lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into 14a27

Browse Source
This commit is contained in:
Alexandre SPANGARO 2021-03-30 22:05:03 +02:00
commit 4e30481fa2
241 changed files with 1528 additions and 805 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/CODE_OF_CONDUCT.md vendored
View File

@ -77,8 +77,8 @@ contact@dolibarr.org
## 10. License and attribution
This Code of Conduct is distributed under a [Creative Commons Attribution-ShareAlike license](http://creativecommons.org/licenses/by-sa/3.0/).
This Code of Conduct is distributed under a [Creative Commons Attribution-ShareAlike license](https://creativecommons.org/licenses/by-sa/3.0/).
Portions of text derived from the [Django Code of Conduct](https://www.djangoproject.com/conduct/) and the [Geek Feminism Anti-Harassment Policy](http://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Policy).
Portions of text derived from the [Django Code of Conduct](https://www.djangoproject.com/conduct/) and the [Geek Feminism Anti-Harassment Policy](https://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Policy).
Retrieved on November 22, 2016 from [http://citizencodeofconduct.org/](http://citizencodeofconduct.org/)
Retrieved on November 22, 2016 from [https://citizencodeofconduct.org/](http://citizencodeofconduct.org/)

2
COPYING
View File

@ -1,7 +1,7 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.

2
htdocs/accountancy/admin/account.php
View File

@ -218,7 +218,7 @@ if ($db->type == 'pgsql') {
} else {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = aa.account_parent AND a2.entity = ".$conf->entity;
}
$sql .= " WHERE asy.rowid = ".$pcgver;
$sql .= " WHERE asy.rowid = ".((int) $pcgver);
//print $sql;
if (strlen(trim($search_account))) {
$lengthpaddingaccount = 0;

2
htdocs/accountancy/admin/categories_list.php
View File

@ -149,7 +149,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
// Check that all fields are filled
$ok = 1;
foreach ($listfield as $f => $value) {
if ($value == 'formula' && empty($_POST['formula'])) {
if ($value == 'formula' && !GETPOST('formula')) {
continue;
}
if ($value == 'range_account' && empty($_POST['range_account'])) {

10
htdocs/accountancy/admin/productaccount.php
View File

@ -189,13 +189,13 @@ if ($action == 'update') {
$db->begin();
if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) {
$sql = "INSERT INTO " . MAIN_DB_PREFIX . "product_perentity (fk_product, entity, " . $accountancy_field_name . ")";
$sql .= " VALUES (" . ((int) $productid) . ", " . ((int) $conf->entity) . ", " . $accounting->account_number . ")";
$sql .= " ON DUPLICATE KEY UPDATE " . $accountancy_field_name . " = " . $accounting->account_number;
$sql = "INSERT INTO ".MAIN_DB_PREFIX."product_perentity (fk_product, entity, '".$db->escape($accountancy_field_name)."')";
$sql .= " VALUES (".((int) $productid).", ".((int) $conf->entity).", '".$db->escape($accounting->account_number)."')";
$sql .= " ON DUPLICATE KEY UPDATE ".$accountancy_field_name." = '".$db->escape($accounting->account_number)."'";
} else {
$sql = " UPDATE ".MAIN_DB_PREFIX."product";
$sql .= " SET " . $accountancy_field_name . " = " . $accounting->account_number;
$sql .= " WHERE rowid = " . ((int) $productid);
$sql .= " SET ".$accountancy_field_name." = '".$db->escape($accounting->account_number)."'";
$sql .= " WHERE rowid = ".((int) $productid);
}
dol_syslog("/accountancy/admin/productaccount.php sql=".$sql, LOG_DEBUG);

2
htdocs/accountancy/bookkeeping/list.php
View File

@ -520,7 +520,7 @@ if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->ex
$sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping";
$sql .= " SET date_export = '".$db->idate($now)."'";
$sql .= " , date_validated = '".$db->idate($now)."'";
$sql .= " WHERE rowid = ".$movement->id;
$sql .= " WHERE rowid = ".((int) $movement->id);
dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported sql=".$sql, LOG_DEBUG);
$result = $db->query($sql);

4
htdocs/accountancy/class/accountancycategory.class.php
View File

@ -428,7 +428,7 @@ class AccountancyCategory // extends CommonObject
global $conf;
$sql = "SELECT t.rowid, t.account_number, t.label";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t";
$sql .= " WHERE t.fk_accounting_category = ".$id;
$sql .= " WHERE t.fk_accounting_category = ".((int) $id);
$sql .= " AND t.entity = ".$conf->entity;
$this->lines_display = array();
@ -863,7 +863,7 @@ class AccountancyCategory // extends CommonObject
if (!empty($cat_id)) {
$sql = "SELECT t.rowid, t.account_number, t.label as account_label";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t";
$sql .= " WHERE t.fk_accounting_category = ".$cat_id;
$sql .= " WHERE t.fk_accounting_category = ".((int) $cat_id);
$sql .= " AND t.entity = ".$conf->entity;
$sql .= " ORDER BY t.account_number";
} else {

4
htdocs/accountancy/class/accountancyexport.class.php
View File

@ -1644,7 +1644,7 @@ class AccountancyExport
// Get new customer invoice ref and company name
$sql = 'SELECT f.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture as f';
$sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON f.fk_soc = s.rowid';
$sql .= ' WHERE f.rowid = ' . $line->fk_doc;
$sql .= ' WHERE f.rowid = '.((int) $line->fk_doc);
$resql = $this->db->query($sql);
if ($resql) {
if ($obj = $this->db->fetch_object($resql)) {
@ -1658,7 +1658,7 @@ class AccountancyExport
// Get new supplier invoice ref and company name
$sql = 'SELECT ff.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture_fourn as ff';
$sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON ff.fk_soc = s.rowid';
$sql .= ' WHERE ff.rowid = ' . $line->fk_doc;
$sql .= ' WHERE ff.rowid = '.((int) $line->fk_doc);
$resql = $this->db->query($sql);
if ($resql) {
if ($obj = $this->db->fetch_object($resql)) {

6
htdocs/accountancy/closure/index.php
View File

@ -91,9 +91,9 @@ if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting-
$sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping";
$sql .= " SET date_validated = '".$db->idate($now)."'";
$sql .= " WHERE rowid = ".$movement->id;
$sql .= " AND doc_date >= '" . dol_print_date($date_start, 'dayrfc') . "'";
$sql .= " AND doc_date <= '" . dol_print_date($date_end, 'dayrfc') . "'";
$sql .= " WHERE rowid = ".((int) $movement->id);
$sql .= " AND doc_date >= '" . $db->idate($date_start) . "'";
$sql .= " AND doc_date <= '" . $db->idate($date_end) . "'";
dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated sql=".$sql, LOG_DEBUG);
$result = $db->query($sql);

2
htdocs/accountancy/customer/card.php
View File

@ -61,7 +61,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) {
}
$sql = " UPDATE ".MAIN_DB_PREFIX."facturedet";
$sql .= " SET fk_code_ventilation = ".$codeventil;
$sql .= " SET fk_code_ventilation = ".((int) $codeventil);
$sql .= " WHERE rowid = ".((int) $id);
$resql = $db->query($sql);

4
htdocs/accountancy/customer/index.php
View File

@ -207,8 +207,8 @@ if ($action == 'validatehistory') {
if ($objp->aarowid_suggest > 0) {
$sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facturedet";
$sqlupdate .= " SET fk_code_ventilation = ".$objp->aarowid_suggest;
$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid;
$sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest);
$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid);
$resqlupdate = $db->query($sqlupdate);
if (!$resqlupdate) {

2
htdocs/accountancy/expensereport/card.php
View File

@ -64,7 +64,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) {
}
$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det";
$sql .= " SET fk_code_ventilation = ".$codeventil;
$sql .= " SET fk_code_ventilation = ".((int) $codeventil);
$sql .= " WHERE rowid = ".((int) $id);
$resql = $db->query($sql);

4
htdocs/accountancy/expensereport/list.php
View File

@ -153,8 +153,8 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) {
$ko++;
} else {
$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det";
$sql .= " SET fk_code_ventilation = ".$monCompte;
$sql .= " WHERE rowid = ".$monId;
$sql .= " SET fk_code_ventilation = ".((int) $monCompte);
$sql .= " WHERE rowid = ".((int) $monId);
$accountventilated = new AccountingAccount($db);
$accountventilated->fetch($monCompte, '', 1);

2
htdocs/accountancy/journal/bankjournal.php
View File

@ -421,7 +421,7 @@ if ($result) {
//$tabtp[$obj->rowid][$account_pay_loan] += $obj->amount;
$sqlmid = 'SELECT pl.amount_capital, pl.amount_insurance, pl.amount_interest, l.accountancy_account_capital, l.accountancy_account_insurance, l.accountancy_account_interest';
$sqlmid .= ' FROM '.MAIN_DB_PREFIX.'payment_loan as pl, '.MAIN_DB_PREFIX.'loan as l';
$sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.$obj->rowid;
$sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.((int) $obj->rowid);
dol_syslog("accountancy/journal/bankjournal.php:: sqlmid=".$sqlmid, LOG_DEBUG);
$resultmid = $db->query($sqlmid);

2
htdocs/accountancy/supplier/card.php
View File

@ -64,7 +64,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) {
}
$sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
$sql .= " SET fk_code_ventilation = ".$codeventil;
$sql .= " SET fk_code_ventilation = ".((int) $codeventil);
$sql .= " WHERE rowid = ".((int) $id);
$resql = $db->query($sql);

4
htdocs/accountancy/supplier/index.php
View File

@ -193,8 +193,8 @@ if ($action == 'validatehistory') {
if ($objp->aarowid_suggest > 0) {
$sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
$sqlupdate .= " SET fk_code_ventilation = ".$objp->aarowid_suggest;
$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid;
$sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest);
$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid);
$resqlupdate = $db->query($sqlupdate);
if (!$resqlupdate) {

4
htdocs/accountancy/supplier/list.php
View File

@ -177,8 +177,8 @@ if ($massaction == 'ventil') {
$ko++;
} else {
$sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
$sql .= " SET fk_code_ventilation = ".$monCompte;
$sql .= " WHERE rowid = ".$monId;
$sql .= " SET fk_code_ventilation = ".((int) $monCompte);
$sql .= " WHERE rowid = ".((int) $monId);
$accountventilated = new AccountingAccount($db);
$accountventilated->fetch($monCompte, '', 1);

2
htdocs/adherents/canvas/actions_adherentcard_common.class.php
View File

@ -273,7 +273,7 @@ abstract class ActionsAdherentCardCommon
// We set country_id, and country_code label of the chosen country
if ($this->object->country_id) {
$sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id;
$sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

