From 15440917b1a1c1e06e987663474b6b4d1b4bb46e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 22 Mar 2021 11:30:18 +0100 Subject: [PATCH] Fix #ygosha5698 --- .../class/accountancycategory.class.php | 2 +- htdocs/accountancy/class/lettering.class.php | 8 ++-- htdocs/accountancy/customer/lines.php | 6 +-- htdocs/accountancy/supplier/lines.php | 6 +-- htdocs/accountancy/supplier/list.php | 6 +-- htdocs/adherents/list.php | 2 +- htdocs/admin/const.php | 2 +- htdocs/admin/system/constall.php | 2 +- htdocs/admin/system/dolibarr.php | 2 +- .../action/class/api_agendaevents.class.php | 6 +-- .../mailing/class/advtargetemailing.class.php | 40 +++++++++---------- .../comm/propal/class/api_proposals.class.php | 4 +- htdocs/comm/propal/class/propal.class.php | 2 +- htdocs/commande/class/api_orders.class.php | 2 +- htdocs/commande/class/commande.class.php | 4 +- htdocs/compta/bank/annuel.php | 6 +-- htdocs/compta/bank/class/account.class.php | 2 +- htdocs/compta/bank/graph.php | 38 +++++++++--------- .../facture/class/api_invoices.class.php | 2 +- htdocs/compta/facture/class/facture.class.php | 4 +- htdocs/compta/stats/cabyprodserv.php | 4 +- htdocs/contact/list.php | 5 +-- htdocs/contrat/class/api_contracts.class.php | 4 +- htdocs/contrat/class/contrat.class.php | 2 +- htdocs/core/boxes/box_project.php | 2 +- htdocs/core/boxes/box_task.php | 2 +- htdocs/core/class/commonobject.class.php | 2 +- htdocs/core/class/html.form.class.php | 26 ++++++------ htdocs/core/class/html.formcompany.class.php | 2 +- htdocs/core/class/html.formcontract.class.php | 2 +- htdocs/core/class/html.formprojet.class.php | 12 +++--- htdocs/core/lib/company.lib.php | 2 +- htdocs/core/lib/functions2.lib.php | 10 ++--- htdocs/core/lib/project.lib.php | 6 +-- htdocs/core/lib/security.lib.php | 32 +++++++-------- htdocs/core/lib/website.lib.php | 2 +- .../mailings/advthirdparties.modules.php | 4 +- htdocs/don/list.php | 2 +- .../expedition/class/api_shipments.class.php | 2 +- htdocs/expedition/list.php | 4 +- .../class/api_expensereports.class.php | 2 +- .../class/expensereport.class.php | 8 ++-- .../class/expensereportstats.class.php | 4 +- htdocs/expensereport/index.php | 6 +-- htdocs/expensereport/list.php | 4 +- .../class/api_interventions.class.php | 4 +- htdocs/fourn/card.php | 2 +- .../class/api_supplier_invoices.class.php | 2 +- .../fourn/class/api_supplier_orders.class.php | 4 +- htdocs/fourn/facture/impayees.php | 11 +---- htdocs/fourn/facture/list.php | 13 +++--- htdocs/holiday/class/holiday.class.php | 10 ++--- htdocs/holiday/list.php | 2 +- htdocs/margin/agentMargins.php | 2 +- htdocs/margin/checkMargins.php | 2 +- htdocs/margin/customerMargins.php | 2 +- htdocs/margin/productMargins.php | 4 +- .../product/class/html.formproduct.class.php | 6 +-- htdocs/product/class/product.class.php | 4 +- htdocs/product/stock/stockatdate.php | 8 ++-- htdocs/projet/activity/index.php | 2 +- htdocs/projet/class/api_projects.class.php | 4 +- htdocs/projet/class/api_tasks.class.php | 4 +- htdocs/projet/class/project.class.php | 20 +++++----- htdocs/projet/class/projectstats.class.php | 4 +- htdocs/projet/class/task.class.php | 6 +-- htdocs/projet/class/taskstats.class.php | 5 +-- htdocs/projet/graph_opportunities.inc.php | 6 +-- htdocs/projet/index.php | 8 ++-- htdocs/projet/list.php | 4 +- htdocs/projet/tasks/list.php | 12 +++--- htdocs/projet/tasks/time.php | 2 +- htdocs/reception/list.php | 4 +- htdocs/salaries/list.php | 2 +- htdocs/salaries/payments.php | 10 ++--- htdocs/societe/class/api_contacts.class.php | 4 +- .../societe/class/api_thirdparties.class.php | 4 +- htdocs/societe/list.php | 4 +- .../class/api_supplier_proposals.class.php | 4 +- htdocs/supplier_proposal/list.php | 4 +- htdocs/user/class/api_users.class.php | 4 +- htdocs/user/list.php | 4 +- .../variants/class/ProductAttribute.class.php | 4 +- .../class/ProductCombination.class.php | 6 +-- htdocs/website/class/websitepage.class.php | 4 +- 85 files changed, 248 insertions(+), 260 deletions(-) diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 292fb55a29f..1bdc0f438bf 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -743,7 +743,7 @@ class AccountancyCategory // extends CommonObject } $listofaccount .= "'".$cptcursor."'"; } - $sql .= " AND t.numero_compte IN (".$listofaccount.")"; + $sql .= " AND t.numero_compte IN (".$this->db->sanitize($listofaccount).")"; } else { $sql .= " AND t.numero_compte = '".$this->db->escape($cpt)."'"; } diff --git a/htdocs/accountancy/class/lettering.class.php b/htdocs/accountancy/class/lettering.class.php index ad6f186d68f..b2abf01948e 100644 --- a/htdocs/accountancy/class/lettering.class.php +++ b/htdocs/accountancy/class/lettering.class.php @@ -126,7 +126,7 @@ class Lettering extends BookKeeping if (count($ids_fact)) { $sql = 'SELECT bk.rowid, facf.ref, facf.ref_supplier '; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn facf "; - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = facf.rowid AND facf.rowid IN (".implode(',', $ids_fact)."))"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = facf.rowid AND facf.rowid IN (".$this->db->sanitize(implode(',', $ids_fact))."))"; $sql .= " WHERE bk.code_journal IN (SELECT code FROM ".MAIN_DB_PREFIX."accounting_journal WHERE nature=3 AND entity=".$conf->entity.") "; $sql .= " AND facf.entity = ".$conf->entity; $sql .= " AND ( "; @@ -185,7 +185,7 @@ class Lettering extends BookKeeping if (count($ids_fact)) { $sql = 'SELECT bk.rowid, fac.ref, fac.ref_supplier '; $sql .= " FROM ".MAIN_DB_PREFIX."facture fac "; - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = fac.rowid AND fac.rowid IN (".implode(',', $ids_fact)."))"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."accounting_bookkeeping as bk ON( bk.fk_doc = fac.rowid AND fac.rowid IN (".$this->db->sanitize(implode(',', $ids_fact))."))"; $sql .= " WHERE code_journal IN (SELECT code FROM ".MAIN_DB_PREFIX."accounting_journal WHERE nature=2 AND entity=".$conf->entity.") "; $sql .= " AND fac.entity IN (".getEntity('invoice', 0).")"; // We don't share object for accountancy $sql .= " AND ( "; @@ -255,7 +255,7 @@ class Lettering extends BookKeeping } $sql = "SELECT SUM(ABS(debit)) as deb, SUM(ABS(credit)) as cred FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE "; - $sql .= " rowid IN (".implode(',', $ids).") AND date_validated IS NULL"; + $sql .= " rowid IN (".$this->db->sanitize(implode(',', $ids)).") AND date_validated IS NULL"; $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); @@ -276,7 +276,7 @@ class Lettering extends BookKeeping $sql = "UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping SET"; $sql .= " lettering_code='".$this->db->escape($lettre)."'"; $sql .= " , date_lettering = '".$this->db->idate($now)."'"; // todo correct date it's false - $sql .= " WHERE rowid IN (".implode(',', $ids).") AND date_validated IS NULL "; + $sql .= " WHERE rowid IN (".$this->db->sanitize(implode(',', $ids)).") AND date_validated IS NULL "; $this->db->begin(); dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); diff --git a/htdocs/accountancy/customer/lines.php b/htdocs/accountancy/customer/lines.php index 3b14450fab1..0cd01315d9f 100644 --- a/htdocs/accountancy/customer/lines.php +++ b/htdocs/accountancy/customer/lines.php @@ -246,11 +246,11 @@ if (strlen(trim($search_country))) { if ($search_country == 'special_allnotme') { $sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'"; } elseif ($search_country == 'special_eec') { - $sql .= " AND co.code IN (".$country_code_in_EEC.")"; + $sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC).")"; } elseif ($search_country == 'special_eecnotme') { - $sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")"; + $sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me).")"; } elseif ($search_country == 'special_noteec') { - $sql .= " AND co.code NOT IN (".$country_code_in_EEC.")"; + $sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC).")"; } else { $sql .= natural_search("co.code", $search_country); } diff --git a/htdocs/accountancy/supplier/lines.php b/htdocs/accountancy/supplier/lines.php index f661ba42ce9..343d42bab84 100644 --- a/htdocs/accountancy/supplier/lines.php +++ b/htdocs/accountancy/supplier/lines.php @@ -238,11 +238,11 @@ if (strlen(trim($search_country))) { if ($search_country == 'special_allnotme') { $sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'"; } elseif ($search_country == 'special_eec') { - $sql .= " AND co.code IN (".$country_code_in_EEC.")"; + $sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC).")"; } elseif ($search_country == 'special_eecnotme') { - $sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")"; + $sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me).")"; } elseif ($search_country == 'special_noteec') { - $sql .= " AND co.code NOT IN (".$country_code_in_EEC.")"; + $sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC).")"; } else { $sql .= natural_search("co.code", $search_country); } diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index ea61a686883..d74f0facfd7 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -288,11 +288,11 @@ if (strlen(trim($search_country))) { if ($search_country == 'special_allnotme') { $sql .= " AND co.code <> '".$db->escape($mysoc->country_code)."'"; } elseif ($search_country == 'special_eec') { - $sql .= " AND co.code IN (".$country_code_in_EEC.")"; + $sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC).")"; } elseif ($search_country == 'special_eecnotme') { - $sql .= " AND co.code IN (".$country_code_in_EEC_without_me.")"; + $sql .= " AND co.code IN (".$db->sanitize($country_code_in_EEC_without_me).")"; } elseif ($search_country == 'special_noteec') { - $sql .= " AND co.code NOT IN (".$country_code_in_EEC.")"; + $sql .= " AND co.code NOT IN (".$db->sanitize($country_code_in_EEC).")"; } else { $sql .= natural_search("co.code", $search_country); } diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index a52d551d83e..f2bcf690a48 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -379,7 +379,7 @@ if ($search_phone_mobile) { $sql .= natural_search("d.phone_mobile", $search_phone_mobile); } if ($search_country) { - $sql .= " AND d.country IN (".$search_country.')'; + $sql .= " AND d.country IN (".$db->sanitize($search_country).')'; } // Add where from extra fields diff --git a/htdocs/admin/const.php b/htdocs/admin/const.php index 177a38e382b..93550ea3254 100644 --- a/htdocs/admin/const.php +++ b/htdocs/admin/const.php @@ -237,7 +237,7 @@ $sql .= ", note"; $sql .= ", tms"; $sql .= ", entity"; $sql .= " FROM ".MAIN_DB_PREFIX."const"; -$sql .= " WHERE entity IN (".$user->entity.",".$conf->entity.")"; +$sql .= " WHERE entity IN (".$db->sanitize($user->entity.",".$conf->entity).")"; if ((empty($user->entity) || $user->admin) && $debug) { } elseif (!GETPOST('visible') || GETPOST('visible') != 'all') { // to force for superadmin to debug diff --git a/htdocs/admin/system/constall.php b/htdocs/admin/system/constall.php index 14756541d55..96cb98809ef 100644 --- a/htdocs/admin/system/constall.php +++ b/htdocs/admin/system/constall.php @@ -223,7 +223,7 @@ if (empty($conf->multicompany->enabled)) { } else { // If multicompany mode, superadmin (user->entity=0) can see everything, admin are limited to their entities. if ($user->entity) { - $sql .= " WHERE entity IN (".$user->entity.",".$conf->entity.")"; + $sql .= " WHERE entity IN (".$db->sanitize($user->entity.",".$conf->entity).")"; } } $sql .= " ORDER BY entity, name ASC"; diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php index cfdc196d79d..b4131a4bdde 100644 --- a/htdocs/admin/system/dolibarr.php +++ b/htdocs/admin/system/dolibarr.php @@ -484,7 +484,7 @@ if (empty($conf->multicompany->enabled)) { } else { // If multicompany mode, superadmin (user->entity=0) can see everything, admin are limited to their entities. if ($user->entity) { - $sql .= " WHERE entity IN (".$user->entity.",".$conf->entity.")"; + $sql .= " WHERE entity IN (".$db->sanitize($user->entity.",".$conf->entity).")"; } } $sql .= " ORDER BY entity, name ASC"; diff --git a/htdocs/comm/action/class/api_agendaevents.class.php b/htdocs/comm/action/class/api_agendaevents.class.php index 9ad3dd8ce51..5d57b9624e3 100644 --- a/htdocs/comm/action/class/api_agendaevents.class.php +++ b/htdocs/comm/action/class/api_agendaevents.class.php @@ -147,14 +147,14 @@ class AgendaEvents extends DolibarrApi } } if ($user_ids) { - $sql .= " AND t.fk_user_action IN (".$user_ids.")"; + $sql .= " AND t.fk_user_action IN (".$this->db->sanitize($user_ids).")"; } if ($socid > 0) { - $sql .= " AND t.fk_soc = ".$socid; + $sql .= " AND t.fk_soc = ".((int) $socid); } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php index c811b673197..8de98f67ebe 100644 --- a/htdocs/comm/mailing/class/advtargetemailing.class.php +++ b/htdocs/comm/mailing/class/advtargetemailing.class.php @@ -559,34 +559,34 @@ class AdvanceTargetingMailing extends CommonObject $sqlwhere[] = " (t.parent IN (SELECT rowid FROM ".MAIN_DB_PREFIX."societe WHERE (".