diff --git a/htdocs/accountancy/class/accountancysystem.class.php b/htdocs/accountancy/class/accountancysystem.class.php index 87d1ccd663c..68beff8d043 100644 --- a/htdocs/accountancy/class/accountancysystem.class.php +++ b/htdocs/accountancy/class/accountancysystem.class.php @@ -37,7 +37,7 @@ class AccountancySystem var $label; var $account_number; var $account_parent; - + /** * Constructor * @@ -46,8 +46,8 @@ class AccountancySystem function __construct($db) { $this->db = $db; } - - + + /** * Load record in memory * @@ -55,11 +55,11 @@ class AccountancySystem * @param string $ref ref * @return int <0 if KO, Id of record if OK and found */ - function fetch($rowid = 0, $ref = '') + function fetch($rowid = 0, $ref = '') { global $conf; - - if ($rowid > 0 || $ref) + + if ($rowid > 0 || $ref) { $sql = "SELECT a.pcg_version, a.label, a.active"; $sql .= " FROM " . MAIN_DB_PREFIX . "accounting_system as a"; @@ -69,12 +69,12 @@ class AccountancySystem } elseif ($ref) { $sql .= " a.pcg_version = '" . $ref . "'"; } - + dol_syslog(get_class($this) . "::fetch sql=" . $sql, LOG_DEBUG); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); - + if ($obj) { $this->id = $obj->rowid; $this->rowid = $obj->rowid; @@ -82,7 +82,7 @@ class AccountancySystem $this->ref = $obj->pcg_version; $this->label = $obj->label; $this->active = $obj->active; - + return $this->id; } else { return 0; @@ -94,8 +94,8 @@ class AccountancySystem } return - 1; } - - + + /** * Insert accountancy system name into database * @@ -104,16 +104,16 @@ class AccountancySystem */ function create($user) { $now = dol_now(); - + $sql = "INSERT INTO " . MAIN_DB_PREFIX . "accounting_system"; $sql .= " (date_creation, fk_user_author, numero, label)"; - $sql .= " VALUES (" . $this->db->idate($now) . "," . $user->id . ",'" . $this->numero . "','" . $this->label . "')"; - + $sql .= " VALUES ('" . $this->db->idate($now) . "'," . $user->id . ",'" . $this->numero . "','" . $this->label . "')"; + dol_syslog(get_class($this) . "::create sql=" . $sql, LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { $id = $this->db->last_insert_id(MAIN_DB_PREFIX . "accounting_system"); - + if ($id > 0) { $this->rowid = $id; $result = $this->rowid; @@ -127,7 +127,7 @@ class AccountancySystem $this->error = "AccountancySystem::Create Erreur $result"; dol_syslog($this->error, LOG_ERR); } - + return $result; } } \ No newline at end of file diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php index b0d970248eb..a0744fcfa04 100644 --- a/htdocs/comm/mailing/class/advtargetemailing.class.php +++ b/htdocs/comm/mailing/class/advtargetemailing.class.php @@ -124,7 +124,7 @@ class AdvanceTargetingMailing extends CommonObject $sql.= " ".(! isset($this->fk_mailing)?'NULL':"'".$this->fk_mailing."'").","; $sql.= " ".(! isset($this->filtervalue)?'NULL':"'".$this->db->escape($this->filtervalue)."'").","; $sql.= " ".$user->id.","; - $sql.= " ".$this->db->idate(dol_now()).","; + $sql.= " '".$this->db->idate(dol_now())."',"; $sql.= " ".$user->id; diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index 9812269dcb6..1d0568c8064 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -86,9 +86,9 @@ class PaymentVarious extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."payment_various SET"; - $sql.= " tms=".$this->db->idate($this->tms).","; - $sql.= " datep=".$this->db->idate($this->datep).","; - $sql.= " datev=".$this->db->idate($this->datev).","; + $sql.= " tms='".$this->db->idate($this->tms)."',"; + $sql.= " datep='".$this->db->idate($this->datep)."',"; + $sql.= " datev='".$this->db->idate($this->datev)."',"; $sql.= " sens=".$this->sens.","; $sql.= " amount=".price2num($this->amount).","; $sql.= " fk_typepayment=".