diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md index 9a84fdbbda0..1c46e8e2d50 100644 --- a/.github/CODE_OF_CONDUCT.md +++ b/.github/CODE_OF_CONDUCT.md @@ -77,8 +77,8 @@ contact@dolibarr.org ## 10. License and attribution -This Code of Conduct is distributed under a [Creative Commons Attribution-ShareAlike license](http://creativecommons.org/licenses/by-sa/3.0/). +This Code of Conduct is distributed under a [Creative Commons Attribution-ShareAlike license](https://creativecommons.org/licenses/by-sa/3.0/). -Portions of text derived from the [Django Code of Conduct](https://www.djangoproject.com/conduct/) and the [Geek Feminism Anti-Harassment Policy](http://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Policy). +Portions of text derived from the [Django Code of Conduct](https://www.djangoproject.com/conduct/) and the [Geek Feminism Anti-Harassment Policy](https://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Policy). -Retrieved on November 22, 2016 from [http://citizencodeofconduct.org/](http://citizencodeofconduct.org/) +Retrieved on November 22, 2016 from [https://citizencodeofconduct.org/](http://citizencodeofconduct.org/) diff --git a/COPYING b/COPYING index 2a000655e93..e60008693e0 100644 --- a/COPYING +++ b/COPYING @@ -1,7 +1,7 @@ GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 - Copyright (C) 2007 Free Software Foundation, Inc. + Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index cf2bd2065a2..39bf2b07b29 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -218,7 +218,7 @@ if ($db->type == 'pgsql') { } else { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = aa.account_parent AND a2.entity = ".$conf->entity; } -$sql .= " WHERE asy.rowid = ".$pcgver; +$sql .= " WHERE asy.rowid = ".((int) $pcgver); //print $sql; if (strlen(trim($search_account))) { $lengthpaddingaccount = 0; diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index deae39aef54..c61674921f1 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -149,7 +149,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { // Check that all fields are filled $ok = 1; foreach ($listfield as $f => $value) { - if ($value == 'formula' && empty($_POST['formula'])) { + if ($value == 'formula' && !GETPOST('formula')) { continue; } if ($value == 'range_account' && empty($_POST['range_account'])) { diff --git a/htdocs/accountancy/admin/productaccount.php b/htdocs/accountancy/admin/productaccount.php index c1541bd2214..26de6e5ab16 100644 --- a/htdocs/accountancy/admin/productaccount.php +++ b/htdocs/accountancy/admin/productaccount.php @@ -189,13 +189,13 @@ if ($action == 'update') { $db->begin(); if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $sql = "INSERT INTO " . MAIN_DB_PREFIX . "product_perentity (fk_product, entity, " . $accountancy_field_name . ")"; - $sql .= " VALUES (" . ((int) $productid) . ", " . ((int) $conf->entity) . ", " . $accounting->account_number . ")"; - $sql .= " ON DUPLICATE KEY UPDATE " . $accountancy_field_name . " = " . $accounting->account_number; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_perentity (fk_product, entity, '".$db->escape($accountancy_field_name)."')"; + $sql .= " VALUES (".((int) $productid).", ".((int) $conf->entity).", '".$db->escape($accounting->account_number)."')"; + $sql .= " ON DUPLICATE KEY UPDATE ".$accountancy_field_name." = '".$db->escape($accounting->account_number)."'"; } else { $sql = " UPDATE ".MAIN_DB_PREFIX."product"; - $sql .= " SET " . $accountancy_field_name . " = " . $accounting->account_number; - $sql .= " WHERE rowid = " . ((int) $productid); + $sql .= " SET ".$accountancy_field_name." = '".$db->escape($accounting->account_number)."'"; + $sql .= " WHERE rowid = ".((int) $productid); } dol_syslog("/accountancy/admin/productaccount.php sql=".$sql, LOG_DEBUG); diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index 8daefea76d2..b3f946e9245 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -520,7 +520,7 @@ if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->ex $sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping"; $sql .= " SET date_export = '".$db->idate($now)."'"; $sql .= " , date_validated = '".$db->idate($now)."'"; - $sql .= " WHERE rowid = ".$movement->id; + $sql .= " WHERE rowid = ".((int) $movement->id); dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported sql=".$sql, LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 1bdc0f438bf..3e171110c8b 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -428,7 +428,7 @@ class AccountancyCategory // extends CommonObject global $conf; $sql = "SELECT t.rowid, t.account_number, t.label"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t"; - $sql .= " WHERE t.fk_accounting_category = ".$id; + $sql .= " WHERE t.fk_accounting_category = ".((int) $id); $sql .= " AND t.entity = ".$conf->entity; $this->lines_display = array(); @@ -863,7 +863,7 @@ class AccountancyCategory // extends CommonObject if (!empty($cat_id)) { $sql = "SELECT t.rowid, t.account_number, t.label as account_label"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t"; - $sql .= " WHERE t.fk_accounting_category = ".$cat_id; + $sql .= " WHERE t.fk_accounting_category = ".((int) $cat_id); $sql .= " AND t.entity = ".$conf->entity; $sql .= " ORDER BY t.account_number"; } else { diff --git a/htdocs/accountancy/class/accountancyexport.class.php b/htdocs/accountancy/class/accountancyexport.class.php index ac8c3db644b..ad3e863cc8c 100644 --- a/htdocs/accountancy/class/accountancyexport.class.php +++ b/htdocs/accountancy/class/accountancyexport.class.php @@ -1644,7 +1644,7 @@ class AccountancyExport // Get new customer invoice ref and company name $sql = 'SELECT f.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture as f'; $sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON f.fk_soc = s.rowid'; - $sql .= ' WHERE f.rowid = ' . $line->fk_doc; + $sql .= ' WHERE f.rowid = '.((int) $line->fk_doc); $resql = $this->db->query($sql); if ($resql) { if ($obj = $this->db->fetch_object($resql)) { @@ -1658,7 +1658,7 @@ class AccountancyExport // Get new supplier invoice ref and company name $sql = 'SELECT ff.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture_fourn as ff'; $sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON ff.fk_soc = s.rowid'; - $sql .= ' WHERE ff.rowid = ' . $line->fk_doc; + $sql .= ' WHERE ff.rowid = '.((int) $line->fk_doc); $resql = $this->db->query($sql); if ($resql) { if ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/accountancy/closure/index.php b/htdocs/accountancy/closure/index.php index 3ba552cdfa4..390c288b606 100644 --- a/htdocs/accountancy/closure/index.php +++ b/htdocs/accountancy/closure/index.php @@ -91,9 +91,9 @@ if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting- $sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping"; $sql .= " SET date_validated = '".$db->idate($now)."'"; - $sql .= " WHERE rowid = ".$movement->id; - $sql .= " AND doc_date >= '" . dol_print_date($date_start, 'dayrfc') . "'"; - $sql .= " AND doc_date <= '" . dol_print_date($date_end, 'dayrfc') . "'"; + $sql .= " WHERE rowid = ".((int) $movement->id); + $sql .= " AND doc_date >= '" . $db->idate($date_start) . "'"; + $sql .= " AND doc_date <= '" . $db->idate($date_end) . "'"; dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated sql=".$sql, LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index 099cecc4a71..88b199e76e3 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -61,7 +61,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { } $sql = " UPDATE ".MAIN_DB_PREFIX."facturedet"; - $sql .= " SET fk_code_ventilation = ".$codeventil; + $sql .= " SET fk_code_ventilation = ".((int) $codeventil); $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php index cf3ab77e9a1..57ce6d5d98a 100644 --- a/htdocs/accountancy/customer/index.php +++ b/htdocs/accountancy/customer/index.php @@ -207,8 +207,8 @@ if ($action == 'validatehistory') { if ($objp->aarowid_suggest > 0) { $sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facturedet"; - $sqlupdate .= " SET fk_code_ventilation = ".$objp->aarowid_suggest; - $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid; + $sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest); + $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid); $resqlupdate = $db->query($sqlupdate); if (!$resqlupdate) { diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index 200a493cfed..db270b9d2db 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -64,7 +64,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { } $sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det"; - $sql .= " SET fk_code_ventilation = ".$codeventil; + $sql .= " SET fk_code_ventilation = ".((int) $codeventil); $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index 84cd64bb44f..98decf4d27a 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -153,8 +153,8 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { $ko++; } else { $sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det"; - $sql .= " SET fk_code_ventilation = ".$monCompte; - $sql .= " WHERE rowid = ".$monId; + $sql .= " SET fk_code_ventilation = ".((int) $monCompte); + $sql .= " WHERE rowid = ".((int) $monId); $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index 9093721bff6..9878f67890c 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -421,7 +421,7 @@ if ($result) { //$tabtp[$obj->rowid][$account_pay_loan] += $obj->amount; $sqlmid = 'SELECT pl.amount_capital, pl.amount_insurance, pl.amount_interest, l.accountancy_account_capital, l.accountancy_account_insurance, l.accountancy_account_interest'; $sqlmid .= ' FROM '.MAIN_DB_PREFIX.'payment_loan as pl, '.MAIN_DB_PREFIX.'loan as l'; - $sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.$obj->rowid; + $sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.((int) $obj->rowid); dol_syslog("accountancy/journal/bankjournal.php:: sqlmid=".$sqlmid, LOG_DEBUG); $resultmid = $db->query($sqlmid); diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index eee2059c660..cd17df33776 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -64,7 +64,7 @@ if ($action == 'ventil' && $user->rights->accounting->bind->write) { } $sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; - $sql .= " SET fk_code_ventilation = ".$codeventil; + $sql .= " SET fk_code_ventilation = ".((int) $codeventil); $sql .= " WHERE rowid = ".((int) $id); $resql = $db->query($sql); diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php index 7ef09acf91a..392551708de 100644 --- a/htdocs/accountancy/supplier/index.php +++ b/htdocs/accountancy/supplier/index.php @@ -193,8 +193,8 @@ if ($action == 'validatehistory') { if ($objp->aarowid_suggest > 0) { $sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; - $sqlupdate .= " SET fk_code_ventilation = ".$objp->aarowid_suggest; - $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid; + $sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest); + $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid); $resqlupdate = $db->query($sqlupdate); if (!$resqlupdate) { diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index 087d3485a44..22004ce1545 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -177,8 +177,8 @@ if ($massaction == 'ventil') { $ko++; } else { $sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; - $sql .= " SET fk_code_ventilation = ".$monCompte; - $sql .= " WHERE rowid = ".$monId; + $sql .= " SET fk_code_ventilation = ".((int) $monCompte); + $sql .= " WHERE rowid = ".((int) $monId); $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); diff --git a/htdocs/adherents/canvas/actions_adherentcard_common.class.php b/htdocs/adherents/canvas/actions_adherentcard_common.class.php index 3c6e72cc783..2c0e1d992cc 100644 --- a/htdocs/adherents/canvas/actions_adherentcard_common.class.php +++ b/htdocs/adherents/canvas/actions_adherentcard_common.class.php @@ -273,7 +273,7 @@ abstract class ActionsAdherentCardCommon // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { - $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id; + $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index eca8668e308..79fef823883 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -692,7 +692,7 @@ class Adherent extends CommonObject $sql .