$str.")))"; } if (!empty($arrayquery['cust_status']) && count($arrayquery['cust_status']) > 0) { - $sqlwhere[] = " (t.status IN (".implode(',', $arrayquery['cust_status'])."))"; + $sqlwhere[] = " (t.status IN (".$this->db->sanitize(implode(',', $arrayquery['cust_status']))."))"; } if (!empty($arrayquery['cust_typecust']) && count($arrayquery['cust_typecust']) > 0) { - $sqlwhere[] = " (t.client IN (".implode(',', $arrayquery['cust_typecust'])."))"; + $sqlwhere[] = " (t.client IN (".$this->db->sanitize(implode(',', $arrayquery['cust_typecust']))."))"; } if (!empty($arrayquery['cust_comm_status']) && count($arrayquery['cust_comm_status'] > 0)) { - $sqlwhere[] = " (t.fk_stcomm IN (".implode(',', $arrayquery['cust_comm_status'])."))"; + $sqlwhere[] = " (t.fk_stcomm IN (".$this->db->sanitize(implode(',', $arrayquery['cust_comm_status']))."))"; } if (!empty($arrayquery['cust_prospect_status']) && count($arrayquery['cust_prospect_status']) > 0) { - $sqlwhere[] = " (t.fk_prospectlevel IN ('".implode("','", $arrayquery['cust_prospect_status'])."'))"; + $sqlwhere[] = " (t.fk_prospectlevel IN ('".$this->db->sanitize(implode("','", $arrayquery['cust_prospect_status']))."'))"; } if (!empty($arrayquery['cust_typeent']) && count($arrayquery['cust_typeent']) > 0) { - $sqlwhere[] = " (t.fk_typent IN (".implode(',', $arrayquery['cust_typeent'])."))"; + $sqlwhere[] = " (t.fk_typent IN (".$this->db->sanitize(implode(',', $arrayquery['cust_typeent']))."))"; } if (!empty($arrayquery['cust_saleman']) && count($arrayquery['cust_saleman']) > 0) { - $sqlwhere[] = " (saleman.fk_user IN (".implode(',', $arrayquery['cust_saleman'])."))"; + $sqlwhere[] = " (saleman.fk_user IN (".$this->db->sanitize(implode(',', $arrayquery['cust_saleman']))."))"; } if (!empty($arrayquery['cust_country']) && count($arrayquery['cust_country']) > 0) { - $sqlwhere[] = " (t.fk_pays IN (".implode(',', $arrayquery['cust_country'])."))"; + $sqlwhere[] = " (t.fk_pays IN (".$this->db->sanitize(implode(',', $arrayquery['cust_country']))."))"; } if (!empty($arrayquery['cust_effectif_id']) && count($arrayquery['cust_effectif_id']) > 0) { - $sqlwhere[] = " (t.fk_effectif IN (".implode(',', $arrayquery['cust_effectif_id'])."))"; + $sqlwhere[] = " (t.fk_effectif IN (".$this->db->sanitize(implode(',', $arrayquery['cust_effectif_id']))."))"; } if (!empty($arrayquery['cust_categ']) && count($arrayquery['cust_categ']) > 0) { - $sqlwhere[] = " (custcateg.fk_categorie IN (".implode(',', $arrayquery['cust_categ'])."))"; + $sqlwhere[] = " (custcateg.fk_categorie IN (".$this->db->sanitize(implode(',', $arrayquery['cust_categ']))."))"; } if (!empty($arrayquery['cust_language']) && count($arrayquery['cust_language']) > 0) { - $sqlwhere[] = " (t.default_lang IN ('".implode("','", $arrayquery['cust_language'])."'))"; + $sqlwhere[] = " (t.default_lang IN ('".$this->db->sanitize(implode("','", $arrayquery['cust_language']))."'))"; } //Standard Extrafield feature @@ -797,34 +797,34 @@ class AdvanceTargetingMailing extends CommonObject $sqlwhere[] = " (ts.parent IN (SELECT rowid FROM ".MAIN_DB_PREFIX."societe WHERE (".$str.")))"; } if (!empty($arrayquery['cust_status']) && count($arrayquery['cust_status']) > 0) { - $sqlwhere[] = " (ts.status IN (".implode(',', $arrayquery['cust_status'])."))"; + $sqlwhere[] = " (ts.status IN (".$this->db->sanitize(implode(',', $arrayquery['cust_status']))."))"; } if (!empty($arrayquery['cust_typecust']) && count($arrayquery['cust_typecust']) > 0) { - $sqlwhere[] = " (ts.client IN (".implode(',', $arrayquery['cust_typecust'])."))"; + $sqlwhere[] = " (ts.client IN (".$this->db->sanitize(implode(',', $arrayquery['cust_typecust']))."))"; } if (!empty($arrayquery['cust_comm_status']) && count($arrayquery['cust_comm_status'] > 0)) { - $sqlwhere[] = " (ts.fk_stcomm IN (".implode(',', $arrayquery['cust_comm_status'])."))"; + $sqlwhere[] = " (ts.fk_stcomm IN (".$this->db->sanitize(implode(',', $arrayquery['cust_comm_status']))."))"; } if (!empty($arrayquery['cust_prospect_status']) && count($arrayquery['cust_prospect_status']) > 0) { - $sqlwhere[] = " (ts.fk_prospectlevel IN ('".implode("','", $arrayquery['cust_prospect_status'])."'))"; + $sqlwhere[] = " (ts.fk_prospectlevel IN ('".$this->db->sanitize(implode("','", $arrayquery['cust_prospect_status']))."'))"; } if (!empty($arrayquery['cust_typeent']) && count($arrayquery['cust_typeent']) > 0) { - $sqlwhere[] = " (ts.fk_typent IN (".implode(',', $arrayquery['cust_typeent'])."))"; + $sqlwhere[] = " (ts.fk_typent IN (".$this->db->sanitize(implode(',', $arrayquery['cust_typeent']))."))"; } if (!empty($arrayquery['cust_saleman']) && count($arrayquery['cust_saleman']) > 0) { - $sqlwhere[] = " (saleman.fk_user IN (".implode(',', $arrayquery['cust_saleman'])."))"; + $sqlwhere[] = " (saleman.fk_user IN (".$this->db->sanitize(implode(',', $arrayquery['cust_saleman']))."))"; } if (!empty($arrayquery['cust_country']) && count($arrayquery['cust_country']) > 0) { - $sqlwhere[] = " (ts.fk_pays IN (".implode(',', $arrayquery['cust_country'])."))"; + $sqlwhere[] = " (ts.fk_pays IN (".$this->db->sanitize(implode(',', $arrayquery['cust_country']))."))"; } if (!empty($arrayquery['cust_effectif_id']) && count($arrayquery['cust_effectif_id']) > 0) { - $sqlwhere[] = " (ts.fk_effectif IN (".implode(',', $arrayquery['cust_effectif_id'])."))"; + $sqlwhere[] = " (ts.fk_effectif IN (".$this->db->sanitize(implode(',', $arrayquery['cust_effectif_id']))."))"; } if (!empty($arrayquery['cust_categ']) && count($arrayquery['cust_categ']) > 0) { - $sqlwhere[] = " (custcateg.fk_categorie IN (".implode(',', $arrayquery['cust_categ'])."))"; + $sqlwhere[] = " (custcateg.fk_categorie IN (".$this->db->sanitize(implode(',', $arrayquery['cust_categ']))."))"; } if (!empty($arrayquery['cust_language']) && count($arrayquery['cust_language']) > 0) { - $sqlwhere[] = " (ts.default_lang IN ('".implode("','", $arrayquery['cust_language'])."'))"; + $sqlwhere[] = " (ts.default_lang IN ('".$this->db->sanitize(implode("','", $arrayquery['cust_language']))."'))"; } //Standard Extrafield feature diff --git a/htdocs/comm/propal/class/api_proposals.class.php b/htdocs/comm/propal/class/api_proposals.class.php index 84d7cf23385..9f5cdea8000 100644 --- a/htdocs/comm/propal/class/api_proposals.class.php +++ b/htdocs/comm/propal/class/api_proposals.class.php @@ -181,14 +181,14 @@ class Proposals extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($socids) { - $sql .= " AND t.fk_soc IN (".$socids.")"; + $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } if ($search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 197c9c7074f..3a03254099d 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -2821,7 +2821,7 @@ class Propal extends CommonObject if (count($linkedInvoices) > 0) { $sql = "SELECT rowid as facid, ref, total, datef as df, fk_user_author, fk_statut, paye"; $sql .= " FROM ".MAIN_DB_PREFIX."facture"; - $sql .= " WHERE rowid IN (".implode(',', $linkedInvoices).")"; + $sql .= " WHERE rowid IN (".$this->db->sanitize(implode(',', $linkedInvoices)).")"; dol_syslog(get_class($this)."::InvoiceArrayList", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index 768e6a78c70..d839cf38924 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -184,7 +184,7 @@ class Orders extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($socids) { - $sql .= " AND t.fk_soc IN (".$socids.")"; + $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } if ($search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index b29b594f8f2..14fc65cf18d 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -2300,8 +2300,8 @@ class Commande extends CommonOrder if (count($array_of_product)) { $sql = "SELECT fk_product, sum(ps.reel) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."product_stock as ps"; - $sql .= " WHERE ps.fk_product IN (".join(',', $array_of_product).")"; - $sql .= ' GROUP BY fk_product '; + $sql .= " WHERE ps.fk_product IN (".$this->db->sanitize(join(',', $array_of_product)).")"; + $sql .= ' GROUP BY fk_product'; $resql = $this->db->query($sql); if ($resql) { $num = $this->db->num_rows($resql); diff --git a/htdocs/compta/bank/annuel.php b/htdocs/compta/bank/annuel.php index 45ae92480a0..686b14362cc 100644 --- a/htdocs/compta/bank/annuel.php +++ b/htdocs/compta/bank/annuel.php @@ -267,7 +267,7 @@ if ($result < 0) { $sql .= " WHERE b.fk_account = ba.rowid"; $sql .= " AND ba.entity IN (".getEntity('bank_account').")"; if ($id && $_GET["option"] != 'all') { - $sql .= " AND b.fk_account IN (".$id.")"; + $sql .= " AND b.fk_account IN (".$db->sanitize($id).")"; } $resql = $db->query($sql); @@ -299,7 +299,7 @@ if ($result < 0) { $sql .= " AND b.datev <= '".($year - $annee)."-12-31 23:59:59'"; $sql .= " AND b.amount > 0"; if ($id && $_GET["option"] != 'all') { - $sql .= " AND b.fk_account IN (".$id.")"; + $sql .= " AND b.fk_account IN (".$db->sanitize($id).")"; } $sql .= " GROUP BY date_format(b.datev,'%m');"; @@ -381,7 +381,7 @@ if ($result < 0) { $sql .= " AND b.datev <= '".($year - $annee)."-12-31 23:59:59'"; $sql .= " AND b.amount < 0"; if ($id && $_GET["option"] != 'all') { - $sql .= " AND b.fk_account IN (".$id.")"; + $sql .= " AND b.fk_account IN (".$db->sanitize($id).")"; } $sql .= " GROUP BY date_format(b.datev,'%m');"; diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index be38f1311d7..451f855a5fe 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -943,7 +943,7 @@ class Account extends CommonObject $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'accounting_journal as aj ON aj.rowid=ba.fk_accountancy_journal'; $sql .= " WHERE ba.entity IN (".getEntity($this->element).")"; if ($id) { - $sql .= " AND ba.rowid = ".$id; + $sql .= " AND ba.rowid = ".((int) $id); } if ($ref) { $sql .= " AND ba.ref = '".$this->db->escape($ref)."'"; diff --git a/htdocs/compta/bank/graph.php b/htdocs/compta/bank/graph.php index 6dd588f51e1..e2be937aace 100644 --- a/htdocs/compta/bank/graph.php +++ b/htdocs/compta/bank/graph.php @@ -35,10 +35,10 @@ $WIDTH = DolGraph::getDefaultGraphSizeForStats('width', 768); $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height', 200); // Security check -if (isset($_GET["account"]) || isset($_GET["ref"])) { - $id = isset($_GET["account"]) ? $_GET["account"] : (isset($_GET["ref"]) ? $_GET["ref"] : ''); +if (GETPOST('account') || GETPOST('ref')) { + $id = GETPOST('account') ? GETPOST('account') : GETPOST('ref'); } -$fieldid = isset($_GET["ref"]) ? 'ref' : 'rowid'; +$fieldid = GETPOST('ref') ? 'ref' : 'rowid'; if ($user->socid) { $socid = $user->socid; } @@ -66,19 +66,19 @@ $datetime = dol_now(); $year = dol_print_date($datetime, "%Y"); $month = dol_print_date($datetime, "%m"); $day = dol_print_date($datetime, "%d"); -if (GETPOST("year")) { - $year = sprintf("%04d", GETPOST("year")); +if (GETPOST("year", 'int')) { + $year = sprintf("%04d", GETPOST("year", 'int')); } -if (GETPOST("month")) { - $month = sprintf("%02d", GETPOST("month")); +if (GETPOST("month", 'int')) { + $month = sprintf("%02d", GETPOST("month", 'int')); } $object = new Account($db); -if ($_GET["account"] && !preg_match('/,/', $_GET["account"])) { // if for a particular account and not a list - $result = $object->fetch(GETPOST("account", "int")); +if (GETPOST('account') && !preg_match('/,/', GETPOST('account'))) { // if for a particular account and not a list + $result = $object->fetch(GETPOST('account', 'int')); } -if ($_GET["ref"]) { +if (GETPOST("ref")) { $result = $object->fetch(0, GETPOST("ref")); $account = $object->id; } @@ -96,7 +96,7 @@ if ($result < 0) { $sql .= " WHERE b.fk_account = ba.rowid"; $sql .= " AND ba.entity IN (".getEntity('bank_account').")"; if ($account && $_GET["option"] != 'all') { - $sql .= " AND b.fk_account IN (".$account.")"; + $sql .= " AND b.fk_account IN (".$db->sanitize($account).")"; } $resql = $db->query($sql); @@ -138,7 +138,7 @@ if ($result < 0) { $sql .= " AND b.datev >= '".$db->escape($year)."-".$db->escape($month)."-01 00:00:00'"; $sql .= " AND b.datev < '".$db->escape($yearnext)."-".$db->escape($monthnext)."-01 00:00:00'"; if ($account && $_GET["option"] != 'all') { - $sql .= " AND b.fk_account IN (".$account.")"; + $sql .= " AND b.fk_account IN (".$db->sanitize($account).")"; } $sql .= " GROUP BY date_format(b.datev,'%Y%m%d')"; @@ -280,7 +280,7 @@ if ($result < 0) { $sql .= " AND b.datev >= '".$db->escape($year)."-01-01 00:00:00'"; $sql .= " AND b.datev <= '".$db->escape($year)."-12-31 23:59:59'"; if ($account && $_GET["option"] != 'all') { - $sql .= " AND b.fk_account IN (".$account.")"; + $sql .= " AND b.fk_account IN (".$db->sanitize($account).")"; } $sql .= " GROUP BY date_format(b.datev,'%Y%m%d')"; @@ -308,7 +308,7 @@ if ($result < 0) { $sql .= " AND ba.entity IN (".getEntity('bank_account').")"; $sql .= " AND b.datev < '".$db->escape($year)."