$this->fk_typepayment."',"; diff --git a/htdocs/compta/localtax/class/localtax.class.php b/htdocs/compta/localtax/class/localtax.class.php index e59b2c6ce2b..870c123b468 100644 --- a/htdocs/compta/localtax/class/localtax.class.php +++ b/htdocs/compta/localtax/class/localtax.class.php @@ -151,9 +151,9 @@ class Localtax extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."localtax SET"; $sql.= " localtaxtype=".$this->ltt.","; - $sql.= " tms=".$this->db->idate($this->tms).","; - $sql.= " datep=".$this->db->idate($this->datep).","; - $sql.= " datev=".$this->db->idate($this->datev).","; + $sql.= " tms='".$this->db->idate($this->tms)."',"; + $sql.= " datep='".$this->db->idate($this->datep)."',"; + $sql.= " datev='".$this->db->idate($this->datev)."',"; $sql.= " amount=".price2num($this->amount).","; $sql.= " label='".$this->db->escape($this->label)."',"; $sql.= " note='".$this->db->escape($this->note)."',"; diff --git a/htdocs/compta/salaries/class/paymentsalary.class.php b/htdocs/compta/salaries/class/paymentsalary.class.php index d3f76a84bdf..ee2832cb08e 100644 --- a/htdocs/compta/salaries/class/paymentsalary.class.php +++ b/htdocs/compta/salaries/class/paymentsalary.class.php @@ -34,7 +34,7 @@ class PaymentSalary extends CommonObject //public $element='payment_salary'; //!< Id that identify managed objects //public $table_element='payment_salary'; //!< Name of table without prefix where object is stored public $picto='payment'; - + public $tms; public $fk_user; public $datep; @@ -97,16 +97,16 @@ class PaymentSalary extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."payment_salary SET"; - $sql.= " tms=".$this->db->idate($this->tms).","; + $sql.= " tms='".$this->db->idate($this->tms)."',"; $sql.= " fk_user=".$this->fk_user.","; - $sql.= " datep=".$this->db->idate($this->datep).","; - $sql.= " datev=".$this->db->idate($this->datev).","; + $sql.= " datep='".$this->db->idate($this->datep)."',"; + $sql.= " datev='".$this->db->idate($this->datev)."',"; $sql.= " amount=".price2num($this->amount).","; $sql.= " fk_typepayment=".$this->fk_typepayment."',"; $sql.= " num_payment='".$this->db->escape($this->num_payment)."',"; $sql.= " label='".$this->db->escape($this->label)."',"; - $sql.= " datesp=".$this->db->idate($this->datesp).","; - $sql.= " dateep=".$this->db->idate($this->dateep).","; + $sql.= " datesp='".$this->db->idate($this->datesp)."',"; + $sql.= " dateep='".$this->db->idate($this->dateep)."',"; $sql.= " note='".$this->db->escape($this->note)."',"; $sql.= " fk_bank=".($this->fk_bank > 0 ? "'".$this->fk_bank."'":"null").","; $sql.= " fk_user_author=".$this->fk_user_author.","; @@ -548,7 +548,7 @@ class PaymentSalary extends CommonObject } } - + /** * Retourne le libelle du statut d'une facture (brouillon, validee, abandonnee, payee) * @@ -559,7 +559,7 @@ class PaymentSalary extends CommonObject { return $this->LibStatut($this->statut,$mode); } - + /** * Renvoi le libelle d'un statut donne * @@ -570,7 +570,7 @@ class PaymentSalary extends CommonObject function LibStatut($status,$mode=0) { global $langs; // TODO Renvoyer le libelle anglais et faire traduction a affichage - + $langs->load('compta'); /*if ($mode == 0) { @@ -609,5 +609,5 @@ class PaymentSalary extends CommonObject }*/ return ''; } - + } diff --git a/htdocs/compta/tva/class/tva.class.php b/htdocs/compta/tva/class/tva.class.php index ff26347576e..df1bc8c03cf 100644 --- a/htdocs/compta/tva/class/tva.class.php +++ b/htdocs/compta/tva/class/tva.class.php @@ -173,9 +173,9 @@ class Tva extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."tva SET"; - $sql.= " tms=".$this->db->idate($this->tms).","; - $sql.= " datep=".$this->db->idate($this->datep).","; - $sql.