lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sanitize data

Browse Source
This commit is contained in:
Laurent Destailleur 2021-07-08 18:12:15 +02:00
parent e83df92359
commit 1209253d57
2 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
htdocs/core/class/dolreceiptprinter.class.php
View File

@ -390,7 +390,7 @@ class dolReceiptPrinter extends Printer
$error = 0;
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'printer_receipt';
$sql .= ' (name, fk_type, fk_profile, parameter, entity)';
$sql .= ' VALUES ("'.$this->db->escape($name).'", '.$type.', '.$profile.', "'.$this->db->escape($parameter).'", '.$conf->entity.')';
$sql .= ' VALUES ("'.$this->db->escape($name).'", '.((int) $type).', '.((int) $profile).', "'.$this->db->escape($parameter).'", '.$conf->entity.')';
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -415,10 +415,10 @@ class dolReceiptPrinter extends Printer
$error = 0;
$sql = 'UPDATE '.MAIN_DB_PREFIX.'printer_receipt';
$sql .= ' SET name="'.$this->db->escape($name).'"';
$sql .= ', fk_type='.$type;
$sql .= ', fk_profile='.$profile;
$sql .= ', fk_type='.((int) $type);
$sql .= ', fk_profile='.((int) $profile);
$sql .= ', parameter="'.$this->db->escape($parameter).'"';
$sql .= ' WHERE rowid='.$printerid;
$sql .= ' WHERE rowid='.((int) $printerid);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -438,7 +438,7 @@ class dolReceiptPrinter extends Printer
global $conf;
$error = 0;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'printer_receipt';
$sql .= ' WHERE rowid='.$printerid;
$sql .= ' WHERE rowid='.((int) $printerid);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -480,7 +480,7 @@ class dolReceiptPrinter extends Printer
global $conf;
$error = 0;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'printer_receipt_template';
$sql .= " WHERE rowid = ".((int) $this->db->escape($templateid));
$sql .= " WHERE rowid = ".((int) $templateid);
$sql .= " AND entity = ".$conf->entity;
$resql = $this->db->query($sql);
if (!$resql) {
@ -505,7 +505,7 @@ class dolReceiptPrinter extends Printer
$sql = 'UPDATE '.MAIN_DB_PREFIX.'printer_receipt_template';
$sql .= ' SET name="'.$this->db->escape($name).'"';
$sql .= ', template="'.$this->db->escape($template).'"';
$sql .= ' WHERE rowid='.$templateid;
$sql .= ' WHERE rowid='.((int) $templateid);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -524,6 +524,7 @@ class dolReceiptPrinter extends Printer
public function sendTestToPrinter($printerid)
{
global $conf;
$error = 0;
$img = EscposImage::load(DOL_DOCUMENT_ROOT.'/theme/dolibarr_logo_bw.png');
//$this->profile = CapabilityProfile::load("TM-T88IV");
@ -543,7 +544,7 @@ class dolReceiptPrinter extends Printer
// If is DummyPrintConnector send to log to debugging
if ($this->printer->connector instanceof DummyPrintConnector) {
$data = $this->printer->connector-> getData();
$data = $this->printer->connector->getData();
dol_syslog($data);
}
$this->printer->close();
@ -899,7 +900,7 @@ class dolReceiptPrinter extends Printer
public function initPrinter($printerid)
{
global $conf;
if ($conf->global->TAKEPOS_PRINT_METHOD == "takeposconnector") {
if (getDolGlobalString('TAKEPOS_PRINT_METHOD') == "takeposconnector") {
$this->connector = new DummyPrintConnector();
$this->printer = new Printer($this->connector, $this->profile);
return;
@ -934,8 +935,8 @@ class dolReceiptPrinter extends Printer
$parameters = explode(':', $parameter);
$this->connector = new NetworkPrintConnector($parameters[0], $parameters[1]);
break;
case 4:
$this->connector = new WindowsPrintConnector($parameter);
case 4: // LPT1, smb://...
$this->connector = new WindowsPrintConnector(dol_sanitizePathName($parameter));
break;
case 5:
$this->connector = new CupsPrintConnector($parameter);

8
htdocs/core/lib/functions.lib.php
View File

@ -1075,7 +1075,8 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1)
}
/**
* Clean a string to use it as a path name
* Clean a string to use it as a path name.
* Replace also '--' and ' -' strings, they are used for parameters separation.
*
* @param string $str String to clean
* @param string $newstr String to replace bad chars with
@ -1087,7 +1088,10 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1)
function dol_sanitizePathName($str, $newstr = '_', $unaccent = 1)
{
$filesystem_forbidden_chars = array('<', '>', '?', '*', '|', '"', '°');
return dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars);
$tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars);
$tmp = preg_replace('/\-\-+/', '_', $tmp);
$tmp = preg_replace('/\s+\-/', ' _', $tmp);
return $tmp;
}
/**