user->getAllChildIds(); - $this->export_sql_end[$r] .= count($subordinatesids) > 0 ? ' OR (sc.fk_user IN ('.implode(',', $subordinatesids).')' : ''; + $this->export_sql_end[$r] .= count($subordinatesids) > 0 ? ' OR (sc.fk_user IN ('.$this->db->sanitize(implode(',', $subordinatesids)).')' : ''; } $this->export_sql_end[$r] .= ')'; } diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index dccb3901069..e7a7766e3be 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -1196,7 +1196,7 @@ class FactureFournisseur extends CommonInvoice if (count($list_rowid_det)) { $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_invoice_supplier = NULL, fk_invoice_supplier_line = NULL'; - $sql .= ' WHERE fk_invoice_supplier_line IN ('.join(',', $list_rowid_det).')'; + $sql .= ' WHERE fk_invoice_supplier_line IN ('.$this->db->sanitize(join(',', $list_rowid_det)).')'; dol_syslog(get_class($this)."::delete", LOG_DEBUG); if (!$this->db->query($sql)) { diff --git a/htdocs/holiday/define_holiday.php b/htdocs/holiday/define_holiday.php index e57e12dcaee..b3d2c25adda 100644 --- a/htdocs/holiday/define_holiday.php +++ b/htdocs/holiday/define_holiday.php @@ -230,7 +230,7 @@ $filters = ''; $userchilds = array(); if (empty($user->rights->holiday->readall)) { $userchilds = $user->getAllChildIds(1); - $filters .= ' AND u.rowid IN ('.join(', ', $userchilds).')'; + $filters .= ' AND u.rowid IN ('.$db->sanitize(join(', ', $userchilds)).')'; } if (!empty($search_name)) { $filters .= natural_search(array('u.firstname', 'u.lastname'), $search_name); diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index e6f63614fcc..f49a3145af9 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -341,7 +341,7 @@ if (!empty($search_status) && $search_status != -1) { } if (empty($user->rights->holiday->readall)) { - $sql .= ' AND cp.fk_user IN ('.join(',', $childids).')'; + $sql .= ' AND cp.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } if ($id > 0) { $sql .= " AND cp.fk_user IN (".$db->sanitize($id).")"; diff --git a/htdocs/margin/customerMargins.php b/htdocs/margin/customerMargins.php index ac30d223806..1a1e83a2567 100644 --- a/htdocs/margin/customerMargins.php +++ b/htdocs/margin/customerMargins.php @@ -245,10 +245,10 @@ $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; $sql .= " AND d.fk_facture = f.rowid"; $sql .= " AND (d.product_type = 0 OR d.product_type = 1)"; if (!empty($TSelectedProducts)) { - $sql .= ' AND d.fk_product IN ('.implode(',', $TSelectedProducts).')'; + $sql .= ' AND d.fk_product IN ('.$db->sanitize(implode(',', $TSelectedProducts)).')'; } if (!empty($TSelectedCats)) { - $sql .= ' AND cp.fk_categorie IN ('.implode(',', $TSelectedCats).')'; + $sql .= ' AND cp.fk_categorie IN ('.$db->sanitize(implode(',', $TSelectedCats)).')'; } if (!empty($startdate)) { $sql .= " AND f.datef >= '".$db->idate($startdate)."'"; diff --git a/htdocs/product/stats/card.php b/htdocs/product/stats/card.php index a47bc79c84a..5f94b6bf9cc 100644 --- a/htdocs/product/stats/card.php +++ b/htdocs/product/stats/card.php @@ -337,7 +337,7 @@ if ($result || empty($id)) { $categ = new Categorie($db); $categ->fetch($search_categ); $listofprodids = $categ->getObjectsInCateg('product', 1); - $morefilters = ' AND d.fk_product IN ('.((is_array($listofprodids) && count($listofprodids)) ? join(',', $listofprodids) : '0').')'; + $morefilters = ' AND d.fk_product IN ('.$db->sanitize((is_array($listofprodids) && count($listofprodids)) ? join(',', $listofprodids) : '0').')'; } if ($search_categ == -2) { $morefilters = ' AND d.fk_product NOT IN (SELECT cp.fk_product from '.MAIN_DB_PREFIX.'categorie_product as cp)'; diff --git a/htdocs/product/stats/commande.php b/htdocs/product/stats/commande.php index cb5087c63f2..4eaa0a3b3b8 100644 --- a/htdocs/product/stats/commande.php +++ b/htdocs/product/stats/commande.php @@ -153,10 +153,10 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND d.fk_commande = c.rowid"; $sql .= " AND d.fk_product =".$product->id; if (!empty($search_month)) { - $sql .= ' AND MONTH(c.date_commande) IN ('.$search_month.')'; + $sql .= ' AND MONTH(c.date_commande) IN ('.