= " datev=".$this->db->idate($this->datev).","; + $sql.= " tms='".$this->db->idate($this->tms)."',"; + $sql.= " datep='".$this->db->idate($this->datep)."',"; + $sql.= " datev='".$this->db->idate($this->datev)."',"; $sql.= " amount=".price2num($this->amount).","; $sql.= " label='".$this->db->escape($this->label)."',"; $sql.= " note='".$this->db->escape($this->note)."',"; diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 8195fb696ae..d66e4cc1ebd 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -48,13 +48,15 @@ if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contact', $contactid,''); $sall=GETPOST('sall', 'alphanohtml'); +$search_cti=preg_replace('/^0+/', '', preg_replace('/[^0-9]/', '', GETPOST('search_cti', 'alphanohtml'))); // Phone number without any special chars +$search_phone=GETPOST("search_phone"); + $search_id=trim(GETPOST("search_id","int")); $search_firstlast_only=GETPOST("search_firstlast_only"); $search_lastname=GETPOST("search_lastname"); $search_firstname=GETPOST("search_firstname"); $search_societe=GETPOST("search_societe"); $search_poste=GETPOST("search_poste"); -$search_phone=GETPOST("search_phone"); $search_phone_perso=GETPOST("search_phone_perso"); $search_phone_pro=GETPOST("search_phone_pro"); $search_phone_mobile=GETPOST("search_phone_mobile"); @@ -278,55 +280,27 @@ if ($search_categ > 0) $sql.= " AND cc.fk_categorie = ".$db->escape($search_ca if ($search_categ == -2) $sql.= " AND cc.fk_categorie IS NULL"; if ($search_categ_thirdparty > 0) $sql.= " AND cs.fk_categorie = ".$db->escape($search_categ_thirdparty); if ($search_categ_thirdparty == -2) $sql.= " AND cs.fk_categorie IS NULL"; -if ($search_categ_supplier > 0) $sql.= " AND cs2.fk_categorie = ".$db->escape($search_categ_supplier); -if ($search_categ_supplier == -2) $sql.= " AND cs2.fk_categorie IS NULL"; +if ($search_categ_supplier > 0) $sql.= " AND cs2.fk_categorie = ".$db->escape($search_categ_supplier); +if ($search_categ_supplier == -2) $sql.= " AND cs2.fk_categorie IS NULL"; -if ($search_id > 0) $sql.= natural_search("s.rowid",$search_id,1); -if ($search_import_key) $sql.= natural_search("s.import_key",$search_import_key); -if ($search_firstlast_only) { - $sql .= natural_search(array('p.lastname','p.firstname'), $search_firstlast_only); -} -if ($search_lastname) { // filter on lastname - $sql .= natural_search('p.lastname', $search_lastname); -} -if ($search_firstname) { // filter on firstname - $sql .= natural_search('p.firstname', $search_firstname); -} -if ($search_societe) { // filtre sur la societe - $sql .= natural_search('s.nom', $search_societe); -} -if (strlen($search_poste)) { // filtre sur la societe - $sql .= natural_search('p.poste', $search_poste); -} -if (strlen($search_phone)) -{ - $sql .= " AND (p.phone LIKE '%".$db->escape($search_phone)."%' OR p.phone_perso LIKE '%".$db->escape($search_phone)."%' OR p.phone_mobile LIKE '%".$db->escape($search_phone)."%')"; -} -if (strlen($search_phone_perso)) -{ - $sql .= " AND p.phone_perso LIKE '%".$db->escape($search_phone_perso)."%'"; -} -if (strlen($search_phone_pro)) -{ - $sql .= " AND p.phone LIKE '%".$db->escape($search_phone_pro)."%'"; -} -if (strlen($search_phone_mobile)) -{ - $sql .= " AND p.phone_mobile LIKE '%".$db->escape($search_phone_mobile)."%'"; -} -if (strlen($search_fax)) -{ - $sql .= " AND p.fax LIKE '%".$db->escape($search_fax)."%'"; -} -if (strlen($search_email)) // filtre sur l'email -{ - $sql .= " AND p.email LIKE '%".$db->escape($search_email)."%'"; -} -if (strlen($search_skype)) // filtre sur skype -{ - $sql .= " AND p.skype LIKE '%".$db->escape($search_skype)."%'"; -} -if ($search_status != '' && $search_status >= 0) $sql .= " AND p.statut = ".