10
htdocs/adherents/class/adherent.class.php
View File

@ -692,7 +692,7 @@ class Adherent extends CommonObject
$sql .= ", datevalid = '".$this->db->idate($this->datevalid)."'"; // Must be modified only when validating a member
}
$sql .= ", fk_user_mod = ".($user->id > 0 ? $user->id : 'null'); // Can be null because member can be create by a guest
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
// If we change the type of membership, we set also label of new type
if (!empty($this->oldcopy) && $this->typeid != $this->oldcopy->typeid) {
@ -964,7 +964,7 @@ class Adherent extends CommonObject
}
// Remove category
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".((int) $rowid);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -975,7 +975,7 @@ class Adherent extends CommonObject
// Remove subscription
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".((int) $rowid);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1007,7 +1007,7 @@ class Adherent extends CommonObject
// Remove adherent
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".((int) $rowid);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1154,7 +1154,7 @@ class Adherent extends CommonObject
// Set link to user
if ($userid > 0) {
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id);
$sql .= " WHERE rowid = ".$userid;
$sql .= " WHERE rowid = ".((int) $userid);
dol_syslog(get_class($this)."::setUserId", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {

2
htdocs/adherents/class/adherent_type.class.php
View File

@ -425,7 +425,7 @@ class AdherentType extends CommonObject
$error = 0;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent_type";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {

2
htdocs/adherents/class/adherentstats.class.php
View File

@ -72,7 +72,7 @@ class AdherentStats extends Stats
$this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")";
//if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
if ($this->memberid) {
$this->where .= " AND m.rowid = ".$this->memberid;
$this->where .= " AND m.rowid = ".((int) $this->memberid);
}
//if ($this->userid > 0) $this->where.=' AND fk_user_author = '.$this->userid;
}

4
htdocs/adherents/type_translation.php
View File

@ -15,8 +15,8 @@
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
* or see http://www.gnu.org/
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**

2
htdocs/admin/boxes.php
View File

@ -93,7 +93,7 @@ if ($action == 'add') {
$arrayofexistingboxid = array();
$nbboxonleft = $nbboxonright = 0;
$sql = "SELECT box_id, box_order FROM ".MAIN_DB_PREFIX."boxes";
$sql .= " WHERE position = ".$pos." AND fk_user = ".$fk_user." AND entity = ".$conf->entity;
$sql .= " WHERE position = ".((int) $pos)." AND fk_user = ".((int) $fk_user)." AND entity = ".((int) $conf->entity);
dol_syslog("boxes.php activate box", LOG_DEBUG);
$resql = $db->query($sql);
if ($resql) {

4
htdocs/admin/dict.php
View File

@ -1915,10 +1915,10 @@ if ($id) {
$showfield = 0;
} elseif ($fieldlist[$field] == 'unicode') {
$valuetoshow = $langs->getCurrencySymbol($obj->code, 1);
} elseif ($fieldlist[$field] == 'label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') {
} elseif ($fieldlist[$field] == 'label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') {
$langs->load("products");
$valuetoshow = $langs->trans($obj->{$fieldlist[$field]});
} elseif ($fieldlist[$field] == 'short_label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') {
} elseif ($fieldlist[$field] == 'short_label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') {
$langs->load("products");
$valuetoshow = $langs->trans($obj->{$fieldlist[$field]});
} elseif (($fieldlist[$field] == 'unit') && ($tabname[$id] == MAIN_DB_PREFIX.'c_paper_format')) {

6
htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php
View File

@ -7,7 +7,7 @@
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* https://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@prestashop.com so we can send you a copy immediately.
@ -16,11 +16,11 @@
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to http://www.prestashop.com for more information.
* needs please refer to https://www.prestashop.com for more information.
*
* @author PrestaShop SA <contact@prestashop.com>
* @copyright 2007-2013 PrestaShop SA
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
* @license https://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
* International Registered Trademark & Property of PrestaShop SA
* PrestaShop Webservice Library
* @package PrestaShopWebservice

2
htdocs/admin/external_rss.php
View File

@ -140,7 +140,7 @@ if (GETPOST("delete")) {
$resql = $db->query($sql);
$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def";
$sql .= " WHERE rowid = ".$obj->rowid;
$sql .= " WHERE rowid = ".((int) $obj->rowid);
$resql = $db->query($sql);
if (!$resql) {

16
htdocs/admin/menus/index.php
View File

@ -111,13 +111,13 @@ if ($action == 'up') {
}
$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m";
$sql .= " SET m.position = ".$previous['order'];
$sql .= " WHERE m.rowid = ".$current['rowid']; // Up the selected entry
$sql .= " SET m.position = ".((int) $previous['order']);
$sql .= " WHERE m.rowid = ".((int) $current['rowid']); // Up the selected entry
dol_syslog("admin/menus/index.php ".$sql);
$db->query($sql);
$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m";
$sql .= " SET m.position = ".($current['order'] != $previous['order'] ? $current['order'] : $current['order'] + 1);
$sql .= " WHERE m.rowid = ".$previous['rowid']; // Descend celui du dessus
$sql .= " SET m.position = ".((int) ($current['order'] != $previous['order'] ? $current['order'] : $current['order'] + 1));
$sql .= " WHERE m.rowid = ".((int) $previous['rowid']); // Descend celui du dessus
dol_syslog("admin/menus/index.php ".$sql);
$db->query($sql);
} elseif ($action == 'down') {
@ -162,13 +162,13 @@ if ($action == 'up') {
}
$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m";
$sql .= " SET m.position = ".($current['order'] != $next['order'] ? $next['order'] : $current['order'] + 1); // Down the selected entry
$sql .= " WHERE m.rowid = ".$current['rowid'];
$sql .= " SET m.position = ".((int) ($current['order'] != $next['order'] ? $next['order'] : $current['order'] + 1)); // Down the selected entry
$sql .= " WHERE m.rowid = ".((int) $current['rowid']);
dol_syslog("admin/menus/index.php ".$sql);
$db->query($sql);
$sql = "UPDATE ".MAIN_DB_PREFIX."menu as m"; // Up the next entry
$sql .= " SET m.position = ".$current['order'];
$sql .= " WHERE m.rowid = ".$next['rowid'];
$sql .= " SET m.position = ".((int) $current['order']);
$sql .= " WHERE m.rowid = ".((int) $next['rowid']);
dol_syslog("admin/menus/index.php ".$sql);
$db->query($sql);
} elseif ($action == 'confirm_delete' && $confirm == 'yes') {

4
htdocs/admin/perms.php
View File

@ -159,8 +159,8 @@ if ($result) {
// TODO Define familyposition
$family = (!empty($modules[$obj->module]->family_position) ? $modules[$obj->module]->family_position : '');
$familyposition = 0;
$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".$modules[$obj->module]->module_position.",";
$sqlupdate .= " family_position = ".$familyposition;
$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".((int) $modules[$obj->module]->module_position).",";
$sqlupdate .= " family_position = ".((int) $familyposition);
$sqlupdate .= " WHERE module_position = 0 AND module = '".$db->escape($obj->module)."'";
$db->query($sqlupdate);
}

2
htdocs/admin/sms.php
View File

@ -156,7 +156,7 @@ asort($listofmethods);
if (!count($listofmethods)) {
$descnosms = $langs->trans("NoSmsEngine", '{Dolistore}');
$descnosms = str_replace('{Dolistore}', '<a href="http://www.dolistore.com/search.php?orderby=position&orderway=desc&search_query=smsmanager">DoliStore</a>', $descnosms);
$descnosms = str_replace('{Dolistore}', '<a href="https://www.dolistore.com/search.php?orderby=position&orderway=desc&search_query=smsmanager">DoliStore</a>', $descnosms);
print '<div class="warning">'.$descnosms.'</div>';
}

11
htdocs/admin/stock.php
View File

@ -673,6 +673,17 @@ if (!empty($conf->global->MAIN_DEFAULT_WAREHOUSE_USER)) {
print "</td>\n";
print "</tr>\n";
}
print '<tr class="oddeven">';
print '<td>'.$langs->trans("WarehouseAskWarehouseOnThirparty").'</td>';
print '<td class="right">';
if ($conf->use_javascript_ajax) {
print ajax_constantonoff('SOCIETE_ASK_FOR_WAREHOUSE');
} else {
$arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes"));
print $form->selectarray("SOCIETE_ASK_FOR_WAREHOUSE", $arrval, $conf->global->SOCIETE_ASK_FOR_WAREHOUSE);
}
print '<tr class="oddeven">';
print '<td>'.$langs->trans("WarehouseAskWarehouseDuringPropal").'</td>';
print '<td class="right">';

2
htdocs/admin/translation.php
View File

@ -168,7 +168,7 @@ if ($action == 'add') {
// Delete line from delete picto
if ($action == 'delete') {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."overwrite_trans WHERE rowid = ".$db->escape($id);
$sql = "DELETE FROM ".MAIN_DB_PREFIX."overwrite_trans WHERE rowid = ".((int) $id);
$result = $db->query($sql);
if ($result >= 0) {
setEventMessages($langs->trans("RecordDeleted"), null, 'mesgs');

22
htdocs/api/class/api_setup.class.php
View File

@ -73,7 +73,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid, code, libelle as label, module";
$sql .= " FROM ".MAIN_DB_PREFIX."c_input_method as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {
@ -136,7 +136,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid, code, label, module";
$sql .= " FROM ".MAIN_DB_PREFIX."c_input_reason as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {
@ -539,7 +539,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid, code, label";
$sql .= " FROM ".MAIN_DB_PREFIX."c_availability as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {
@ -648,7 +648,7 @@ class Setup extends DolibarrApi
$sql = "SELECT id, code, type, libelle as label, module";
$sql .= " FROM ".MAIN_DB_PREFIX."c_actioncomm as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
if ($type) {
$sql .= " AND t.type LIKE '%".$this->db->escape($type)."%'";
}
@ -714,7 +714,7 @@ class Setup extends DolibarrApi
$sql = "SELECT id, code, label, accountancy_code, active, module, position";
$sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
if ($module) {
$sql .= " AND t.module LIKE '%".$this->db->escape($module)."%'";
}
@ -778,7 +778,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid, code, element as type, libelle as label, source, module, position";
$sql .= " FROM ".MAIN_DB_PREFIX."c_type_contact as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
if ($type) {
$sql .= " AND type LIKE '%".$this->db->escape($type)."%'";
}
@ -843,7 +843,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid, code, label, module";
$sql .= " FROM ".MAIN_DB_PREFIX."c_civility as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
if ($module) {
$sql .= " AND t.module LIKE '%".$this->db->escape($module)."%'";
}
@ -911,7 +911,7 @@ class Setup extends DolibarrApi
$sql .= " JOIN ".MAIN_DB_PREFIX."multicurrency as m ON m.code=t.code_iso";
$sql .= " JOIN ".MAIN_DB_PREFIX."multicurrency_rate as cr ON (m.rowid = cr.fk_multicurrency)";
}
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
if (!empty($multicurrency)) {
$sql .= " AND m.entity IN (".getEntity('multicurrency').")";
if (!empty($multicurrency) && $multicurrency != 2) {
@ -1242,7 +1242,7 @@ class Setup extends DolibarrApi
//TODO link with multicurrency module
$sql = "SELECT t.rowid, t.code, t.label,t.short_label, t.active, t.scale, t.unit_type";
$sql .= " FROM ".MAIN_DB_PREFIX."c_units as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {
@ -1365,7 +1365,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid, code, pos, label, use_default, description";
$sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_category as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {
@ -1423,7 +1423,7 @@ class Setup extends DolibarrApi
$sql = "SELECT rowid, code, pos, label, use_default, color, description";
$sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_severity as t";
$sql .= " WHERE t.active = ".$active;
$sql .= " WHERE t.active = ".((int) $active);
// Add sql filters
if ($sqlfilters) {
if (!DolibarrApi::_checkFilters($sqlfilters)) {