= ", datevalid = '".$this->db->idate($this->datevalid)."'"; // Must be modified only when validating a member } $sql .= ", fk_user_mod = ".($user->id > 0 ? $user->id : 'null'); // Can be null because member can be create by a guest - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); // If we change the type of membership, we set also label of new type if (!empty($this->oldcopy) && $this->typeid != $this->oldcopy->typeid) { @@ -964,7 +964,7 @@ class Adherent extends CommonObject } // Remove category - $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -975,7 +975,7 @@ class Adherent extends CommonObject // Remove subscription if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1007,7 +1007,7 @@ class Adherent extends CommonObject // Remove adherent if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1154,7 +1154,7 @@ class Adherent extends CommonObject // Set link to user if ($userid > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id); - $sql .= " WHERE rowid = ".$userid; + $sql .= " WHERE rowid = ".((int) $userid); dol_syslog(get_class($this)."::setUserId", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index 460cefdeed3..b2f181e59be 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -425,7 +425,7 @@ class AdherentType extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent_type"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/adherents/class/adherentstats.class.php b/htdocs/adherents/class/adherentstats.class.php index 62d0e03e27e..1f3dbd32cb6 100644 --- a/htdocs/adherents/class/adherentstats.class.php +++ b/htdocs/adherents/class/adherentstats.class.php @@ -72,7 +72,7 @@ class AdherentStats extends Stats $this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")"; //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id; if ($this->memberid) { - $this->where .= " AND m.rowid = ".$this->memberid; + $this->where .= " AND m.rowid = ".((int) $this->memberid); } //if ($this->userid > 0) $this->where.=' AND fk_user_author = '.$this->userid; } diff --git a/htdocs/adherents/type_translation.php b/htdocs/adherents/type_translation.php index a99f1f990ad..84fe883e41f 100644 --- a/htdocs/adherents/type_translation.php +++ b/htdocs/adherents/type_translation.php @@ -15,8 +15,8 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * or see http://www.gnu.org/ + * along with this program. If not, see . + * or see https://www.gnu.org/ */ /** diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index 5b89eefc4f7..741a6157dcd 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -93,7 +93,7 @@ if ($action == 'add') { $arrayofexistingboxid = array(); $nbboxonleft = $nbboxonright = 0; $sql = "SELECT box_id, box_order FROM ".MAIN_DB_PREFIX."boxes"; - $sql .= " WHERE position = ".$pos." AND fk_user = ".$fk_user." AND entity = ".$conf->entity; + $sql .= " WHERE position = ".((int) $pos)." AND fk_user = ".((int) $fk_user)." AND entity = ".((int) $conf->entity); dol_syslog("boxes.php activate box", LOG_DEBUG); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 9d05ad00377..0f2601f0349 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -1915,10 +1915,10 @@ if ($id) { $showfield = 0; } elseif ($fieldlist[$field] == 'unicode') { $valuetoshow = $langs->getCurrencySymbol($obj->code, 1); - } elseif ($fieldlist[$field] == 'label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') { + } elseif ($fieldlist[$field] == 'label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') { $langs->load("products"); $valuetoshow = $langs->trans($obj->{$fieldlist[$field]}); - } elseif ($fieldlist[$field] == 'short_label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') { + } elseif ($fieldlist[$field] == 'short_label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') { $langs->load("products"); $valuetoshow = $langs->trans($obj->{$fieldlist[$field]}); } elseif (($fieldlist[$field] == 'unit') && ($tabname[$id] == MAIN_DB_PREFIX.'c_paper_format')) { diff --git a/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php b/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php index bf63f4c42ab..adaf82d6964 100644 --- a/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php +++ b/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php @@ -7,7 +7,7 @@ * This source file is subject to the Open Software License (OSL 3.0) * that is bundled with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: -* http://opensource.org/licenses/osl-3.0.php +* https://opensource.org/licenses/osl-3.0.php * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to license@prestashop.com so we can send you a copy immediately. @@ -16,11 +16,11 @@ * * Do not edit or add to this file if you wish to upgrade PrestaShop to newer * versions in the future. If you wish to customize PrestaShop for your -* needs please refer to http://www.prestashop.com for more information. +* needs please refer to https://www.prestashop.com for more information. * * @author PrestaShop SA * @copyright 2007-2013 PrestaShop SA -* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) +* @license https://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) * International Registered Trademark & Property of PrestaShop SA * PrestaShop Webservice Library * @package PrestaShopWebservice diff --git a/htdocs/admin/external_rss.php b/htdocs/admin/external_rss.php index 0ef302765e8..b8b412ad6f8 100644 --- a/htdocs/admin/external_rss.php +++ b/htdocs/admin/external_rss.php @@ -140,7 +140,7 @@ if (GETPOST("delete")) { $resql = $db->query($sql); $sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def"; - $sql .= " WHERE rowid = ".$obj->rowid; + $sql .= " WHERE rowid = ".((int) $obj->rowid); $resql = $db->query($sql); if (!$resql) { diff --git a/htdocs/admin/menus/index.php b/htdocs/admin/menus/index.php index 197db4c4721..4d9c85a69f9 100644 --- a/htdocs/admin/menus/index.php +++ b/htdocs/admin/menus/index.php @@ -111,13 +111,13 @@ if ($action == 'up') { } $sql = "UPDATE ".MAIN_DB_PREFIX."menu as m"; - $sql .= " SET m.position = ".$previous['order']; - $sql .= " WHERE m.rowid = ".$current['rowid']; // Up the selected entry + $sql .= " SET m.position = ".((int) $previous['order']); + $sql .= " WHERE m.rowid = ".((int) $current['rowid']); // Up the selected entry dol_syslog("admin/menus/index.php ".$sql); $db->query($sql); $sql = "UPDATE ".MAIN_DB_PREFIX."menu as m"; - $sql .= " SET m.position = ".($current['order'] != $previous['order'] ? $current['order'] : $current['order'] + 1); - $sql .= " WHERE m.rowid = ".$previous['rowid']; // Descend celui du dessus + $sql .= " SET m.position = ".((int) ($current['order'] != $previous['order'] ? $current['order'] : $current['order'] + 1)); + $sql .= " WHERE m.rowid = ".((int) $previous['rowid']); // Descend celui du dessus dol_syslog("admin/menus/index.php ".$sql); $db->query($sql); } elseif ($action == 'down') { @@ -162,13 +162,13 @@ if ($action == 'up') { } $sql = "UPDATE ".MAIN_DB_PREFIX."menu as m"; - $sql .= " SET m.position = ".($current['order'] != $next['order'] ? $next['order'] : $current['order'] + 1); // Down the selected entry - $sql .= " WHERE m.rowid = ".$current['rowid']; + $sql .= " SET m.position = ".((int) ($current['order'] != $next['order'] ? $next['order'] : $current['order'] + 1)); // Down the selected entry + $sql .= " WHERE m.rowid = ".((int) $current['rowid']); dol_syslog("admin/menus/index.php ".$sql); $db->query($sql); $sql = "UPDATE ".MAIN_DB_PREFIX."menu as m"; // Up the next entry - $sql .= " SET m.position = ".$current['order']; - $sql .= " WHERE m.rowid = ".$next['rowid']; + $sql .= " SET m.position = ".((int) $current['order']); + $sql .= " WHERE m.rowid = ".((int) $next['rowid']); dol_syslog("admin/menus/index.php ".$sql); $db->query($sql); } elseif ($action == 'confirm_delete' && $confirm == 'yes') { diff --git a/htdocs/admin/perms.php b/htdocs/admin/perms.php index 31304c85819..f08a1497181 100644 --- a/htdocs/admin/perms.php +++ b/htdocs/admin/perms.php @@ -159,8 +159,8 @@ if ($result) { // TODO Define familyposition $family = (!empty($modules[$obj->module]->family_position) ? $modules[$obj->module]->family_position : ''); $familyposition = 0; - $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".$modules[$obj->module]->module_position.","; - $sqlupdate .= " family_position = ".$familyposition; + $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".((int) $modules[$obj->module]->module_position).","; + $sqlupdate .= " family_position = ".((int) $familyposition); $sqlupdate .= " WHERE module_position = 0 AND module = '".$db->escape($obj->module)."'"; $db->query($sqlupdate); } diff --git a/htdocs/admin/sms.php b/htdocs/admin/sms.php index 9ddbc3361c8..f84425eda4d 100644 --- a/htdocs/admin/sms.php +++ b/htdocs/admin/sms.php @@ -156,7 +156,7 @@ asort($listofmethods); if (!count($listofmethods)) { $descnosms = $langs->trans("NoSmsEngine", '{Dolistore}'); - $descnosms = str_replace('{Dolistore}', 'DoliStore', $descnosms); + $descnosms = str_replace('{Dolistore}', 'DoliStore', $descnosms); print '
'.$descnosms.'
'; } diff --git a/htdocs/admin/stock.php b/htdocs/admin/stock.php index acab698f675..570ca0c2a5a 100644 --- a/htdocs/admin/stock.php +++ b/htdocs/admin/stock.php @@ -673,6 +673,17 @@ if (!empty($conf->global->MAIN_DEFAULT_WAREHOUSE_USER)) { print "\n"; print "\n"; } + +print ''; +print ''.$langs->trans("WarehouseAskWarehouseOnThirparty").''; +print ''; +if ($conf->use_javascript_ajax) { + print ajax_constantonoff('SOCIETE_ASK_FOR_WAREHOUSE'); +} else { + $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); + print $form->selectarray("SOCIETE_ASK_FOR_WAREHOUSE", $arrval, $conf->global->SOCIETE_ASK_FOR_WAREHOUSE); +} + print ''; print ''.$langs->trans("WarehouseAskWarehouseDuringPropal").''; print ''; diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index d6b8b2f9f66..315673f1582 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -168,7 +168,7 @@ if ($action == 'add') { // Delete line from delete picto if ($action == 'delete') { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."overwrite_trans WHERE rowid = ".$db->escape($id); + $sql = "DELETE FROM ".MAIN_DB_PREFIX."overwrite_trans WHERE rowid = ".((int) $id); $result = $db->query($sql); if ($result >= 0) { setEventMessages($langs->trans("RecordDeleted"), null, 'mesgs'); diff --git a/htdocs/api/class/api_setup.class.php b/htdocs/api/class/api_setup.class.php index 674cc53b69f..064fb6ad359 100644 --- a/htdocs/api/class/api_setup.class.php +++ b/htdocs/api/class/api_setup.class.php @@ -73,7 +73,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, libelle as label, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_input_method as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -136,7 +136,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, label, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_input_reason as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -539,7 +539,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, label"; $sql .= " FROM ".MAIN_DB_PREFIX."c_availability as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -648,7 +648,7 @@ class Setup extends DolibarrApi $sql = "SELECT id, code, type, libelle as label, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_actioncomm as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if ($type) { $sql .= " AND t.type LIKE '%".$this->db->escape($type)."%'"; } @@ -714,7 +714,7 @@ class Setup extends DolibarrApi $sql = "SELECT id, code, label, accountancy_code, active, module, position"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if ($module) { $sql .= " AND t.module LIKE '%".$this->db->escape($module)."%'"; } @@ -778,7 +778,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, element as type, libelle as label, source, module, position"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_contact as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if ($type) { $sql .= " AND type LIKE '%".$this->db->escape($type)."%'"; } @@ -843,7 +843,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, label, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_civility as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if ($module) { $sql .= " AND t.module LIKE '%".$this->db->escape($module)."