diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index a1c7b452c75..5a30b01a7e6 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -999,7 +999,7 @@ if (empty($reshook)) { } elseif ($value == 'taux' || $value == 'localtax1') { $_POST[$keycode] = price2num(GETPOST($keycode), 8); // Note that localtax2 can be a list of rates separated by coma like X:Y:Z } elseif ($value == 'entity') { - $_POST[$keycode] = getEntity($tablename); + $_POST[$keycode] = (int) getEntity($tablename, 0); } if ($i) { @@ -1068,7 +1068,7 @@ if (empty($reshook)) { } elseif ($field == 'taux' || $field == 'localtax1') { $_POST[$keycode] = price2num(GETPOST($keycode), 8); // Note that localtax2 can be a list of rates separated by coma like X:Y:Z } elseif ($field == 'entity') { - $_POST[$keycode] = getEntity($tablename); + $_POST[$keycode] = (int) getEntity($tablename, 0); } if ($i) { @@ -1585,7 +1585,7 @@ if ($id > 0) { $tdsoffields = ''; foreach ($fieldlist as $field => $value) { if ($value == 'entity') { - $withentity = getEntity($tabname[$id]); + $withentity = (int) getEntity($tabname[$id], 0); continue; } diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index f904663dc80..82c122dabdb 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -1107,12 +1107,12 @@ class BonPrelevement extends CommonObject $error = 0; // Pre-store some values into variables to simplify following sql requests if ($sourcetype != 'salary') { - $entities = $type != 'bank-transfer' ? getEntity('invoice') : getEntity('supplier_invoice'); + $entities = $type != 'bank-transfer' ? getEntity('invoice', 1) : getEntity('supplier_invoice', 1); // Return alist of entities $sqlTable = $type != 'bank-transfer' ? "facture" : "facture_fourn"; $socOrUser = 'fk_soc'; $societeOrUser = 'societe'; } else { - $entities = getEntity('salary'); + $entities = getEntity('salary', 1); // Return a list of entities $sqlTable = 'salary'; $socOrUser = 'fk_user'; $societeOrUser = 'user'; diff --git a/htdocs/contrat/class/api_contracts.class.php b/htdocs/contrat/class/api_contracts.class.php index ff462d4e802..9c60002fefa 100644 --- a/htdocs/contrat/class/api_contracts.class.php +++ b/htdocs/contrat/class/api_contracts.class.php @@ -51,7 +51,7 @@ class Contracts extends DolibarrApi */ public function __construct() { - global $db, $conf; + global $db; $this->db = $db; $this->contract = new Contrat($this->db); } @@ -232,6 +232,8 @@ class Contracts extends DolibarrApi */ public function post($request_data = null) { + global $conf; + if (!DolibarrApiAccess::$user->hasRight('contrat', 'creer')) { throw new RestException(403, "Insufficient rights"); } @@ -247,7 +249,7 @@ class Contracts extends DolibarrApi if ($field == 'id') { throw new RestException(400, 'Creating with id field is forbidden'); } - if ($field == 'entity' && $value != getEntity('contrat')) { + if ($field == 'entity' && $value != $conf->entity) { throw new RestException(403, 'Creating entity not the same as your API user is forbidden'); } diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index 14c78679a09..e4aa17edf77 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -154,6 +154,8 @@ class Dolresource extends CommonObject */ public function create(User $user, int $no_trigger = 0) { + global $conf; + $error = 0; $this->date_creation = dol_now(); @@ -200,7 +202,7 @@ class Dolresource extends CommonObject $sql .= "datec, "; $sql .= "fk_user_author "; $sql .= ") VALUES ("; - $sql .= getEntity('resource') . ", "; + $sql .= (int) (empty($this->entity) ? $conf->entity : $this->entity) . ", "; foreach ($new_resource_values as $value) { $sql .= " " . (!empty($value) ? "'" . $this->db->escape($value) . "'" : 'NULL') . ","; } diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index ca65d3e6e9f..f43a9434464 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -260,7 +260,7 @@ class CodingPhpTest extends CommonClassTest //exit; } - // Check for unauthorised vardumps + // Check for unauthorised var_dumps if (!preg_match('/test\/phpunit/', $file['fullname'])) { $this->verifyNoActiveVardump($filecontent, $report_filepath); } @@ -632,6 +632,15 @@ class CodingPhpTest extends CommonClassTest } $this->assertTrue($ok, 'Found a preg_grep with a param that is a $var but without preg_quote in file '.$file['relativename'].'.'); + // Test we don't have preg_grep with a param without preg_quote + $ok = true; + $matches = array(); + preg_match_all('/= getEntity\(["\'a-z]*\)/', $filecontent, $matches, PREG_SET_ORDER); + foreach ($matches as $key => $val) { + $ok = false; + break; + } + $this->assertTrue($ok, 'Found a sequence "= getEntity(\'...\')" that is not allowed. We should have IN getEntity or = conf->entity in file '.$file['relativename'].'.'); // Test we don't have "if ($resql >" $ok = true;