2
htdocs/asset/class/asset_type.class.php
View File

@ -238,7 +238,7 @@ class AssetType extends CommonObject
$error = 0;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."asset_type";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {

2
htdocs/cashdesk/affContenu.php
View File

@ -26,7 +26,7 @@
require_once 'class/Facturation.class.php';
// Si nouvelle vente, reinitialisation des donnees (destruction de l'objet et vidage de la table contenant la liste des articles)
if ($_GET['id'] == 'NOUV') {
if (GETPOST('id', 'int') == 'NOUV') {
unset($_SESSION['serObjFacturation']);
unset($_SESSION['poscart']);
}

4
htdocs/categories/class/categorie.class.php
View File

@ -604,7 +604,7 @@ class Categorie extends CommonObject
/* FIX #1317 : Check for child category and move up 1 level*/
if (!$error) {
$sql = "UPDATE ".MAIN_DB_PREFIX."categorie";
$sql .= " SET fk_parent = ".$this->fk_parent;
$sql .= " SET fk_parent = ".((int) $this->fk_parent);
$sql .= " WHERE fk_parent = ".$this->id;
if (!$this->db->query($sql)) {
@ -869,7 +869,7 @@ class Categorie extends CommonObject
public function containsObject($type, $object_id)
{
$sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]);
$sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".$object_id;
$sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id);
dol_syslog(get_class($this)."::containsObject", LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {

2
htdocs/comm/action/class/actioncomm.class.php
View File

@ -1367,7 +1367,7 @@ class ActionComm extends CommonObject
$sql .= ' fk_user_author,';
$sql .= ' fk_user_mod';
$sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a';
$sql .= ' WHERE a.id = '.$id;
$sql .= ' WHERE a.id = '.((int) $id);
dol_syslog(get_class($this)."::info", LOG_DEBUG);
$result = $this->db->query($sql);

2
htdocs/comm/mailing/card.php
View File

@ -149,7 +149,7 @@ if (empty($reshook)) {
// or sent in error (statut=-1)
$sql = "SELECT mc.rowid, mc.fk_mailing, mc.lastname, mc.firstname, mc.email, mc.other, mc.source_url, mc.source_id, mc.source_type, mc.tag";
$sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc";
$sql .= " WHERE mc.statut < 1 AND mc.fk_mailing = ".$object->id;
$sql .= " WHERE mc.statut < 1 AND mc.fk_mailing = ".((int) $object->id);
$sql .= " ORDER BY mc.statut DESC"; // first status 0, then status -1
dol_syslog("card.php: select targets", LOG_DEBUG);

8
htdocs/comm/mailing/class/advtargetemailing.class.php
View File

@ -284,9 +284,9 @@ class AdvanceTargetingMailing extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t";
if (!empty($id)) {
$sql .= " WHERE t.fk_element = ".$id." AND type_element='mailing'";
$sql .= " WHERE t.fk_element = ".((int) $id)." AND type_element = 'mailing'";
} else {
$sql .= " WHERE t.fk_element = ".$this->fk_element." AND type_element='mailing'";
$sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = 'mailing'";
}
dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);
@ -347,9 +347,9 @@ class AdvanceTargetingMailing extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t";
if (!empty($id)) {
$sql .= " WHERE t.fk_element = ".$id." AND type_element='$type_element'";
$sql .= " WHERE t.fk_element = ".((int) $id)." AND type_element = '".$this->db->escape($type_element)."'";
} else {
$sql .= " WHERE t.fk_element = ".$this->fk_element." AND type_element='$type_element'";
$sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = '".$this->db->escape($type_element)."'";
}
dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);

4
htdocs/comm/mailing/class/mailing.class.php
View File

@ -427,7 +427,7 @@ class Mailing extends CommonObject
$sql .= " source_id ,";
$sql .= " source_type";
$sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles";
$sql .= " WHERE fk_mailing = ".$fromid;
$sql .= " WHERE fk_mailing = ".((int) $fromid);
$result = $this->db->query($sql);
if ($result) {
@ -499,7 +499,7 @@ class Mailing extends CommonObject
public function delete($rowid)
{
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing";
$sql .= " WHERE rowid = ".$rowid;
$sql .= " WHERE rowid = ".((int) $rowid);
dol_syslog("Mailing::delete", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/comm/propal/card.php
View File

@ -644,7 +644,7 @@ if (empty($reshook)) {
if ($object->statut == $object::STATUS_VALIDATED) {
$db->begin();
$result = $object->cloture($user, GETPOST('statut', 'int'), GETPOST('note_private', 'restricthtml'));
$result = $object->signature($user, GETPOST('statut', 'int'), GETPOST('note_private', 'restricthtml'));
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
$error++;

150
htdocs/comm/propal/class/propal.class.php
View File

@ -140,6 +140,16 @@ class Propal extends CommonObject
*/
public $date_validation;
/**
* @var integer|string $date_signature;
*/
public $date_signature;
/**
* @var User $user_signature
*/
public $user_signature;
/**
* @var integer|string date of the quote;
*/
@ -1232,7 +1242,7 @@ class Propal extends CommonObject
/*if (! $error && $this->fk_delivery_address)
{
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql.= " SET fk_delivery_address = ".$this->fk_delivery_address;
$sql.= " SET fk_delivery_address = ".((int) $this->fk_delivery_address);
$sql.= " WHERE ref = '".$this->db->escape($this->ref)."'";
$sql.= " AND entity = ".setEntity($this);
@ -2203,7 +2213,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
$sql .= " SET fk_input_reason = ".$id;
$sql .= " SET fk_input_reason = ".((int) $id);
$sql .= " WHERE rowid = ".$this->id;
dol_syslog(__METHOD__, LOG_DEBUG);
@ -2322,13 +2332,13 @@ class Propal extends CommonObject
$remise = trim($remise) ?trim($remise) : 0;
if (!empty($user->rights->propal->creer)) {
$remise = price2num($remise);
$remise = price2num($remise, 2);
$error = 0;
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".$remise;
$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".((float) $remise);
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
@ -2380,17 +2390,18 @@ class Propal extends CommonObject
public function set_remise_absolue($user, $remise, $notrigger = 0)
{
// phpcs:enable
$remise = trim($remise) ?trim($remise) : 0;
if (empty($remise)) {
$remise = 0;
}
$remise = price2num($remise);
if (!empty($user->rights->propal->creer)) {
$remise = price2num($remise);
$error = 0;
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
$sql .= " SET remise_absolue = ".$remise;
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET remise_absolue = ".((float) $remise);
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
@ -2435,19 +2446,17 @@ class Propal extends CommonObject
* Reopen the commercial proposal
*
* @param User $user Object user that close
* @param int $statut Statut
* @param int $status Status
* @param string $note Comment
* @param int $notrigger 1=Does not execute triggers, 0= execute triggers
* @return int <0 if KO, >0 if OK
*/
public function reopen($user, $statut, $note = '', $notrigger = 0)
public function reopen($user, $status, $note = '', $notrigger = 0)
{
$this->statut = $statut;
$error = 0;
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_statut = ".$this->statut.",";
$sql .= " SET fk_statut = ".$status.",";
if (!empty($note)) {
$sql .= " note_private = '".$this->db->escape($note)."',";
}
@ -2484,11 +2493,105 @@ class Propal extends CommonObject
$this->db->rollback();
return -1 * $error;
} else {
$this->statut = $status;
$this->status = $status;
$this->db->commit();
return 1;
}
}
/**
* Sign the commercial proposal
*
* @param User $user Object user that close
* @param int $statut Status
* @param string $note Complete private note with this note
* @param int $notrigger 1=Does not execute triggers, 0=Execute triggers
* @return int <0 if KO, >0 if OK
*/
public function signature($user, $statut, $note = '', $notrigger = 0)
{
global $langs,$conf;
$error = 0;
$now = dol_now();
$this->db->begin();
$newprivatenote = dol_concatdesc($this->note_private, $note);
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_statut = ".$statut.", note_private = '".$this->db->escape($newprivatenote)."', date_signature='".$this->db->idate($now)."', fk_user_signature=".$user->id;
$sql .= " WHERE rowid = ".$this->id;
$resql = $this->db->query($sql);
if ($resql) {
$modelpdf = $conf->global->PROPALE_ADDON_PDF_ODT_CLOSED ? $conf->global->PROPALE_ADDON_PDF_ODT_CLOSED : $this->model_pdf;
$trigger_name = 'PROPAL_CLOSE_REFUSED';
if ($statut == self::STATUS_SIGNED) {
$trigger_name = 'PROPAL_CLOSE_SIGNED';
$modelpdf = $conf->global->PROPALE_ADDON_PDF_ODT_TOBILL ? $conf->global->PROPALE_ADDON_PDF_ODT_TOBILL:$this->model_pdf;
// The connected company is classified as a client
$soc=new Societe($this->db);
$soc->id = $this->socid;
$result = $soc->set_as_client();
if ($result < 0) {
$this->error=$this->db->lasterror();
$this->db->rollback();
return -2;
}
}
if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) {
// Define output language
$outputlangs = $langs;
if (!empty($conf->global->MAIN_MULTILANGS)) {
$outputlangs = new Translate("", $conf);
$newlang = (GETPOST('lang_id', 'aZ09') ? GETPOST('lang_id', 'aZ09') : $this->thirdparty->default_lang);
$outputlangs->setDefaultLang($newlang);
}
//$ret=$object->fetch($id); // Reload to get new records
$this->generateDocument($modelpdf, $outputlangs);
}
if (!$error) {
$this->oldcopy= clone $this;
$this->statut = $statut;
$this->date_signature = $now;
$this->note_private = $newprivatenote;
}
if (!$notrigger && empty($error)) {
// Call trigger
$result=$this->call_trigger($trigger_name, $user);
if ($result < 0) {
$error++;
}
// End call triggers
}
if (!$error ) {
$this->db->commit();
return 1;
} else {
$this->statut = $this->oldcopy->statut;
$this->date_signature = $this->oldcopy->date_signature;
$this->note_private = $this->oldcopy->note_private;
$this->db->rollback();
return -1;
}
} else {
$this->error=$this->db->lasterror();
$this->db->rollback();
return -1;
}
}
/**
* Close the commercial proposal
@ -2511,7 +2614,7 @@ class Propal extends CommonObject
$newprivatenote = dol_concatdesc($this->note_private, $note);
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_statut = ".$status.", note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id;
$sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id;
$sql .= " WHERE rowid = ".$this->id;
$resql = $this->db->query($sql);
@ -2884,7 +2987,7 @@ class Propal extends CommonObject
// Delete extrafields of lines and lines
if (!$error && !empty($this->table_element_line)) {
$tabletodelete = $this->table_element_line;
$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")";
$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")";
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id;
if (!$this->db->query($sqlef) || !$this->db->query($sql)) {
$error++;
@ -2995,7 +3098,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'propal';
$sql .= ' SET fk_availability = '.$availability_id;
$sql .= ' SET fk_availability = '.((int) $availability_id);
$sql .= ' WHERE rowid='.((int) $this->id);
dol_syslog(__METHOD__.' availability('.$availability_id.')', LOG_DEBUG);
@ -3059,7 +3162,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'propal';
$sql .= ' SET fk_input_reason = '.$demand_reason_id;
$sql .= ' SET fk_input_reason = '.((int) $demand_reason_id);
$sql .= ' WHERE rowid='.((int) $this->id);
dol_syslog(__METHOD__.' demand_reason('.$demand_reason_id.')', LOG_DEBUG);
@ -3113,8 +3216,8 @@ class Propal extends CommonObject
public function info($id)
{
$sql = "SELECT c.rowid, ";
$sql .= " c.datec, c.date_valid as datev, c.date_cloture as dateo,";
$sql .= " c.fk_user_author, c.fk_user_valid, c.fk_user_cloture";
$sql .= " c.datec, c.date_valid as datev, c.date_signature, c.date_cloture as dateo,";
$sql .= " c.fk_user_author, c.fk_user_valid, c.fk_user_signature, c.fk_user_cloture";
$sql .= " FROM ".MAIN_DB_PREFIX."propal as c";
$sql .= " WHERE c.rowid = ".((int) $id);
@ -3128,6 +3231,7 @@ class Propal extends CommonObject
$this->date_creation = $this->db->jdate($obj->datec);
$this->date_validation = $this->db->jdate($obj->datev);
$this->date_signature = $this->db->jdate($obj->date_signature);
$this->date_cloture = $this->db->jdate($obj->dateo);
$cuser = new User($this->db);
@ -3140,6 +3244,12 @@ class Propal extends CommonObject
$this->user_validation = $vuser;
}
if ($obj->fk_user_signature) {
$user_signature = new User($this->db);
$user_signature->fetch($obj->fk_user_signature);
$this->user_signature = $user_signature;
}
if ($obj->fk_user_cloture) {
$cluser = new User($this->db);
$cluser->fetch($obj->fk_user_cloture);