%'"; } @@ -911,7 +911,7 @@ class Setup extends DolibarrApi $sql .= " JOIN ".MAIN_DB_PREFIX."multicurrency as m ON m.code=t.code_iso"; $sql .= " JOIN ".MAIN_DB_PREFIX."multicurrency_rate as cr ON (m.rowid = cr.fk_multicurrency)"; } - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if (!empty($multicurrency)) { $sql .= " AND m.entity IN (".getEntity('multicurrency').")"; if (!empty($multicurrency) && $multicurrency != 2) { @@ -1242,7 +1242,7 @@ class Setup extends DolibarrApi //TODO link with multicurrency module $sql = "SELECT t.rowid, t.code, t.label,t.short_label, t.active, t.scale, t.unit_type"; $sql .= " FROM ".MAIN_DB_PREFIX."c_units as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -1365,7 +1365,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, pos, label, use_default, description"; $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_category as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -1423,7 +1423,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, pos, label, use_default, color, description"; $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_severity as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { diff --git a/htdocs/asset/class/asset_type.class.php b/htdocs/asset/class/asset_type.class.php index 17943f4dfd4..99205d2b3f3 100644 --- a/htdocs/asset/class/asset_type.class.php +++ b/htdocs/asset/class/asset_type.class.php @@ -238,7 +238,7 @@ class AssetType extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."asset_type"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/cashdesk/affContenu.php b/htdocs/cashdesk/affContenu.php index 7d9af18913e..d8e31f3b9c9 100644 --- a/htdocs/cashdesk/affContenu.php +++ b/htdocs/cashdesk/affContenu.php @@ -26,7 +26,7 @@ require_once 'class/Facturation.class.php'; // Si nouvelle vente, reinitialisation des donnees (destruction de l'objet et vidage de la table contenant la liste des articles) -if ($_GET['id'] == 'NOUV') { +if (GETPOST('id', 'int') == 'NOUV') { unset($_SESSION['serObjFacturation']); unset($_SESSION['poscart']); } diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 94a1b89de8f..1f467b507d1 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -604,7 +604,7 @@ class Categorie extends CommonObject /* FIX #1317 : Check for child category and move up 1 level*/ if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."categorie"; - $sql .= " SET fk_parent = ".$this->fk_parent; + $sql .= " SET fk_parent = ".((int) $this->fk_parent); $sql .= " WHERE fk_parent = ".$this->id; if (!$this->db->query($sql)) { @@ -869,7 +869,7 @@ class Categorie extends CommonObject public function containsObject($type, $object_id) { $sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); - $sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".$object_id; + $sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id); dol_syslog(get_class($this)."::containsObject", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 4bef5ddcd16..715da90f3a7 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -1367,7 +1367,7 @@ class ActionComm extends CommonObject $sql .= ' fk_user_author,'; $sql .= ' fk_user_mod'; $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a'; - $sql .= ' WHERE a.id = '.$id; + $sql .= ' WHERE a.id = '.((int) $id); dol_syslog(get_class($this)."::info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index f907bd98f58..00c5c946326 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -149,7 +149,7 @@ if (empty($reshook)) { // or sent in error (statut=-1) $sql = "SELECT mc.rowid, mc.fk_mailing, mc.lastname, mc.firstname, mc.email, mc.other, mc.source_url, mc.source_id, mc.source_type, mc.tag"; $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc"; - $sql .= " WHERE mc.statut < 1 AND mc.fk_mailing = ".$object->id; + $sql .= " WHERE mc.statut < 1 AND mc.fk_mailing = ".((int) $object->id); $sql .= " ORDER BY mc.statut DESC"; // first status 0, then status -1 dol_syslog("card.php: select targets", LOG_DEBUG); diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php index 063fb6c7f00..90132557f38 100644 --- a/htdocs/comm/mailing/class/advtargetemailing.class.php +++ b/htdocs/comm/mailing/class/advtargetemailing.class.php @@ -284,9 +284,9 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t"; if (!empty($id)) { - $sql .= " WHERE t.fk_element = ".$id." AND type_element='mailing'"; + $sql .= " WHERE t.fk_element = ".((int) $id)." AND type_element = 'mailing'"; } else { - $sql .= " WHERE t.fk_element = ".$this->fk_element." AND type_element='mailing'"; + $sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = 'mailing'"; } dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); @@ -347,9 +347,9 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t"; if (!empty($id)) { - $sql .= " WHERE t.fk_element = ".$id." AND type_element='$type_element'"; + $sql .= " WHERE t.fk_element = ".((int) $id)." AND type_element = '".$this->db->escape($type_element)."'"; } else { - $sql .= " WHERE t.fk_element = ".$this->fk_element." AND type_element='$type_element'"; + $sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = '".$this->db->escape($type_element)."'"; } dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); diff --git a/htdocs/comm/mailing/class/mailing.class.php b/htdocs/comm/mailing/class/mailing.class.php index 251550bdded..aed8bd1431f 100644 --- a/htdocs/comm/mailing/class/mailing.class.php +++ b/htdocs/comm/mailing/class/mailing.class.php @@ -427,7 +427,7 @@ class Mailing extends CommonObject $sql .= " source_id ,"; $sql .= " source_type"; $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$fromid; + $sql .= " WHERE fk_mailing = ".((int) $fromid); $result = $this->db->query($sql); if ($result) { @@ -499,7 +499,7 @@ class Mailing extends CommonObject public function delete($rowid) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing"; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog("Mailing::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index fbef40290b4..4c4881472c8 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -644,7 +644,7 @@ if (empty($reshook)) { if ($object->statut == $object::STATUS_VALIDATED) { $db->begin(); - $result = $object->cloture($user, GETPOST('statut', 'int'), GETPOST('note_private', 'restricthtml')); + $result = $object->signature($user, GETPOST('statut', 'int'), GETPOST('note_private', 'restricthtml')); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); $error++; diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 0460caf21f5..5ffe0f362c7 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -140,6 +140,16 @@ class Propal extends CommonObject */ public $date_validation; + /** + * @var integer|string $date_signature; + */ + public $date_signature; + + /** + * @var User $user_signature + */ + public $user_signature; + /** * @var integer|string date of the quote; */ @@ -1232,7 +1242,7 @@ class Propal extends CommonObject /*if (! $error && $this->fk_delivery_address) { $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; - $sql.= " SET fk_delivery_address = ".$this->fk_delivery_address; + $sql.= " SET fk_delivery_address = ".((int) $this->fk_delivery_address); $sql.= " WHERE ref = '".$this->db->escape($this->ref)."'"; $sql.= " AND entity = ".setEntity($this); @@ -2203,7 +2213,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; - $sql .= " SET fk_input_reason = ".$id; + $sql .= " SET fk_input_reason = ".((int) $id); $sql .= " WHERE rowid = ".$this->id; dol_syslog(__METHOD__, LOG_DEBUG); @@ -2322,13 +2332,13 @@ class Propal extends CommonObject $remise = trim($remise) ?trim($remise) : 0; if (!empty($user->rights->propal->creer)) { - $remise = price2num($remise); + $remise = price2num($remise, 2); $error = 0; $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".$remise; + $sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".((float) $remise); $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); @@ -2380,17 +2390,18 @@ class Propal extends CommonObject public function set_remise_absolue($user, $remise, $notrigger = 0) { // phpcs:enable - $remise = trim($remise) ?trim($remise) : 0; + if (empty($remise)) { + $remise = 0; + } + $remise = price2num($remise); if (!empty($user->rights->propal->creer)) { - $remise = price2num($remise); - $error = 0; $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."propal "; - $sql .= " SET remise_absolue = ".$remise; + $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; + $sql .= " SET remise_absolue = ".((float) $remise); $sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); @@ -2435,19 +2446,17 @@ class Propal extends CommonObject * Reopen the commercial proposal * * @param User $user Object user that close - * @param int $statut Statut + * @param int $status Status * @param string $note Comment * @param int $notrigger 1=Does not execute triggers, 0= execute triggers * @return int <0 if KO, >0 if OK */ - public function reopen($user, $statut, $note = '', $notrigger = 0) + public function reopen($user, $status, $note = '', $notrigger = 0) { - - $this->statut = $statut; $error = 0; $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; - $sql .= " SET fk_statut = ".$this->statut.","; + $sql .= " SET fk_statut = ".$status.","; if (!empty($note)) { $sql .= " note_private = '".$this->db->escape($note)."',"; } @@ -2484,11 +2493,105 @@ class Propal extends CommonObject $this->db->rollback(); return -1 * $error; } else { + $this->statut = $status; + $this->status = $status; + $this->db->commit(); return 1; } } + /** + * Sign the commercial proposal + * + * @param User $user Object user that close + * @param int $statut Status + * @param string $note Complete private note with this note + * @param int $notrigger 1=Does not execute triggers, 0=Execute triggers + * @return int <0 if KO, >0 if OK + */ + public function signature($user, $statut, $note = '', $notrigger = 0) + { + global $langs,$conf; + + $error = 0; + $now = dol_now(); + + $this->db->begin(); + + $newprivatenote = dol_concatdesc($this->note_private, $note); + + $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; + $sql .= " SET fk_statut = ".$statut.", note_private = '".$this->db->escape($newprivatenote)."', date_signature='".$this->db->idate($now)."', fk_user_signature=".$user->id; + $sql .= " WHERE rowid = ".$this->id; + + $resql = $this->db->query($sql); + if ($resql) { + $modelpdf = $conf->global->PROPALE_ADDON_PDF_ODT_CLOSED ? $conf->global->PROPALE_ADDON_PDF_ODT_CLOSED : $this->model_pdf; + $trigger_name = 'PROPAL_CLOSE_REFUSED'; + + if ($statut == self::STATUS_SIGNED) { + $trigger_name = 'PROPAL_CLOSE_SIGNED'; + $modelpdf = $conf->global->PROPALE_ADDON_PDF_ODT_TOBILL ? $conf->global->PROPALE_ADDON_PDF_ODT_TOBILL:$this->model_pdf; + + // The connected company is classified as a client + $soc=new Societe($this->db); + $soc->id = $this->socid; + $result = $soc->set_as_client(); + + if ($result < 0) { + $this->error=$this->db->lasterror(); + $this->db->rollback(); + return -2; + } + } + + if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) { + // Define output language + $outputlangs = $langs; + if (!empty($conf->global->MAIN_MULTILANGS)) { + $outputlangs = new Translate("", $conf); + $newlang = (GETPOST('lang_id', 'aZ09') ? GETPOST('lang_id', 'aZ09') : $this->thirdparty->default_lang); + $outputlangs->setDefaultLang($newlang); + } + + //$ret=$object->fetch($id); // Reload to get new records + $this->generateDocument($modelpdf, $outputlangs); + } + + if (!$error) { + $this->oldcopy= clone $this; + $this->statut = $statut; + $this->date_signature = $now; + $this->note_private = $newprivatenote; + } + + if (!$notrigger && empty($error)) { + // Call trigger + $result=$this->call_trigger($trigger_name, $user); + if ($result < 0) { + $error++; + } + // End call triggers + } + + if (!$error ) { + $this->db->commit(); + return 1; + } else { + $this->statut = $this->oldcopy->statut; + $this->date_signature = $this->oldcopy->date_signature; + $this->note_private = $this->oldcopy->note_private; + + $this->db->rollback(); + return -1; + } + } else { + $this->error=$this->db->lasterror(); + $this->db->rollback(); + return -1; + } + } /** * Close the commercial proposal @@ -2511,7 +2614,7 @@ class Propal extends CommonObject $newprivatenote = dol_concatdesc($this->note_private, $note); $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; - $sql .