$db->escape($search_status); +if ($sall) $sql.= natural_search(array_keys($fieldstosearchall), $sall); +if (strlen($search_phone)) $sql.= natural_search(array('p.phone', 'p.phone_perso', 'p.phone_mobile'), $search_phone); +if (strlen($search_cti)) $sql.= natural_search(array('p.phone', 'p.phone_perso', 'p.phone_mobile'), $search_cti); +if (strlen($search_firstlast_only)) $sql.= natural_search(array('p.lastname', 'p.firstname'), $search_firstlast_only); + +if ($search_id > 0) $sql.= natural_search("p.rowid",$search_id,1); +if ($search_lastname) $sql.= natural_search('p.lastname', $search_lastname); +if ($search_firstname) $sql.= natural_search('p.firstname', $search_firstname); +if ($search_societe) $sql.= natural_search('s.nom', $search_societe); +if (strlen($search_poste)) $sql.= natural_search('p.poste', $search_poste); +if (strlen($search_phone_perso)) $sql.= natural_search('p.phone_perso', $search_phone_perso); +if (strlen($search_phone_pro)) $sql.= natural_search('p.phone', $search_phone); +if (strlen($search_phone_mobile)) $sql.= natural_search('p.phone_mobile', $search_phone_mobile); +if (strlen($search_fax)) $sql.= natural_search('p.phone_fax', $search_fax); +if (strlen($search_skype)) $sql.= natural_search('p.skype', $search_skype); +if (strlen($search_email)) $sql.= natural_search('p.email', $search_email); +if ($search_status != '' && $search_status >= 0) $sql.= " AND p.statut = ".$db->escape($search_status); +if ($search_import_key) $sql.= natural_search("p.import_key",$search_import_key); if ($type == "o") // filtre sur type { $sql .= " AND p.fk_soc IS NULL"; @@ -343,10 +317,6 @@ else if ($type == "p") // filtre sur type { $sql .= " AND s.client IN (2, 3)"; } -if ($sall) -{ - $sql .= natural_search(array_keys($fieldstosearchall), $sall); -} if (! empty($socid)) { $sql .= " AND s.rowid = ".$socid; @@ -399,7 +369,7 @@ $num = $db->num_rows($result); $arrayofselected=is_array($toselect)?$toselect:array(); -if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $sall) +if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && ($sall != '' || $seearch_cti != '')) { $obj = $db->fetch_object($resql); $id = $obj->rowid; diff --git a/htdocs/core/class/events.class.php b/htdocs/core/class/events.class.php index 2cfedfb7d1a..68f033870c2 100644 --- a/htdocs/core/class/events.class.php +++ b/htdocs/core/class/events.class.php @@ -172,7 +172,7 @@ class Events // extends CommonObject // Update request $sql = "UPDATE ".MAIN_DB_PREFIX."events SET"; $sql.= " type='".$this->db->escape($this->type)."',"; - $sql.= " dateevent=".$this->db->idate($this->dateevent).","; + $sql.= " dateevent='".$this->db->idate($this->dateevent)."',"; $sql.= " description='".$this->db->escape($this->description)."'"; $sql.= " WHERE rowid=".$this->id; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 85f3ed199e9..950e421e729 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -6174,7 +6174,7 @@ function dol_getmypid() * or like "keyword1|keyword2" = We want record field like keyword1 OR field like keyword2 * If param $mode is 1, can contains an operator <, > or = like "<10" or ">=100.5 < 1000" * If param $mode is 2, can contains a list of id separated by comma like "1,3,4" - * @param integer $mode 0=value is list of keywords, 1=value is a numeric test (Example ">5.5 <10"), 2=value is a list of id separated with comma (Example '1,3,4') + * @param integer $mode 0=value is list of keyword strings, 1=value is a numeric test (Example ">5.5 <10"), 2=value is a list of id separated with comma (Example '1,3,4') * @param integer $nofirstand 1=Do not output the first 'AND' * @return string $res The statement to append to the SQL query */ diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 