From 94487cf411e094780f299ba4302a2edf34544215 Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Mon, 8 Aug 2016 13:43:44 +0200 Subject: [PATCH 1/3] FIX #5594 --- htdocs/core/class/extrafields.class.php | 39 ++++++++++++++----------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index d63c2536476..cf35dd1ee5c 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -675,7 +675,7 @@ class ExtraFields if ($showsize > 48) $showsize=48; } } - + if (in_array($type,array('date','datetime'))) { $tmp=explode(',',$size); @@ -812,7 +812,7 @@ class ExtraFields if (strpos($InfoFieldList[4], '$SEL$')!==false) { $InfoFieldList[4]=str_replace('$SEL$','SELECT',$InfoFieldList[4]); } - + // current object id can be use into filter if (strpos($InfoFieldList[4], '$ID$')!==false && !empty($objectid)) { $InfoFieldList[4]=str_replace('$ID$',$objectid,$InfoFieldList[4]); @@ -830,14 +830,14 @@ class ExtraFields $sqlwhere.= ' WHERE '.$InfoFieldList[4]; } } - else + else { $sqlwhere.= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. - if (in_array($InfoFieldList[0],array('tablewithentity'))) + if (in_array($InfoFieldList[0],array('tablewithentity'))) { - $sqlwhere.= ' AND entity = '.$conf->entity; + $sqlwhere.= ' AND entity = '.$conf->entity; } $sql.=$sqlwhere; //print $sql; @@ -996,19 +996,19 @@ class ExtraFields $sql = 'SELECT ' . $keyList; $sql .= ' FROM ' . MAIN_DB_PREFIX . $InfoFieldList[0]; if (! empty($InfoFieldList[4])) { - + // can use SELECT request if (strpos($InfoFieldList[4], '$SEL$')!==false) { $InfoFieldList[4]=str_replace('$SEL$','SELECT',$InfoFieldList[4]); } - + // current object id can be use into filter if (strpos($InfoFieldList[4], '$ID$')!==false && !empty($objectid)) { $InfoFieldList[4]=str_replace('$ID$',$objectid,$InfoFieldList[4]); } else { $InfoFieldList[4]=str_replace('$ID$','0',$InfoFieldList[4]); } - + // We have to join on extrafield table if (strpos($InfoFieldList[4], 'extra') !== false) { $sql .= ' as main, ' . MAIN_DB_PREFIX . $InfoFieldList[0] . '_extrafields as extra'; @@ -1020,13 +1020,13 @@ class ExtraFields $sqlwhere .= ' WHERE 1=1'; } // Some tables may have field, some other not. For the moment we disable it. - if (in_array($InfoFieldList[0], array ('tablewithentity'))) + if (in_array($InfoFieldList[0], array ('tablewithentity'))) { $sqlwhere .= ' AND entity = ' . $conf->entity; } // $sql.=preg_replace('/^ AND /','',$sqlwhere); // print $sql; - + $sql .= $sqlwhere; dol_syslog(get_class($this) . '::showInputField type=chkbxlst',LOG_DEBUG); $resql = $this->db->query($sql); @@ -1232,7 +1232,12 @@ class ExtraFields { $sql.= ' as main'; } - $sql.= " WHERE ".$selectkey."='".$this->db->escape($value)."'"; + if ($selectkey=='rowid') { + $sql.= " WHERE ".$selectkey."=".$this->db->escape($value); + } else { + $sql.= " WHERE ".$selectkey."='".$this->db->escape($value)."'"; + } + //$sql.= ' AND entity = '.$conf->entity; dol_syslog(get_class($this).':showOutputField:$type=sellist', LOG_DEBUG); @@ -1391,10 +1396,10 @@ class ExtraFields $showsize=round($size); if ($showsize > 48) $showsize=48; } - + //print $type.'-'.$size; $out=$value; - + return $out; } @@ -1411,7 +1416,7 @@ class ExtraFields $type=$this->attribute_type[$key]; $align=''; - + if ($type == 'date') { $align="center"; @@ -1440,10 +1445,10 @@ class ExtraFields { $align="center"; } - + return $align; } - + /** * Return HTML string to print separator extrafield * @@ -1523,7 +1528,7 @@ class ExtraFields return 0; } } - + /** * return array_options array for object by extrafields value (using for data send by forms) * From 15f187c466f4ab64576fb11cc1c16e57580043dd Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Mon, 8 Aug 2016 13:54:03 +0200 Subject: [PATCH 2/3] better test --- htdocs/core/class/extrafields.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index cf35dd1ee5c..237f1a36b81 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1232,7 +1232,7 @@ class ExtraFields { $sql.= ' as main'; } - if ($selectkey=='rowid') { + if ($selectkey=='rowid' && is_int($value)) { $sql.= " WHERE ".$selectkey."=".$this->db->escape($value); } else { $sql.= " WHERE ".$selectkey."='".$this->db->escape($value)."'"; From 90cb71f34185c60f76fac15767d06dcab12fc542 Mon Sep 17 00:00:00 2001 From: florian HENRY Date: Mon, 8 Aug 2016 13:54:51 +0200 Subject: [PATCH 3/3] revert better fix --- htdocs/core/class/extrafields.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/extrafields.class.php b/htdocs/core/class/extrafields.class.php index 237f1a36b81..cf35dd1ee5c 100644 --- a/htdocs/core/class/extrafields.class.php +++ b/htdocs/core/class/extrafields.class.php @@ -1232,7 +1232,7 @@ class ExtraFields { $sql.= ' as main'; } - if ($selectkey=='rowid' && is_int($value)) { + if ($selectkey=='rowid') { $sql.= " WHERE ".$selectkey."=".$this->db->escape($value); } else { $sql.= " WHERE ".$selectkey."='".$this->db->escape($value)."'";