6
htdocs/comm/propal/class/propalestats.class.php
View File

@ -100,18 +100,18 @@ class PropaleStats extends Stats
$this->where .= " AND p.fk_soc = ".$this->socid;
}
if ($this->userid > 0) {
$this->where .= ' AND fk_user_author = '.$this->userid;
$this->where .= ' AND fk_user_author = '.((int) $this->userid);
}
if ($typentid) {
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = p.fk_soc';
$this->where .= ' AND s.fk_typent = '.$typentid;
$this->where .= ' AND s.fk_typent = '.((int) $typentid);
}
if ($categid) {
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cs ON cs.fk_soc = p.fk_soc';
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as c ON c.rowid = cs.fk_categorie';
$this->where .= ' AND c.rowid = '.$categid;
$this->where .= ' AND c.rowid = '.((int) $categid);
}
}

2
htdocs/comm/remise.php
View File

@ -66,7 +66,7 @@ if (GETPOST('action', 'aZ09') == 'setremise') {
header("Location: ".$backtopage);
exit;
} else {
header("Location: remise.php?id=".$_GET["id"]);
header("Location: remise.php?id=".GETPOST("id", 'int'));
exit;
}
} else {

2
htdocs/commande/card.php
View File

@ -423,7 +423,7 @@ if (empty($reshook)) {
$originidforcontact=$srcobject->origin_id;
}
$sqlcontact = "SELECT code, fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
$sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'";
$sqlcontact.= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'";
$resqlcontact = $db->query($sqlcontact);
if ($resqlcontact)

22
htdocs/commande/class/commande.class.php
View File

@ -1113,7 +1113,7 @@ class Commande extends CommonOrder
}
$sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
$sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
$sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
$resqlcontact = $this->db->query($sqlcontact);
if ($resqlcontact) {
@ -2331,7 +2331,7 @@ class Commande extends CommonOrder
$sql = "SELECT fk_product, qty";
$sql .= " FROM ".MAIN_DB_PREFIX."commandedet";
$sql .= " WHERE rowid = ".$lineid;
$sql .= " WHERE rowid = ".((int) $lineid);
$result = $this->db->query($sql);
if ($result) {
@ -2417,7 +2417,7 @@ class Commande extends CommonOrder
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
$sql .= ' SET remise_percent = '.((float) $remise);
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;';
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2468,18 +2468,20 @@ class Commande extends CommonOrder
public function set_remise_absolue($user, $remise, $notrigger = 0)
{
// phpcs:enable
$remise = trim($remise) ?trim($remise) : 0;
if (empty($remise)) {
$remise = 0;
}
$remise = price2num($remise);
if ($user->rights->commande->creer) {
$error = 0;
$this->db->begin();
$remise = price2num($remise);
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
$sql .= ' SET remise_absolue = '.$remise;
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;';
$sql .= ' SET remise_absolue = '.((float) $remise);
$sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2741,7 +2743,7 @@ class Commande extends CommonOrder
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
$sql .= ' SET fk_availability = '.$availability_id;
$sql .= ' SET fk_availability = '.((int) $availability_id);
$sql .= ' WHERE rowid='.((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
@ -2805,7 +2807,7 @@ class Commande extends CommonOrder
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande';
$sql .= ' SET fk_input_reason = '.$demand_reason_id;
$sql .= ' SET fk_input_reason = '.((int) $demand_reason_id);
$sql .= ' WHERE rowid='.((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);

4
htdocs/commande/class/commandestats.class.php
View File

@ -100,13 +100,13 @@ class CommandeStats extends Stats
if ($typentid) {
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = c.fk_soc';
$this->where .= ' AND s.fk_typent = '.$typentid;
$this->where .= ' AND s.fk_typent = '.((int) $typentid);
}
if ($categid) {
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cats ON cats.fk_soc = c.fk_soc';
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as cat ON cat.rowid = cats.fk_categorie';
$this->where .= ' AND cat.rowid = '.$categid;
$this->where .= ' AND cat.rowid = '.((int) $categid);
}
}

10
htdocs/compta/bank/card.php
View File

@ -570,13 +570,13 @@ if ($action == 'create') {
/* */
/* ************************************************************************** */
if (($_GET["id"] || $_GET["ref"]) && $action != 'edit') {
if ((GETPOST("id", 'int') || GETPOST("ref")) && $action != 'edit') {
$object = new Account($db);
if ($_GET["id"]) {
$object->fetch($_GET["id"]);
if (GETPOST("id", 'int')) {
$object->fetch(GETPOST("id", 'int'));
}
if ($_GET["ref"]) {
$object->fetch(0, $_GET["ref"]);
if (GETPOST("ref")) {
$object->fetch(0, GETPOST("ref"));
$_GET["id"] = $object->id;
}

6
htdocs/compta/bank/class/account.class.php
View File

@ -451,9 +451,9 @@ class Account extends CommonObject
$sql = "SELECT fk_bank, url_id, url, label, type";
$sql .= " FROM ".MAIN_DB_PREFIX."bank_url";
if ($fk_bank > 0) {
$sql .= " WHERE fk_bank = ".$fk_bank;
$sql .= " WHERE fk_bank = ".((int) $fk_bank);
} else {
$sql .= " WHERE url_id = ".$url_id." AND type = '".$this->db->escape($type)."'";
$sql .= " WHERE url_id = ".((int) $url_id)." AND type = '".$this->db->escape($type)."'";
}
$sql .= " ORDER BY type, label";
@ -2435,7 +2435,7 @@ class AccountLine extends CommonObject
$type = 'bank';
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id;
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

2
htdocs/compta/bank/class/api_bankaccounts.class.php
View File

@ -425,7 +425,7 @@ class BankAccounts extends DolibarrApi
}
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."bank ";
$sql .= " WHERE fk_account = ".$id;
$sql .= " WHERE fk_account = ".((int) $id);
// Add sql filters
if ($sqlfilters) {

4
htdocs/compta/bank/class/paymentvarious.class.php
View File

@ -572,7 +572,7 @@ class PaymentVarious extends CommonObject
public function update_fk_bank($id_bank)
{
// phpcs:enable
$sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.$id_bank;
$sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.((int) $id_bank);
$sql .= ' WHERE rowid = '.$this->id;
$result = $this->db->query($sql);
if ($result) {
@ -783,7 +783,7 @@ class PaymentVarious extends CommonObject
$type = 'bank';
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$banklineid;
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $banklineid);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

12
htdocs/compta/bank/line.php
View File

@ -107,7 +107,7 @@ if ($user->rights->banque->consolidate && $action == 'donext') {
if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->banque->modifier) {
$cat1 = GETPOST("cat1", 'int');
if (!empty($rowid) && !empty($cat1)) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".$cat1;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".((int) $rowid)." AND fk_categ = ".((int) $cat1);
if (!$db->query($sql)) {
dol_print_error($db);
}
@ -174,7 +174,7 @@ if ($user->rights->banque->modifier && $action == "update") {
}
}
$sql .= " fk_account = ".$actarget->id;
$sql .= " WHERE rowid = ".$acline->id;
$sql .= " WHERE rowid = ".((int) $acline->id);
$result = $db->query($sql);
if (!$result) {
@ -183,14 +183,14 @@ if ($user->rights->banque->modifier && $action == "update") {
if (!$error) {
$arrayofcategs = GETPOST('custcats', 'array');
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".((int) $rowid);
if (!$db->query($sql)) {
$error++;
dol_print_error($db);
}
if (count($arrayofcategs)) {
foreach ($arrayofcategs as $val) {
$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".$val.")";
$sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".((int) $rowid).", ".((int) $val).")";
if (!$db->query($sql)) {
$error++;
dol_print_error($db);
@ -229,9 +229,9 @@ if ($user->rights->banque->consolidate && ($action == 'num_releve' || $action ==
if (empty($num_rel)) {
$sql .= ", rappro = 0";
} else {
$sql .= ", rappro = ".$rappro;
$sql .= ", rappro = ".((int) $rappro);
}
$sql .= " WHERE rowid = ".$rowid;
$sql .= " WHERE rowid = ".((int) $rowid);
dol_syslog("line.php", LOG_DEBUG);
$result = $db->query($sql);

5
htdocs/compta/bank/releve.php
View File

@ -179,7 +179,8 @@ $sqlrequestforbankline = $sql;
if ($action == 'confirm_editbankreceipt' && !empty($oldbankreceipt) && !empty($newbankreceipt)) {
// TODO Add a test to check newbankreceipt does not exists yet
$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.$id;
$sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank';
$sqlupdate .= ' SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.((int) $id);
$result = $db->query($sqlupdate);
if ($result < 0) {
dol_print_error($db);
@ -231,7 +232,7 @@ if (empty($numref)) {
// List of all standing receipts
$sql = "SELECT DISTINCT(b.num_releve) as numr";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.fk_account = ".$object->id;
$sql .= " WHERE b.fk_account = ".((int) $object->id);
$sql .= $db->order($sortfield, $sortorder);
// Count total nb of records