26203d00914..6969363a766 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -49,6 +49,8 @@ if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user,'societe',$socid,''); $search_all=trim(GETPOST('sall', 'alphanohtml')); +$search_cti=preg_replace('/^0+/', '', preg_replace('/[^0-9]/', '', GETPOST('search_cti', 'alphanohtml'))); // Phone number without any special chars + $search_id=trim(GETPOST("search_id","int")); $search_nom=trim(GETPOST("search_nom")); $search_alias=trim(GETPOST("search_alias")); @@ -407,44 +409,47 @@ if ($search_sale || (!$user->rights->societe->client->voir && !$socid)) $sql.= " $sql.= " WHERE s.fk_stcomm = st.id"; $sql.= " AND s.entity IN (".getEntity('societe').")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; -if ($socid) $sql.= " AND s.rowid = ".$socid; -if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale +if ($socid) $sql.= " AND s.rowid = ".$socid; +if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale if (! $user->rights->fournisseur->lire) $sql.=" AND (s.fournisseur <> 1 OR s.client <> 0)"; // client=0, fournisseur=0 must be visible -if ($search_sale) $sql.= " AND sc.fk_user = ".$db->escape($search_sale); -if ($search_categ > 0) $sql.= " AND cs.fk_categorie = ".$db->escape($search_categ); -if ($search_categ == -2) $sql.= " AND cs.fk_categorie IS NULL"; -if ($search_all) $sql.= natural_search(array_keys($fieldstosearchall), $search_all); -if ($search_id > 0) $sql.= natural_search("s.rowid",$search_id,1); -if ($search_import_key) $sql.= natural_search("s.import_key",$search_import_key); -if ($search_nom) $sql.= natural_search("s.nom",$search_nom); -if ($search_alias) $sql.= natural_search("s.name_alias",$search_alias); -if ($search_nom_only) $sql.= natural_search("s.nom",$search_nom_only); +if ($search_sale) $sql.= " AND sc.fk_user = ".$db->escape($search_sale); +if ($search_categ > 0) $sql.= " AND cs.fk_categorie = ".$db->escape($search_categ); +if ($search_categ == -2) $sql.= " AND cs.fk_categorie IS NULL"; + +if ($search_all) $sql.= natural_search(array_keys($fieldstosearchall), $search_all); +if (strlen($search_cti)) $sql.= natural_search('s.phone', $search_cti); + +if ($search_id > 0) $sql.= natural_search("s.rowid",$search_id,1); +if ($search_nom) $sql.= natural_search("s.nom",$search_nom); +if ($search_alias) $sql.= natural_search("s.name_alias",$search_alias); +if ($search_nom_only) $sql.= natural_search("s.nom",$search_nom_only); if ($search_customer_code) $sql.= natural_search("s.code_client",$search_customer_code); if ($search_supplier_code) $sql.= natural_search("s.code_fournisseur",$search_supplier_code); if ($search_account_customer_code) $sql.= natural_search("s.code_compta",$search_account_customer_code); if ($search_account_supplier_code) $sql.= natural_search("s.code_compta_fournisseur",$search_account_supplier_code); -if ($search_town) $sql.= natural_search("s.town",$search_town); -if ($search_zip) $sql.= natural_search("s.zip",$search_zip); -if ($search_state) $sql.= natural_search("state.nom",$search_state); -if ($search_country) $sql .= " AND s.fk_pays IN (".$search_country.')'; -if ($search_email) $sql.= natural_search("s.email",$search_email); -if ($search_phone) $sql.= natural_search("s.phone",$search_phone); -if ($search_url) $sql.= natural_search("s.url",$search_url); -if ($search_idprof1) $sql.= natural_search("s.siren",$search_idprof1); -if ($search_idprof2) $sql.= natural_search("s.siret",$search_idprof2); -if ($search_idprof3) $sql.= natural_search("s.ape",$search_idprof3); -if ($search_idprof4) $sql.= natural_search("s.idprof4",$search_idprof4); -if ($search_idprof5) $sql.= natural_search("s.idprof5",$search_idprof5); -if ($search_idprof6) $sql.