$db->sanitize($search_month).')'; } if (!empty($search_year)) { - $sql .= ' AND YEAR(c.date_commande) IN ('.$search_year.')'; + $sql .= ' AND YEAR(c.date_commande) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; diff --git a/htdocs/product/stats/commande_fournisseur.php b/htdocs/product/stats/commande_fournisseur.php index 16dd040887d..dcc2b9c0cee 100644 --- a/htdocs/product/stats/commande_fournisseur.php +++ b/htdocs/product/stats/commande_fournisseur.php @@ -153,10 +153,10 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND d.fk_commande = c.rowid"; $sql .= " AND d.fk_product =".$product->id; if (!empty($search_month)) { - $sql .= ' AND MONTH(c.date_commande) IN ('.$search_month.')'; + $sql .= ' AND MONTH(c.date_commande) IN ('.$db->sanitize($search_month).')'; } if (!empty($search_year)) { - $sql .= ' AND YEAR(c.date_commande) IN ('.$search_year.')'; + $sql .= ' AND YEAR(c.date_commande) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php index 271a834570b..e0d262ee1fb 100644 --- a/htdocs/product/stats/facture.php +++ b/htdocs/product/stats/facture.php @@ -170,10 +170,10 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND d.fk_facture = f.rowid"; $sql .= " AND d.fk_product =".$product->id; if (!empty($search_month)) { - $sql .= ' AND MONTH(f.datef) IN ('.$search_month.')'; + $sql .= ' AND MONTH(f.datef) IN ('.$db->sanitize($search_month).')'; } if (!empty($search_year)) { - $sql .= ' AND YEAR(f.datef) IN ('.$search_year.')'; + $sql .= ' AND YEAR(f.datef) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; diff --git a/htdocs/product/stats/facture_fournisseur.php b/htdocs/product/stats/facture_fournisseur.php index a42615fdaa9..497aa3574bf 100644 --- a/htdocs/product/stats/facture_fournisseur.php +++ b/htdocs/product/stats/facture_fournisseur.php @@ -153,10 +153,10 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND d.fk_facture_fourn = f.rowid"; $sql .= " AND d.fk_product =".$product->id; if (!empty($search_month)) { - $sql .= ' AND MONTH(f.datef) IN ('.$search_month.')'; + $sql .= ' AND MONTH(f.datef) IN ('.$db->sanitize($search_month).')'; } if (!empty($search_year)) { - $sql .= ' AND YEAR(f.datef) IN ('.$search_year.')'; + $sql .= ' AND YEAR(f.datef) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php index 7d08f3ab9c3..95f2884c7b5 100644 --- a/htdocs/product/stats/propal.php +++ b/htdocs/product/stats/propal.php @@ -154,10 +154,10 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND d.fk_propal = p.rowid"; $sql .= " AND d.fk_product =".$product->id; if (!empty($search_month)) { - $sql .= ' AND MONTH(p.datep) IN ('.$search_month.')'; + $sql .= ' AND MONTH(p.datep) IN ('.$db->sanitize($search_month).')'; } if (!empty($search_year)) { - $sql .= ' AND YEAR(p.datep) IN ('.$search_year.')'; + $sql .= ' AND YEAR(p.datep) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; diff --git a/htdocs/product/stats/supplier_proposal.php b/htdocs/product/stats/supplier_proposal.php index e18dc17867f..d918ce7c7d2 100644 --- a/htdocs/product/stats/supplier_proposal.php +++ b/htdocs/product/stats/supplier_proposal.php @@ -154,10 +154,10 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND d.fk_supplier_proposal = p.rowid"; $sql .= " AND d.fk_product =".$product->id; if (!empty($search_month)) { - $sql .= ' AND MONTH(p.datep) IN ('.$search_month.')'; + $sql .= ' AND MONTH(p.datep) IN ('.$db->sanitize($search_month).')'; } if (!empty($search_year)) { - $sql .= ' AND YEAR(p.datep) IN ('.$search_year.')'; + $sql .= ' AND YEAR(p.datep) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; diff --git a/htdocs/public/recruitment/index.php b/htdocs/public/recruitment/index.php index c7381059a39..5118f7ebfc0 100644 --- a/htdocs/public/recruitment/index.php +++ b/htdocs/public/recruitment/index.php @@ -261,7 +261,7 @@ if ($display_ticket_list) { $sql .= ' AND '.$key.' = \''.$value.'\''; } elseif ($key == 't.fk_statut') { if (is_array($value) && count($value) > 0) { - $sql .= 'AND '.$key.' IN ('.implode(',', $value).')'; + $sql .= 'AND '.$key.' IN ('.$db->sanitize(implode(',', $value)).')'; } else { $sql .= ' AND '.$key.' = '.