lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix sanitizing

Browse Source
This commit is contained in:
Laurent Destailleur 2020-09-20 03:36:02 +02:00
parent e5cca13ea0
commit 233aa58161
4 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/user/class/user.class.php
View File

@ -3133,7 +3133,7 @@ class User extends CommonObject
$sql = "SELECT rowid, email, user_mobile, civility, lastname, firstname";
$sql .= " FROM ".MAIN_DB_PREFIX."user";
$sql .= " WHERE rowid = '".$rowid."'";
$sql .= " WHERE rowid = ".((int) $rowid);
$resql = $this->db->query($sql);
if ($resql)

2
htdocs/user/class/userbankaccount.class.php
View File

@ -170,7 +170,7 @@ class UserBankAccount extends Account
$sql .= " FROM ".MAIN_DB_PREFIX."user_rib";
if ($id) $sql .= " WHERE rowid = ".$id;
if ($ref) $sql .= " WHERE label = '".$this->db->escape($ref)."'";
if ($userid) $sql .= " WHERE fk_user = '".$userid."'";
if ($userid) $sql .= " WHERE fk_user = ".((int) $userid);
$resql = $this->db->query($sql);
if ($resql)

2
htdocs/user/list.php
View File

@ -229,7 +229,7 @@ if ($search_thirdparty != '') $sql .= natural_search(array('s.nom'), $search_thi
if ($search_login != '') $sql .= natural_search("u.login", $search_login);
if ($search_lastname != '') $sql .= natural_search("u.lastname", $search_lastname);
if ($search_firstname != '') $sql .= natural_search("u.firstname", $search_firstname);
if ($search_gender != '' && $search_gender != '-1') $sql .= " AND u.gender = '".$search_gender."'";
if ($search_gender != '' && $search_gender != '-1') $sql .= natural_search("u.gender", $search_gender);
if (is_numeric($search_employee) && $search_employee >= 0) {
$sql .= ' AND u.employee = '.(int) $search_employee;
}

2
test/phpunit/CodingPhpTest.php
View File

@ -152,7 +152,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
$db=$this->savdb;
include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT.'/ticket', 'files', 1, '\.php', null, 'fullname');
$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname');
//$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname');
foreach ($filesarray as $key => $file)