Fix bugs reported by scrutinizer

2017-09-12 19:03:12 +02:00 · 2017-09-12 19:03:12 +02:00 · 47d2350ad4
commit 47d2350ad4
parent 725600e000
4 changed files with 62 additions and 62 deletions
--- a/htdocs/comm/mailing/class/advtargetemailing.class.php
+++ b/htdocs/comm/mailing/class/advtargetemailing.class.php
@ -640,16 +640,16 @@ class AdvanceTargetingMailing extends CommonObject
 				$sqlwhere[]=$this->transformToSQL('t.firstname',$arrayquery['contact_firstname']);
 			}
 			if (!empty($arrayquery['contact_country']) && count($arrayquery['contact_country'])) {
-				$sqlwhere[]= " (t.fk_pays IN (".$db->escape(implode(',',$arrayquery['contact_country']))."))";
+				$sqlwhere[]= " (t.fk_pays IN (".$this->db->escape(implode(',',$arrayquery['contact_country']))."))";
 			}
 			if (!empty($arrayquery['contact_status']) && count($arrayquery['contact_status'])>0) {
-				$sqlwhere[]= " (t.statut IN (".$db->escape(implode(',',$arrayquery['contact_status']))."))";
+				$sqlwhere[]= " (t.statut IN (".$this->db->escape(implode(',',$arrayquery['contact_status']))."))";
 			}
 			if (!empty($arrayquery['contact_civility']) && count($arrayquery['contact_civility'])>0) {
-				$sqlwhere[]= " (t.civility IN ('".$db->escape(implode("','",$arrayquery['contact_civility']))."'))";
+				$sqlwhere[]= " (t.civility IN ('".$this->db->escape(implode("','",$arrayquery['contact_civility']))."'))";
 			}
 			if ($arrayquery['contact_no_email']!='') {
-				$sqlwhere[]= " (t.no_email='".$db->escape($arrayquery['contact_no_email'])."')";
+				$sqlwhere[]= " (t.no_email='".$this->db->escape($arrayquery['contact_no_email'])."')";
 			}
 			if ($arrayquery['contact_update_st_dt']!='') {
 				$sqlwhere[]= " (t.tms >= '".$this->db->idate($arrayquery['contact_update_st_dt'])."' AND t.tms <= '".$this->db->idate($arrayquery['contact_update_end_dt'])."')";
--- a/htdocs/product/class/html.formproduct.class.php
+++ b/htdocs/product/class/html.formproduct.class.php
@ -115,14 +115,14 @@ class FormProduct
 		$sql.= " WHERE e.entity IN (".getEntity('stock').")";
 		if (count($warehouseStatus))
 		{
-			$sql.= " AND e.statut IN (".$db->escape(implode(',',$warehouseStatus)).")";
+			$sql.= " AND e.statut IN (".$this->db->escape(implode(',',$warehouseStatus)).")";
 		}
 		else
 		{
 			$sql.= " AND e.statut = 1";
 		}

-		if(!empty($exclude)) $sql.= ' AND e.rowid NOT IN('.$db->escape(implode(',', $exclude)).')';
+		if(!empty($exclude)) $sql.= ' AND e.rowid NOT IN('.$this->db->escape(implode(',', $exclude)).')';

 		if ($sumStock && empty($fk_product)) $sql.= " GROUP BY e.rowid, e.label, e.description, e.fk_parent";
 		$sql.= " ORDER BY e.label";
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@ -3750,7 +3750,7 @@ class Product extends CommonObject
 		$sql.= " WHERE w.entity IN (".getEntity('stock').")";
 		$sql.= " AND w.rowid = ps.fk_entrepot";
 		$sql.= " AND ps.fk_product = ".$this->id;
-		if ($conf->global->ENTREPOT_EXTRA_STATUS && count($warehouseStatus)) $sql.= " AND w.statut IN (".$db->escape(implode(',',$warehouseStatus)).")";
+		if ($conf->global->ENTREPOT_EXTRA_STATUS && count($warehouseStatus)) $sql.= " AND w.statut IN (".$this->db->escape(implode(',',$warehouseStatus)).")";