-01-01'"; if ($account && $_GET["option"] != 'all') { - $sql .= " AND b.fk_account IN (".$account.")"; + $sql .= " AND b.fk_account IN (".$db->sanitize($account).")"; } $resql = $db->query($sql); @@ -416,7 +416,7 @@ if ($result < 0) { $sql .= " WHERE b.fk_account = ba.rowid"; $sql .= " AND ba.entity IN (".getEntity('bank_account').")"; if ($account && $_GET["option"] != 'all') { - $sql .= " AND b.fk_account IN (".$account.")"; + $sql .= " AND b.fk_account IN (".$db->sanitize($account).")"; } $sql .= " GROUP BY date_format(b.datev,'%Y%m%d')"; @@ -541,7 +541,7 @@ if ($result < 0) { $sql .= " AND b.datev < '".$db->escape($yearnext)."-".$db->escape($monthnext)."-01 00:00:00'"; $sql .= " AND b.amount > 0"; if ($account && $_GET["option"] != 'all') { - $sql .= " AND b.fk_account IN (".$account.")"; + $sql .= " AND b.fk_account IN (".$db->sanitize($account).")"; } $sql .= " GROUP BY date_format(b.datev,'%d')"; @@ -576,7 +576,7 @@ if ($result < 0) { $sql .= " AND b.datev < '".$db->escape($yearnext)."-".$db->escape($monthnext)."-01 00:00:00'"; $sql .= " AND b.amount < 0"; if ($account && $_GET["option"] != 'all') { - $sql .= " AND b.fk_account IN (".$account.")"; + $sql .= " AND b.fk_account IN (".$db->sanitize($account).")"; } $sql .= " GROUP BY date_format(b.datev,'%d')"; @@ -650,7 +650,7 @@ if ($result < 0) { $sql .= " AND b.datev <= '".$db->escape($year)."-12-31 23:59:59'"; $sql .= " AND b.amount > 0"; if ($account && $_GET["option"] != 'all') { - $sql .= " AND b.fk_account IN (".$account.")"; + $sql .= " AND b.fk_account IN (".$db->sanitize($account).")"; } $sql .= " GROUP BY date_format(b.datev,'%m');"; @@ -677,7 +677,7 @@ if ($result < 0) { $sql .= " AND b.datev <= '".$db->escape($year)."-12-31 23:59:59'"; $sql .= " AND b.amount < 0"; if ($account && $_GET["option"] != 'all') { - $sql .= " AND b.fk_account IN (".$account.")"; + $sql .= " AND b.fk_account IN (".$db->sanitize($account).")"; } $sql .= " GROUP BY date_format(b.datev,'%m')"; diff --git a/htdocs/compta/facture/class/api_invoices.class.php b/htdocs/compta/facture/class/api_invoices.class.php index ad44dbe6637..9c224b057ab 100644 --- a/htdocs/compta/facture/class/api_invoices.class.php +++ b/htdocs/compta/facture/class/api_invoices.class.php @@ -191,7 +191,7 @@ class Invoices extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($socids) { - $sql .= " AND t.fk_soc IN (".$socids.")"; + $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } if ($search_sale > 0) { diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index b0690675b53..da3620165dd 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -4158,13 +4158,13 @@ class Facture extends CommonInvoice $sqlSit .= " AND fs.fk_statut in (".self::STATUS_VALIDATED.",".self::STATUS_CLOSED.")"; $sqlSit .= " GROUP BY fs.situation_cycle_ref"; $sqlSit .= " ORDER BY fs.situation_counter"; - $sql .= " AND ( f.type != ".self::TYPE_SITUATION." OR f.rowid IN (".$sqlSit.") )"; // Type non 5 si facture non avoir + $sql .= " AND ( f.type != ".self::TYPE_SITUATION." OR f.rowid IN (".$this->db->sanitize($sqlSit).") )"; // Type non 5 si facture non avoir } else { $sql .= " AND f.type != ".self::TYPE_SITUATION; // Type non 5 si facture non avoir } if ($socid > 0) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " ORDER BY f.ref"; diff --git a/htdocs/compta/stats/cabyprodserv.php b/htdocs/compta/stats/cabyprodserv.php index 25d9d4b9460..4ecbe6d56d0 100644 --- a/htdocs/compta/stats/cabyprodserv.php +++ b/htdocs/compta/stats/cabyprodserv.php @@ -323,9 +323,9 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " AND (p.rowid IN "; $sql .= " (SELECT fk_product FROM ".MAIN_DB_PREFIX."categorie_product cp WHERE "; if ($subcat) { - $sql .= "cp.fk_categorie IN (".$listofcatsql.")"; + $sql .= "cp.fk_categorie IN (".$db->sanitize($listofcatsql).")"; } else { - $sql .= "cp.fk_categorie = ".$selected_cat; + $sql .= "cp.fk_categorie = ".((int) $selected_cat); } $sql .= "))"; } diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 53ebbdfddd9..3890155f116 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -458,7 +458,7 @@ if ($search_societe) { $sql .= natural_search(empty($conf->global->SOCIETE_DISABLE_CONTACTS) ? 's.nom' : 'p.fk_soc', $search_societe); } if ($search_country) { - $sql .= " AND p.fk_pays IN (".$search_country.')'; + $sql .= " AND p.fk_pays IN (".$db->sanitize($search_country).')'; } if (strlen($search_poste)) { $sql .= natural_search('p.poste', $search_poste); @@ -492,9 +492,8 @@ if (strlen($search_town)) { $sql .= natural_search("p.town", $search_town); } if (count($search_roles) > 0) { - $sql .= " AND p.rowid IN (SELECT sc.fk_socpeople FROM ".MAIN_DB_PREFIX."societe_contacts as sc WHERE sc.fk_c_type_contact IN (".implode(',', $search_roles)."))"; + $sql .= " AND p.rowid IN (SELECT sc.fk_socpeople FROM ".MAIN_DB_PREFIX."societe_contacts as sc WHERE sc.fk_c_type_contact IN (".$db->sanitize(implode(',', $search_roles))."))"; } - if ($search_no_email != '' && $search_no_email >= 0) { $sql .= " AND p.no_email = ".$db->escape($search_no_email); } diff --git a/htdocs/contrat/class/api_contracts.class.php b/htdocs/contrat/class/api_contracts.class.php index c6a834331c9..cf821ccb2c6 100644 --- a/htdocs/contrat/class/api_contracts.class.php +++ b/htdocs/contrat/class/api_contracts.class.php @@ -132,14 +132,14 @@ class Contracts extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($socids) { - $sql .= " AND t.fk_soc IN (".$socids.")"; + $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } if ($search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 02929f281a8..64d2b5e2c0a 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -1172,7 +1172,7 @@ class Contrat extends CommonObject $this->db->free($resql); $sql = "DELETE FROM ".MAIN_DB_PREFIX."contratdet_log "; - $sql .= " WHERE ".MAIN_DB_PREFIX."contratdet_log.rowid IN (".implode(",", $tab_resql).")"; + $sql .= " WHERE ".MAIN_DB_PREFIX."contratdet_log.rowid IN (".$this->db->sanitize(implode(",", $tab_resql)).")"; dol_syslog(get_class($this)."::delete contratdet_log", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php index 04aa812ea34..9f1204c4dc4 100644 --- a/htdocs/core/boxes/box_project.php +++ b/htdocs/core/boxes/box_project.php @@ -103,7 +103,7 @@ class box_project extends ModeleBoxes $sql .= " WHERE p.entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok $sql .= " AND p.fk_statut = 1"; // Only open projects if (!$user->rights->projet->all->lire) { - $sql .= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users + $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; // public and assigned to, or restricted to company for external users } $sql .= " ORDER BY p.datec DESC"; diff --git a/htdocs/core/boxes/box_task.php b/htdocs/core/boxes/box_task.php index 0650b10a872..16cd41ce564 100644 --- a/htdocs/core/boxes/box_task.php +++ b/htdocs/core/boxes/box_task.php @@ -169,7 +169,7 @@ class box_task extends ModeleBoxes $sql .= " AND (pt.progress < 100 OR pt.progress IS NULL ) "; // 100% is done and not displayed $sql .= " AND p.usage_task = 1 "; if (!$user->rights->projet->all->lire) { - $sql .= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users + $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; // public and assigned to, or restricted to company for external users } $sql .= " ORDER BY pt.datee ASC, pt.dateo ASC"; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 253ed9a1d02..f743deaa894 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1218,7 +1218,7 @@ abstract class CommonObject $sql = "DELETE FROM ".MAIN_DB_PREFIX."element_contact"; $sql .= " WHERE element_id = ".$this->id; if ($listId) { - $sql .= " AND fk_c_type_contact IN (".$listId.")"; + $sql .= " AND fk_c_type_contact IN (".$this->db->sanitize($listId).")"; } dol_syslog(get_class($this)."::delete_linked_contact", LOG_DEBUG); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index d75ec44798f..d03462d17e8 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1904,10 +1904,10 @@ class Form $sql .= " AND u.fk_soc = ".$user->socid; } if (is_array($exclude) && $excludeUsers) { - $sql .= " AND u.rowid NOT IN (".$excludeUsers.")"; + $sql .= " AND u.rowid NOT IN (".$this->db->sanitize($excludeUsers).")"; } if ($includeUsers) { - $sql .= " AND u.rowid IN (".$includeUsers.")"; + $sql .= " AND u.rowid IN (".$this->db->sanitize($includeUsers).")"; } if (!empty($conf->global->USER_HIDE_INACTIVE_IN_COMBOBOX) || $noactive) { $sql .= " AND u.statut <> 0"; @@ -5661,7 +5661,7 @@ class Form $sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c"; $sql .= " WHERE t.fk_pays = c.rowid"; $sql .= " AND t.active > 0"; - $sql .= " AND c.code IN (".$country_code.")"; + $sql .= " AND c.code IN (".$this->db->sanitize($country_code).")"; $sql .= " ORDER BY t.code ASC, t.taux ASC, t.recuperableonly ASC"; $resql = $this->db->query($sql); @@ -7642,17 +7642,17 @@ class Form } $possiblelinks = array( - 'propal'=>array('enabled'=>$conf->propal->enabled, 'perms'=>1, 'label'=>'LinkToProposal', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('propal').')'), - 'order'=>array('enabled'=>$conf->commande->enabled, 'perms'=>1, 'label'=>'LinkToOrder', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('commande').')'), - 'invoice'=>array('enabled'=>$conf->facture->enabled, 'perms'=>1, 'label'=>'LinkToInvoice', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('invoice').')'), - 'invoice_template'=>array('enabled'=>$conf->facture->enabled, 'perms'=>1, 'label'=>'LinkToTemplateInvoice', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.titre as ref, t.total as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_rec as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('invoice').')'), + 'propal'=>array('enabled'=>$conf->propal->enabled, 'perms'=>1, 'label'=>'LinkToProposal', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('propal').')'), + 'order'=>array('enabled'=>$conf->commande->enabled, 'perms'=>1, 'label'=>'LinkToOrder', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('commande').')'), + 'invoice'=>array('enabled'=>$conf->facture->enabled, 'perms'=>1, 'label'=>'LinkToInvoice', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_client, t.total as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('invoice').')'), + 'invoice_template'=>array('enabled'=>$conf->facture->enabled, 'perms'=>1, 'label'=>'LinkToTemplateInvoice', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.titre as ref, t.total as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_rec as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('invoice').')'), 'contrat'=>array('enabled'=>$conf->contrat->enabled, 'perms'=>1, 'label'=>'LinkToContract', - 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_customer as ref_client, t.ref_supplier, SUM(td.total_ht) as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as t, ".MAIN_DB_PREFIX."contratdet as td WHERE t.fk_soc = s.rowid AND td.fk_contrat = t.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('contract').')'), - 'fichinter'=>array('enabled'=>$conf->ficheinter->enabled, 'perms'=>1, 'label'=>'LinkToIntervention', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('intervention').')'), - 'supplier_proposal'=>array('enabled'=>$conf->supplier_proposal->enabled, 'perms'=>1, 'label'=>'LinkToSupplierProposal', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, '' as ref_supplier, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."supplier_proposal as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('supplier_proposal').')'), - 'order_supplier'=>array('enabled'=>$conf->supplier_order->enabled, 'perms'=>1, 'label'=>'LinkToSupplierOrder', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_supplier, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande_fournisseur as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('commande_fournisseur').')'), - 'invoice_supplier'=>array('enabled'=>$conf->supplier_invoice->enabled, 'perms'=>1, 'label'=>'LinkToSupplierInvoice', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_supplier, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_fourn as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('facture_fourn').')'), - 'ticket'=>array('enabled'=>$conf->ticket->enabled, 'perms'=>1, 'label'=>'LinkToTicket', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.track_id, '0' as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."ticket as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$listofidcompanytoscan.') AND t.entity IN ('.getEntity('ticket').')') + 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_customer as ref_client, t.ref_supplier, SUM(td.total_ht) as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as t, ".MAIN_DB_PREFIX."contratdet as td WHERE t.fk_soc = s.rowid AND td.fk_contrat = t.