$db->escape($value); } diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index befeee00a7b..945e58630fe 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -364,7 +364,7 @@ if ($action == "view_ticketlist") { $sql .= " AND ".$key." = '".$db->escape($value)."'"; } elseif ($key == 't.fk_statut') { if (is_array($value) && count($value) > 0) { - $sql .= 'AND '.$key.' IN ('.implode(',', $value).')'; + $sql .= 'AND '.$key.' IN ('.$db->sanitize(implode(',', $value)).')'; } else { $sql .= ' AND '.$key.' = '.$db->escape($value); } diff --git a/htdocs/salaries/class/salariesstats.class.php b/htdocs/salaries/class/salariesstats.class.php index 123dc044a4a..0614f174416 100644 --- a/htdocs/salaries/class/salariesstats.class.php +++ b/htdocs/salaries/class/salariesstats.class.php @@ -67,7 +67,7 @@ class SalariesStats extends Stats $this->where .= " AND fk_soc = ".$this->socid; } if (is_array($this->userid) && count($this->userid) > 0) { - $this->where .= ' AND fk_user IN ('.join(',', $this->userid).')'; + $this->where .= ' AND fk_user IN ('.$db->sanitize(join(',', $this->userid)).')'; } elseif ($this->userid > 0) { $this->where .= ' AND fk_user = '.$this->userid; } diff --git a/htdocs/takepos/ajax/ajax.php b/htdocs/takepos/ajax/ajax.php index c9cdb681267..0ccdeb86b9b 100644 --- a/htdocs/takepos/ajax/ajax.php +++ b/htdocs/takepos/ajax/ajax.php @@ -111,7 +111,7 @@ if ($action == 'getProducts') { $sql = 'SELECT rowid, ref, label, tosell, tobuy, barcode, price FROM '.MAIN_DB_PREFIX.'product as p'; $sql .= ' WHERE entity IN ('.getEntity('product').')'; if ($filteroncategids) { - $sql .= ' AND EXISTS (SELECT cp.fk_product FROM '.MAIN_DB_PREFIX.'categorie_product as cp WHERE cp.fk_product = p.rowid AND cp.fk_categorie IN ('.$filteroncategids.'))'; + $sql .= ' AND EXISTS (SELECT cp.fk_product FROM '.MAIN_DB_PREFIX.'categorie_product as cp WHERE cp.fk_product = p.rowid AND cp.fk_categorie IN ('.$db->sanitize($filteroncategids).'))'; } $sql .= ' AND tosell = 1'; $sql .= natural_search(array('ref', 'label', 'barcode'), $term); diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 237edd265de..0ba818b8e0b 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -717,7 +717,7 @@ class Ticket extends CommonObject $sql .= " AND ".$key." = '".$this->db->escape($value)."'"; } elseif ($key == 't.fk_statut') { if (is_array($value) && count($value) > 0) { - $sql .= 'AND '.$key.' IN ('.implode(',', $value).')'; + $sql .= 'AND '.$key.' IN ('.$this->db->sanitize(implode(',', $value)).')'; } else { $sql .= ' AND '.$key.' = '.$this->db->escape($value); } diff --git a/htdocs/ticket/class/ticketstats.class.php b/htdocs/ticket/class/ticketstats.class.php index 588037a6d2f..51449c6b233 100644 --- a/htdocs/ticket/class/ticketstats.class.php +++ b/htdocs/ticket/class/ticketstats.class.php @@ -67,7 +67,7 @@ class TicketStats extends Stats $this->where .= " AND fk_soc = ".$this->socid; } if (is_array($this->userid) && count($this->userid) > 0) { - $this->where .= ' AND fk_user_create IN ('.join(',', $this->userid).')'; + $this->where .= ' AND fk_user_create IN ('.$this->db->sanitize(join(',', $this->userid)).')'; } elseif ($this->userid > 0) { $this->where .= ' AND fk_user_create = '.$this->userid; } diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 06c702a6a58..6fe5f0d8863 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -311,6 +311,18 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['relativename'].': '.$val[0].' - Bad.'); //exit; + // Check string IN (".xxx with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request. + preg_match_all('/ IN \([\'"]\s*\.\s*(.........)/i', $filecontent, $matches, PREG_SET_ORDER); + foreach ($matches as $key => $val) { + if (!in_array($val[1], array('$db->sani', '$this->db', 'getEntity', 'self::STA', 'Commande:', 'CommandeF', 'Facture::', 'FactureFo', 'ExpenseRe', 'Societe::'))) { + $ok=false; + break; + } + //if ($reg[0] != 'db') $ok=false; + } + //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; + $this->assertTrue($ok, 'Found non sanitized string in building of a IN or NOT IN sql request '.$file['relativename'].' - Bad.'); + //exit; // Test that output of $_SERVER\[\'QUERY_STRING\'\] is escaped. $ok=true;