= natural_search("s.idprof6",$search_idprof6); +if ($search_town) $sql.= natural_search("s.town",$search_town); +if (strlen($search_zip)) $sql.= natural_search("s.zip",$search_zip); +if ($search_state) $sql.= natural_search("state.nom",$search_state); +if ($search_country) $sql .= " AND s.fk_pays IN (".$search_country.')'; +if ($search_email) $sql.= natural_search("s.email",$search_email); +if (strlen($search_phone)) $sql.= natural_search("s.phone", $search_phone); +if ($search_url) $sql.= natural_search("s.url",$search_url); +if (strlen($search_idprof1)) $sql.= natural_search("s.siren",$search_idprof1); +if (strlen($search_idprof2)) $sql.= natural_search("s.siret",$search_idprof2); +if (strlen($search_idprof3)) $sql.= natural_search("s.ape",$search_idprof3); +if (strlen($search_idprof4)) $sql.= natural_search("s.idprof4",$search_idprof4); +if (strlen($search_idprof5)) $sql.= natural_search("s.idprof5",$search_idprof5); +if (strlen($search_idprof6)) $sql.= natural_search("s.idprof6",$search_idprof6); // Filter on type of thirdparty if ($search_type > 0 && in_array($search_type,array('1,3','2,3'))) $sql .= " AND s.client IN (".$db->escape($search_type).")"; if ($search_type > 0 && in_array($search_type,array('4'))) $sql .= " AND s.fournisseur = 1"; if ($search_type == '0') $sql .= " AND s.client = 0 AND s.fournisseur = 0"; if ($search_status!='' && $search_status >= 0) $sql .= " AND s.status = ".$db->escape($search_status); -if (!empty($conf->barcode->enabled) && $search_barcode) $sql.= " AND s.barcode LIKE '%".$db->escape($search_barcode)."%'"; +if (!empty($conf->barcode->enabled) && $search_barcode) $sql.= natural_search("s.barcode", $search_barcode); if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')'; if ($search_levels) $sql .= " AND s.fk_prospectlevel IN (".$search_levels.')'; if ($search_stcomm != '' && $search_stcomm != -2) $sql.= natural_search("s.fk_stcomm",$search_stcomm,2); +if ($search_import_key) $sql.= natural_search("s.import_key",$search_import_key); // Add where from extra fields foreach ($search_array_options as $key => $val) { @@ -486,7 +491,7 @@ $num = $db->num_rows($resql); $arrayofselected=is_array($toselect)?$toselect:array(); -if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $search_all && $action != 'list') +if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && ($search_all != '' || $search_cti != '') && $action != 'list') { $obj = $db->fetch_object($resql); $id = $obj->rowid; diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 5df31da812c..3460bb7f711 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -155,6 +155,25 @@ class CodingPhpTest extends PHPUnit_Framework_TestCase print 'Check php file '.$file['fullname']."\n"; $filecontent=file_get_contents($file['fullname']); + + $ok=true; + $matches=array(); + // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. + preg_match_all('/(..)\s*\.\s*\$this->db->idate\(/', $filecontent, $matches, PREG_SET_ORDER); + foreach($matches as $key => $val) + { + if ($val[1] != '\'"' && $val[1] != '\'\'') + { + $ok=false; + break; + } + //if ($reg[0] != 'db') $ok=false; + } + //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; + $this->assertTrue($ok, 'Found a $this->db->idate to forge a sql request without quotes around this date field '.$file['fullname'].' :: '.$val[0]); + //exit; + + $ok=true; $matches=array(); // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. @@ -172,6 +191,7 @@ class CodingPhpTest extends PHPUnit_Framework_TestCase $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['fullname'].' ('.$val[0].'). Bad.'); //exit; + // Test that output of $_SERVER\[\'QUERY_STRING\'\] is escaped. $ok=true; $matches=array();