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('contract').')'), + 'fichinter'=>array('enabled'=>$conf->ficheinter->enabled, 'perms'=>1, 'label'=>'LinkToIntervention', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('intervention').')'), + 'supplier_proposal'=>array('enabled'=>$conf->supplier_proposal->enabled, 'perms'=>1, 'label'=>'LinkToSupplierProposal', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, '' as ref_supplier, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."supplier_proposal as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('supplier_proposal').')'), + 'order_supplier'=>array('enabled'=>$conf->supplier_order->enabled, 'perms'=>1, 'label'=>'LinkToSupplierOrder', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_supplier, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande_fournisseur as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('commande_fournisseur').')'), + 'invoice_supplier'=>array('enabled'=>$conf->supplier_invoice->enabled, 'perms'=>1, 'label'=>'LinkToSupplierInvoice', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_supplier, t.total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_fourn as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('facture_fourn').')'), + 'ticket'=>array('enabled'=>$conf->ticket->enabled, 'perms'=>1, 'label'=>'LinkToTicket', 'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.track_id, '0' as total_ht FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."ticket as t WHERE t.fk_soc = s.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('ticket').')') ); } diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php index 45a5995df28..2af5cae96f6 100644 --- a/htdocs/core/class/html.formcompany.class.php +++ b/htdocs/core/class/html.formcompany.class.php @@ -705,7 +705,7 @@ class FormCompany extends Form $sql .= " WHERE s.entity IN (".getEntity('societe').")"; // For ajax search we limit here. For combo list, we limit later if (is_array($limitto) && count($limitto)) { - $sql .= " AND s.rowid IN (".join(',', $limitto).")"; + $sql .= " AND s.rowid IN (".$this->db->sanitize(join(',', $limitto)).")"; } $sql .= " ORDER BY s.nom ASC"; diff --git a/htdocs/core/class/html.formcontract.class.php b/htdocs/core/class/html.formcontract.class.php index c764b7fc17e..46a1e240cf6 100644 --- a/htdocs/core/class/html.formcontract.class.php +++ b/htdocs/core/class/html.formcontract.class.php @@ -82,7 +82,7 @@ class FormContract if (empty($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY)) { $sql .= " AND (c.fk_soc=".$socid." OR c.fk_soc IS NULL)"; } elseif ($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY != 'all') { - $sql .= " AND (c.fk_soc IN (".$socid.", ".$conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY.") "; + $sql .= " AND (c.fk_soc IN (".$this->db->sanitize($socid.", ".$conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY).") "; $sql .= " OR c.fk_soc IS NULL)"; } } diff --git a/htdocs/core/class/html.formprojet.class.php b/htdocs/core/class/html.formprojet.class.php index 422a193030a..af611605095 100644 --- a/htdocs/core/class/html.formprojet.class.php +++ b/htdocs/core/class/html.formprojet.class.php @@ -166,16 +166,16 @@ class FormProjets $sql .= ' FROM '.MAIN_DB_PREFIX.'projet as p LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = p.fk_soc'; $sql .= " WHERE p.entity IN (".getEntity('project').")"; if ($projectsListId !== false) { - $sql .= " AND p.rowid IN (".$projectsListId.")"; + $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; } if ($socid == 0) { $sql .= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)"; } if ($socid > 0) { if (empty($conf->global->PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY)) { - $sql .= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)"; + $sql .= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)"; } elseif ($conf->global->PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY != 'all') { // PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY is 'all' or a list of ids separated by coma. - $sql .= " AND (p.fk_soc IN (".$socid.", ".((int) $conf->global->PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY).") OR p.fk_soc IS NULL)"; + $sql .= " AND (p.fk_soc IN (".((int) $socid).", ".((int) $conf->global->PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY).") OR p.fk_soc IS NULL)"; } } if (!empty($filterkey)) { @@ -344,7 +344,7 @@ class FormProjets $sql .= " WHERE p.entity IN (".getEntity('project').")"; $sql .= " AND t.fk_projet = p.rowid"; if ($projectsListId) { - $sql .= " AND p.rowid IN (".$projectsListId.")"; + $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; } if ($socid == 0) { $sql .= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)"; @@ -570,9 +570,9 @@ class FormProjets $sql .= " WHERE ".$projectkey." is null"; if (!empty($socid) && $linkedtothirdparty) { if (is_numeric($socid)) { - $sql .= " AND t.fk_soc=".$socid; + $sql .= " AND t.fk_soc = ".((int) $socid); } else { - $sql .= " AND t.fk_soc IN (".$socid.")"; + $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socid).")"; } } if (!in_array($table_element, array('expensereport_det', 'stock_mouvement'))) { diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 05b3a717a49..3c2884e4b5b 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -1087,7 +1087,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '') $sql .= natural_search($searchAddressPhoneDBFields, $search_address); } if (count($search_roles) > 0) { - $sql .= " AND t.rowid IN (SELECT sc.fk_socpeople FROM ".MAIN_DB_PREFIX."societe_contacts as sc WHERE sc.fk_c_type_contact IN (".implode(',', $search_roles)."))"; + $sql .= " AND t.rowid IN (SELECT sc.fk_socpeople FROM ".MAIN_DB_PREFIX."societe_contacts as sc WHERE sc.fk_c_type_contact IN (".$db->sanitize(implode(',', $search_roles))."))"; } // Add where from extra fields $extrafieldsobjectkey = $contactstatic->table_element; diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php index 9fd7f5e7e8a..0703df95255 100644 --- a/htdocs/core/lib/functions2.lib.php +++ b/htdocs/core/lib/functions2.lib.php @@ -1230,7 +1230,7 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $ if ($bentityon) { // only if entity enable $sql .= " AND entity IN (".getEntity($sharetable).")"; } elseif (!empty($forceentity)) { - $sql .= " AND entity IN (".$forceentity.")"; + $sql .= " AND entity IN (".$db->sanitize($forceentity).")"; } if ($where) { $sql .= $where; @@ -1290,7 +1290,7 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $ if ($bentityon) { // only if entity enable $sql .= " AND entity IN (".getEntity($sharetable).")"; } elseif (!empty($forceentity)) { - $sql .= " AND entity IN (".$forceentity.")"; + $sql .= " AND entity IN (".$db->sanitize($forceentity).")"; } if ($where) { $sql .= $where; @@ -1351,7 +1351,7 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $ if ($bentityon) { // only if entity enable $maskrefclient_sql .= " AND entity IN (".getEntity($sharetable).")"; } elseif (!empty($forceentity)) { - $sql .= " AND entity IN (".$forceentity.")"; + $sql .= " AND entity IN (".$db->sanitize($forceentity).")"; } if ($where) { $maskrefclient_sql .= $where; //use the same optional where as general mask @@ -2254,7 +2254,7 @@ function cleanCorruptedTree($db, $tabletocleantree, $fieldfkparent) $sql = "UPDATE ".MAIN_DB_PREFIX.$tabletocleantree; $sql .= " SET ".$fieldfkparent." = 0"; - $sql .= " WHERE rowid IN (".join(',', $listofidtoclean).")"; // So we update only records detected wrong + $sql .= " WHERE rowid IN (".$db->sanitize(join(',', $listofidtoclean)).")"; // So we update only records detected wrong $resql = $db->query($sql); if ($resql) { $nb = $db->affected_rows($sql); @@ -2271,7 +2271,7 @@ function cleanCorruptedTree($db, $tabletocleantree, $fieldfkparent) // Check and clean orphelins $sql = "UPDATE ".MAIN_DB_PREFIX.$tabletocleantree; $sql .= " SET ".$fieldfkparent." = 0"; - $sql .= " WHERE ".$fieldfkparent." NOT IN (".join(',', $listofid).")"; // So we update only records linked to a non existing parent + $sql .= " WHERE ".$fieldfkparent." NOT IN (".$db->sanitize(join(',', $listofid), 1).")"; // So we update only records linked to a non existing parent $resql = $db->query($sql); if ($resql) { $nb = $db->affected_rows($sql); diff --git a/htdocs/core/lib/project.lib.php b/htdocs/core/lib/project.lib.php index f2dbacc3ab4..8fef0916ff8 100644 --- a/htdocs/core/lib/project.lib.php +++ b/htdocs/core/lib/project.lib.php @@ -2378,9 +2378,9 @@ function print_projecttasks_array($db, $form, $socid, $projectsListId, $mytasks $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."projet_task as t ON p.rowid = t.fk_projet"; } $sql .= " WHERE p.entity IN (".getEntity('project').")"; - $sql .= " AND p.rowid IN (".$projectsListId.")"; + $sql .= " AND p.rowid IN (".$db->sanitize($projectsListId).")"; if ($socid) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } if ($mytasks) { $sql .= " AND p.rowid = t.fk_projet"; @@ -2436,7 +2436,7 @@ function print_projecttasks_array($db, $form, $socid, $projectsListId, $mytasks $sql2 .= " FROM ".MAIN_DB_PREFIX."projet as p"; $sql2 .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc"; $sql2 .= " LEFT JOIN ".MAIN_DB_PREFIX."projet_task as t ON p.rowid = t.fk_projet"; - $sql2 .= " WHERE p.rowid IN (".join(',', $arrayidofprojects).")"; + $sql2 .= " WHERE p.rowid IN (".$db->sanitize(join(',', $arrayidofprojects)).")"; $sql2 .= " GROUP BY p.rowid, p.ref, p.title, p.fk_soc, s.rowid, s.nom, s.name_alias, s.code_client, s.code_compta, s.client, s.code_fournisseur, s.code_compta_fournisseur, s.fournisseur,"; $sql2 .= " s.logo, s.email, s.entity, p.fk_user_creat, p.public, p.fk_statut, p.fk_opp_status, p.opp_percent, p.opp_amount, p.dateo, p.datee"; $sql2 .= " ORDER BY p.title, p.ref"; diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 5bcad053795..0b22748a528 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -595,27 +595,27 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand if (($feature == 'user' || $feature == 'usergroup') && !empty($conf->multicompany->enabled)) { // Special for multicompany if (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { if ($conf->entity == 1 && $user->admin && !$user->entity) { - $sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; + $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.entity IS NOT NULL"; } else { $sql .= ",".MAIN_DB_PREFIX."usergroup_user as ug"; - $sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; + $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND ((ug.fk_user = dbt.rowid"; $sql .= " AND ug.entity IN (".getEntity('usergroup')."))"; $sql .= " OR dbt.entity = 0)"; // Show always superadmin } } else { - $sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; + $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } else { $reg = array(); if ($parenttableforentity && preg_match('/(.*)@(.*)/', $parenttableforentity, $reg)) { $sql .= ", ".MAIN_DB_PREFIX.$reg[2]." as dbtp"; - $sql .= " WHERE dbt.".$reg[1]." = dbtp.rowid AND dbt.".$dbt_select." IN (".$objectid.")"; + $sql .= " WHERE dbt.".$reg[1]." = dbtp.rowid AND dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbtp.entity IN (".getEntity($sharedelement, 1).")"; } else { - $sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; + $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } @@ -630,7 +630,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand $sql = "SELECT COUNT(sc.fk_soc) as nb"; $sql .= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= ", ".MAIN_DB_PREFIX."societe as s)"; - $sql .= " WHERE sc.fk_soc IN (".$objectid.")"; + $sql .= " WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND sc.fk_user = ".$user->id; $sql .= " AND sc.fk_soc = s.rowid"; $sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")"; @@ -638,7 +638,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand // If multicompany and internal users with all permissions, check user is in correct entity $sql = "SELECT COUNT(s.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sql .= " WHERE s.rowid IN (".$objectid.")"; + $sql .= " WHERE s.rowid IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")"; } } elseif (in_array($feature, $checkother)) { // Test on entity + link to thirdparty. Allowed if link is empty (Ex: contacts...). @@ -646,21 +646,21 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand if ($user->socid > 0) { $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; + $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.fk_soc = ".