Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-07 16:41:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix protect sql

Browse Source
This commit is contained in:
Laurent Destailleur
2021-04-24 20:18:11 +02:00
parent 1bd2bd3237
commit d0cc64479d
70 changed files with 109 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/commande/class/commande.class.php
View File

@@ -1807,7 +1807,7 @@ class Commande extends CommonOrder
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON c.fk_incoterms = i.rowid';
if ($id) {
$sql .= " WHERE c.rowid=".$id;
$sql .= " WHERE c.rowid=".((int) $id);
} else {
$sql .= " WHERE c.entity IN (".getEntity('commande').")"; // Dont't use entity if you use rowid
}
@@ -2687,7 +2687,7 @@ class Commande extends CommonOrder
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
if ($draft) {
$sql .= " AND c.fk_statut = ".self::STATUS_DRAFT;