2
htdocs/compta/cashcontrol/cashcontrol_card.php
View File

@ -304,7 +304,7 @@ if ($action == "create" || $action == "start" || $action == 'close') {
if ($bankid > 0) {
$sql = "SELECT SUM(amount) as total FROM ".MAIN_DB_PREFIX."bank";
$sql .= " WHERE fk_account = ".$bankid;
$sql .= " WHERE fk_account = ".((int) $bankid);
if ($syear && !$smonth) {
$sql .= " AND dateo < '".$db->idate(dol_get_first_day($syear, 1))."'";
} elseif ($syear && $smonth && !$sday) {

2
htdocs/compta/cashcontrol/class/cashcontrol.class.php
View File

@ -213,7 +213,7 @@ class CashControl extends CommonObject
if (!$error) {
$this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."pos_cash_fence");
$sql = 'UPDATE '.MAIN_DB_PREFIX.'pos_cash_fence SET ref = rowid where rowid = '.$this->id;
$sql = 'UPDATE '.MAIN_DB_PREFIX.'pos_cash_fence SET ref = rowid where rowid = '.((int) $this->id);
$this->db->query($sql);
}

2
htdocs/compta/charges/index.php
View File

@ -405,7 +405,7 @@ while ($j < $numlt) {
$sql = "SELECT pv.rowid, pv.amount, pv.label, pv.datev as dm, pv.datep as dp";
$sql .= " FROM ".MAIN_DB_PREFIX."localtax as pv";
$sql .= " WHERE pv.entity = ".$conf->entity." AND localtaxtype = ".$j;
$sql .= " WHERE pv.entity = ".$conf->entity." AND localtaxtype = ".((int) $j);
if ($year > 0) {
// Si period renseignee on l'utilise comme critere de date, sinon on prend date echeance,
// ceci afin d'etre compatible avec les cas ou la periode n'etait pas obligatoire

8
htdocs/compta/deplacement/class/deplacement.class.php
View File

@ -239,12 +239,12 @@ class Deplacement extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."deplacement ";
$sql .= " SET km = ".$this->km; // This is a distance or amount
$sql .= " SET km = ".((float) $this->km); // This is a distance or amount
$sql .= " , dated = '".$this->db->idate($this->date)."'";
$sql .= " , type = '".$this->db->escape($this->type)."'";
$sql .= " , fk_statut = '".$this->db->escape($this->statut)."'";
$sql .= " , fk_user = ".$this->fk_user;
$sql .= " , fk_user_modif = ".$user->id;
$sql .= " , fk_user = ".((int) $this->fk_user);
$sql .= " , fk_user_modif = ".((int) $user->id);
$sql .= " , fk_soc = ".($this->socid > 0 ? $this->socid : 'null');
$sql .= " , note_private = ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : "null");
$sql .= " , note_public = ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : "null");
@ -441,7 +441,7 @@ class Deplacement extends CommonObject
$sql = "SELECT id, code, label";
$sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees";
$sql .= " WHERE active = ".$active;
$sql .= " WHERE active = ".((int) $active);
dol_syslog(get_class($this)."::listOfTypes", LOG_DEBUG);
$result = $this->db->query($sql);

2
htdocs/compta/deplacement/class/deplacementstats.class.php
View File

@ -102,7 +102,7 @@ class DeplacementStats extends Stats
{
$sql = "SELECT MONTH(dated) as dm, count(*)";
$sql .= " FROM ".$this->from;
$sql .= " WHERE YEAR(dated) = ".$year;
$sql .= " WHERE YEAR(dated) = ".((int) $year);
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');

4
htdocs/compta/facture/card.php
View File

@ -1743,7 +1743,7 @@ if (empty($reshook)) {
$originidforcontact=$srcobject->origin_id;
}
$sqlcontact = "SELECT code, fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
$sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'";
$sqlcontact.= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'";
$resqlcontact = $db->query($sqlcontact);
if ($resqlcontact)
@ -3091,7 +3091,7 @@ if ($action == 'create') {
$sql = 'SELECT r.rowid, r.titre as title, r.total_ttc';
$sql .= ' FROM '.MAIN_DB_PREFIX.'facture_rec as r';
$sql .= ' WHERE r.fk_soc = '.$invoice_predefined->socid;
$sql .= ' WHERE r.fk_soc = '.((int) $invoice_predefined->socid);
$resql = $db->query($sql);
if ($resql) {

2
htdocs/compta/facture/class/api_invoices.class.php
View File

@ -1142,7 +1142,7 @@ class Invoices extends DolibarrApi
$sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,";
$sql .= " re.description, re.fk_facture_source";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re";
$sql .= " WHERE fk_facture = ".$this->invoice->id;
$sql .= " WHERE fk_facture = ".((int) $this->invoice->id);
$resql = $this->db->query($sql);
if (!empty($resql)) {
while ($obj = $this->db->fetch_object($resql)) {

14
htdocs/compta/facture/class/facture-rec.class.php
View File

@ -762,12 +762,12 @@ class FactureRec extends CommonInvoice
$main = MAIN_DB_PREFIX.'facturedet_rec';
$ef = $main."_extrafields";
$sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_facture = $rowid)";
$sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid);
dol_syslog($sqlef);
$sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet_rec WHERE fk_facture = ".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet_rec WHERE fk_facture = ".((int) $rowid);
dol_syslog($sql);
if ($this->db->query($sqlef) && $this->db->query($sql)) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."facture_rec WHERE rowid = ".$rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."facture_rec WHERE rowid = ".((int) $rowid);
dol_syslog($sql);
if ($this->db->query($sql)) {
// Delete linked object
@ -1151,7 +1151,7 @@ class FactureRec extends CommonInvoice
$sql .= ', multicurrency_total_ht = '.$multicurrency_total_ht;
$sql .= ', multicurrency_total_tva = '.$multicurrency_total_tva;
$sql .= ', multicurrency_total_ttc = '.$multicurrency_total_ttc;
$sql .= " WHERE rowid = ".$rowid;
$sql .= " WHERE rowid = ".((int) $rowid);
dol_syslog(get_class($this)."::updateline", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -1808,7 +1808,7 @@ class FactureRec extends CommonInvoice
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET nb_gen_max = '.$nb;
$sql .= ' SET nb_gen_max = '.((int) $nb);
$sql .= ' WHERE rowid = '.$this->id;
dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG);
@ -1835,7 +1835,7 @@ class FactureRec extends CommonInvoice
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET auto_validate = '.$validate;
$sql .= ' SET auto_validate = '.((int) $validate);
$sql .= ' WHERE rowid = '.$this->id;
dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG);
@ -1862,7 +1862,7 @@ class FactureRec extends CommonInvoice
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET generate_pdf = '.$validate;
$sql .= ' SET generate_pdf = '.((int) $validate);
$sql .= ' WHERE rowid = '.$this->id;
dol_syslog(get_class($this)."::setGeneratePdf", LOG_DEBUG);

21
htdocs/compta/facture/class/facture.class.php
View File

@ -751,7 +751,7 @@ class Facture extends CommonInvoice
}
$sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
$sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
$sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
$resqlcontact = $this->db->query($sqlcontact);
if ($resqlcontact) {
@ -2233,7 +2233,7 @@ class Facture extends CommonInvoice
if (!$error) {
// If invoice was converted into a discount not yet consumed, we remove discount
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'societe_remise_except';
$sql .= ' WHERE fk_facture_source = '.$rowid;
$sql .= ' WHERE fk_facture_source = '.((int) $rowid);
$sql .= ' AND fk_facture_line IS NULL';
$resql = $this->db->query($sql);
@ -2282,9 +2282,9 @@ class Facture extends CommonInvoice
// Invoice line extrafileds
$main = MAIN_DB_PREFIX.'facturedet';
$ef = $main."_extrafields";
$sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_facture = $rowid)";
$sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid).")";
// Delete invoice line
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facturedet WHERE fk_facture = '.$rowid;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facturedet WHERE fk_facture = '.((int) $rowid);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
@ -3585,8 +3585,7 @@ class Facture extends CommonInvoice
{
$sql = 'SELECT fd.situation_percent FROM '.MAIN_DB_PREFIX.'facturedet fd
INNER JOIN '.MAIN_DB_PREFIX.'facture f ON (fd.fk_facture = f.rowid)
WHERE fd.fk_prev_id = '.$idline.'
AND f.fk_statut <> 0';
WHERE fd.fk_prev_id = '.((int) $idline).' AND f.fk_statut <> 0';
$result = $this->db->query($sql);
if (!$result) {
@ -3663,7 +3662,7 @@ class Facture extends CommonInvoice
// Libere remise liee a ligne de facture
$sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except';
$sql .= ' SET fk_facture_line = NULL';
$sql .= ' WHERE fk_facture_line = '.$rowid;
$sql .= ' WHERE fk_facture_line = '.((int) $rowid);
dol_syslog(get_class($this)."::deleteline", LOG_DEBUG);
$result = $this->db->query($sql);
@ -3804,7 +3803,7 @@ class Facture extends CommonInvoice
$remise = price2num($remise);
$sql = 'UPDATE '.MAIN_DB_PREFIX.'facture';
$sql .= ' SET remise_absolue = '.$remise;
$sql .= ' SET remise_absolue = '.((float) $remise);
$sql .= ' WHERE rowid = '.$this->id;
$sql .= ' AND fk_statut = '.self::STATUS_DRAFT;
@ -4576,7 +4575,7 @@ class Facture extends CommonInvoice
global $conf;
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'facture';
$sql .= ' WHERE situation_cycle_ref = '.$this->situation_cycle_ref;
$sql .= ' WHERE situation_cycle_ref = '.((int) $this->situation_cycle_ref);
$sql .= ' AND situation_counter < '.$this->situation_counter;
$sql .= ' AND entity = '.($this->entity > 0 ? $this->entity : $conf->entity);
$resql = $this->db->query($sql);
@ -4610,7 +4609,7 @@ class Facture extends CommonInvoice
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.$this->id;
$sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -4655,7 +4654,7 @@ class Facture extends CommonInvoice
if (!empty($this->situation_cycle_ref)) {
// No point in testing anything if we're not inside a cycle
$sql = 'SELECT max(situation_counter) FROM '.MAIN_DB_PREFIX.'facture';
$sql .= ' WHERE situation_cycle_ref = '.$this->situation_cycle_ref;
$sql .= ' WHERE situation_cycle_ref = '.((int) $this->situation_cycle_ref);
$sql .= ' AND entity = '.($this->entity > 0 ? $this->entity : $conf->entity);
$resql = $this->db->query($sql);

4
htdocs/compta/facture/class/facturestats.class.php
View File

@ -105,13 +105,13 @@ class FactureStats extends Stats
if ($typentid) {
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = f.fk_soc';
$this->where .= ' AND s.fk_typent = '.$typentid;
$this->where .= ' AND s.fk_typent = '.((int) $typentid);
}
if ($categid) {
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cs ON cs.fk_soc = f.fk_soc';
$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as c ON c.rowid = cs.fk_categorie';
$this->where .= ' AND c.rowid = '.$categid;
$this->where .= ' AND c.rowid = '.((int) $categid);
}
}