$user->socid; } elseif (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) { // If internal user: Check permission for internal users that are restricted on their objects $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); - $sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; + $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)"; // Contact not linked to a company or to a company of user $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } elseif (!empty($conf->multicompany->enabled)) { // If multicompany and internal users with all permissions, check user is in correct entity $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; + $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } if ($feature == 'agenda') { @@ -686,7 +686,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand } else { $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; + $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } elseif (in_array($feature, $checktask)) { @@ -704,7 +704,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand } else { $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; + $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } elseif (!in_array($feature, $nocheck)) { // By default (case of $checkdefault), we check on object entity + link to third party on field $dbt_keyfield @@ -715,7 +715,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand } $sql = "SELECT COUNT(dbt.".$dbt_keyfield.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql .= " WHERE dbt.rowid IN (".$objectid.")"; + $sql .= " WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.".$dbt_keyfield." = ".$user->socid; } elseif (!empty($conf->societe->enabled) && !$user->rights->societe->client->voir) { // If internal user: Check permission for internal users that are restricted on their objects @@ -726,7 +726,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand $sql = "SELECT COUNT(sc.fk_soc) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; + $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; $sql .= " AND sc.fk_soc = dbt.".$dbt_keyfield; $sql .= " AND sc.fk_user = ".$user->id; @@ -735,7 +735,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield." AND sc.fk_user = ".$user->id; - $sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; + $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; $sql .= " AND (sc.fk_user = ".$user->id." OR sc.fk_user IS NULL)"; } @@ -743,7 +743,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand // If multicompany and internal users with all permissions, check user is in correct entity $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql .= " WHERE dbt.".$dbt_select." IN (".$objectid.")"; + $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } diff --git a/htdocs/core/lib/website.lib.php b/htdocs/core/lib/website.lib.php index 2eb44c517f7..170202717c8 100644 --- a/htdocs/core/lib/website.lib.php +++ b/htdocs/core/lib/website.lib.php @@ -859,7 +859,7 @@ function getPagesFromSearchCriterias($type, $algo, $searchstring, $max = 25, $so foreach ($tmparrayoftype as $tmptype) { $typestring .= ($typestring ? ", " : "")."'".$db->escape(trim($tmptype))."'"; } - $sql .= " AND wp.type_container IN (".$typestring.")"; + $sql .= " AND wp.type_container IN (".$db->sanitize($typestring, 1).")"; } $sql .= " AND ("; $searchalgo = ''; diff --git a/htdocs/core/modules/mailings/advthirdparties.modules.php b/htdocs/core/modules/mailings/advthirdparties.modules.php index 9f434be9498..d067f43c273 100644 --- a/htdocs/core/modules/mailings/advthirdparties.modules.php +++ b/htdocs/core/modules/mailings/advthirdparties.modules.php @@ -125,10 +125,10 @@ class mailing_advthirdparties extends MailingTargets $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as socp"; $sql .= " WHERE socp.entity IN (".getEntity('socpeople').")"; if (count($contactid) > 0) { - $sql .= " AND socp.rowid IN (".implode(',', $contactid).")"; + $sql .= " AND socp.rowid IN (".$this->db->sanitize(implode(',', $contactid)).")"; } if (count($socid) > 0) { - $sql .= " AND socp.fk_soc IN (".implode(',', $socid).")"; + $sql .= " AND socp.fk_soc IN (".$this->db->sanitize(implode(',', $socid)).")"; } $sql .= " ORDER BY email"; diff --git a/htdocs/don/list.php b/htdocs/don/list.php index 9798cd02eea..9a2d1402e17 100644 --- a/htdocs/don/list.php +++ b/htdocs/don/list.php @@ -106,7 +106,7 @@ $sql .= " p.rowid as pid, p.ref, p.title, p.public"; $sql .= " FROM ".MAIN_DB_PREFIX."don as d LEFT JOIN ".MAIN_DB_PREFIX."projet AS p"; $sql .= " ON p.rowid = d.fk_projet WHERE d.entity IN (".getEntity('donation').")"; if ($search_status != '' && $search_status != '-4') { - $sql .= " AND d.fk_statut IN (".$db->sanitize($db->escape($search_status)).")"; + $sql .= " AND d.fk_statut IN (".$db->sanitize($search_status).")"; } if (trim($search_ref) != '') { $sql .= natural_search('d.ref', $search_ref); diff --git a/htdocs/expedition/class/api_shipments.class.php b/htdocs/expedition/class/api_shipments.class.php index 42564f7dd72..cc5267cdd47 100644 --- a/htdocs/expedition/class/api_shipments.class.php +++ b/htdocs/expedition/class/api_shipments.class.php @@ -129,7 +129,7 @@ class Shipments extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($socids) { - $sql .= " AND t.fk_soc IN (".$socids.")"; + $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } if ($search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index 327e9a030e0..a4a09e06808 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -313,13 +313,13 @@ if ($search_state) { $sql .= natural_search("state.nom", $search_state); } if ($search_country) { - $sql .= " AND s.fk_pays IN (".$search_country.')'; + $sql .= " AND s.fk_pays IN (".$db->sanitize($search_country).')'; } if ($search_tracking) { $sql .= natural_search("e.tracking_number", $search_tracking); } if ($search_type_thirdparty != '' && $search_type_thirdparty > 0) { - $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')'; + $sql .= " AND s.fk_typent IN (".$db->sanitize($search_type_thirdparty).')'; } if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$search_sale; diff --git a/htdocs/expensereport/class/api_expensereports.class.php b/htdocs/expensereport/class/api_expensereports.class.php index 98da4534e0c..13148e4247a 100644 --- a/htdocs/expensereport/class/api_expensereports.class.php +++ b/htdocs/expensereport/class/api_expensereports.class.php @@ -108,7 +108,7 @@ class ExpenseReports extends DolibarrApi $sql .= " FROM ".MAIN_DB_PREFIX."expensereport as t"; $sql .= ' WHERE t.entity IN ('.getEntity('expensereport').')'; if ($user_ids) { - $sql .= " AND t.fk_user_author IN (".$user_ids.")"; + $sql .= " AND t.fk_user_author IN (".$this->db->sanitize($user_ids).")"; } // Add sql filters diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index 89178693a43..496f57812a6 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -2367,8 +2367,8 @@ class ExpenseReport extends CommonObject $sql .= " AND ex.entity IN (".getEntity('expensereport').")"; if (empty($user->rights->expensereport->readall)) { $userchildids = $user->getAllChildIds(1); - $sql .= " AND (ex.fk_user_author IN (".join(',', $userchildids).")"; - $sql .= " OR ex.fk_user_validator IN (".join(',', $userchildids)."))"; + $sql .= " AND (ex.fk_user_author IN (".$this->db->sanitize(join(',', $userchildids)).")"; + $sql .= " OR ex.fk_user_validator IN (".$this->db->sanitize(join(',', $userchildids))."))"; } $resql = $this->db->query($sql); @@ -2414,8 +2414,8 @@ class ExpenseReport extends CommonObject $sql .= " AND ex.entity IN (".getEntity('expensereport').")"; if (empty($user->rights->expensereport->readall)) { $userchildids = $user->getAllChildIds(1); - $sql .= " AND (ex.fk_user_author IN (".join(',', $userchildids).")"; - $sql .= " OR ex.fk_user_validator IN (".join(',', $userchildids)."))"; + $sql .= " AND (ex.fk_user_author IN (".$this->db->sanitize(join(',', $userchildids)).")"; + $sql .= " OR ex.fk_user_validator IN (".$this->db->sanitize(join(',', $userchildids))."))"; } $resql = $this->db->query($sql); diff --git a/htdocs/expensereport/class/expensereportstats.class.php b/htdocs/expensereport/class/expensereportstats.class.php index 3d627cbce8d..ec71f530f51 100644 --- a/htdocs/expensereport/class/expensereportstats.class.php +++ b/htdocs/expensereport/class/expensereportstats.class.php @@ -78,11 +78,11 @@ class ExpenseReportStats extends Stats if (empty($user->rights->expensereport->readall) && empty($user->rights->expensereport->lire_tous)) { $childids = $user->getAllChildIds(); $childids[] = $user->id; - $this->where .= " AND e.fk_user_author IN (".(join(',', $childids)).")"; + $this->where .= " AND e.fk_user_author IN (".$this->db->sanitize(join(',', $childids)).")"; } if ($this->userid > 0) { - $this->where .= ' AND e.fk_user_author = '.$this->userid; + $this->where .= ' AND e.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/expensereport/index.php b/htdocs/expensereport/index.php index 541c2c0738e..f9792d5b68c 100644 --- a/htdocs/expensereport/index.php +++ b/htdocs/expensereport/index.php @@ -91,7 +91,7 @@ if (empty($user->rights->expensereport->readall) && empty($user->rights->expense && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->expensereport->writeall_advance))) { $childids = $user->getAllChildIds(); $childids[] = $user->id; - $sql .= " AND d.fk_user_author IN (".join(',', $childids).")\n"; + $sql .= " AND d.fk_user_author IN (".$db->sanitize(join(',', $childids)).")\n"; } $sql .= " GROUP BY tf.code, tf.label"; @@ -180,11 +180,11 @@ if (empty($user->rights->expensereport->readall) && empty($user->rights->expense && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->expensereport->writeall_advance))) { $childids = $user->getAllChildIds(); $childids[] = $user->id; - $sql .= " AND d.fk_user_author IN (".join(',', $childids).")\n"; + $sql .= " AND d.fk_user_author IN (".$db->sanitize(join(',', $childids)).")\n"; } $sql .= ' AND d.entity IN ('.getEntity('expensereport').')'; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND d.fk_user_author = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND d.fk_user_author = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND d.fk_user_author = ".$socid; diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php index 35642ead0c4..51022f8c40b 100644 --- a/htdocs/expensereport/list.php +++ b/htdocs/expensereport/list.php @@ -290,12 +290,12 @@ if ($search_user != '' && $search_user >= 0) { } // Status if ($search_status != '' && $search_status >= 0) { - $sql .= " AND d.fk_statut IN (".$db->sanitize($db->escape($search_status)).")"; + $sql .= " AND d.fk_statut IN (".$db->sanitize($search_status).")"; } // RESTRICT RIGHTS if (empty($user->rights->expensereport->readall) && empty($user->rights->expensereport->lire_tous) && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->expensereport->writeall_advance))) { - $sql .= " AND d.fk_user_author IN (".join(',', $childids).")\n"; + $sql .= " AND d.fk_user_author IN (".$db->sanitize(join(',', $childids)).")\n"; } // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/htdocs/fichinter/class/api_interventions.class.php b/htdocs/fichinter/class/api_interventions.class.php index a5ba127a54d..17aa2b3db53 100644 --- a/htdocs/fichinter/class/api_interventions.class.php +++ b/htdocs/fichinter/class/api_interventions.class.php @@ -136,14 +136,14 @@ class Interventions extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($socids) { - $sql .= " AND t.fk_soc IN (".$socids.")"; + $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } if ($search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/fourn/card.php b/htdocs/fourn/card.php index 6db5ba5cad3..3d67f025d6a 100644 --- a/htdocs/fourn/card.php +++ b/htdocs/fourn/card.php @@ -654,7 +654,7 @@ if ($object->id > 0) { $sql2 .= " AND c.fk_statut IN (".$db->sanitize(CommandeFournisseur::STATUS_RECEIVED_COMPLETELY).")"; // Must match filter in htdocs/fourn/commande/list.php } else { // CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.", ".CommandeFournisseur::STATUS_RECEIVED_COMPLETELY - $sql2 .= " AND c.fk_statut IN (".$db->sanitize($db->escape($conf->global->SUPPLIER_ORDER_TO_INVOICE_STATUS)).")"; + $sql2 .= " AND c.fk_statut IN (".$db->sanitize($conf->global->SUPPLIER_ORDER_TO_INVOICE_STATUS).")"; } $sql2 .= " AND c.billed = 0"; // Find order that are not already invoiced diff --git a/htdocs/fourn/class/api_supplier_invoices.class.php b/htdocs/fourn/class/api_supplier_invoices.class.php index 953092120e4..5e977473146 100644 --- a/htdocs/fourn/class/api_supplier_invoices.class.php +++ b/htdocs/fourn/class/api_supplier_invoices.class.php @@ -130,7 +130,7 @@ class SupplierInvoices extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($socids) { - $sql .= " AND t.fk_soc IN (".$socids.")"; + $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } if ($search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale diff --git a/htdocs/fourn/class/api_supplier_orders.class.php b/htdocs/fourn/class/api_supplier_orders.class.php index d75abb17e90..8076900b100 100644 --- a/htdocs/fourn/class/api_supplier_orders.class.php +++ b/htdocs/fourn/class/api_supplier_orders.class.php @@ -131,10 +131,10 @@ class SupplierOrders extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if (!empty($product_ids)) { - $sql .= " AND cd.fk_commande = t.rowid AND cd.fk_product IN (".$product_ids.")"; + $sql .= " AND cd.fk_commande = t.rowid AND cd.fk_product IN (".