= " SET fk_statut = ".$status.", note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; + $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; $sql .= " WHERE rowid = ".$this->id; $resql = $this->db->query($sql); @@ -2884,7 +2987,7 @@ class Propal extends CommonObject // Delete extrafields of lines and lines if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; - $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")"; + $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; if (!$this->db->query($sqlef) || !$this->db->query($sql)) { $error++; @@ -2995,7 +3098,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal'; - $sql .= ' SET fk_availability = '.$availability_id; + $sql .= ' SET fk_availability = '.((int) $availability_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__.' availability('.$availability_id.')', LOG_DEBUG); @@ -3059,7 +3162,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal'; - $sql .= ' SET fk_input_reason = '.$demand_reason_id; + $sql .= ' SET fk_input_reason = '.((int) $demand_reason_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__.' demand_reason('.$demand_reason_id.')', LOG_DEBUG); @@ -3113,8 +3216,8 @@ class Propal extends CommonObject public function info($id) { $sql = "SELECT c.rowid, "; - $sql .= " c.datec, c.date_valid as datev, c.date_cloture as dateo,"; - $sql .= " c.fk_user_author, c.fk_user_valid, c.fk_user_cloture"; + $sql .= " c.datec, c.date_valid as datev, c.date_signature, c.date_cloture as dateo,"; + $sql .= " c.fk_user_author, c.fk_user_valid, c.fk_user_signature, c.fk_user_cloture"; $sql .= " FROM ".MAIN_DB_PREFIX."propal as c"; $sql .= " WHERE c.rowid = ".((int) $id); @@ -3128,6 +3231,7 @@ class Propal extends CommonObject $this->date_creation = $this->db->jdate($obj->datec); $this->date_validation = $this->db->jdate($obj->datev); + $this->date_signature = $this->db->jdate($obj->date_signature); $this->date_cloture = $this->db->jdate($obj->dateo); $cuser = new User($this->db); @@ -3140,6 +3244,12 @@ class Propal extends CommonObject $this->user_validation = $vuser; } + if ($obj->fk_user_signature) { + $user_signature = new User($this->db); + $user_signature->fetch($obj->fk_user_signature); + $this->user_signature = $user_signature; + } + if ($obj->fk_user_cloture) { $cluser = new User($this->db); $cluser->fetch($obj->fk_user_cloture); diff --git a/htdocs/comm/propal/class/propalestats.class.php b/htdocs/comm/propal/class/propalestats.class.php index f64bc31c6ac..a06945a09a6 100644 --- a/htdocs/comm/propal/class/propalestats.class.php +++ b/htdocs/comm/propal/class/propalestats.class.php @@ -100,18 +100,18 @@ class PropaleStats extends Stats $this->where .= " AND p.fk_soc = ".$this->socid; } if ($this->userid > 0) { - $this->where .= ' AND fk_user_author = '.$this->userid; + $this->where .= ' AND fk_user_author = '.((int) $this->userid); } if ($typentid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = p.fk_soc'; - $this->where .= ' AND s.fk_typent = '.$typentid; + $this->where .= ' AND s.fk_typent = '.((int) $typentid); } if ($categid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cs ON cs.fk_soc = p.fk_soc'; $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as c ON c.rowid = cs.fk_categorie'; - $this->where .= ' AND c.rowid = '.$categid; + $this->where .= ' AND c.rowid = '.((int) $categid); } } diff --git a/htdocs/comm/remise.php b/htdocs/comm/remise.php index 93876fdde96..f9cec9d11c1 100644 --- a/htdocs/comm/remise.php +++ b/htdocs/comm/remise.php @@ -66,7 +66,7 @@ if (GETPOST('action', 'aZ09') == 'setremise') { header("Location: ".$backtopage); exit; } else { - header("Location: remise.php?id=".$_GET["id"]); + header("Location: remise.php?id=".GETPOST("id", 'int')); exit; } } else { diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 4585c2dffb2..a1cebf0db4b 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -423,7 +423,7 @@ if (empty($reshook)) { $originidforcontact=$srcobject->origin_id; } $sqlcontact = "SELECT code, fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'"; + $sqlcontact.= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'"; $resqlcontact = $db->query($sqlcontact); if ($resqlcontact) diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index d6a63f83f27..635e561eaef 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -1113,7 +1113,7 @@ class Commande extends CommonOrder } $sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; + $sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; $resqlcontact = $this->db->query($sqlcontact); if ($resqlcontact) { @@ -2331,7 +2331,7 @@ class Commande extends CommonOrder $sql = "SELECT fk_product, qty"; $sql .= " FROM ".MAIN_DB_PREFIX."commandedet"; - $sql .= " WHERE rowid = ".$lineid; + $sql .= " WHERE rowid = ".((int) $lineid); $result = $this->db->query($sql); if ($result) { @@ -2417,7 +2417,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET remise_percent = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;'; + $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2468,18 +2468,20 @@ class Commande extends CommonOrder public function set_remise_absolue($user, $remise, $notrigger = 0) { // phpcs:enable - $remise = trim($remise) ?trim($remise) : 0; + if (empty($remise)) { + $remise = 0; + } + + $remise = price2num($remise); if ($user->rights->commande->creer) { $error = 0; $this->db->begin(); - $remise = price2num($remise); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; - $sql .= ' SET remise_absolue = '.$remise; - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;'; + $sql .= ' SET remise_absolue = '.((float) $remise); + $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2741,7 +2743,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; - $sql .= ' SET fk_availability = '.$availability_id; + $sql .= ' SET fk_availability = '.((int) $availability_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); @@ -2805,7 +2807,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; - $sql .= ' SET fk_input_reason = '.$demand_reason_id; + $sql .= ' SET fk_input_reason = '.((int) $demand_reason_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); diff --git a/htdocs/commande/class/commandestats.class.php b/htdocs/commande/class/commandestats.class.php index a266dc0c4cf..85036543e18 100644 --- a/htdocs/commande/class/commandestats.class.php +++ b/htdocs/commande/class/commandestats.class.php @@ -100,13 +100,13 @@ class CommandeStats extends Stats if ($typentid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = c.fk_soc'; - $this->where .= ' AND s.fk_typent = '.$typentid; + $this->where .= ' AND s.fk_typent = '.((int) $typentid); } if ($categid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cats ON cats.fk_soc = c.fk_soc'; $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as cat ON cat.rowid = cats.fk_categorie'; - $this->where .= ' AND cat.rowid = '.$categid; + $this->where .= ' AND cat.rowid = '.((int) $categid); } } diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index 33d4bc37aed..48335d38964 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -570,13 +570,13 @@ if ($action == 'create') { /* */ /* ************************************************************************** */ - if (($_GET["id"] || $_GET["ref"]) && $action != 'edit') { + if ((GETPOST("id", 'int') || GETPOST("ref")) && $action != 'edit') { $object = new Account($db); - if ($_GET["id"]) { - $object->fetch($_GET["id"]); + if (GETPOST("id", 'int')) { + $object->fetch(GETPOST("id", 'int')); } - if ($_GET["ref"]) { - $object->fetch(0, $_GET["ref"]); + if (GETPOST("ref")) { + $object->fetch(0, GETPOST("ref")); $_GET["id"] = $object->id; } diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 451f855a5fe..943fef0c32a 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -451,9 +451,9 @@ class Account extends CommonObject $sql = "SELECT fk_bank, url_id, url, label, type"; $sql .= " FROM ".MAIN_DB_PREFIX."bank_url"; if ($fk_bank > 0) { - $sql .= " WHERE fk_bank = ".$fk_bank; + $sql .= " WHERE fk_bank = ".((int) $fk_bank); } else { - $sql .= " WHERE url_id = ".$url_id." AND type = '".$this->db->escape($type)."'"; + $sql .= " WHERE url_id = ".((int) $url_id)." AND type = '".$this->db->escape($type)."'"; } $sql .= " ORDER BY type, label"; @@ -2435,7 +2435,7 @@ class AccountLine extends CommonObject $type = 'bank'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/compta/bank/class/api_bankaccounts.class.php b/htdocs/compta/bank/class/api_bankaccounts.class.php index be37ec23403..23c739064f8 100644 --- a/htdocs/compta/bank/class/api_bankaccounts.class.php +++ b/htdocs/compta/bank/class/api_bankaccounts.class.php @@ -425,7 +425,7 @@ class BankAccounts extends DolibarrApi } $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."bank "; - $sql .= " WHERE fk_account = ".$id; + $sql .= " WHERE fk_account = ".((int) $id); // Add sql filters if ($sqlfilters) { diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index dccdcd5cd24..d9d50d74421 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -572,7 +572,7 @@ class PaymentVarious extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; $result = $this->db->query($sql); if ($result) { @@ -783,7 +783,7 @@ class PaymentVarious extends CommonObject $type = 'bank'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$banklineid; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $banklineid); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/compta/bank/line.php b/htdocs/compta/bank/line.php index 292a61e8bc6..bfea7c74b60 100644 --- a/htdocs/compta/bank/line.php +++ b/htdocs/compta/bank/line.php @@ -107,7 +107,7 @@ if ($user->rights->banque->consolidate && $action == 'donext') { if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->banque->modifier) { $cat1 = GETPOST("cat1", 'int'); if (!empty($rowid) && !empty($cat1)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".$cat1; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".((int) $rowid)." AND fk_categ = ".((int) $cat1); if (!$db->query($sql)) { dol_print_error($db); } @@ -174,7 +174,7 @@ if ($user->rights->banque->modifier && $action == "update") { } } $sql .= " fk_account = ".$actarget->id; - $sql .= " WHERE rowid = ".$acline->id; + $sql .= " WHERE rowid = ".((int) $acline->id); $result = $db->query($sql); if (!$result) { @@ -183,14 +183,14 @@ if ($user->rights->banque->modifier && $action == "update") { if (!$error) { $arrayofcategs = GETPOST('custcats', 'array'); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".((int) $rowid); if (!$db->query($sql)) { $error++; dol_print_error($db); } if (count($arrayofcategs)) { foreach ($arrayofcategs as $val) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".$val.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".((int) $rowid).", ".((int) $val).")"; if (!$db->query($sql)) { $error++; dol_print_error($db); @@ -229,9 +229,9 @@ if ($user->rights->banque->consolidate && ($action == 'num_releve' || $action == if (empty($num_rel)) { $sql .= ", rappro = 0"; } else { - $sql .= ", rappro = ".$rappro; + $sql .= ", rappro = ".((int) $rappro); } - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog("line.php", LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index dc71a1d2d27..c607f0f922c 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -179,7 +179,8 @@ $sqlrequestforbankline = $sql; if ($action == 'confirm_editbankreceipt' && !empty($oldbankreceipt) && !empty($newbankreceipt)) { // TODO Add a test to check newbankreceipt does not exists yet - $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.$id; + $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank'; + $sqlupdate .= ' SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.((int) $id); $result = $db->query($sqlupdate); if ($result < 0) { dol_print_error($db); @@ -231,7 +232,7 @@ if (empty($numref)) { // List of all standing receipts $sql = "SELECT DISTINCT(b.num_releve) as numr"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; - $sql .= " WHERE b.fk_account = ".$object->id; + $sql .= " WHERE b.fk_account = ".