From a3fa8b82fa861afc023ceda406cd2edb37a2bb27 Mon Sep 17 00:00:00 2001 From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com> Date: Thu, 9 Nov 2023 17:04:13 +0100 Subject: [PATCH] FIX: more correctly parse the select part to be replaced in sql queries --- htdocs/comm/action/list.php | 2 +- htdocs/compta/facture/list.php | 4 ++-- htdocs/modulebuilder/template/myobject_list.php | 2 +- htdocs/product/stock/movement_list.php | 2 +- htdocs/product/stock/productlot_list.php | 2 +- htdocs/ticket/list.php | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index e2b412e15db..74055477e78 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -563,7 +563,7 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { $nbtotalofrecords++; }*/ /* The fast and low memory method to get and count full list converts the sql into a sql count */ - $sqlforcount = preg_replace('/^SELECT[a-z0-9\._\s\(\),]+FROM/i', 'SELECT COUNT(*) as nbtotalofrecords FROM', $sql); + $sqlforcount = preg_replace('/^SELECT[a-z0-9\._\s\(\),=<>\:\-\'\+\*\/"`]+\sFROM/Ui', 'SELECT COUNT(*) as nbtotalofrecords FROM', $sql); $resql = $db->query($sqlforcount); $objforcount = $db->fetch_object($resql); $nbtotalofrecords = $objforcount->nbtotalofrecords; diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index da2599dcee2..e2ec217e4a8 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -851,9 +851,9 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { */ /* The fast and low memory method to get and count full list converts the sql into a sql count */ if ($sall || $search_product_category > 0 || $search_user > 0) { - $sqlforcount = preg_replace('/^SELECT[a-zA-Z0-9\._\s\(\),=<>\:\-\']+\sFROM/', 'SELECT COUNT(DISTINCT f.rowid) as nbtotalofrecords FROM', $sql); + $sqlforcount = preg_replace('/^SELECT[a-z0-9\._\s\(\),=<>\:\-\'\+\*\/"`]+\sFROM/Ui', 'SELECT COUNT(DISTINCT f.rowid) as nbtotalofrecords FROM', $sql); } else { - $sqlforcount = preg_replace('/^SELECT[a-zA-Z0-9\._\s\(\),=<>\:\-\']+\sFROM/', 'SELECT COUNT(f.rowid) as nbtotalofrecords FROM', $sql); + $sqlforcount = preg_replace('/^SELECT[a-z0-9\._\s\(\),=<>\:\-\'\+\*\/"`]+\sFROM/Ui', 'SELECT COUNT(f.rowid) as nbtotalofrecords FROM', $sql); $sqlforcount = preg_replace('/LEFT JOIN '.MAIN_DB_PREFIX.'paiement_facture as pf ON pf.fk_facture = f.rowid/', '', $sqlforcount); } $sqlforcount = preg_replace('/GROUP BY.*$/', '', $sqlforcount); diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index 5d4ae896134..aba2e44976f 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -369,7 +369,7 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { $nbtotalofrecords++; }*/ /* The fast and low memory method to get and count full list converts the sql into a sql count */ - $sqlforcount = preg_replace('/^SELECT[a-z0-9\._\s\(\),]+FROM/i', 'SELECT COUNT(*) as nbtotalofrecords FROM', $sql); + $sqlforcount = preg_replace('/^SELECT[a-z0-9\._\s\(\),=<>\:\-\'\+\*\/"`]+\sFROM/Ui', 'SELECT COUNT(*) as nbtotalofrecords FROM', $sql); $resql = $db->query($sqlforcount); $objforcount = $db->fetch_object($resql); $nbtotalofrecords = $objforcount->nbtotalofrecords; diff --git a/htdocs/product/stock/movement_list.php b/htdocs/product/stock/movement_list.php index f5d74c47c8e..b230dba10b0 100644 --- a/htdocs/product/stock/movement_list.php +++ b/htdocs/product/stock/movement_list.php @@ -585,7 +585,7 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { $nbtotalofrecords++; }*/ /* The fast and low memory method to get and count full list converts the sql into a sql count */ - $sqlforcount = preg_replace('/^SELECT[a-z0-9\._\s\(\),]+FROM/i', 'SELECT COUNT(*) as nbtotalofrecords FROM', $sql); + $sqlforcount = preg_replace('/^SELECT[a-z0-9\._\s\(\),=<>\:\-\'\+\*\/"`]+\sFROM/Ui', 'SELECT COUNT(*) as nbtotalofrecords FROM', $sql); $resql = $db->query($sqlforcount); $objforcount = $db->fetch_object($resql); $nbtotalofrecords = $objforcount->nbtotalofrecords; diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index 74abbad9140..6df36351c53 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -294,7 +294,7 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { $nbtotalofrecords++; }*/ /* The fast and low memory method to get and count full list converts the sql into a sql count */ - $sqlforcount = preg_replace('/^SELECT[a-z0-9\._\s\(\),]+FROM/i', 'SELECT COUNT(*) as nbtotalofrecords FROM', $sql); + $sqlforcount = preg_replace('/^SELECT[a-z0-9\._\s\(\),=<>\:\-\'\+\*\/"`]+\sFROM/Ui', 'SELECT COUNT(*) as nbtotalofrecords FROM', $sql); $resql = $db->query($sqlforcount); $objforcount = $db->fetch_object($resql); $nbtotalofrecords = $objforcount->nbtotalofrecords; diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index d80d44813e0..fe7987f85b3 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -454,7 +454,7 @@ $sql .= $hookmanager->resPrint; $nbtotalofrecords = ''; if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { /* The fast and low memory method to get and count full list converts the sql into a sql count */ - $sqlforcount = preg_replace('/^SELECT[a-z0-9\._\s\(\),]+FROM/i', 'SELECT COUNT(*) as nbtotalofrecords FROM', $sql); + $sqlforcount = preg_replace('/^SELECT[a-z0-9\._\s\(\),=<>\:\-\'\+\*\/"`]+\sFROM/Ui', 'SELECT COUNT(*) as nbtotalofrecords FROM', $sql); $resql = $db->query($sqlforcount); $objforcount = $db->fetch_object($resql); $nbtotalofrecords = $objforcount->nbtotalofrecords;