$this->db->sanitize($product_ids).")"; } if ($socids) { - $sql .= " AND t.fk_soc IN (".$socids.")"; + $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } if ($search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale diff --git a/htdocs/fourn/facture/impayees.php b/htdocs/fourn/facture/impayees.php index 7019b90b868..89f8a23d16d 100644 --- a/htdocs/fourn/facture/impayees.php +++ b/htdocs/fourn/facture/impayees.php @@ -116,17 +116,8 @@ if ($user->rights->fournisseur->facture->lire) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($socid) { - $sql .= " AND s.rowid = ".$socid; + $sql .= " AND s.rowid = ".((int) $socid); } - - if (GETPOST('filtre')) { - $filtrearr = explode(",", GETPOST('filtre')); - foreach ($filtrearr as $fil) { - $filt = explode(":", $fil); - $sql .= " AND ".$filt[0]." = ".$filt[1]; - } - } - if ($search_ref) { $sql .= " AND f.ref LIKE '%".$db->escape($search_ref)."%'"; } diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 7c6ed0c5e16..50fdfef6e47 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -475,14 +475,14 @@ $sql .= " state.code_departement as state_code, state.nom as state_name,"; $sql .= " country.code as country_code,"; $sql .= " p.rowid as project_id, p.ref as project_ref, p.title as project_label,"; $sql .= " u.login"; +if ($search_categ_sup && $search_categ_sup != '-1') { + $sql .= ", cs.fk_categorie, cs.fk_soc"; +} // We need dynamount_payed to be able to sort on status (value is surely wrong because we can count several lines several times due to other left join or link with contacts. But what we need is just 0 or > 0) // TODO Better solution to be able to sort on already payed or remain to pay is to store amount_payed in a denormalized field. if (!$search_all) { $sql .= ', SUM(pf.amount) as dynamount_payed'; } -if ($search_categ_sup) { - $sql .= ", cs.fk_categorie, cs.fk_soc"; -} // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { @@ -580,10 +580,10 @@ if ($search_state) { $sql .= natural_search("state.nom", $search_state); } if ($search_country) { - $sql .= " AND s.fk_pays IN (".$search_country.')'; + $sql .= " AND s.fk_pays IN (".$db->sanitize($search_country).')'; } if ($search_type_thirdparty != '' && $search_type_thirdparty >= 0) { - $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')'; + $sql .= " AND s.fk_typent IN (".$db->sanitize($search_type_thirdparty).')'; } if ($search_montant_ht != '') { $sql .= natural_search('f.total_ht', $search_montant_ht, 1); @@ -677,6 +677,9 @@ if (!$search_all) { $sql .= ' country.code,'; $sql .= " p.rowid, p.ref, p.title,"; $sql .= " u.login"; + if ($search_categ_sup && $search_categ_sup != '-1') { + $sql .= ", cs.fk_categorie, cs.fk_soc"; + } if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { //prevent error with sql_mode=only_full_group_by diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 7943df254c1..243d65b5078 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -1122,7 +1122,7 @@ class Holiday extends CommonObject $sql .= " AND cp.fk_user = ".(int) $fk_user; $sql .= " AND cp.date_debut <= '".$this->db->idate($timestamp)."' AND cp.date_fin >= '".$this->db->idate($timestamp)."'"; if ($status != '-1') { - $sql .= " AND cp.statut IN (".$this->db->sanitize($this->db->escape($status)).")"; + $sql .= " AND cp.statut IN (".$this->db->sanitize($status).")"; } $resql = $this->db->query($sql); @@ -2209,8 +2209,8 @@ class Holiday extends CommonObject $sql .= " AND h.entity IN (".getEntity('holiday').")"; if (empty($user->rights->expensereport->readall)) { $userchildids = $user->getAllChildIds(1); - $sql .= " AND (h.fk_user IN (".join(',', $userchildids).")"; - $sql .= " OR h.fk_validator IN (".join(',', $userchildids)."))"; + $sql .= " AND (h.fk_user IN (".$this->db->sanitize(join(',', $userchildids)).")"; + $sql .= " OR h.fk_validator IN (".$this->db->sanitize(join(',', $userchildids))."))"; } $resql = $this->db->query($sql); @@ -2251,8 +2251,8 @@ class Holiday extends CommonObject $sql .= " AND h.entity IN (".getEntity('holiday').")"; if (empty($user->rights->expensereport->read_all)) { $userchildids = $user->getAllChildIds(1); - $sql .= " AND (h.fk_user IN (".join(',', $userchildids).")"; - $sql .= " OR h.fk_validator IN (".join(',', $userchildids)."))"; + $sql .= " AND (h.fk_user IN (".$this->db->sanitize(join(',', $userchildids)).")"; + $sql .= " OR h.fk_validator IN (".$this->db->sanitize(join(',', $userchildids))."))"; } $resql = $this->db->query($sql); diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index 4474aecf748..e6f63614fcc 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -344,7 +344,7 @@ if (empty($user->rights->holiday->readall)) { $sql .= ' AND cp.fk_user IN ('.join(',', $childids).')'; } if ($id > 0) { - $sql .= " AND cp.fk_user IN (".$id.")"; + $sql .= " AND cp.fk_user IN (".$db->sanitize($id).")"; } // Add where from extra fields diff --git a/htdocs/margin/agentMargins.php b/htdocs/margin/agentMargins.php index 717e2d02c1b..a8db68d9fec 100644 --- a/htdocs/margin/agentMargins.php +++ b/htdocs/margin/agentMargins.php @@ -166,7 +166,7 @@ if (!empty($conf->global->AGENT_CONTACT_TYPE)) { } else { $sql .= " AND sc.fk_user = u.rowid"; } -$sql .= " AND f.fk_statut NOT IN (".implode(', ', $invoice_status_except_list).")"; +$sql .= " AND f.fk_statut NOT IN (".$db->sanitize(implode(', ', $invoice_status_except_list)).")"; $sql .= ' AND s.entity IN ('.getEntity('societe').')'; $sql .= " AND d.fk_facture = f.rowid"; if ($agentid > 0) { diff --git a/htdocs/margin/checkMargins.php b/htdocs/margin/checkMargins.php index f61d8d02e55..43ff6ef6b9f 100644 --- a/htdocs/margin/checkMargins.php +++ b/htdocs/margin/checkMargins.php @@ -214,7 +214,7 @@ $sql .= " ,d.fk_product"; $sql .= " FROM ".MAIN_DB_PREFIX."facture as f "; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."facturedet as d ON d.fk_facture = f.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid"; -$sql .= " WHERE f.fk_statut NOT IN (".implode(', ', $invoice_status_except_list).")"; +$sql .= " WHERE f.fk_statut NOT IN (".$db->sanitize(implode(', ', $invoice_status_except_list)).")"; $sql .= " AND f.entity IN (".getEntity('invoice').") "; if (!empty($startdate)) { $sql .= " AND f.datef >= '".$db->idate($startdate)."'"; diff --git a/htdocs/margin/customerMargins.php b/htdocs/margin/customerMargins.php index 05d5aa1ca5c..ac30d223806 100644 --- a/htdocs/margin/customerMargins.php +++ b/htdocs/margin/customerMargins.php @@ -239,7 +239,7 @@ if ($socid > 0) { if (!$user->rights->societe->client->voir && !$socid) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; } -$sql .= " AND f.fk_statut NOT IN (".implode(', ', $invoice_status_except_list).")"; +$sql .= " AND f.fk_statut NOT IN (".$db->sanitize(implode(', ', $invoice_status_except_list)).")"; $sql .= ' AND s.entity IN ('.getEntity('societe').')'; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; $sql .= " AND d.fk_facture = f.rowid"; diff --git a/htdocs/margin/productMargins.php b/htdocs/margin/productMargins.php index 0ac47243723..43afbaa0e92 100644 --- a/htdocs/margin/productMargins.php +++ b/htdocs/margin/productMargins.php @@ -195,13 +195,13 @@ if (!empty($TSelectedCats)) { } $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; -$sql .= " AND f.fk_statut NOT IN (".implode(', ', $invoice_status_except_list).")"; +$sql .= " AND f.fk_statut NOT IN (".$db->sanitize(implode(', ', $invoice_status_except_list)).")"; $sql .= " AND d.fk_facture = f.rowid"; if ($id > 0) { $sql .= " AND d.fk_product =".$id; } if (!empty($TSelectedCats)) { - $sql .= ' AND cp.fk_categorie IN ('.implode(',', $TSelectedCats).')'; + $sql .= ' AND cp.fk_categorie IN ('.$db->sanitize(implode(',', $TSelectedCats)).')'; } if (!empty($startdate)) { $sql .= " AND f.datef >= '".$db->idate($startdate)."'"; diff --git a/htdocs/product/class/html.formproduct.class.php b/htdocs/product/class/html.formproduct.class.php index 56efd8565d1..718acef6970 100644 --- a/htdocs/product/class/html.formproduct.class.php +++ b/htdocs/product/class/html.formproduct.class.php @@ -116,13 +116,13 @@ class FormProduct } $sql .= " WHERE e.entity IN (".getEntity('stock').")"; if (count($warehouseStatus)) { - $sql .= " AND e.statut IN (".$this->db->sanitize($this->db->escape(implode(',', $warehouseStatus))).")"; + $sql .= " AND e.statut IN (".$this->db->sanitize(implode(',', $warehouseStatus)).")"; } else { $sql .= " AND e.statut = 1"; } if (!empty($exclude)) { - $sql .= ' AND e.rowid NOT IN('.$this->db->escape(implode(',', $exclude)).')'; + $sql .= ' AND e.rowid NOT IN('.$this->db->sanitize(implode(',', $exclude)).')'; } // minimum stock @@ -646,7 +646,7 @@ class FormProduct $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as ps on ps.rowid = pb.fk_product_stock"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."entrepot as e on e.rowid = ps.fk_entrepot AND e.entity IN (".getEntity('stock').")"; if (!empty($productIdList)) { - $sql .= " WHERE ps.fk_product IN (".$productIdList.")"; + $sql .= " WHERE ps.fk_product IN (".$this->db->sanitize($productIdList).")"; } $sql .= " ORDER BY e.ref, pb.batch"; diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index f195fa0c5e7..71b74a8a1db 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -2750,7 +2750,7 @@ class Product extends CommonObject $sql .= " JOIN ".MAIN_DB_PREFIX."facture f ON fd.fk_facture = f.rowid "; $sql .= " JOIN ".MAIN_DB_PREFIX."element_element el ON el.fk_target = f.rowid and el.targettype = 'facture' and sourcetype = 'commande'"; $sql .= " JOIN ".MAIN_DB_PREFIX."commande c ON el.fk_source = c.rowid "; - $sql .= " WHERE c.fk_statut IN (".$filtrestatut.") AND c.facture = 0 AND fd.fk_product = ".$this->id; + $sql .= " WHERE c.fk_statut IN (".$this->db->sanitize($filtrestatut).") AND c.facture = 0 AND fd.fk_product = ".((int) $this->id); dol_syslog(__METHOD__.":: sql $sql", LOG_NOTICE); $resql = $this->db->query($sql); @@ -4980,7 +4980,7 @@ class Product extends CommonObject $sql .= " AND w.rowid = ps.fk_entrepot"; $sql .= " AND ps.fk_product = ".$this->id; if (!empty($conf->global->ENTREPOT_EXTRA_STATUS) && count($warehouseStatus)) { - $sql .= " AND w.statut IN (".$this->db->sanitize($this->db->escape(implode(',', $warehouseStatus))).")"; + $sql .= " AND w.statut IN (".$this->db->sanitize(implode(',', $warehouseStatus)).")"; } dol_syslog(get_class($this)."::load_stock", LOG_DEBUG); diff --git a/htdocs/product/stock/stockatdate.php b/htdocs/product/stock/stockatdate.php index 5a3b0cb0a9c..bdac3a70f54 100644 --- a/htdocs/product/stock/stockatdate.php +++ b/htdocs/product/stock/stockatdate.php @@ -133,7 +133,7 @@ if ($date && $dateIsValid) { // Avoid heavy sql if mandatory date is not defined $sql .= " WHERE w.entity IN (".getEntity('stock').")"; $sql .= " AND w.rowid = ps.fk_entrepot"; if (!empty($conf->global->ENTREPOT_EXTRA_STATUS) && count($warehouseStatus)) { - $sql .= " AND w.statut IN (".$db->sanitize($db->escape(implode(',', $warehouseStatus))).")"; + $sql .= " AND w.statut IN (".$db->sanitize(implode(',', $warehouseStatus)).")"; } if ($productid > 0) { $sql .= " AND ps.fk_product = ".$productid; @@ -183,7 +183,7 @@ if ($date && $dateIsValid) { $sql .= " WHERE w.entity IN (".getEntity('stock').")"; $sql .= " AND w.rowid = sm.fk_entrepot"; if (!empty($conf->global->ENTREPOT_EXTRA_STATUS) && count($warehouseStatus)) { - $sql .= " AND w.statut IN (".$db->sanitize($db->escape(implode(',', $warehouseStatus))).")"; + $sql .= " AND w.statut IN (".$db->sanitize(implode(',', $warehouseStatus)).")"; } if ($mode == 'future') { $sql .= " AND sm.datem <= '".$db->idate($dateendofday)."'"; @@ -191,10 +191,10 @@ if ($date && $dateIsValid) { $sql .= " AND sm.datem >= '".$db->idate($date)."'"; } if ($productid > 0) { - $sql .= " AND sm.fk_product = ".$productid; + $sql .= " AND sm.fk_product = ".((int) $productid); } if ($fk_warehouse > 0) { - $sql .= " AND sm.fk_entrepot = ".$fk_warehouse; + $sql .= " AND sm.fk_entrepot = ".((int) $fk_warehouse); } $sql .= " GROUP BY sm.fk_product, sm.fk_entrepot"; $resql = $db->query($sql); diff --git a/htdocs/projet/activity/index.php b/htdocs/projet/activity/index.php index c49ca736bbb..fe2188de904 100644 --- a/htdocs/projet/activity/index.php +++ b/htdocs/projet/activity/index.php @@ -454,7 +454,7 @@ if (empty($conf->global->PROJECT_HIDE_TASKS) && !empty($conf->global->PROJECT_SH $sql .= " AND p.rowid IN (".$db->sanitize($projectsListId).")"; // project i have permission on } if ($mine) { // this may duplicate record if we are contact twice - $sql .= " AND ect.fk_c_type_contact IN (".join(',', array_keys($listoftaskcontacttype)).") AND ect.element_id = t.rowid AND ect.fk_socpeople = ".$user->id; + $sql .= " AND ect.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listoftaskcontacttype))).") AND ect.element_id = t.rowid AND ect.fk_socpeople = ".