2
htdocs/compta/facture/list.php
View File

@ -382,7 +382,7 @@ if ($massaction == 'makepayment') {
$rsql .= " , u.rowid as user_id, u.lastname, u.firstname, u.login";
$rsql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd";
$rsql .= " , ".MAIN_DB_PREFIX."user as u";
$rsql .= " WHERE fk_facture = ".$objecttmp->id;
$rsql .= " WHERE fk_facture = ".((int) $objecttmp->id);
$rsql .= " AND pfd.fk_user_demande = u.rowid";
$rsql .= " AND pfd.traite = 0";
$rsql .= " ORDER BY pfd.date_demande DESC";

4
htdocs/compta/localtax/class/localtax.class.php
View File

@ -559,8 +559,8 @@ class Localtax extends CommonObject
public function update_fk_bank($id)
{
// phpcs:enable
$sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.$id;
$sql .= ' WHERE rowid = '.$this->id;
$sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.((int) $id);
$sql .= ' WHERE rowid = '.((int) $this->id);
$result = $this->db->query($sql);
if ($result) {
return 1;

2
htdocs/compta/localtax/list.php
View File

@ -54,7 +54,7 @@ print load_fiche_titre($langs->transcountry($ltt == 2 ? "LT2Payments" : "LT1Paym
$sql = "SELECT rowid, amount, label, f.datev, f.datep";
$sql .= " FROM ".MAIN_DB_PREFIX."localtax as f ";
$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype = ".$db->escape($ltt);
$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype = ".((int) $ltt);
$sql .= " ORDER BY datev DESC";
$result = $db->query($sql);

6
htdocs/compta/paiement/cheque/class/remisecheque.class.php
View File

@ -236,8 +236,8 @@ class RemiseCheque extends CommonObject
if ($checkremise) {
$sql = "UPDATE ".MAIN_DB_PREFIX."bank";
$sql .= " SET fk_bordereau = ".$this->id;
$sql .= " WHERE rowid = ".$lineid;
$sql .= " SET fk_bordereau = ".((int) $this->id);
$sql .= " WHERE rowid = ".((int) $lineid);
$resql = $this->db->query($sql);
if (!$resql) {
@ -746,7 +746,7 @@ class RemiseCheque extends CommonObject
// Get invoices list to reopen them
$sql = 'SELECT pf.fk_facture, pf.amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf';
$sql .= ' WHERE pf.fk_paiement = '.$payment->id;
$sql .= ' WHERE pf.fk_paiement = '.((int) $payment->id);
$resql = $this->db->query($sql);
if ($resql) {

2
htdocs/compta/paiement/class/cpaiement.class.php
View File

@ -187,7 +187,7 @@ class Cpaiement
$sql .= ' WHERE t.entity IN ('.getEntity('c_paiement').')';
$sql .= " AND t.code = '".$this->db->escape($ref)."'";
} else {
$sql .= ' WHERE t.id = '.$id;
$sql .= ' WHERE t.id = '.((int) $id);
}
$resql = $this->db->query($sql);

6
htdocs/compta/paiement/class/paiement.class.php
View File

@ -736,7 +736,7 @@ class Paiement extends CommonObject
public function update_fk_bank($id_bank)
{
// phpcs:enable
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.$id_bank;
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.((int) $id_bank);
$sql .= ' WHERE rowid = '.$this->id;
dol_syslog(get_class($this).'::update_fk_bank', LOG_DEBUG);
@ -855,7 +855,7 @@ class Paiement extends CommonObject
*/
public function validate(User $user = null)
{
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 1 WHERE rowid = '.$this->id;
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 1 WHERE rowid = '.((int) $this->id);
dol_syslog(get_class($this).'::valide', LOG_DEBUG);
$result = $this->db->query($sql);
@ -876,7 +876,7 @@ class Paiement extends CommonObject
*/
public function reject(User $user = null)
{
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 2 WHERE rowid = '.$this->id;
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 2 WHERE rowid = '.((int) $this->id);
dol_syslog(get_class($this).'::reject', LOG_DEBUG);
$result = $this->db->query($sql);

2
htdocs/compta/paiement_charge.php
View File

@ -193,7 +193,7 @@ if ($action == 'create') {
$sql = "SELECT sum(p.amount) as total";
$sql .= " FROM ".MAIN_DB_PREFIX."paiementcharge as p";
$sql .= " WHERE p.fk_charge = ".$chid;
$sql .= " WHERE p.fk_charge = ".((int) $chid);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);

2
htdocs/compta/paiement_vat.php
View File

@ -189,7 +189,7 @@ if ($action == 'create') {
$sql = "SELECT sum(p.amount) as total";
$sql .= " FROM ".MAIN_DB_PREFIX."payment_vat as p";
$sql .= " WHERE p.fk_tva = ".$chid;
$sql .= " WHERE p.fk_tva = ".((int) $chid);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);

2
htdocs/compta/payment_sc/card.php
View File

@ -242,7 +242,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION))
{
if ($user->rights->facture->paiement)
{
print '<a class="butAction" href="card.php?id='.$_GET['id'].'&amp;facid='.$objp->facid.'&amp;action=valide">'.$langs->trans('Valid').'</a>';
print '<a class="butAction" href="card.php?id='.GETPOST('id', 'int').'&amp;facid='.$objp->facid.'&amp;action=valide">'.$langs->trans('Valid').'</a>';
}
}
}

4
htdocs/compta/payment_vat/card.php
View File

@ -298,7 +298,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION))
{
if ($user->rights->facture->paiement)
{
print '<a class="butAction" href="card.php?id='.$_GET['id'].'&amp;facid='.$objp->facid.'&amp;action=valide">'.$langs->trans('Valid').'</a>';
print '<a class="butAction" href="card.php?id='.GETPOST('id', 'int').'&amp;facid='.$objp->facid.'&amp;action=valide">'.$langs->trans('Valid').'</a>';
}
}
}
@ -307,7 +307,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION))
if ($action == '') {
if ($user->rights->tax->charges->supprimer) {
if (!$disable_delete) {
print '<a class="butActionDelete" href="card.php?id='.$_GET['id'].'&amp;action=delete">'.$langs->trans('Delete').'</a>';
print '<a class="butActionDelete" href="card.php?id='.GETPOST('id', 'int').'&amp;action=delete&amp;token='.newToken().'">'.$langs->trans('Delete').'</a>';
} else {
print '<a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("CantRemovePaymentVATPaid")).'">'.$langs->trans('Delete').'</a>';
}

8
htdocs/compta/prelevement/class/bonprelevement.class.php
View File

@ -579,7 +579,7 @@ class BonPrelevement extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons ";
$sql .= " SET fk_user_trans = ".$user->id;
$sql .= " , date_trans = '".$this->db->idate($date)."'";
$sql .= " , method_trans = ".$method;
$sql .= " , method_trans = ".((int) $method);
$sql .= " , statut = ".self::STATUS_TRANSFERED;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " AND entity = ".$conf->entity;
@ -1076,7 +1076,7 @@ class BonPrelevement extends CommonObject
$sql .= " SET traite = 1";
$sql .= ", date_traite = '".$this->db->idate($now)."'";
$sql .= ", fk_prelevement_bons = ".$this->id;
$sql .= " WHERE rowid = ".$fac[1];
$sql .= " WHERE rowid = ".((int) $fac[1]);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1139,7 +1139,7 @@ class BonPrelevement extends CommonObject
if (!$error) {
$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons";
$sql .= " SET amount = ".price2num($this->total);
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$resql = $this->db->query($sql);
@ -2107,7 +2107,7 @@ class BonPrelevement extends CommonObject
$sql = "SELECT rowid, ref";
$sql .= " FROM";
$sql .= " ".MAIN_DB_PREFIX."prelevement_bons as pb";
$sql .= " WHERE pb.rowid = ".$this->id;
$sql .= " WHERE pb.rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {

2
htdocs/compta/prelevement/fiche-stat.php
View File

@ -162,7 +162,7 @@ if ($prev_id > 0 || $ref) {
$sql = "SELECT sum(pl.amount), pl.statut";
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes as pl";
$sql .= " WHERE pl.fk_prelevement_bons = ".$object->id;
$sql .= " WHERE pl.fk_prelevement_bons = ".((int) $object->id);
$sql .= " GROUP BY pl.statut";
$resql = $db->query($sql);

2
htdocs/compta/recap-compta.php
View File

@ -139,7 +139,7 @@ if ($id > 0) {
$sql .= " f.paye as paye, f.fk_statut as statut, f.rowid as facid,";
$sql .= " u.login, u.rowid as userid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f,".MAIN_DB_PREFIX."user as u";
$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id;
$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND f.fk_user_valid = u.rowid";
$sql .= $db->order($sortfield, $sortorder);

2
htdocs/compta/sociales/card.php
View File

@ -613,7 +613,7 @@ if ($id > 0) {
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid';
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepaiement = c.id";
$sql .= ", ".MAIN_DB_PREFIX."chargesociales as cs";
$sql .= " WHERE p.fk_charge = ".$id;
$sql .= " WHERE p.fk_charge = ".((int) $id);
$sql .= " AND p.fk_charge = cs.rowid";
$sql .= " AND cs.entity IN (".getEntity('tax').")";
$sql .= " ORDER BY dp DESC";

2
htdocs/compta/sociales/class/cchargesociales.class.php
View File

@ -190,7 +190,7 @@ class Cchargesociales
if (null !== $ref) {
$sql .= " WHERE t.code = '".$this->db->escape($ref)."'";
} else {
$sql .= ' WHERE t.id = '.$id;
$sql .= ' WHERE t.id = '.((int) $id);
}
$resql = $this->db->query($sql);

2
htdocs/compta/sociales/class/paymentsocialcontribution.class.php
View File

@ -636,7 +636,7 @@ class PaymentSocialContribution extends CommonObject
public function update_fk_bank($id_bank)
{
// phpcs:enable
$sql = "UPDATE ".MAIN_DB_PREFIX."paiementcharge SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."paiementcharge SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG);
$result = $this->db->query($sql);

2
htdocs/compta/sociales/list.php
View File

@ -233,7 +233,7 @@ if ($year > 0) {
if ($search_typeid) {
$sql .= " AND cs.fk_type=".$db->escape($search_typeid);
}
$sql .= " GROUP BY cs.rowid, cs.fk_type, cs.fk_user, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle, cs.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos";
$sql .= " GROUP BY cs.rowid, cs.fk_type, cs.fk_user, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle, cs.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos, pay.code, u.lastname";
if (!empty($conf->projet->enabled)) {
$sql .= ", p.rowid, p.ref, p.title";
}