 		dol_syslog(get_class($this)."::load_stock", LOG_DEBUG);
 		$result = $this->db->query($sql);
--- a/htdocs/projet/class/task.class.php
+++ b/htdocs/projet/class/task.class.php
@ -69,7 +69,7 @@ class Task extends CommonObject
    var $timespent_withhour;		// 1 = we entered also start hours for timesheet line
    var $timespent_fk_user;
    var $timespent_note;
-    
+
    var $comments = array();

    public $oldcopy;
@ -1783,7 +1783,7 @@ class Task extends CommonObject

        return ($datetouse > 0 && ($datetouse < ($now - $conf->projet->task->warning_delay)));
 	}
-	
+
 	/**
 	 * Return nb comments already posted
 	 *
@ -1793,21 +1793,21 @@ class Task extends CommonObject
 	{
 		return count($this->comments);
 	}
-	
+
 	/**
 	 * Load comments linked with current task
 	 *
 	 *  @return int 		        <0 if KO, 0 if not found, >0 if OK
 	 */
 	public function fetchComments()
-	{		
+	{
 		$this->comments = array();
 		$sql = "SELECT";
 		$sql.= " c.rowid";
 		$sql.= " FROM ".MAIN_DB_PREFIX."projet_task_comment as c";
 		$sql.= " WHERE c.fk_task = ".$this->id;
 		$sql.= " ORDER BY c.tms DESC";
-		
+
 		dol_syslog(get_class($this)."::fetchComments", LOG_DEBUG);
 		$resql=$this->db->query($sql);
 		if ($resql)
@ -1843,24 +1843,24 @@ class TaskComment extends CommonObject
 	public $table_element='projet_task_comment';	//!< Name of table without prefix where object is stored
 	public $fk_element='fk_task';
 	public $picto = 'task';
-	
+
 	var $fk_task;
-	
+
 	var $description;
-	
+
 	var $tms;
-	
+
 	var $datec;
-	
+
 	var $fk_user;
-	
+
 	var $entity;
-	
+
 	var $import_key;
-	
+
 	public $oldcopy;
-	
-	
+
+
 	/**
 	 *  Constructor
 	 *
@ -1870,8 +1870,8 @@ class TaskComment extends CommonObject
 	{
 		$this->db = $db;
 	}
-	
-	
+
+
 	/**
 	 *  Create into database
 	 *
@ -1882,9 +1882,9 @@ class TaskComment extends CommonObject
 	function create($user, $notrigger=0)
 	{
 		global $conf, $langs;
-		
+
 		$error=0;
-		
+
 		// Insert request
 		$sql = "INSERT INTO ".MAIN_DB_PREFIX."projet_task_comment (";
 		$sql.= "description";
@ -1901,20 +1901,20 @@ class TaskComment extends CommonObject
 		$sql.= ", ".(!empty($this->entity)?$this->entity:'1');
 		$sql.= ", ".(!empty($this->import_key)?"'".$this->import_key."'":"null");
 		$sql.= ")";
-		
-		var_dump($this->db);
-		echo $sql;
-		
+
+		//var_dump($this->db);
+		//echo $sql;
+
 		$this->db->begin();
-		
+
 		dol_syslog(get_class($this)."::create", LOG_DEBUG);
 		$resql=$this->db->query($sql);
 		if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); }
-		
+
 		if (! $error)
 		{
 			$this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."projet_task_comment");
-			
+
 			if (! $notrigger)
 			{
 				// Call trigger
@ -1923,7 +1923,7 @@ class TaskComment extends CommonObject
 				// End call triggers
 			}
 		}
-				
+
 		// Commit or rollback
 		if ($error)
 		{
@ -1941,8 +1941,8 @@ class TaskComment extends CommonObject
 			return $this->id;
 		}
 	}
-	
-	
+
+
 	/**
 	 *  Load object in memory from database
 	 *
@ -1953,7 +1953,7 @@ class TaskComment extends CommonObject
 	function fetch($id)
 	{
 		global $langs;
-		
+
 		$sql = "SELECT";
 		$sql.= " c.rowid,";
 		$sql.= " c.description,";