$user->id; } if ($socid) { $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; diff --git a/htdocs/projet/class/api_projects.class.php b/htdocs/projet/class/api_projects.class.php index c650512c5dd..47536986a80 100644 --- a/htdocs/projet/class/api_projects.class.php +++ b/htdocs/projet/class/api_projects.class.php @@ -131,14 +131,14 @@ class Projects extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($socids) { - $sql .= " AND t.fk_soc IN (".$socids.")"; + $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } if ($search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Select projects of given category if ($category > 0) { diff --git a/htdocs/projet/class/api_tasks.class.php b/htdocs/projet/class/api_tasks.class.php index 518b3576e34..748d9ce2594 100644 --- a/htdocs/projet/class/api_tasks.class.php +++ b/htdocs/projet/class/api_tasks.class.php @@ -135,14 +135,14 @@ class Tasks extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($socids) { - $sql .= " AND t.fk_soc IN (".$socids.")"; + $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } if ($search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 137757eae1a..5d6c4b4825a 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -653,19 +653,19 @@ class Project extends CommonObject $ids = $this->id; if ($type == 'agenda') { - $sql = "SELECT id as rowid FROM ".MAIN_DB_PREFIX."actioncomm WHERE fk_project IN (".$ids.") AND entity IN (".getEntity('agenda').")"; + $sql = "SELECT id as rowid FROM ".MAIN_DB_PREFIX."actioncomm WHERE fk_project IN (".$this->db->sanitize($ids).") AND entity IN (".getEntity('agenda').")"; } elseif ($type == 'expensereport') { - $sql = "SELECT ed.rowid FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet IN (".$ids.")"; + $sql = "SELECT ed.rowid FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet IN (".$this->db->sanitize($ids).")"; } elseif ($type == 'project_task') { - $sql = "SELECT DISTINCT pt.rowid FROM ".MAIN_DB_PREFIX."projet_task as pt WHERE pt.fk_projet IN (".$ids.")"; + $sql = "SELECT DISTINCT pt.rowid FROM ".MAIN_DB_PREFIX."projet_task as pt WHERE pt.fk_projet IN (".$this->db->sanitize($ids).")"; } elseif ($type == 'project_task_time') { // Case we want to duplicate line foreach user - $sql = "SELECT DISTINCT pt.rowid, ptt.fk_user FROM ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."projet_task_time as ptt WHERE pt.rowid = ptt.fk_task AND pt.fk_projet IN (".$ids.")"; + $sql = "SELECT DISTINCT pt.rowid, ptt.fk_user FROM ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."projet_task_time as ptt WHERE pt.rowid = ptt.fk_task AND pt.fk_projet IN (".$this->db->sanitize($ids).")"; } elseif ($type == 'stock_mouvement') { - $sql = 'SELECT ms.rowid, ms.fk_user_author as fk_user FROM '.MAIN_DB_PREFIX."stock_mouvement as ms, ".MAIN_DB_PREFIX."entrepot as e WHERE e.rowid = ms.fk_entrepot AND e.entity IN (".getEntity('stock').") AND ms.origintype = 'project' AND ms.fk_origin IN (".$ids.") AND ms.type_mouvement = 1"; + $sql = 'SELECT ms.rowid, ms.fk_user_author as fk_user FROM '.MAIN_DB_PREFIX."stock_mouvement as ms, ".MAIN_DB_PREFIX."entrepot as e WHERE e.rowid = ms.fk_entrepot AND e.entity IN (".getEntity('stock').") AND ms.origintype = 'project' AND ms.fk_origin IN (".$this->db->sanitize($ids).") AND ms.type_mouvement = 1"; } elseif ($type == 'loan') { - $sql = 'SELECT l.rowid, l.fk_user_author as fk_user FROM '.MAIN_DB_PREFIX."loan as l WHERE l.entity IN (".getEntity('loan').") AND l.fk_projet IN (".$ids.")"; + $sql = 'SELECT l.rowid, l.fk_user_author as fk_user FROM '.MAIN_DB_PREFIX."loan as l WHERE l.entity IN (".getEntity('loan').") AND l.fk_projet IN (".$this->db->sanitize($ids).")"; } else { - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX.$tablename." WHERE ".$projectkey." IN (".$ids.") AND entity IN (".getEntity($type).")"; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX.$tablename." WHERE ".$projectkey." IN (".$this->db->sanitize($ids).") AND entity IN (".getEntity($type).")"; } if ($dates > 0 && $type == 'loan') { @@ -1386,13 +1386,13 @@ class Project extends CommonObject if ($mode == 0) { $sql .= " AND ( p.public = 1"; - $sql .= " OR ( ec.fk_c_type_contact IN (".join(',', array_keys($listofprojectcontacttype)).")"; + $sql .= " OR ( ec.fk_c_type_contact IN (".$this->db->sanitize(join(',', array_keys($listofprojectcontacttype))).")"; $sql .= " AND ec.fk_socpeople = ".$user->id.")"; $sql .= " )"; } elseif ($mode == 1) { $sql .= " AND ec.element_id = p.rowid"; $sql .= " AND ("; - $sql .= " ( ec.fk_c_type_contact IN (".join(',', array_keys($listofprojectcontacttype)).")"; + $sql .= " ( ec.fk_c_type_contact IN (".$this->db->sanitize(join(',', array_keys($listofprojectcontacttype))).")"; $sql .= " AND ec.fk_socpeople = ".$user->id.")"; $sql .= " )"; } elseif ($mode == 2) { @@ -1974,7 +1974,7 @@ class Project extends CommonObject $sql .= " WHERE p.fk_statut = 1"; $sql .= " AND p.entity IN (".getEntity('project').')'; if (!empty($projectsListId)) { - $sql .= " AND p.rowid IN (".$projectsListId.")"; + $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; } // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; diff --git a/htdocs/projet/class/projectstats.class.php b/htdocs/projet/class/projectstats.class.php index 3ec82edf366..42c5ae2135f 100644 --- a/htdocs/projet/class/projectstats.class.php +++ b/htdocs/projet/class/projectstats.class.php @@ -180,11 +180,11 @@ class ProjectStats extends Stats } if (!empty($this->status)) { - $sqlwhere[] = " t.fk_opp_status IN (".$this->status.")"; + $sqlwhere[] = " t.fk_opp_status IN (".$this->db->sanitize($this->status).")"; } if (!$user->rights->projet->all->lire) { - $sqlwhere[] = " t.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users + $sqlwhere[] = " t.rowid IN (".$this->db->sanitize($projectsListId).")"; // public and assigned to, or restricted to company for external users } if (count($sqlwhere) > 0) { diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 9a72124199c..c9762c0043c 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -2002,12 +2002,12 @@ class Task extends CommonObject $sql .= " AND t.fk_projet = p.rowid"; $sql .= " AND (t.progress IS NULL OR t.progress < 100)"; // tasks to do if (!$user->rights->projet->all->lire) { - $sql .= " AND p.rowid IN (".$projectsListId.")"; + $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; } // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; if ($socid) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser // if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; @@ -2076,7 +2076,7 @@ class Task extends CommonObject $sql .= " WHERE p.entity IN (".getEntity('project', 0).')'; $sql .= " AND t.fk_projet = p.rowid"; // tasks to do if ($mine || !$user->rights->projet->all->lire) { - $sql .= " AND p.rowid IN (".$projectsListId.")"; + $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; } // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; diff --git a/htdocs/projet/class/taskstats.class.php b/htdocs/projet/class/taskstats.class.php index d18950ec482..8a5234b956f 100644 --- a/htdocs/projet/class/taskstats.class.php +++ b/htdocs/projet/class/taskstats.class.php @@ -154,9 +154,8 @@ class TaskStats extends Stats if (!empty($this->yearmonth)) { $sqlwhere[] = " t.datec BETWEEN '".$this->db->idate(dol_get_first_day($this->yearmonth))."' AND '".$this->db->idate(dol_get_last_day($this->yearmonth))."'"; } - - if (!empty($this->status)) { - $sqlwhere[] = " t.priority IN (".$this->priority.")"; + if (!empty($this->priority)) { + $sqlwhere[] = " t.priority IN (".$this->db->sanitize($this->priority, 1).")"; } if (count($sqlwhere) > 0) { diff --git a/htdocs/projet/graph_opportunities.inc.php b/htdocs/projet/graph_opportunities.inc.php index cf8cc1dd34d..b6b4470dd15 100644 --- a/htdocs/projet/graph_opportunities.inc.php +++ b/htdocs/projet/graph_opportunities.inc.php @@ -23,10 +23,10 @@ if (!empty($conf->global->PROJECT_USE_OPPORTUNITIES)) { $sql .= " WHERE p.entity IN (".getEntity('project').")"; $sql .= " AND p.fk_statut = 1"; // Opend projects only if ($mine || empty($user->rights->projet->all->lire)) { - $sql .= " AND p.rowid IN (".$projectsListId.")"; + $sql .= " AND p.rowid IN (".$db->sanitize($projectsListId).")"; } - if ($socid) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + if ($socid > 0) { + $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } $sql .= " GROUP BY p.fk_opp_status, cls.code"; $resql = $db->query($sql); diff --git a/htdocs/projet/index.php b/htdocs/projet/index.php index 600a246cf94..78e9d85aa1a 100644 --- a/htdocs/projet/index.php +++ b/htdocs/projet/index.php @@ -238,7 +238,7 @@ $sql .= " FROM ".MAIN_DB_PREFIX."projet as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid"; $sql .= " WHERE p.entity IN (".getEntity('project').")"; if ($mine || empty($user->rights->projet->all->lire)) { - $sql .= " AND p.rowid IN (".$projectsListId.")"; // If we have this test true, it also means projectset is not 2 + $sql .= " AND p.rowid IN (".$db->sanitize($projectsListId).")"; // If we have this test true, it also means projectset is not 2 } if ($socid) { $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; @@ -338,10 +338,10 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid"; $sql .= " WHERE p.entity IN (".getEntity('project').")"; $sql .= " AND p.fk_statut = 1"; if ($mine || empty($user->rights->projet->all->lire)) { - $sql .= " AND p.rowid IN (".$projectsListId.")"; // If we have this test true, it also means projectset is not 2 + $sql .= " AND p.rowid IN (".$db->sanitize($projectsListId).")"; // If we have this test true, it also means projectset is not 2 } -if ($socid) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; +if ($socid > 0) { + $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } $sql .= " GROUP BY s.rowid, s.nom, s.name_alias, s.code_client, s.code_compta, s.client, s.code_fournisseur, s.code_compta_fournisseur, s.fournisseur, s.logo, s.email, s.entity, s.canvas, s.status"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index e6b381a6650..3e81b529ac8 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -370,11 +370,11 @@ if (!empty($conf->categorie->enabled)) { $sql .= Categorie::getFilterSelectQuery(Categorie::TYPE_PROJECT, "p.rowid", $search_category_array); } if (!$user->rights->projet->all->lire) { - $sql .= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users + $sql .= " AND p.rowid IN (".$db->sanitize($projectsListId).")"; // public and assigned to, or restricted to company for external users } // No need to check if company is external user, as filtering of projects must be done by getProjectsAuthorizedForUser if ($socid > 0) { - $sql .= " AND (p.fk_soc = ".$socid.")"; // This filter if when we use a hard coded filter on company on url (not related to filter for external users) + $sql .= " AND (p.fk_soc = ".((int) $socid).")"; // This filter if when we use a hard coded filter on company on url (not related to filter for external users) } if ($search_ref) { $sql .= natural_search('p.ref', $search_ref); diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php index 57f9ec2b24f..801c792cf7d 100644 --- a/htdocs/projet/tasks/list.php +++ b/htdocs/projet/tasks/list.php @@ -334,17 +334,17 @@ if ($search_task_user > 0) { $sql .= " WHERE t.fk_projet = p.rowid"; $sql .= " AND p.entity IN (".getEntity('project').')'; if (!$user->rights->projet->all->lire) { - $sql .= " AND p.rowid IN (".($projectsListId ? $projectsListId : '0').")"; // public and assigned to projects, or restricted to company for external users + $sql .= " AND p.rowid IN (".$db->sanitize($projectsListId ? $projectsListId : '0').")"; // public and assigned to projects, or restricted to company for external users } if (is_object($projectstatic) && $projectstatic->id > 0) { - $sql .= " AND p.rowid = ".$projectstatic->id; + $sql .= " AND p.rowid = ".((int) $projectstatic->id); } // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser if ($socid) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } if ($search_categ > 0) { - $sql .= " AND cs.fk_categorie = ".$db->escape($search_categ); + $sql .= " AND cs.fk_categorie = ".((int) $search_categ); } if ($search_categ == -2) { $sql .= " AND cs.fk_categorie IS NULL"; @@ -389,10 +389,10 @@ if ($search_public != '') { $sql .= " AND p.public = ".$db->escape($search_public); } if ($search_project_user > 0) { - $sql .= " AND ecp.fk_c_type_contact IN (".join(',', array_keys($listofprojectcontacttype)).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".$search_project_user; + $sql .= " AND ecp.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listofprojectcontacttype))).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".$search_project_user; } if ($search_task_user > 0) { - $sql .= " AND ect.fk_c_type_contact IN (".join(',', array_keys($listoftaskcontacttype)).") AND ect.element_id = t.rowid AND ect.fk_socpeople = ".$search_task_user; + $sql .= " AND ect.fk_c_type_contact IN (".$db->sanitize(join(',', array_keys($listoftaskcontacttype))).") AND ect.element_id = t.rowid AND ect.fk_socpeople = ".