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); // Count total nb of records diff --git a/htdocs/compta/cashcontrol/cashcontrol_card.php b/htdocs/compta/cashcontrol/cashcontrol_card.php index ccaa0158af2..26949590334 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_card.php +++ b/htdocs/compta/cashcontrol/cashcontrol_card.php @@ -304,7 +304,7 @@ if ($action == "create" || $action == "start" || $action == 'close') { if ($bankid > 0) { $sql = "SELECT SUM(amount) as total FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_account = ".$bankid; + $sql .= " WHERE fk_account = ".((int) $bankid); if ($syear && !$smonth) { $sql .= " AND dateo < '".$db->idate(dol_get_first_day($syear, 1))."'"; } elseif ($syear && $smonth && !$sday) { diff --git a/htdocs/compta/cashcontrol/class/cashcontrol.class.php b/htdocs/compta/cashcontrol/class/cashcontrol.class.php index 1563309a3c4..cfd201e3ec4 100644 --- a/htdocs/compta/cashcontrol/class/cashcontrol.class.php +++ b/htdocs/compta/cashcontrol/class/cashcontrol.class.php @@ -213,7 +213,7 @@ class CashControl extends CommonObject if (!$error) { $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."pos_cash_fence"); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'pos_cash_fence SET ref = rowid where rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'pos_cash_fence SET ref = rowid where rowid = '.((int) $this->id); $this->db->query($sql); } diff --git a/htdocs/compta/charges/index.php b/htdocs/compta/charges/index.php index d3604b0d7cc..f171546f6c1 100644 --- a/htdocs/compta/charges/index.php +++ b/htdocs/compta/charges/index.php @@ -405,7 +405,7 @@ while ($j < $numlt) { $sql = "SELECT pv.rowid, pv.amount, pv.label, pv.datev as dm, pv.datep as dp"; $sql .= " FROM ".MAIN_DB_PREFIX."localtax as pv"; - $sql .= " WHERE pv.entity = ".$conf->entity." AND localtaxtype = ".$j; + $sql .= " WHERE pv.entity = ".$conf->entity." AND localtaxtype = ".((int) $j); if ($year > 0) { // Si period renseignee on l'utilise comme critere de date, sinon on prend date echeance, // ceci afin d'etre compatible avec les cas ou la periode n'etait pas obligatoire diff --git a/htdocs/compta/deplacement/class/deplacement.class.php b/htdocs/compta/deplacement/class/deplacement.class.php index c34d89bfa2f..1972e3f686e 100644 --- a/htdocs/compta/deplacement/class/deplacement.class.php +++ b/htdocs/compta/deplacement/class/deplacement.class.php @@ -239,12 +239,12 @@ class Deplacement extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."deplacement "; - $sql .= " SET km = ".$this->km; // This is a distance or amount + $sql .= " SET km = ".((float) $this->km); // This is a distance or amount $sql .= " , dated = '".$this->db->idate($this->date)."'"; $sql .= " , type = '".$this->db->escape($this->type)."'"; $sql .= " , fk_statut = '".$this->db->escape($this->statut)."'"; - $sql .= " , fk_user = ".$this->fk_user; - $sql .= " , fk_user_modif = ".$user->id; + $sql .= " , fk_user = ".((int) $this->fk_user); + $sql .= " , fk_user_modif = ".((int) $user->id); $sql .= " , fk_soc = ".($this->socid > 0 ? $this->socid : 'null'); $sql .= " , note_private = ".($this->note_private ? "'".$this->db->escape($this->note_private)."'" : "null"); $sql .= " , note_public = ".($this->note_public ? "'".$this->db->escape($this->note_public)."'" : "null"); @@ -441,7 +441,7 @@ class Deplacement extends CommonObject $sql = "SELECT id, code, label"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees"; - $sql .= " WHERE active = ".$active; + $sql .= " WHERE active = ".((int) $active); dol_syslog(get_class($this)."::listOfTypes", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/deplacement/class/deplacementstats.class.php b/htdocs/compta/deplacement/class/deplacementstats.class.php index 64cee98c33b..cf712f49333 100644 --- a/htdocs/compta/deplacement/class/deplacementstats.class.php +++ b/htdocs/compta/deplacement/class/deplacementstats.class.php @@ -102,7 +102,7 @@ class DeplacementStats extends Stats { $sql = "SELECT MONTH(dated) as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(dated) = ".$year; + $sql .= " WHERE YEAR(dated) = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index b891ae6eec7..69f5baa8600 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -1743,7 +1743,7 @@ if (empty($reshook)) { $originidforcontact=$srcobject->origin_id; } $sqlcontact = "SELECT code, fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'"; + $sqlcontact.= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'"; $resqlcontact = $db->query($sqlcontact); if ($resqlcontact) @@ -3091,7 +3091,7 @@ if ($action == 'create') { $sql = 'SELECT r.rowid, r.titre as title, r.total_ttc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture_rec as r'; - $sql .= ' WHERE r.fk_soc = '.$invoice_predefined->socid; + $sql .= ' WHERE r.fk_soc = '.((int) $invoice_predefined->socid); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/compta/facture/class/api_invoices.class.php b/htdocs/compta/facture/class/api_invoices.class.php index 9c224b057ab..87bcbe12b3e 100644 --- a/htdocs/compta/facture/class/api_invoices.class.php +++ b/htdocs/compta/facture/class/api_invoices.class.php @@ -1142,7 +1142,7 @@ class Invoices extends DolibarrApi $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_facture_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_facture = ".$this->invoice->id; + $sql .= " WHERE fk_facture = ".((int) $this->invoice->id); $resql = $this->db->query($sql); if (!empty($resql)) { while ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php index 674b5917b17..eea700527ec 100644 --- a/htdocs/compta/facture/class/facture-rec.class.php +++ b/htdocs/compta/facture/class/facture-rec.class.php @@ -762,12 +762,12 @@ class FactureRec extends CommonInvoice $main = MAIN_DB_PREFIX.'facturedet_rec'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_facture = $rowid)"; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid); dol_syslog($sqlef); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet_rec WHERE fk_facture = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet_rec WHERE fk_facture = ".((int) $rowid); dol_syslog($sql); if ($this->db->query($sqlef) && $this->db->query($sql)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."facture_rec WHERE rowid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."facture_rec WHERE rowid = ".((int) $rowid); dol_syslog($sql); if ($this->db->query($sql)) { // Delete linked object @@ -1151,7 +1151,7 @@ class FactureRec extends CommonInvoice $sql .= ', multicurrency_total_ht = '.$multicurrency_total_ht; $sql .= ', multicurrency_total_tva = '.$multicurrency_total_tva; $sql .= ', multicurrency_total_ttc = '.$multicurrency_total_ttc; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::updateline", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1808,7 +1808,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET nb_gen_max = '.$nb; + $sql .= ' SET nb_gen_max = '.((int) $nb); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG); @@ -1835,7 +1835,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET auto_validate = '.$validate; + $sql .= ' SET auto_validate = '.((int) $validate); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); @@ -1862,7 +1862,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET generate_pdf = '.$validate; + $sql .= ' SET generate_pdf = '.((int) $validate); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setGeneratePdf", LOG_DEBUG); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 960ff8f413f..74e2f380d91 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -751,7 +751,7 @@ class Facture extends CommonInvoice } $sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; + $sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; $resqlcontact = $this->db->query($sqlcontact); if ($resqlcontact) { @@ -2233,7 +2233,7 @@ class Facture extends CommonInvoice if (!$error) { // If invoice was converted into a discount not yet consumed, we remove discount $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'societe_remise_except'; - $sql .= ' WHERE fk_facture_source = '.$rowid; + $sql .= ' WHERE fk_facture_source = '.((int) $rowid); $sql .= ' AND fk_facture_line IS NULL'; $resql = $this->db->query($sql); @@ -2282,9 +2282,9 @@ class Facture extends CommonInvoice // Invoice line extrafileds $main = MAIN_DB_PREFIX.'facturedet'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_facture = $rowid)"; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid).")"; // Delete invoice line - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facturedet WHERE fk_facture = '.$rowid; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facturedet WHERE fk_facture = '.((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); @@ -3585,8 +3585,7 @@ class Facture extends CommonInvoice { $sql = 'SELECT fd.situation_percent FROM '.MAIN_DB_PREFIX.'facturedet fd INNER JOIN '.MAIN_DB_PREFIX.'facture f ON (fd.fk_facture = f.rowid) - WHERE fd.fk_prev_id = '.$idline.' - AND f.fk_statut <> 0'; + WHERE fd.fk_prev_id = '.((int) $idline).' AND f.fk_statut <> 0'; $result = $this->db->query($sql); if (!$result) { @@ -3663,7 +3662,7 @@ class Facture extends CommonInvoice // Libere remise liee a ligne de facture $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_facture_line = NULL'; - $sql .= ' WHERE fk_facture_line = '.$rowid; + $sql .= ' WHERE fk_facture_line = '.((int) $rowid); dol_syslog(get_class($this)."::deleteline", LOG_DEBUG); $result = $this->db->query($sql); @@ -3804,7 +3803,7 @@ class Facture extends CommonInvoice $remise = price2num($remise); $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture'; - $sql .= ' SET remise_absolue = '.$remise; + $sql .= ' SET remise_absolue = '.((float) $remise); $sql .= ' WHERE rowid = '.$this->id; $sql .= ' AND fk_statut = '.self::STATUS_DRAFT; @@ -4576,7 +4575,7 @@ class Facture extends CommonInvoice global $conf; $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'facture'; - $sql .= ' WHERE situation_cycle_ref = '.$this->situation_cycle_ref; + $sql .= ' WHERE situation_cycle_ref = '.((int) $this->situation_cycle_ref); $sql .= ' AND situation_counter < '.$this->situation_counter; $sql .= ' AND entity = '.($this->entity > 0 ? $this->entity : $conf->entity); $resql = $this->db->query($sql); @@ -4610,7 +4609,7 @@ class Facture extends CommonInvoice $this->db->begin(); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -4655,7 +4654,7 @@ class Facture extends CommonInvoice if (!empty($this->situation_cycle_ref)) { // No point in testing anything if we're not inside a cycle $sql = 'SELECT max(situation_counter) FROM '.MAIN_DB_PREFIX.'facture'; - $sql .= ' WHERE situation_cycle_ref = '.$this->situation_cycle_ref; + $sql .= ' WHERE situation_cycle_ref = '.((int) $this->situation_cycle_ref); $sql .= ' AND entity = '.($this->entity > 0 ? $this->entity : $conf->entity); $resql = $this->db->query($sql); diff --git a/htdocs/compta/facture/class/facturestats.class.php b/htdocs/compta/facture/class/facturestats.class.php index 47644e4b13e..31c4704bb77 100644 --- a/htdocs/compta/facture/class/facturestats.class.php +++ b/htdocs/compta/facture/class/facturestats.class.php @@ -105,13 +105,13 @@ class FactureStats extends Stats if ($typentid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = f.fk_soc'; - $this->where .= ' AND s.fk_typent = '.$typentid; + $this->where .= ' AND s.fk_typent = '.((int) $typentid); } if ($categid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cs ON cs.fk_soc = f.fk_soc'; $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as c ON c.rowid = cs.fk_categorie'; - $this->where .= ' AND c.rowid = '.$categid; + $this->where .= ' AND c.rowid = '.((int) $categid); } } diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index a3c5fb08133..0f595fdc984 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -382,7 +382,7 @@ if ($massaction == 'makepayment') { $rsql .= " , u.rowid as user_id, u.lastname, u.firstname, u.login"; $rsql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; $rsql .= " , ".MAIN_DB_PREFIX."user as u"; - $rsql .= " WHERE fk_facture = ".$objecttmp->id; + $rsql .= " WHERE fk_facture = ".((int) $objecttmp->id); $rsql .= " AND pfd.fk_user_demande = u.rowid"; $rsql .= " AND pfd.traite = 0"; $rsql .