@ -1965,17 +1965,17 @@ class TaskComment extends CommonObject
 		$sql.= " c.import_key";
 		$sql.= " FROM ".MAIN_DB_PREFIX."projet_task_comment as c";
 		$sql.= " WHERE c.rowid = ".$id;
-		
+
 		dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
 		$resql=$this->db->query($sql);
 		if ($resql)
 		{
 			$num_rows = $this->db->num_rows($resql);
-			
+
 			if ($num_rows)
 			{
 				$obj = $this->db->fetch_object($resql);
-				
+
 				$this->id					= $obj->rowid;
 				$this->description			= $obj->description;
 				$this->datec				= $this->db->jdate($obj->datec);
@ -1985,9 +1985,9 @@ class TaskComment extends CommonObject
 				$this->entity				= $obj->entity;
 				$this->import_key			= $obj->import_key;
 			}
-			
+
 			$this->db->free($resql);
-			
+
 			if ($num_rows) return 1;
 			else return 0;
 		}
@ -1997,8 +1997,8 @@ class TaskComment extends CommonObject
 			return -1;
 		}
 	}
-	
-	
+
+
 	/**
 	 *  Update database
 	 *
@ -2006,17 +2006,17 @@ class TaskComment extends CommonObject
 	 *  @param  int		$notrigger	    0=launch triggers after, 1=disable triggers
 	 *  @return int			         	<=0 if KO, >0 if OK
 	 */
-	function update($user=null, $notrigger=0)
+	function update($user, $notrigger=0)
 	{
 		global $conf, $langs;
 		$error=0;
-		
+
 		// Clean parameters
-		if (isset($this->fk_task)) $this->fk_project=trim($this->fk_task);
-		if (isset($this->fk_user)) $this->fk_project=trim($this->fk_user);
+		if (isset($this->fk_task)) $this->fk_project=(int) trim($this->fk_task);
+		if (isset($this->fk_user)) $this->fk_user=(int) trim($this->fk_user);
 		if (isset($this->description)) $this->description=trim($this->description);
-		
-		
+
+
 		// Update request
 		$sql = "UPDATE ".MAIN_DB_PREFIX."projet_task_comment SET";
 		$sql.= " description=".(isset($this->description)?"'".$this->db->escape($this->description)."'":"null").",";
@ -2026,13 +2026,13 @@ class TaskComment extends CommonObject
 		$sql.= " entity=".(!empty($this->entity)?$this->entity:'1').",";
 		$sql.= " import_key=".(!empty($this->import_key)?"'".$this->import_key."'":"null");
 		$sql.= " WHERE rowid=".$this->id;
-		
+
 		$this->db->begin();
-		
+
 		dol_syslog(get_class($this)."::update", LOG_DEBUG);
 		$resql = $this->db->query($sql);
 		if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); }
-		
+
 		if (! $error)
 		{
 			if (! $notrigger)
@ -2043,7 +2043,7 @@ class TaskComment extends CommonObject
 				// End call triggers
 			}
 		}
-		
+
 		// Commit or rollback
 		if ($error)
 		{
@ -2061,8 +2061,8 @@ class TaskComment extends CommonObject
 			return 1;
 		}
 	}
-	
-	
+
+
 	/**
 	 *	Delete task from database
 	 *
@ -2074,17 +2074,17 @@ class TaskComment extends CommonObject
 	{
 		global $conf, $langs;
 		require_once DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php';
-		
+
 		$error=0;
-		
+
 		$this->db->begin();
-		
+
 		$sql = "DELETE FROM ".MAIN_DB_PREFIX."projet_task_comment";
 		$sql.= " WHERE rowid=".$this->id;
-		
+
 		$resql = $this->db->query($sql);
 		if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); }
-		
+
 		if (! $error)
 		{
 			if (! $notrigger)
@ -2095,7 +2095,7 @@ class TaskComment extends CommonObject
 				// End call triggers
 			}
 		}
-		
+
 		// Commit or rollback
 		if ($error)
 		{