9
htdocs/compta/sociales/payments.php
View File

@ -169,7 +169,8 @@ if (preg_match('/^cs\./', $sortfield)
|| preg_match('/^c\./', $sortfield)
|| preg_match('/^pc\./', $sortfield)
|| preg_match('/^pct\./', $sortfield)
|| preg_match('/^u\./', $sortfield)) {
|| preg_match('/^u\./', $sortfield)
|| preg_match('/^ba\./', $sortfield)) {
$sql .= $db->order($sortfield, $sortorder);
}
@ -233,8 +234,8 @@ print "</tr>\n";
print '<tr class="liste_titre">';
print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "pc.rowid", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("SocialContribution", $_SERVER["PHP_SELF"], "c.libelle", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "cs.fk_type", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "cs.date_ech", "", $param, 'width="140px"', $sortfield, $sortorder);
print_liste_field_titre("TypeContrib", $_SERVER["PHP_SELF"], "cs.fk_type", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "cs.periode", "", $param, 'width="140px"', $sortfield, $sortorder);
print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "pc.datep", "", $param, 'align="center"', $sortfield, $sortorder);
print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.rowid", "", $param, "", $sortfield, $sortorder);
print_liste_field_titre("PaymentMode", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder);
@ -316,7 +317,7 @@ while ($i < min($num, $limit)) {
print '</td>';
print '<td>';
if ($obj->fk_bank > 0) {
if ($obj->bid > 0) {
$accountstatic->id = $obj->bid;
$accountstatic->ref = $obj->bref;
$accountstatic->number = $obj->bnumber;

2
htdocs/compta/tva/card.php
View File

@ -618,7 +618,7 @@ if ($id) {
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid';
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepaiement = c.id";
$sql .= ", ".MAIN_DB_PREFIX."tva as tva";
$sql .= " WHERE p.fk_tva = ".$id;
$sql .= " WHERE p.fk_tva = ".((int) $id);
$sql .= " AND p.fk_tva = tva.rowid";
$sql .= " AND tva.entity IN (".getEntity('tax').")";
$sql .= " ORDER BY dp DESC";

2
htdocs/compta/tva/class/paymentvat.class.php
View File

@ -620,7 +620,7 @@ class PaymentVAT extends CommonObject
public function update_fk_bank($id_bank)
{
// phpcs:enable
$sql = "UPDATE ".MAIN_DB_PREFIX."payment_vat SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."payment_vat SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".$this->id;
dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG);
$result = $this->db->query($sql);

5
htdocs/compta/tva/list.php
View File

@ -57,7 +57,6 @@ $search_dateend_end = dol_mktime(23, 59, 59, GETPOST('search_dateend_endmonth',
$search_datepayment_start = dol_mktime(0, 0, 0, GETPOST('search_datepayment_startmonth', 'int'), GETPOST('search_datepayment_startday', 'int'), GETPOST('search_datepayment_startyear', 'int'));
$search_datepayment_end = dol_mktime(23, 59, 59, GETPOST('search_datepayment_endmonth', 'int'), GETPOST('search_datepayment_endday', 'int'), GETPOST('search_datepayment_endyear', 'int'));
$search_type = GETPOST('search_type', 'int');
$search_cheque = GETPOST('search_cheque', 'alpha');
$search_account = GETPOST('search_account', 'int');
$search_amount = GETPOST('search_amount', 'alpha');
$search_status = GETPOST('search_status', 'int');
@ -123,7 +122,6 @@ if (empty($reshook)) {
$search_datepayment_start = '';
$search_datepayment_end = '';
$search_type = '';
$search_cheque = '';
$search_account = '';
$search_amount = '';
$search_status = '';
@ -268,9 +266,6 @@ if (!empty($search_datepayment_end)) {
if (!empty($search_type) && $search_type > 0) {
$param .= '&search_type='.$search_type;
}
if (!empty($search_cheque)) {
$param .= '&search_cheque="'.$search_cheque.'"';
}
if (!empty($search_account) && $search_account > 0) {
$param .= '&search_account='.$search_account;
}

4
htdocs/compta/tva/payments.php
View File

@ -120,11 +120,11 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) {
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "ptva.rowid", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("VATDeclaration", $_SERVER["PHP_SELF"], "tva.label", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("VATDeclaration", $_SERVER["PHP_SELF"], "tva.rowid", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "tva.datev", "", $param, 'width="140px"', $sortfield, $sortorder);
print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "ptva.datep", "", $param, 'align="center"', $sortfield, $sortorder);
print_liste_field_titre("PaymentMode", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("Numero", $_SERVER["PHP_SELF"], "pc.num_paiement", "", $param, '', $sortfield, $sortorder, '', 'ChequeOrTransferNumber');
print_liste_field_titre("Numero", $_SERVER["PHP_SELF"], "ptva.num_paiement", "", $param, '', $sortfield, $sortorder, '', 'ChequeOrTransferNumber');
if (!empty($conf->banque->enabled)) {
print_liste_field_titre("BankTransactionLine", $_SERVER["PHP_SELF"], "ptva.fk_bank", "", $param, '', $sortfield, $sortorder);
print_liste_field_titre("BankAccount", $_SERVER["PHP_SELF"], "bank.ref", "", $param, '', $sortfield, $sortorder);

2
htdocs/contact/canvas/actions_contactcard_common.class.php
View File

@ -308,7 +308,7 @@ abstract class ActionsContactCardCommon
// We set country_id, and country_code label of the chosen country
if ($this->object->country_id) {
$sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id;
$sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

6
htdocs/contact/class/contact.class.php
View File

@ -1651,8 +1651,8 @@ class Contact extends CommonObject
// Desactive utilisateur
$sql = "UPDATE ".MAIN_DB_PREFIX."socpeople";
$sql .= " SET statut = ".$this->statut;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " SET statut = ".((int) $this->statut);
$sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
dol_syslog(get_class($this)."::setstatus", LOG_DEBUG);
@ -1882,7 +1882,7 @@ class Contact extends CommonObject
$sql = "SELECT id, code, libelle as label, picto FROM ".MAIN_DB_PREFIX."c_stcommcontact";
if ($active >= 0) {
$sql .= " WHERE active = ".$active;
$sql .= " WHERE active = ".((int) $active);
}
$resql = $this->db->query($sql);
$num = $this->db->num_rows($resql);

2
htdocs/contact/consumption.php
View File

@ -258,7 +258,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices
// $documentstatic=new SupplierProposal($db);
// $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, ';
// $tables_from = MAIN_DB_PREFIX."supplier_proposal as c,".MAIN_DB_PREFIX."supplier_proposaldet as d";
// $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid;
// $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid);
// $where.= " AND d.fk_supplier_proposal = c.rowid";
// $where.= " AND c.entity = ".$conf->entity;
// $dateprint = 'c.date_valid';

4
htdocs/contrat/class/contrat.class.php
View File

@ -1057,7 +1057,7 @@ class Contrat extends CommonObject
}
$sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
$sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
$sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
$resqlcontact = $this->db->query($sqlcontact);
if ($resqlcontact) {
@ -1759,7 +1759,7 @@ class Contrat extends CommonObject
$sql .= ",date_cloture=null";
}
$sql .= ", fk_unit=".($fk_unit ? "'".$this->db->escape($fk_unit)."'" : "null");
$sql .= " WHERE rowid = ".$rowid;
$sql .= " WHERE rowid = ".((int) $rowid);
dol_syslog(get_class($this)."::updateline", LOG_DEBUG);
$result = $this->db->query($sql);

2
htdocs/core/actions_massactions.inc.php
View File

@ -1321,7 +1321,7 @@ if (!$error && ($massaction == 'delete' || ($action == 'delete' && $confirm == '
}
if ($objectclass == "Task" && $objecttmp->hasChildren() > 0) {
$sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET fk_task_parent = 0 WHERE fk_task_parent = ".$objecttmp->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET fk_task_parent = 0 WHERE fk_task_parent = ".((int) $objecttmp->id);
$res = $db->query($sql);
if (!$res) {

4
htdocs/core/boxes/box_accountancy_suspense_account.php
View File

@ -15,7 +15,7 @@
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**
@ -83,7 +83,7 @@ class box_accountancy_suspense_account extends ModeleBoxes
if (!empty($suspenseAccount) && $suspenseAccount > 0) {
$sql = "SELECT COUNT(*) as nb_suspense_account";
$sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as b";
$sql .= " WHERE b.numero_compte = ".$suspenseAccount;
$sql .= " WHERE b.numero_compte = '".$this->db->escape($suspenseAccount)."'";
$sql .= " AND b.entity = ".$conf->entity;
$result = $this->db->query($sql);

2
htdocs/core/boxes/box_bookmarks.php
View File

@ -87,7 +87,7 @@ class box_bookmarks extends ModeleBoxes
if ($user->rights->bookmark->lire) {
$sql = "SELECT b.title, b.url, b.target, b.favicon";
$sql .= " FROM ".MAIN_DB_PREFIX."bookmark as b";
$sql .= " WHERE fk_user = ".$user->id;
$sql .= " WHERE fk_user = ".((int) $user->id);
$sql .= " AND b.entity = ".$conf->entity;
$sql .= $this->db->order("position", "ASC");
$sql .= $this->db->plimit($max, 0);

2
htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
View File

@ -15,7 +15,7 @@
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**

4
htdocs/core/class/canvas.class.php
View File

@ -195,7 +195,7 @@ class Canvas
// This functions should not be used anymore because canvas should contains only templates.
// http://wiki.dolibarr.org/index.php/Canvas_development
// https://wiki.dolibarr.org/index.php/Canvas_development
/**
* Return if a canvas contains an action controller
@ -216,7 +216,7 @@ class Canvas
* @param string $action Action string
* @param int $id Object id
* @return mixed Return return code of doActions of canvas
* @see http://wiki.dolibarr.org/index.php/Canvas_development
* @see https://wiki.dolibarr.org/index.php/Canvas_development
*/
public function doActions(&$action = 'view', $id = 0)
{

2
htdocs/core/class/comment.class.php
View File

@ -365,7 +365,7 @@ class Comment extends CommonObject
$sql = "SELECT";
$sql .= " c.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as c";
$sql .= " WHERE c.fk_element = ".$fk_element;
$sql .= " WHERE c.fk_element = ".((int) $fk_element);
$sql .= " AND c.element_type = '".$this->db->escape($element_type)."'";
$sql .= " AND c.entity = ".$conf->entity;
$sql .= " ORDER BY c.tms DESC";

2
htdocs/core/class/commoninvoice.class.php
View File

@ -801,7 +801,7 @@ abstract class CommonInvoice extends CommonObject
{
// phpcs:enable
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'prelevement_facture_demande';
$sql .= ' WHERE rowid = '.$did;
$sql .= ' WHERE rowid = '.((int) $did);
$sql .= ' AND traite = 0';
if ($this->db->query($sql)) {
return 0;