= " ORDER BY pfd.date_demande DESC"; diff --git a/htdocs/compta/localtax/class/localtax.class.php b/htdocs/compta/localtax/class/localtax.class.php index 46b2b2b7805..2adfe41330b 100644 --- a/htdocs/compta/localtax/class/localtax.class.php +++ b/htdocs/compta/localtax/class/localtax.class.php @@ -559,8 +559,8 @@ class Localtax extends CommonObject public function update_fk_bank($id) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.$id; - $sql .= ' WHERE rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.((int) $id); + $sql .= ' WHERE rowid = '.((int) $this->id); $result = $this->db->query($sql); if ($result) { return 1; diff --git a/htdocs/compta/localtax/list.php b/htdocs/compta/localtax/list.php index dd77938366a..6590e250832 100644 --- a/htdocs/compta/localtax/list.php +++ b/htdocs/compta/localtax/list.php @@ -54,7 +54,7 @@ print load_fiche_titre($langs->transcountry($ltt == 2 ? "LT2Payments" : "LT1Paym $sql = "SELECT rowid, amount, label, f.datev, f.datep"; $sql .= " FROM ".MAIN_DB_PREFIX."localtax as f "; -$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype = ".$db->escape($ltt); +$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype = ".((int) $ltt); $sql .= " ORDER BY datev DESC"; $result = $db->query($sql); diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php index 8af9d5a6543..489d4c7cec0 100644 --- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php @@ -236,8 +236,8 @@ class RemiseCheque extends CommonObject if ($checkremise) { $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; - $sql .= " SET fk_bordereau = ".$this->id; - $sql .= " WHERE rowid = ".$lineid; + $sql .= " SET fk_bordereau = ".((int) $this->id); + $sql .= " WHERE rowid = ".((int) $lineid); $resql = $this->db->query($sql); if (!$resql) { @@ -746,7 +746,7 @@ class RemiseCheque extends CommonObject // Get invoices list to reopen them $sql = 'SELECT pf.fk_facture, pf.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf'; - $sql .= ' WHERE pf.fk_paiement = '.$payment->id; + $sql .= ' WHERE pf.fk_paiement = '.((int) $payment->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/compta/paiement/class/cpaiement.class.php b/htdocs/compta/paiement/class/cpaiement.class.php index d1cd1f0015b..e9623f55c11 100644 --- a/htdocs/compta/paiement/class/cpaiement.class.php +++ b/htdocs/compta/paiement/class/cpaiement.class.php @@ -187,7 +187,7 @@ class Cpaiement $sql .= ' WHERE t.entity IN ('.getEntity('c_paiement').')'; $sql .= " AND t.code = '".$this->db->escape($ref)."'"; } else { - $sql .= ' WHERE t.id = '.$id; + $sql .= ' WHERE t.id = '.((int) $id); } $resql = $this->db->query($sql); diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 9dcc57a47f2..5647295d171 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -736,7 +736,7 @@ class Paiement extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this).'::update_fk_bank', LOG_DEBUG); @@ -855,7 +855,7 @@ class Paiement extends CommonObject */ public function validate(User $user = null) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 1 WHERE rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 1 WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this).'::valide', LOG_DEBUG); $result = $this->db->query($sql); @@ -876,7 +876,7 @@ class Paiement extends CommonObject */ public function reject(User $user = null) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 2 WHERE rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 2 WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this).'::reject', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index 6b47dacdd9d..9ac22d30e1f 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -193,7 +193,7 @@ if ($action == 'create') { $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."paiementcharge as p"; - $sql .= " WHERE p.fk_charge = ".$chid; + $sql .= " WHERE p.fk_charge = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/compta/paiement_vat.php b/htdocs/compta/paiement_vat.php index 64952def30d..323221f6f2b 100644 --- a/htdocs/compta/paiement_vat.php +++ b/htdocs/compta/paiement_vat.php @@ -189,7 +189,7 @@ if ($action == 'create') { $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_vat as p"; - $sql .= " WHERE p.fk_tva = ".$chid; + $sql .= " WHERE p.fk_tva = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/compta/payment_sc/card.php b/htdocs/compta/payment_sc/card.php index c3640c1a760..c75974077c3 100644 --- a/htdocs/compta/payment_sc/card.php +++ b/htdocs/compta/payment_sc/card.php @@ -242,7 +242,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION)) { if ($user->rights->facture->paiement) { - print ''.$langs->trans('Valid').''; + print ''.$langs->trans('Valid').''; } } } diff --git a/htdocs/compta/payment_vat/card.php b/htdocs/compta/payment_vat/card.php index b671492c346..1b615bcbb8d 100644 --- a/htdocs/compta/payment_vat/card.php +++ b/htdocs/compta/payment_vat/card.php @@ -298,7 +298,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION)) { if ($user->rights->facture->paiement) { - print ''.$langs->trans('Valid').''; + print ''.$langs->trans('Valid').''; } } } @@ -307,7 +307,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION)) if ($action == '') { if ($user->rights->tax->charges->supprimer) { if (!$disable_delete) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 3d04cf1f6a5..92f9c320acd 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -579,7 +579,7 @@ class BonPrelevement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons "; $sql .= " SET fk_user_trans = ".$user->id; $sql .= " , date_trans = '".$this->db->idate($date)."'"; - $sql .= " , method_trans = ".$method; + $sql .= " , method_trans = ".((int) $method); $sql .= " , statut = ".self::STATUS_TRANSFERED; $sql .= " WHERE rowid = ".$this->id; $sql .= " AND entity = ".$conf->entity; @@ -1076,7 +1076,7 @@ class BonPrelevement extends CommonObject $sql .= " SET traite = 1"; $sql .= ", date_traite = '".$this->db->idate($now)."'"; $sql .= ", fk_prelevement_bons = ".$this->id; - $sql .= " WHERE rowid = ".$fac[1]; + $sql .= " WHERE rowid = ".((int) $fac[1]); $resql = $this->db->query($sql); if (!$resql) { @@ -1139,7 +1139,7 @@ class BonPrelevement extends CommonObject if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " SET amount = ".price2num($this->total); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -2107,7 +2107,7 @@ class BonPrelevement extends CommonObject $sql = "SELECT rowid, ref"; $sql .= " FROM"; $sql .= " ".MAIN_DB_PREFIX."prelevement_bons as pb"; - $sql .= " WHERE pb.rowid = ".$this->id; + $sql .= " WHERE pb.rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/compta/prelevement/fiche-stat.php b/htdocs/compta/prelevement/fiche-stat.php index 91ecccef242..3f51b5b554d 100644 --- a/htdocs/compta/prelevement/fiche-stat.php +++ b/htdocs/compta/prelevement/fiche-stat.php @@ -162,7 +162,7 @@ if ($prev_id > 0 || $ref) { $sql = "SELECT sum(pl.amount), pl.statut"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes as pl"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$object->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $object->id); $sql .= " GROUP BY pl.statut"; $resql = $db->query($sql); diff --git a/htdocs/compta/recap-compta.php b/htdocs/compta/recap-compta.php index 9f9ee72cc6d..3abdf04ae1b 100644 --- a/htdocs/compta/recap-compta.php +++ b/htdocs/compta/recap-compta.php @@ -139,7 +139,7 @@ if ($id > 0) { $sql .= " f.paye as paye, f.fk_statut as statut, f.rowid as facid,"; $sql .= " u.login, u.rowid as userid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f,".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.fk_user_valid = u.rowid"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/compta/sociales/card.php b/htdocs/compta/sociales/card.php index b8562829066..2fba1288b75 100644 --- a/htdocs/compta/sociales/card.php +++ b/htdocs/compta/sociales/card.php @@ -613,7 +613,7 @@ if ($id > 0) { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepaiement = c.id"; $sql .= ", ".MAIN_DB_PREFIX."chargesociales as cs"; - $sql .= " WHERE p.fk_charge = ".$id; + $sql .= " WHERE p.fk_charge = ".((int) $id); $sql .= " AND p.fk_charge = cs.rowid"; $sql .= " AND cs.entity IN (".getEntity('tax').")"; $sql .= " ORDER BY dp DESC"; diff --git a/htdocs/compta/sociales/class/cchargesociales.class.php b/htdocs/compta/sociales/class/cchargesociales.class.php index 4ae06f378b8..8cfadd84f4f 100644 --- a/htdocs/compta/sociales/class/cchargesociales.class.php +++ b/htdocs/compta/sociales/class/cchargesociales.class.php @@ -190,7 +190,7 @@ class Cchargesociales if (null !== $ref) { $sql .= " WHERE t.code = '".$this->db->escape($ref)."'"; } else { - $sql .= ' WHERE t.id = '.$id; + $sql .= ' WHERE t.id = '.((int) $id); } $resql = $this->db->query($sql); diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php index 8f7f13e6043..434078959b9 100644 --- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php +++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php @@ -636,7 +636,7 @@ class PaymentSocialContribution extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."paiementcharge SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."paiementcharge SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/sociales/list.php b/htdocs/compta/sociales/list.php index 0614532605f..0ef916c3ef7 100644 --- a/htdocs/compta/sociales/list.php +++ b/htdocs/compta/sociales/list.php @@ -233,7 +233,7 @@ if ($year > 0) { if ($search_typeid) { $sql .= " AND cs.fk_type=".$db->escape($search_typeid); } -$sql .= " GROUP BY cs.rowid, cs.fk_type, cs.fk_user, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle, cs.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos"; +$sql .= " GROUP BY cs.rowid, cs.fk_type, cs.fk_user, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle, cs.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos, pay.code, u.lastname"; if (!empty($conf->projet->enabled)) { $sql .= ", p.rowid, p.ref, p.title"; } diff --git a/htdocs/compta/sociales/payments.php b/htdocs/compta/sociales/payments.php index c11f13c14fa..e8e4102b5cc 100644 --- a/htdocs/compta/sociales/payments.php +++ b/htdocs/compta/sociales/payments.php @@ -169,7 +169,8 @@ if (preg_match('/^cs\./', $sortfield) || preg_match('/^c\./', $sortfield) || preg_match('/^pc\./', $sortfield) || preg_match('/^pct\./', $sortfield) - || preg_match('/^u\./', $sortfield)) { + || preg_match('/^u\./', $sortfield) + || preg_match('/^ba\./', $sortfield)) { $sql .= $db->order($sortfield, $sortorder); } @@ -233,8 +234,8 @@ print "\n"; print ''; print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "pc.rowid", "", $param, '', $sortfield, $sortorder); print_liste_field_titre("SocialContribution", $_SERVER["PHP_SELF"], "c.libelle", "", $param, '', $sortfield, $sortorder); -print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "cs.fk_type", "", $param, '', $sortfield, $sortorder); -print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "cs.date_ech", "", $param, 'width="140px"', $sortfield, $sortorder); +print_liste_field_titre("TypeContrib", $_SERVER["PHP_SELF"], "cs.fk_type", "", $param, '', $sortfield, $sortorder); +print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "cs.periode", "", $param, 'width="140px"', $sortfield, $sortorder); print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "pc.datep", "", $param, 'align="center"', $sortfield, $sortorder); print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.rowid", "", $param, "", $sortfield, $sortorder); print_liste_field_titre("PaymentMode", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder); @@ -316,7 +317,7 @@ while ($i < min($num, $limit)) { print ''; print ''; - if ($obj->fk_bank > 0) { + if ($obj->bid > 0) { $accountstatic->id = $obj->bid; $accountstatic->ref = $obj->bref; $accountstatic->number = $obj->bnumber; diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index 2a116c6376b..a5169675f69 100755 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -618,7 +618,7 @@ if ($id) { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepaiement = c.id"; $sql .= ", ".MAIN_DB_PREFIX."tva as tva"; - $sql .= " WHERE p.fk_tva = ".$id; + $sql .= " WHERE p.fk_tva = ".((int) $id); $sql .= " AND p.fk_tva = tva.rowid"; $sql .= " AND tva.entity IN (".getEntity('tax').")"; $sql .