diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 23d022a4c25..4352364452b 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -718,7 +718,7 @@ class Contrat extends CommonObject $this->socid = $obj->fk_soc; $this->fk_soc = $obj->fk_soc; $this->last_main_doc = $obj->last_main_doc; - $this->extraparams = (array) json_decode($obj->extraparams, true); + $this->extraparams = (isset($obj->extraparams) ? (array) json_decode($obj->extraparams, true) : null); $this->db->free($resql); diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index 521d5ee2092..f8096ed84e9 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -664,11 +664,11 @@ class Utils * Execute a CLI command. * * @param string $command Command line to execute. - * Warning: The command line is sanitize so can't contains any redirection char '>'. Use param $redirectionfile if you need it. + * Warning: The command line is sanitize by escapeshellcmd(), except if $noescapecommand set, so can't contains any redirection char '>'. Use param $redirectionfile if you need it. * @param string $outputfile A path for an output file (used only when method is 2). For example: $conf->admin->dir_temp.'/out.tmp'; * @param int $execmethod 0=Use default method (that is 1 by default), 1=Use the PHP 'exec', 2=Use the 'popen' method * @param string $redirectionfile If defined, a redirection of output to this file is added. - * @param int $noescapecommand 1=Do not escape command. Warning: Using this parameter needs you alreay have sanitized the command. if not, it will lead to security vulnerability. + * @param int $noescapecommand 1=Do not escape command. Warning: Using this parameter needs you alreay have sanitized the $command parameter. If not, it will lead to security vulnerability. * This parameter is provided for backward compatibility with external modules. Always use 0 in core. * @param string $redirectionfileerr If defined, a redirection of error is added to this file instead of to channel 1. * @return array array('result'=>...,'output'=>...,'error'=>...). result = 0 means OK.