46
htdocs/core/class/commonobject.class.php
View File

@ -1148,7 +1148,7 @@ abstract class CommonObject
if ($fk_socpeople) {
$sql .= ", fk_socpeople = ".((int) $fk_socpeople);
}
$sql .= " where rowid = ".$rowid;
$sql .= " where rowid = ".((int) $rowid);
$resql = $this->db->query($sql);
if ($resql) {
return 0;
@ -1175,7 +1175,7 @@ abstract class CommonObject
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."element_contact";
$sql .= " WHERE rowid =".$rowid;
$sql .= " WHERE rowid = ".((int) $rowid);
dol_syslog(get_class($this)."::delete_contact", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -1548,7 +1548,7 @@ abstract class CommonObject
$sql .= " ".MAIN_DB_PREFIX."socpeople as c,";
}
$sql .= " ".MAIN_DB_PREFIX."c_type_contact as tc";
$sql .= " WHERE ec.element_id = ".$id;
$sql .= " WHERE ec.element_id = ".((int) $id);
$sql .= " AND ec.fk_socpeople = c.rowid";
if ($source == 'internal') {
$sql .= " AND c.entity IN (".getEntity('user').")";
@ -1564,7 +1564,7 @@ abstract class CommonObject
}
$sql .= " AND tc.active = 1";
if ($status) {
$sql .= " AND ec.statut = ".$status;
$sql .= " AND ec.statut = ".((int) $status);
}
dol_syslog(get_class($this)."::getIdContact", LOG_DEBUG);
@ -1706,7 +1706,7 @@ abstract class CommonObject
if (empty($this->barcode_type) || empty($this->barcode_type_code) || empty($this->barcode_type_label) || empty($this->barcode_type_coder)) { // If data not already loaded
$sql = "SELECT rowid, code, libelle as label, coder";
$sql .= " FROM ".MAIN_DB_PREFIX."c_barcode_type";
$sql .= " WHERE rowid = ".$idtype;
$sql .= " WHERE rowid = ".((int) $idtype);
dol_syslog(get_class($this).'::fetch_barcode', LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {
@ -1939,7 +1939,7 @@ abstract class CommonObject
}
}
$sql .= " WHERE ".$id_field." = ".$id;
$sql .= " WHERE ".$id_field." = ".((int) $id);
dol_syslog(__METHOD__."", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2332,7 +2332,7 @@ abstract class CommonObject
$fieldname = 'multicurrency_tx';
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET '.$fieldname.' = '.$rate;
$sql .= ' SET '.$fieldname.' = '.((float) $rate);
$sql .= ' WHERE rowid='.((int) $this->id);
if ($this->db->query($sql)) {
@ -2617,7 +2617,7 @@ abstract class CommonObject
$fieldname = 'retained_warranty_fk_cond_reglement';
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= ' SET '.$fieldname.' = '.$id;
$sql .= ' SET '.$fieldname.' = '.((int) $id);
$sql .= ' WHERE rowid='.((int) $this->id);
if ($this->db->query($sql)) {
@ -2649,7 +2649,7 @@ abstract class CommonObject
$fieldname = 'fk_address';
}
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ".$fieldname." = ".$id;
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ".$fieldname." = ".((int) $id);
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0";
if ($this->db->query($sql)) {
@ -2695,7 +2695,7 @@ abstract class CommonObject
dol_syslog(get_class($this).'::setShippingMethod('.$shipping_method_id.')');
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
$sql .= " SET fk_shipping_method = ".$shipping_method_id;
$sql .= " SET fk_shipping_method = ".((int) $shipping_method_id);
$sql .= " WHERE rowid=".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
@ -2742,7 +2742,7 @@ abstract class CommonObject
dol_syslog(get_class($this).'::setWarehouse('.$warehouse_id.')');
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
$sql .= " SET fk_warehouse = ".$warehouse_id;
$sql .= " SET fk_warehouse = ".((int) $warehouse_id);
$sql .= " WHERE rowid=".((int) $this->id);
if ($this->db->query($sql)) {
@ -2819,7 +2819,7 @@ abstract class CommonObject
dol_syslog(get_class($this).'::setBankAccount('.$fk_account.')');
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
$sql .= " SET fk_account = ".$fk_account;
$sql .= " SET fk_account = ".((int) $fk_account);
$sql .= " WHERE rowid=".((int) $this->id);
$resql = $this->db->query($sql);
@ -3062,11 +3062,11 @@ abstract class CommonObject
$fieldposition = 'position';
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.$rang;
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang);
$sql .= ' WHERE '.$this->fk_element.' = '.$this->id;
$sql .= ' AND rang = '.($rang - 1);
if ($this->db->query($sql)) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang - 1);
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang - 1));
$sql .= ' WHERE rowid = '.((int) $rowid);
if (!$this->db->query($sql)) {
dol_print_error($this->db);
@ -3093,11 +3093,11 @@ abstract class CommonObject
$fieldposition = 'position';
}
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.$rang;
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang);
$sql .= ' WHERE '.$this->fk_element.' = '.$this->id;
$sql .= ' AND rang = '.($rang + 1);
$sql .= ' AND rang = '.((int) ($rang + 1));
if ($this->db->query($sql)) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang + 1);
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang + 1));
$sql .= ' WHERE rowid = '.((int) $rowid);
if (!$this->db->query($sql)) {
dol_print_error($this->db);
@ -4047,7 +4047,7 @@ abstract class CommonObject
global $db;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.$fk_object_where;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.((int) $fk_object_where);
$resql = $db->query($sql);
if (empty($resql)) {
@ -4221,7 +4221,7 @@ abstract class CommonObject
public function getSpecialCode($lineid)
{
$sql = 'SELECT special_code FROM '.MAIN_DB_PREFIX.$this->table_element_line;
$sql .= ' WHERE rowid = '.$lineid;
$sql .= ' WHERE rowid = '.((int) $lineid);
$resql = $this->db->query($sql);
if ($resql) {
$row = $this->db->fetch_row($resql);
@ -4263,7 +4263,7 @@ abstract class CommonObject
//print $id.'-'.$table.'-'.$elementname.'<br>';
// Check if third party can be deleted
$sql = "SELECT COUNT(*) as nb from ".MAIN_DB_PREFIX.$table;
$sql .= " WHERE ".$this->fk_element." = ".$id;
$sql .= " WHERE ".$this->fk_element." = ".((int) $id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);
@ -7656,7 +7656,7 @@ abstract class CommonObject
public static function commonReplaceThirdparty(DoliDB $db, $origin_id, $dest_id, array $tables, $ignoreerrors = 0)
{
foreach ($tables as $table) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.$table.' SET fk_soc = '.$dest_id.' WHERE fk_soc = '.$origin_id;
$sql = 'UPDATE '.MAIN_DB_PREFIX.$table.' SET fk_soc = '.((int) $dest_id).' WHERE fk_soc = '.((int) $origin_id);
if (!$db->query($sql)) {
if ($ignoreerrors) {
@ -8411,7 +8411,7 @@ abstract class CommonObject
// If we have a field ref with a default value of (PROV)
if (!$error) {
if (key_exists('ref', $this->fields) && $this->fields['ref']['notnull'] > 0 && !is_null($this->fields['ref']['default']) && $this->fields['ref']['default'] == '(PROV)') {
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ref = '(PROV".$this->id.")' WHERE (ref = '(PROV)' OR ref = '') AND rowid = ".$this->id;
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ref = '(PROV".$this->id.")' WHERE (ref = '(PROV)' OR ref = '') AND rowid = ".((int) $this->id);
$resqlupdate = $this->db->query($sql);
if ($resqlupdate === false) {
@ -9267,7 +9267,7 @@ abstract class CommonObject
}
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files";
$sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id;
$sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();

3
htdocs/core/class/ctypent.class.php
View File

@ -163,7 +163,6 @@ class Ctypent // extends CommonObject
*/
public function fetch($id, $code = '', $label = '')
{
global $langs;
$sql = "SELECT";
$sql .= " t.id,";
$sql .= " t.code,";
@ -173,7 +172,7 @@ class Ctypent // extends CommonObject
$sql .= " t.module";
$sql .= " FROM ".MAIN_DB_PREFIX."c_typent as t";
if ($id) {
$sql .= " WHERE t.id = ".$id;
$sql .= " WHERE t.id = ".((int) $id);
} elseif ($code) {
$sql .= " WHERE t.code = '".$this->db->escape($code)."'";
} elseif ($label) {

5
htdocs/core/class/ctyperesource.class.php
View File

@ -165,15 +165,12 @@ class Ctyperesource
$sql = 'SELECT';
$sql .= ' t.rowid,';
$sql .= " t.code,";
$sql .= " t.label,";
$sql .= " t.active";
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t';
if ($id) {
$sql .= " WHERE t.id = ".$id;
$sql .= " WHERE t.id = ".((int) $id);
} elseif ($code) {
$sql .= " WHERE t.code = '".$this->db->escape($code)."'";
} elseif ($label) {

14
htdocs/core/class/discount.class.php
View File

@ -337,11 +337,11 @@ class DiscountAbsolute
// Delete but only if not used
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_remise_except ";
if ($this->fk_facture_source) {
$sql .= " WHERE fk_facture_source = ".$this->fk_facture_source; // Delete all lines of same serie
$sql .= " WHERE fk_facture_source = ".((int) $this->fk_facture_source); // Delete all lines of same serie
} elseif ($this->fk_invoice_supplier_source) {
$sql .= " WHERE fk_invoice_supplier_source = ".$this->fk_invoice_supplier_source; // Delete all lines of same serie
$sql .= " WHERE fk_invoice_supplier_source = ".((int) $this->fk_invoice_supplier_source); // Delete all lines of same serie
} else {
$sql .= " WHERE rowid = ".$this->id; // Delete only line
$sql .= " WHERE rowid = ".((int) $this->id); // Delete only line
}
$sql .= " AND (fk_facture_line IS NULL"; // Not used as absolute simple discount
$sql .= " AND fk_facture IS NULL)"; // Not used as credit note and not used as deposit
@ -421,17 +421,17 @@ class DiscountAbsolute
$sql = "UPDATE ".MAIN_DB_PREFIX."societe_remise_except";
if (!empty($this->discount_type)) {
if ($rowidline) {
$sql .= " SET fk_invoice_supplier_line = ".$rowidline;
$sql .= " SET fk_invoice_supplier_line = ".((int) $rowidline);
}
if ($rowidinvoice) {
$sql .= " SET fk_invoice_supplier = ".$rowidinvoice;
$sql .= " SET fk_invoice_supplier = ".((int) $rowidinvoice);
}
} else {
if ($rowidline) {
$sql .= " SET fk_facture_line = ".$rowidline;
$sql .= " SET fk_facture_line = ".((int) $rowidline);
}
if ($rowidinvoice) {
$sql .= " SET fk_facture = ".$rowidinvoice;
$sql .= " SET fk_facture = ".((int) $rowidinvoice);
}
}
$sql .= " WHERE rowid = ".$this->id;

4
htdocs/core/class/dolreceiptprinter.class.php
View File

@ -784,7 +784,7 @@ class dolReceiptPrinter extends Printer
$sql .= " cp.code";
$sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id";
$sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$object->id;
$sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $object->id);
$sql .= " ORDER BY p.datep";
$resql = $this->db->query($sql);
if ($resql) {
@ -879,7 +879,7 @@ class dolReceiptPrinter extends Printer
$error = 0;
$sql = 'SELECT rowid, name, fk_type, fk_profile, parameter';
$sql .= ' FROM '.MAIN_DB_PREFIX.'printer_receipt';
$sql .= ' WHERE rowid = '.$printerid;
$sql .= ' WHERE rowid = '.((int) $printerid);
$sql .= ' AND entity = '.$conf->entity;
$resql = $this->db->query($sql);
if ($resql) {

Some files were not shown because too many files have changed in this diff Show More