Fix sanitizing
This commit is contained in:
parent
e5cca13ea0
commit
233aa58161
@ -3133,7 +3133,7 @@ class User extends CommonObject
|
||||
|
||||
$sql = "SELECT rowid, email, user_mobile, civility, lastname, firstname";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."user";
|
||||
$sql .= " WHERE rowid = '".$rowid."'";
|
||||
$sql .= " WHERE rowid = ".((int) $rowid);
|
||||
|
||||
$resql = $this->db->query($sql);
|
||||
if ($resql)
|
||||
|
||||
@ -170,7 +170,7 @@ class UserBankAccount extends Account
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."user_rib";
|
||||
if ($id) $sql .= " WHERE rowid = ".$id;
|
||||
if ($ref) $sql .= " WHERE label = '".$this->db->escape($ref)."'";
|
||||
if ($userid) $sql .= " WHERE fk_user = '".$userid."'";
|
||||
if ($userid) $sql .= " WHERE fk_user = ".((int) $userid);
|
||||
|
||||
$resql = $this->db->query($sql);
|
||||
if ($resql)
|
||||
|
||||
@ -229,7 +229,7 @@ if ($search_thirdparty != '') $sql .= natural_search(array('s.nom'), $search_thi
|
||||
if ($search_login != '') $sql .= natural_search("u.login", $search_login);
|
||||
if ($search_lastname != '') $sql .= natural_search("u.lastname", $search_lastname);
|
||||
if ($search_firstname != '') $sql .= natural_search("u.firstname", $search_firstname);
|
||||
if ($search_gender != '' && $search_gender != '-1') $sql .= " AND u.gender = '".$search_gender."'";
|
||||
if ($search_gender != '' && $search_gender != '-1') $sql .= natural_search("u.gender", $search_gender);
|
||||
if (is_numeric($search_employee) && $search_employee >= 0) {
|
||||
$sql .= ' AND u.employee = '.(int) $search_employee;
|
||||
}
|
||||
|
||||
@ -152,7 +152,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
|
||||
$db=$this->savdb;
|
||||
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
|
||||
$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT.'/ticket', 'files', 1, '\.php', null, 'fullname');
|
||||
$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname');
|
||||
//$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname');
|
||||
|
||||
foreach ($filesarray as $key => $file)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user