= " ORDER BY dp DESC"; diff --git a/htdocs/compta/tva/class/paymentvat.class.php b/htdocs/compta/tva/class/paymentvat.class.php index 9ba1bd2ed1d..f8a397bdb9a 100644 --- a/htdocs/compta/tva/class/paymentvat.class.php +++ b/htdocs/compta/tva/class/paymentvat.class.php @@ -620,7 +620,7 @@ class PaymentVAT extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."payment_vat SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."payment_vat SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".$this->id; dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/tva/list.php b/htdocs/compta/tva/list.php index 16e780e4b0d..ac9e7b55ecd 100644 --- a/htdocs/compta/tva/list.php +++ b/htdocs/compta/tva/list.php @@ -57,7 +57,6 @@ $search_dateend_end = dol_mktime(23, 59, 59, GETPOST('search_dateend_endmonth', $search_datepayment_start = dol_mktime(0, 0, 0, GETPOST('search_datepayment_startmonth', 'int'), GETPOST('search_datepayment_startday', 'int'), GETPOST('search_datepayment_startyear', 'int')); $search_datepayment_end = dol_mktime(23, 59, 59, GETPOST('search_datepayment_endmonth', 'int'), GETPOST('search_datepayment_endday', 'int'), GETPOST('search_datepayment_endyear', 'int')); $search_type = GETPOST('search_type', 'int'); -$search_cheque = GETPOST('search_cheque', 'alpha'); $search_account = GETPOST('search_account', 'int'); $search_amount = GETPOST('search_amount', 'alpha'); $search_status = GETPOST('search_status', 'int'); @@ -123,7 +122,6 @@ if (empty($reshook)) { $search_datepayment_start = ''; $search_datepayment_end = ''; $search_type = ''; - $search_cheque = ''; $search_account = ''; $search_amount = ''; $search_status = ''; @@ -268,9 +266,6 @@ if (!empty($search_datepayment_end)) { if (!empty($search_type) && $search_type > 0) { $param .= '&search_type='.$search_type; } -if (!empty($search_cheque)) { - $param .= '&search_cheque="'.$search_cheque.'"'; -} if (!empty($search_account) && $search_account > 0) { $param .= '&search_account='.$search_account; } diff --git a/htdocs/compta/tva/payments.php b/htdocs/compta/tva/payments.php index 83399d5a5c8..3ebb9a335fc 100644 --- a/htdocs/compta/tva/payments.php +++ b/htdocs/compta/tva/payments.php @@ -120,11 +120,11 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { print ''; print ''; print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "ptva.rowid", "", $param, '', $sortfield, $sortorder); - print_liste_field_titre("VATDeclaration", $_SERVER["PHP_SELF"], "tva.label", "", $param, '', $sortfield, $sortorder); + print_liste_field_titre("VATDeclaration", $_SERVER["PHP_SELF"], "tva.rowid", "", $param, '', $sortfield, $sortorder); print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "tva.datev", "", $param, 'width="140px"', $sortfield, $sortorder); print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "ptva.datep", "", $param, 'align="center"', $sortfield, $sortorder); print_liste_field_titre("PaymentMode", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder); - print_liste_field_titre("Numero", $_SERVER["PHP_SELF"], "pc.num_paiement", "", $param, '', $sortfield, $sortorder, '', 'ChequeOrTransferNumber'); + print_liste_field_titre("Numero", $_SERVER["PHP_SELF"], "ptva.num_paiement", "", $param, '', $sortfield, $sortorder, '', 'ChequeOrTransferNumber'); if (!empty($conf->banque->enabled)) { print_liste_field_titre("BankTransactionLine", $_SERVER["PHP_SELF"], "ptva.fk_bank", "", $param, '', $sortfield, $sortorder); print_liste_field_titre("BankAccount", $_SERVER["PHP_SELF"], "bank.ref", "", $param, '', $sortfield, $sortorder); diff --git a/htdocs/contact/canvas/actions_contactcard_common.class.php b/htdocs/contact/canvas/actions_contactcard_common.class.php index 332b7dd36c6..0e80df07676 100644 --- a/htdocs/contact/canvas/actions_contactcard_common.class.php +++ b/htdocs/contact/canvas/actions_contactcard_common.class.php @@ -308,7 +308,7 @@ abstract class ActionsContactCardCommon // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { - $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id; + $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 5e0c65e1b70..5befcba4537 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1651,8 +1651,8 @@ class Contact extends CommonObject // Desactive utilisateur $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople"; - $sql .= " SET statut = ".$this->statut; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " SET statut = ".((int) $this->statut); + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); dol_syslog(get_class($this)."::setstatus", LOG_DEBUG); @@ -1882,7 +1882,7 @@ class Contact extends CommonObject $sql = "SELECT id, code, libelle as label, picto FROM ".MAIN_DB_PREFIX."c_stcommcontact"; if ($active >= 0) { - $sql .= " WHERE active = ".$active; + $sql .= " WHERE active = ".((int) $active); } $resql = $this->db->query($sql); $num = $this->db->num_rows($resql); diff --git a/htdocs/contact/consumption.php b/htdocs/contact/consumption.php index 1e0f5b06094..b87a73e8cc2 100644 --- a/htdocs/contact/consumption.php +++ b/htdocs/contact/consumption.php @@ -258,7 +258,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices // $documentstatic=new SupplierProposal($db); // $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, '; // $tables_from = MAIN_DB_PREFIX."supplier_proposal as c,".MAIN_DB_PREFIX."supplier_proposaldet as d"; - // $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + // $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); // $where.= " AND d.fk_supplier_proposal = c.rowid"; // $where.= " AND c.entity = ".$conf->entity; // $dateprint = 'c.date_valid'; diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 64d2b5e2c0a..33dd0e8e2f7 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -1057,7 +1057,7 @@ class Contrat extends CommonObject } $sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; + $sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; $resqlcontact = $this->db->query($sqlcontact); if ($resqlcontact) { @@ -1759,7 +1759,7 @@ class Contrat extends CommonObject $sql .= ",date_cloture=null"; } $sql .= ", fk_unit=".($fk_unit ? "'".$this->db->escape($fk_unit)."'" : "null"); - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::updateline", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php index 057443d09b4..13cb7126769 100644 --- a/htdocs/core/actions_massactions.inc.php +++ b/htdocs/core/actions_massactions.inc.php @@ -1321,7 +1321,7 @@ if (!$error && ($massaction == 'delete' || ($action == 'delete' && $confirm == ' } if ($objectclass == "Task" && $objecttmp->hasChildren() > 0) { - $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET fk_task_parent = 0 WHERE fk_task_parent = ".$objecttmp->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET fk_task_parent = 0 WHERE fk_task_parent = ".((int) $objecttmp->id); $res = $db->query($sql); if (!$res) { diff --git a/htdocs/core/boxes/box_accountancy_suspense_account.php b/htdocs/core/boxes/box_accountancy_suspense_account.php index 31eaa65bf72..aa648270b97 100644 --- a/htdocs/core/boxes/box_accountancy_suspense_account.php +++ b/htdocs/core/boxes/box_accountancy_suspense_account.php @@ -15,7 +15,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see . + * along with this program. If not, see . */ /** @@ -83,7 +83,7 @@ class box_accountancy_suspense_account extends ModeleBoxes if (!empty($suspenseAccount) && $suspenseAccount > 0) { $sql = "SELECT COUNT(*) as nb_suspense_account"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as b"; - $sql .= " WHERE b.numero_compte = ".$suspenseAccount; + $sql .= " WHERE b.numero_compte = '".$this->db->escape($suspenseAccount)."'"; $sql .= " AND b.entity = ".$conf->entity; $result = $this->db->query($sql); diff --git a/htdocs/core/boxes/box_bookmarks.php b/htdocs/core/boxes/box_bookmarks.php index 9d6df6c7535..1a3a1183032 100644 --- a/htdocs/core/boxes/box_bookmarks.php +++ b/htdocs/core/boxes/box_bookmarks.php @@ -87,7 +87,7 @@ class box_bookmarks extends ModeleBoxes if ($user->rights->bookmark->lire) { $sql = "SELECT b.title, b.url, b.target, b.favicon"; $sql .= " FROM ".MAIN_DB_PREFIX."bookmark as b"; - $sql .= " WHERE fk_user = ".$user->id; + $sql .= " WHERE fk_user = ".((int) $user->id); $sql .= " AND b.entity = ".$conf->entity; $sql .= $this->db->order("position", "ASC"); $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php index 7325b9bed5f..1a8cec07155 100644 --- a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php +++ b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php @@ -15,7 +15,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see . + * along with this program. If not, see . */ /** diff --git a/htdocs/core/class/canvas.class.php b/htdocs/core/class/canvas.class.php index 4ae94d43136..a4414fa6edb 100644 --- a/htdocs/core/class/canvas.class.php +++ b/htdocs/core/class/canvas.class.php @@ -195,7 +195,7 @@ class Canvas // This functions should not be used anymore because canvas should contains only templates. - // http://wiki.dolibarr.org/index.php/Canvas_development + // https://wiki.dolibarr.org/index.php/Canvas_development /** * Return if a canvas contains an action controller @@ -216,7 +216,7 @@ class Canvas * @param string $action Action string * @param int $id Object id * @return mixed Return return code of doActions of canvas - * @see http://wiki.dolibarr.org/index.php/Canvas_development + * @see https://wiki.dolibarr.org/index.php/Canvas_development */ public function doActions(&$action = 'view', $id = 0) { diff --git a/htdocs/core/class/comment.class.php b/htdocs/core/class/comment.class.php index 78f168fd8f7..7184d7846b0 100644 --- a/htdocs/core/class/comment.class.php +++ b/htdocs/core/class/comment.class.php @@ -365,7 +365,7 @@ class Comment extends CommonObject $sql = "SELECT"; $sql .= " c.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as c"; - $sql .= " WHERE c.fk_element = ".$fk_element; + $sql .= " WHERE c.fk_element = ".((int) $fk_element); $sql .= " AND c.element_type = '".$this->db->escape($element_type)."'"; $sql .= " AND c.entity = ".$conf->entity; $sql .= " ORDER BY c.tms DESC"; diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php index 6366cf52756..50d94da8531 100644 --- a/htdocs/core/class/commoninvoice.class.php +++ b/htdocs/core/class/commoninvoice.class.php @@ -801,7 +801,7 @@ abstract class CommonInvoice extends CommonObject { // phpcs:enable $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'prelevement_facture_demande'; - $sql .= ' WHERE rowid = '.$did; + $sql .= ' WHERE rowid = '.((int) $did); $sql .= ' AND traite = 0'; if ($this->db->query($sql)) { return 0; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 622682060cb..e113cf2654a 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1148,7 +1148,7 @@ abstract class CommonObject if ($fk_socpeople) { $sql .= ", fk_socpeople = ".((int) $fk_socpeople); } - $sql .= " where rowid = ".$rowid; + $sql .= " where rowid = ".((int) $rowid); $resql = $this->db->query($sql); if ($resql) { return 0; @@ -1175,7 +1175,7 @@ abstract class CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."element_contact"; - $sql .= " WHERE rowid =".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::delete_contact", LOG_DEBUG); if ($this->db->query($sql)) { @@ -1548,7 +1548,7 @@ abstract class CommonObject $sql .= " ".MAIN_DB_PREFIX."socpeople as c,"; } $sql .= " ".MAIN_DB_PREFIX."c_type_contact as tc"; - $sql .= " WHERE ec.element_id = ".$id; + $sql .= " WHERE ec.element_id = ".((int) $id); $sql .= " AND ec.fk_socpeople = c.rowid"; if ($source == 'internal') { $sql .= " AND c.entity IN (".getEntity('user').")"; @@ -1564,7 +1564,7 @@ abstract class CommonObject } $sql .= " AND tc.active = 1"; if ($status) { - $sql .= " AND ec.statut = ".$status; + $sql .= " AND ec.statut = ".((int) $status); } dol_syslog(get_class($this)."::getIdContact", LOG_DEBUG); @@ -1706,7 +1706,7 @@ abstract class CommonObject if (empty($this->barcode_type) || empty($this->barcode_type_code) || empty($this->barcode_type_label) || empty($this->barcode_type_coder)) { // If data not already loaded $sql = "SELECT rowid, code, libelle as label, coder"; $sql .= " FROM ".MAIN_DB_PREFIX."c_barcode_type"; - $sql .= " WHERE rowid = ".$idtype; + $sql .= " WHERE rowid = ".((int) $idtype); dol_syslog(get_class($this).'::fetch_barcode', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1939,7 +1939,7 @@ abstract class CommonObject } } - $sql .