From 841736df87a0e106409a0d0b414587c35c7c19dc Mon Sep 17 00:00:00 2001
From: lmarcouiller <lucas.marcouiller@gmail.com>
Date: Mon, 18 Jan 2021 14:20:30 +0100
Subject: [PATCH 1/5] Fix #15970 user.class.php

---
 htdocs/user/class/user.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index e7c94bc7f33..350ee81ec11 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -1419,7 +1419,7 @@ class User extends CommonObject
 		if ($result > 0) {
 			$sql = "UPDATE ".MAIN_DB_PREFIX."user";
 			$sql .= " SET fk_socpeople=".$contact->id;
-			$sql .= ", civility=".$contact->civility_code;
+			$sql .= ", civility=\"".$contact->civility_code."\"";
 			if ($contact->socid) {
 				$sql .= ", fk_soc=".$contact->socid;
 			}

From 7c7f80fb59e98310cfced589d1cd518d2e3a3307 Mon Sep 17 00:00:00 2001
From: lmarcouiller <lucas.marcouiller@gmail.com>
Date: Mon, 18 Jan 2021 17:05:15 +0100
Subject: [PATCH 2/5] update pull request with sql in simple quotes

---
 htdocs/user/class/user.class.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 350ee81ec11..cf0172b9e37 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -1417,13 +1417,15 @@ class User extends CommonObject
 		// Create user and set $this->id. Trigger is disabled because executed later.
 		$result = $this->create($user, 1);
 		if ($result > 0) {
-			$sql = "UPDATE ".MAIN_DB_PREFIX."user";
-			$sql .= " SET fk_socpeople=".$contact->id;
-			$sql .= ", civility=\"".$contact->civility_code."\"";
+			$sql = 'UPDATE '.MAIN_DB_PREFIX.'user';
+			$sql .= ' SET fk_socpeople='.$contact->id;
+			$sql .= ', civility="'.$contact->civility_code.'"';
 			if ($contact->socid) {
-				$sql .= ", fk_soc=".$contact->socid;
+				$sql .= ', fk_soc='.$contact->socid;
 			}
-			$sql .= " WHERE rowid=".$this->id;
+			$sql .= ' WHERE rowid='.$this->id;
+			print var_dump($sql);
+			
 			$resql = $this->db->query($sql);
 
 			dol_syslog(get_class($this)."::create_from_contact", LOG_DEBUG);

From 7e0f83d97e296b4cd831373b5118632d06ff8408 Mon Sep 17 00:00:00 2001
From: stickler-ci <support@stickler-ci.com>
Date: Mon, 18 Jan 2021 16:06:06 +0000
Subject: [PATCH 3/5] Fixing style errors.

---
 htdocs/user/class/user.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index cf0172b9e37..043879d723c 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -1425,7 +1425,7 @@ class User extends CommonObject
 			}
 			$sql .= ' WHERE rowid='.$this->id;
 			print var_dump($sql);
-			
+
 			$resql = $this->db->query($sql);
 
 			dol_syslog(get_class($this)."::create_from_contact", LOG_DEBUG);

From 73eee33f8ac5f85db498745627ba206d4aa0299a Mon Sep 17 00:00:00 2001
From: lmarcouiller <lucas.marcouiller@gmail.com>
Date: Tue, 19 Jan 2021 09:24:15 +0100
Subject: [PATCH 4/5] redo of pull request with sql updated

---
 htdocs/user/class/user.class.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 043879d723c..0bb8d6c6930 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -1417,13 +1417,13 @@ class User extends CommonObject
 		// Create user and set $this->id. Trigger is disabled because executed later.
 		$result = $this->create($user, 1);
 		if ($result > 0) {
-			$sql = 'UPDATE '.MAIN_DB_PREFIX.'user';
-			$sql .= ' SET fk_socpeople='.$contact->id;
-			$sql .= ', civility="'.$contact->civility_code.'"';
+			$sql = "UPDATE ".MAIN_DB_PREFIX."user";
+			$sql .= " SET fk_socpeople=".$contact->id;
+			$sql .= ", civility='".$this->db->escape($contact->civility_code)."'";
 			if ($contact->socid) {
-				$sql .= ', fk_soc='.$contact->socid;
+				$sql .= ", fk_soc=".$contact->socid;
 			}
-			$sql .= ' WHERE rowid='.$this->id;
+			$sql .= " WHERE rowid=".$this->id;
 			print var_dump($sql);
 
 			$resql = $this->db->query($sql);

From 8cd8f21fdeacb35902e90342b36a115a4bb72f64 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 19 Jan 2021 10:53:47 +0100
Subject: [PATCH 5/5] Update user.class.php

---
 htdocs/user/class/user.class.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 0bb8d6c6930..d2277cadf68 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -1424,7 +1424,6 @@ class User extends CommonObject
 				$sql .= ", fk_soc=".$contact->socid;
 			}
 			$sql .= " WHERE rowid=".$this->id;
-			print var_dump($sql);
 
 			$resql = $this->db->query($sql);