lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix sanitize

Browse Source
This commit is contained in:
Laurent Destailleur 2021-09-17 10:45:59 +02:00
parent c052a50d75
commit 02bed7ce01
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/core/lib/functions.lib.php
View File

@ -8846,7 +8846,7 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
if ($newcrit != '') {
$numnewcrit = price2num($newcrit);
if (is_numeric($numnewcrit)) {
$newres .= ($i2 > 0 ? ' OR ' : '').$field.' '.$operator.' '.$db->sanitize($numnewcrit); // should be a numeric
$newres .= ($i2 > 0 ? ' OR ' : '').$field.' '.$operator.' '.((float) $numnewcrit); // should be a numeric
} else {
$newres .= ($i2 > 0 ? ' OR ' : '').'1 = 2'; // force false
}
@ -8905,7 +8905,7 @@ function natural_search($fields, $value, $mode = 0, $nofirstand = 0)
$newres .= (($i2 > 0 || $i3 > 0) ? ' OR ' : '');
if (preg_match('/\.(id|rowid)$/', $field)) { // Special case for rowid that is sometimes a ref so used as a search field
$newres .= $field." = ".(is_numeric(trim($tmpcrit)) ?trim($tmpcrit) : '0');
$newres .= $field." = ".(is_numeric(trim($tmpcrit)) ? ((float) trim($tmpcrit)) : '0');
} else {
$newres .= $field." LIKE '";