$search_task_user; } // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index eb1c394d8cf..597d885d088 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -1036,7 +1036,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0) { if (empty($projectidforalltimes)) { $sql .= " AND t.fk_task =".$object->id; } else { - $sql .= " AND pt.fk_projet IN (".$projectidforalltimes.")"; + $sql .= " AND pt.fk_projet IN (".$db->sanitize($projectidforalltimes).")"; } if ($search_note) { $sql .= natural_search('t.note', $search_note); diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index 661c14c9d01..b77742dd71d 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -472,10 +472,10 @@ if ($search_state) { $sql .= natural_search("state.nom", $search_state); } if ($search_country) { - $sql .= " AND s.fk_pays IN (".$search_country.')'; + $sql .= " AND s.fk_pays IN (".$db->sanitize($search_country).')'; } if ($search_type_thirdparty != '' && $search_type_thirdparty > 0) { - $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')'; + $sql .= " AND s.fk_typent IN (".$db->sanitize($search_type_thirdparty).')'; } if ($search_ref_rcp) { $sql .= natural_search('e.ref', $search_ref_rcp); diff --git a/htdocs/salaries/list.php b/htdocs/salaries/list.php index 7bc75f52793..907f16f21bc 100644 --- a/htdocs/salaries/list.php +++ b/htdocs/salaries/list.php @@ -247,7 +247,7 @@ $sql .= " ".MAIN_DB_PREFIX."user as u"; $sql .= " WHERE u.rowid = s.fk_user"; $sql .= " AND s.entity IN (".getEntity('payment_salaries').")"; if (empty($user->rights->salaries->readall)) { - $sql .= " AND s.fk_user IN (".join(',', $childids).")"; + $sql .= " AND s.fk_user IN (".$db->sanitize(join(',', $childids)).")"; } // Search criteria diff --git a/htdocs/salaries/payments.php b/htdocs/salaries/payments.php index 5c0b0c73956..3e6630dbaf1 100644 --- a/htdocs/salaries/payments.php +++ b/htdocs/salaries/payments.php @@ -190,22 +190,18 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON b.fk_account = ba.ro $sql .= " ".MAIN_DB_PREFIX."user as u"; $sql .= " WHERE u.rowid = sal.fk_user"; $sql .= " AND s.entity IN (".getEntity('payment_salaries').")"; -if (empty($user->rights->salaries->readall)) $sql .= " AND s.fk_user IN (".join(',', $childids).")"; +if (empty($user->rights->salaries->readall)) $sql .= " AND s.fk_user IN (".$db->sanitize(join(',', $childids)).")"; // Search criteria if ($search_ref) $sql .= " AND s.rowid=".((int) $search_ref); -if ($search_ref_salary) $sql .= " AND sal.rowid=".((int) $search_ref_salary); +if ($search_ref_salary) $sql .= " AND sal.rowid=".((int) $search_ref_salary); if ($search_user) $sql .= natural_search(array('u.login', 'u.lastname', 'u.firstname', 'u.email'), $search_user); if ($search_label) $sql .= natural_search(array('sal.label'), $search_label); if ($search_date_start) $sql .= " AND s.datep >= '".$db->idate($search_date_start)."'"; if ($search_date_end) $sql .= " AND s.datep <= '".$db->idate($search_date_end)."'"; if ($search_amount) $sql .= natural_search("s.amount", $search_amount, 1); if ($search_account > 0) $sql .= " AND b.fk_account=".((int) $search_account); -if ($filtre) { - $filtre = str_replace(":", "=", $filtre); - $sql .= " AND ".$filtre; -} -if ($search_type_id) { +if ($search_type_id > 0) { $sql .= " AND s.fk_typepayment=".$search_type_id; } $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/societe/class/api_contacts.class.php b/htdocs/societe/class/api_contacts.class.php index 37ad82602fb..3993ad38e5f 100644 --- a/htdocs/societe/class/api_contacts.class.php +++ b/htdocs/societe/class/api_contacts.class.php @@ -192,7 +192,7 @@ class Contacts extends DolibarrApi $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON t.fk_soc = s.rowid"; $sql .= ' WHERE t.entity IN ('.getEntity('socpeople').')'; if ($socids) { - $sql .= " AND t.fk_soc IN (".$socids.")"; + $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { @@ -203,7 +203,7 @@ class Contacts extends DolibarrApi } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Select contacts of given category diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php index ed62e5a224f..cd356d2e2a2 100644 --- a/htdocs/societe/class/api_thirdparties.class.php +++ b/htdocs/societe/class/api_thirdparties.class.php @@ -187,14 +187,14 @@ class Thirdparties extends DolibarrApi } //if ($email != NULL) $sql.= " AND s.email = \"".$email."\""; if ($socids) { - $sql .= " AND t.rowid IN (".$socids.")"; + $sql .= " AND t.rowid IN (".$this->db->sanitize($socids).")"; } if ($search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 74685d37b05..6ac6d35e4eb 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -584,7 +584,7 @@ if ($search_region) { $sql .= natural_search("region.nom", $search_region); } if ($search_country && $search_country != '-1') { - $sql .= " AND s.fk_pays IN (".$db->sanitize($db->escape($search_country)).')'; + $sql .= " AND s.fk_pays IN (".$db->sanitize($search_country).')'; } if ($search_email) { $sql .= natural_search("s.email", $search_email); @@ -621,7 +621,7 @@ if (strlen($search_vat)) { } // Filter on type of thirdparty if ($search_type > 0 && in_array($search_type, array('1,3', '1,2,3', '2,3'))) { - $sql .= " AND s.client IN (".$db->sanitize($db->escape($search_type)).")"; + $sql .= " AND s.client IN (".$db->sanitize($search_type).")"; } if ($search_type > 0 && in_array($search_type, array('4'))) { $sql .= " AND s.fournisseur = 1"; diff --git a/htdocs/supplier_proposal/class/api_supplier_proposals.class.php b/htdocs/supplier_proposal/class/api_supplier_proposals.class.php index 953f1d274fe..1368cce7811 100644 --- a/htdocs/supplier_proposal/class/api_supplier_proposals.class.php +++ b/htdocs/supplier_proposal/class/api_supplier_proposals.class.php @@ -124,14 +124,14 @@ class Supplierproposals extends DolibarrApi $sql .= " AND t.fk_soc = sc.fk_soc"; } if ($socids) { - $sql .= " AND t.fk_soc IN (".$socids.")"; + $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } if ($search_sale > 0) { $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale } // Insert sale filter if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".$search_sale; + $sql .= " AND sc.fk_user = ".((int) $search_sale); } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 3ad210b2f77..6851bbb4021 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -329,10 +329,10 @@ if ($search_state) { $sql .= natural_search("state.nom", $search_state); } if ($search_country) { - $sql .= " AND s.fk_pays IN (".$search_country.')'; + $sql .= " AND s.fk_pays IN (".$db->sanitize($search_country).')'; } if ($search_type_thirdparty != '' && $search_type_thirdparty > 0) { - $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')'; + $sql .= " AND s.fk_typent IN (".$db->sanitize($search_type_thirdparty).')'; } if ($search_ref) { $sql .= natural_search('sp.ref', $search_ref); diff --git a/htdocs/user/class/api_users.class.php b/htdocs/user/class/api_users.class.php index 9415366061d..2f8972ceafe 100644 --- a/htdocs/user/class/api_users.class.php +++ b/htdocs/user/class/api_users.class.php @@ -87,7 +87,7 @@ class Users extends DolibarrApi } $sql .= ' WHERE t.entity IN ('.getEntity('user').')'; if ($user_ids) { - $sql .= " AND t.rowid IN (".$user_ids.")"; + $sql .= " AND t.rowid IN (".$this->db->sanitize($user_ids).")"; } // Select products of given category @@ -473,7 +473,7 @@ class Users extends DolibarrApi $sql .= " FROM ".MAIN_DB_PREFIX."usergroup as t"; $sql .= ' WHERE t.entity IN ('.getEntity('user').')'; if ($group_ids) { - $sql .= " AND t.rowid IN (".$group_ids.")"; + $sql .= " AND t.rowid IN (".$this->db->sanitize($group_ids).")"; } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/user/list.php b/htdocs/user/list.php index aef0d3e31c9..ec7b7335b02 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -357,7 +357,7 @@ if ($socid > 0) { } //if ($search_user != '') $sql.=natural_search(array('u.login', 'u.lastname', 'u.firstname'), $search_user); if ($search_supervisor > 0) { - $sql .= " AND u.fk_user IN (".$db->sanitize($db->escape($search_supervisor)).")"; + $sql .= " AND u.fk_user IN (".$db->sanitize($search_supervisor).")"; } if ($search_thirdparty != '') { $sql .= natural_search(array('s.nom'), $search_thirdparty); @@ -393,7 +393,7 @@ if ($search_api_key != '') { $sql .= natural_search("u.api_key", $search_api_key); } if ($search_statut != '' && $search_statut >= 0) { - $sql .= " AND u.statut IN (".$db->sanitize($db->escape($search_statut)).")"; + $sql .= " AND u.statut IN (".$db->sanitize($search_statut).")"; } if ($sall) { $sql .= natural_search(array_keys($fieldstosearchall), $sall); diff --git a/htdocs/variants/class/ProductAttribute.class.php b/htdocs/variants/class/ProductAttribute.class.php index b823cbea470..a4e9f92eb10 100644 --- a/htdocs/variants/class/ProductAttribute.class.php +++ b/htdocs/variants/class/ProductAttribute.class.php @@ -85,7 +85,7 @@ class ProductAttribute extends CommonObject return -1; } - $sql = "SELECT rowid, ref, ref_ext, label, rang FROM ".MAIN_DB_PREFIX."product_attribute WHERE rowid = ".(int) $id." AND entity IN (".getEntity('product').")"; + $sql = "SELECT rowid, ref, ref_ext, label, rang FROM ".MAIN_DB_PREFIX."product_attribute WHERE rowid = ".((int) $id)." AND entity IN (".getEntity('product').")"; $query = $this->db->query($sql); @@ -249,7 +249,7 @@ class ProductAttribute extends CommonObject public function countChildProducts() { $sql = "SELECT COUNT(*) count FROM ".MAIN_DB_PREFIX."product_attribute_combination2val pac2v - LEFT JOIN ".MAIN_DB_PREFIX."product_attribute_combination pac ON pac2v.fk_prod_combination = pac.rowid WHERE pac2v.fk_prod_attr = ".(int) $this->id." AND pac.entity IN (".getEntity('product').")"; + LEFT JOIN ".MAIN_DB_PREFIX."product_attribute_combination pac ON pac2v.fk_prod_combination = pac.rowid WHERE pac2v.fk_prod_attr = ".((int) $this->id)." AND pac.entity IN (".getEntity('product').")"; $query = $this->db->query($sql); diff --git a/htdocs/variants/class/ProductCombination.class.php b/htdocs/variants/class/ProductCombination.class.php index 8606b12602d..d16ae4e2134 100644 --- a/htdocs/variants/class/ProductCombination.class.php +++ b/htdocs/variants/class/ProductCombination.class.php @@ -106,7 +106,7 @@ class ProductCombination { global $conf; - $sql = "SELECT rowid, fk_product_parent, fk_product_child, variation_price, variation_price_percentage, variation_weight, variation_ref_ext FROM ".MAIN_DB_PREFIX."product_attribute_combination WHERE rowid = ".(int) $rowid." AND entity IN (".getEntity('product').")"; + $sql = "SELECT rowid, fk_product_parent, fk_product_child, variation_price, variation_price_percentage, variation_weight, variation_ref_ext FROM ".MAIN_DB_PREFIX."product_attribute_combination WHERE rowid = ".((int) $rowid)." AND entity IN (".getEntity('product').")"; $query = $this->db->query($sql); @@ -281,7 +281,7 @@ class ProductCombination { global $conf; - $sql = "SELECT rowid, fk_product_parent, fk_product_child, variation_price, variation_price_percentage, variation_weight FROM ".MAIN_DB_PREFIX."product_attribute_combination WHERE fk_product_parent = ".(int) $fk_product_parent." AND entity IN (".getEntity('product').")"; + $sql = "SELECT rowid, fk_product_parent, fk_product_child, variation_price, variation_price_percentage, variation_weight FROM ".MAIN_DB_PREFIX."product_attribute_combination WHERE fk_product_parent = ".((int) $fk_product_parent)." AND entity IN (".getEntity('product').")"; $query = $this->db->query($sql); @@ -320,7 +320,7 @@ class ProductCombination public function countNbOfCombinationForFkProductParent($fk_product_parent) { $nb = 0; - $sql = "SELECT count(rowid) as nb FROM ".MAIN_DB_PREFIX."product_attribute_combination WHERE fk_product_parent = ".(int) $fk_product_parent." AND entity IN (".getEntity('product').")"; + $sql = "SELECT count(rowid) as nb FROM ".MAIN_DB_PREFIX."product_attribute_combination WHERE fk_product_parent = ".((int) $fk_product_parent)." AND entity IN (".getEntity('product').")"; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php index f59b8bbc5a5..3dbdb353a3e 100644 --- a/htdocs/website/class/websitepage.class.php +++ b/htdocs/website/class/websitepage.class.php @@ -426,7 +426,7 @@ class WebsitePage extends CommonObject } $listoflang[] = "'".$this->db->escape(substr(str_replace("'", '', $tmpvalue), 0, 2))."'"; } - $stringtouse = $key." IN (".join(',', $listoflang).")"; + $stringtouse = $key." IN (".$this->db->sanitize(join(',', $listoflang)).")"; if ($foundnull) { $stringtouse = '('.$stringtouse.' OR '.$key.' IS NULL)'; } @@ -528,7 +528,7 @@ class WebsitePage extends CommonObject } $listoflang[] = "'".$this->db->escape(substr(str_replace("'", '', $tmpvalue), 0, 2))."'"; } - $stringtouse = $key." IN (".join(',', $listoflang).")"; + $stringtouse = $key." IN (".$this->db->sanitize(join(',', $listoflang)).")"; if ($foundnull) { $stringtouse = '('.$stringtouse.' OR '.$key.' IS NULL)'; }