= " WHERE ".$id_field." = ".$id; + $sql .= " WHERE ".$id_field." = ".((int) $id); dol_syslog(__METHOD__."", LOG_DEBUG); $resql = $this->db->query($sql); @@ -2332,7 +2332,7 @@ abstract class CommonObject $fieldname = 'multicurrency_tx'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.$rate; + $sql .= ' SET '.$fieldname.' = '.((float) $rate); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2617,7 +2617,7 @@ abstract class CommonObject $fieldname = 'retained_warranty_fk_cond_reglement'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.$id; + $sql .= ' SET '.$fieldname.' = '.((int) $id); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2649,7 +2649,7 @@ abstract class CommonObject $fieldname = 'fk_address'; } - $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ".$fieldname." = ".$id; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ".$fieldname." = ".((int) $id); $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; if ($this->db->query($sql)) { @@ -2695,7 +2695,7 @@ abstract class CommonObject dol_syslog(get_class($this).'::setShippingMethod('.$shipping_method_id.')'); $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " SET fk_shipping_method = ".$shipping_method_id; + $sql .= " SET fk_shipping_method = ".((int) $shipping_method_id); $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -2742,7 +2742,7 @@ abstract class CommonObject dol_syslog(get_class($this).'::setWarehouse('.$warehouse_id.')'); $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " SET fk_warehouse = ".$warehouse_id; + $sql .= " SET fk_warehouse = ".((int) $warehouse_id); $sql .= " WHERE rowid=".((int) $this->id); if ($this->db->query($sql)) { @@ -2819,7 +2819,7 @@ abstract class CommonObject dol_syslog(get_class($this).'::setBankAccount('.$fk_account.')'); $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " SET fk_account = ".$fk_account; + $sql .= " SET fk_account = ".((int) $fk_account); $sql .= " WHERE rowid=".((int) $this->id); $resql = $this->db->query($sql); @@ -3062,11 +3062,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.$rang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; $sql .= ' AND rang = '.($rang - 1); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang - 1); + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang - 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -3093,11 +3093,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.$rang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; - $sql .= ' AND rang = '.($rang + 1); + $sql .= ' AND rang = '.((int) ($rang + 1)); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang + 1); + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang + 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -4047,7 +4047,7 @@ abstract class CommonObject global $db; - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.$fk_object_where; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.((int) $fk_object_where); $resql = $db->query($sql); if (empty($resql)) { @@ -4221,7 +4221,7 @@ abstract class CommonObject public function getSpecialCode($lineid) { $sql = 'SELECT special_code FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE rowid = '.$lineid; + $sql .= ' WHERE rowid = '.((int) $lineid); $resql = $this->db->query($sql); if ($resql) { $row = $this->db->fetch_row($resql); @@ -4263,7 +4263,7 @@ abstract class CommonObject //print $id.'-'.$table.'-'.$elementname.'
'; // Check if third party can be deleted $sql = "SELECT COUNT(*) as nb from ".MAIN_DB_PREFIX.$table; - $sql .= " WHERE ".$this->fk_element." = ".$id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -7656,7 +7656,7 @@ abstract class CommonObject public static function commonReplaceThirdparty(DoliDB $db, $origin_id, $dest_id, array $tables, $ignoreerrors = 0) { foreach ($tables as $table) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$table.' SET fk_soc = '.$dest_id.' WHERE fk_soc = '.$origin_id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$table.' SET fk_soc = '.((int) $dest_id).' WHERE fk_soc = '.((int) $origin_id); if (!$db->query($sql)) { if ($ignoreerrors) { @@ -8411,7 +8411,7 @@ abstract class CommonObject // If we have a field ref with a default value of (PROV) if (!$error) { if (key_exists('ref', $this->fields) && $this->fields['ref']['notnull'] > 0 && !is_null($this->fields['ref']['default']) && $this->fields['ref']['default'] == '(PROV)') { - $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ref = '(PROV".$this->id.")' WHERE (ref = '(PROV)' OR ref = '') AND rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET ref = '(PROV".$this->id.")' WHERE (ref = '(PROV)' OR ref = '') AND rowid = ".((int) $this->id); $resqlupdate = $this->db->query($sql); if ($resqlupdate === false) { @@ -9267,7 +9267,7 @@ abstract class CommonObject } $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files"; - $sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id; + $sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); diff --git a/htdocs/core/class/ctypent.class.php b/htdocs/core/class/ctypent.class.php index 01a6eb5e697..c8421c54b1f 100644 --- a/htdocs/core/class/ctypent.class.php +++ b/htdocs/core/class/ctypent.class.php @@ -163,7 +163,6 @@ class Ctypent // extends CommonObject */ public function fetch($id, $code = '', $label = '') { - global $langs; $sql = "SELECT"; $sql .= " t.id,"; $sql .= " t.code,"; @@ -173,7 +172,7 @@ class Ctypent // extends CommonObject $sql .= " t.module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_typent as t"; if ($id) { - $sql .= " WHERE t.id = ".$id; + $sql .= " WHERE t.id = ".((int) $id); } elseif ($code) { $sql .= " WHERE t.code = '".$this->db->escape($code)."'"; } elseif ($label) { diff --git a/htdocs/core/class/ctyperesource.class.php b/htdocs/core/class/ctyperesource.class.php index 6ba04c044e9..b0a604e9e28 100644 --- a/htdocs/core/class/ctyperesource.class.php +++ b/htdocs/core/class/ctyperesource.class.php @@ -165,15 +165,12 @@ class Ctyperesource $sql = 'SELECT'; $sql .= ' t.rowid,'; - $sql .= " t.code,"; $sql .= " t.label,"; $sql .= " t.active"; - - $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; if ($id) { - $sql .= " WHERE t.id = ".$id; + $sql .= " WHERE t.id = ".((int) $id); } elseif ($code) { $sql .= " WHERE t.code = '".$this->db->escape($code)."'"; } elseif ($label) { diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 4afcf295d40..63ef3dc1153 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -337,11 +337,11 @@ class DiscountAbsolute // Delete but only if not used $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_remise_except "; if ($this->fk_facture_source) { - $sql .= " WHERE fk_facture_source = ".$this->fk_facture_source; // Delete all lines of same serie + $sql .= " WHERE fk_facture_source = ".((int) $this->fk_facture_source); // Delete all lines of same serie } elseif ($this->fk_invoice_supplier_source) { - $sql .= " WHERE fk_invoice_supplier_source = ".$this->fk_invoice_supplier_source; // Delete all lines of same serie + $sql .= " WHERE fk_invoice_supplier_source = ".((int) $this->fk_invoice_supplier_source); // Delete all lines of same serie } else { - $sql .= " WHERE rowid = ".$this->id; // Delete only line + $sql .= " WHERE rowid = ".((int) $this->id); // Delete only line } $sql .= " AND (fk_facture_line IS NULL"; // Not used as absolute simple discount $sql .= " AND fk_facture IS NULL)"; // Not used as credit note and not used as deposit @@ -421,17 +421,17 @@ class DiscountAbsolute $sql = "UPDATE ".MAIN_DB_PREFIX."societe_remise_except"; if (!empty($this->discount_type)) { if ($rowidline) { - $sql .= " SET fk_invoice_supplier_line = ".$rowidline; + $sql .= " SET fk_invoice_supplier_line = ".((int) $rowidline); } if ($rowidinvoice) { - $sql .= " SET fk_invoice_supplier = ".$rowidinvoice; + $sql .= " SET fk_invoice_supplier = ".((int) $rowidinvoice); } } else { if ($rowidline) { - $sql .= " SET fk_facture_line = ".$rowidline; + $sql .= " SET fk_facture_line = ".((int) $rowidline); } if ($rowidinvoice) { - $sql .= " SET fk_facture = ".$rowidinvoice; + $sql .= " SET fk_facture = ".((int) $rowidinvoice); } } $sql .= " WHERE rowid = ".$this->id; diff --git a/htdocs/core/class/dolreceiptprinter.class.php b/htdocs/core/class/dolreceiptprinter.class.php index 49eda053b8d..6ac331167d3 100644 --- a/htdocs/core/class/dolreceiptprinter.class.php +++ b/htdocs/core/class/dolreceiptprinter.class.php @@ -784,7 +784,7 @@ class dolReceiptPrinter extends Printer $sql .= " cp.code"; $sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id"; - $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$object->id; + $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $object->id); $sql .= " ORDER BY p.datep"; $resql = $this->db->query($sql); if ($resql) { @@ -879,7 +879,7 @@ class dolReceiptPrinter extends Printer $error = 0; $sql = 'SELECT rowid, name, fk_type, fk_profile, parameter'; $sql .= ' FROM '.MAIN_DB_PREFIX.'printer_receipt'; - $sql .= ' WHERE rowid = '.$printerid; + $sql .= ' WHERE rowid = '.((int) $printerid); $sql .= ' AND entity = '.$conf->entity; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/class/fiscalyear.class.php b/htdocs/core/class/fiscalyear.class.php index 566407cffc4..7356e53dc0a 100644 --- a/htdocs/core/class/fiscalyear.class.php +++ b/htdocs/core/class/fiscalyear.class.php @@ -196,8 +196,8 @@ class Fiscalyear extends CommonObject $sql .= ", date_start = '".$this->db->idate($this->date_start)."'"; $sql .= ", date_end = ".($this->date_end ? "'".$this->db->idate($this->date_end)."'" : "null"); $sql .= ", statut = '".$this->db->escape($this->statut ? $this->statut : 0)."'"; - $sql .= ", fk_user_modif = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= ", fk_user_modif = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 628c6a2ff04..ec92a99ff2a 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -3530,7 +3530,7 @@ class Form // looking for users $sql = "SELECT a.rowid, a.label"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_address as a"; - $sql .= " WHERE a.fk_soc = ".$socid; + $sql .= " WHERE a.fk_soc = ".((int) $socid); $sql .= " ORDER BY a.label ASC"; dol_syslog(get_class($this)."::select_address", LOG_DEBUG); diff --git a/htdocs/core/class/html.formexpensereport.class.php b/htdocs/core/class/html.formexpensereport.class.php index b25d4397f81..5ecc4e4669d 100644 --- a/htdocs/core/class/html.formexpensereport.class.php +++ b/htdocs/core/class/html.formexpensereport.class.php @@ -114,7 +114,7 @@ class FormExpenseReport $sql = "SELECT c.id, c.code, c.label as type FROM ".MAIN_DB_PREFIX."c_type_fees as c"; if ($active >= 0) { - $sql .= " WHERE c.active = ".$active; + $sql .= " WHERE c.active = ".((int) $active); } $sql .= " ORDER BY c.label ASC"; $resql = $this->db->query($sql); diff --git a/htdocs/core/class/link.class.php b/htdocs/core/class/link.class.php index 0f59859bd64..be81c1e2737 100644 --- a/htdocs/core/class/link.class.php +++ b/htdocs/core/class/link.class.php @@ -234,7 +234,7 @@ class Link extends CommonObject global $conf; $sql = "SELECT rowid, entity, datea, url, label, objecttype, objectid FROM ".MAIN_DB_PREFIX."links"; - $sql .= " WHERE objecttype = '".$this->db->escape($objecttype)."' AND objectid = ".$objectid; + $sql .= " WHERE objecttype = '".$this->db->escape($objecttype)."' AND objectid = ".((int) $objectid); if ($conf->entity != 0) { $sql .= " AND entity = ".$conf->entity; } @@ -284,7 +284,7 @@ class Link extends CommonObject global $conf; $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."links"; - $sql .= " WHERE objecttype = '".$db->escape($objecttype)."' AND objectid = ".$objectid; + $sql .= " WHERE objecttype = '".$db->escape($objecttype)."' AND objectid = ".((int) $objectid); if ($conf->entity != 0) { $sql .= " AND entity = ".$conf->entity; } @@ -314,7 +314,7 @@ class Link extends CommonObject } $sql = "SELECT rowid, entity, datea, url, label, objecttype, objectid FROM ".MAIN_DB_PREFIX."links"; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); if ($conf->entity != 0) { $sql .= " AND entity = ".$conf->entity; } diff --git a/htdocs/core/lib/bank.lib.php b/htdocs/core/lib/bank.lib.php index 6eac92e69bc..30a3d21de90 100644 --- a/htdocs/core/lib/bank.lib.php +++ b/htdocs/core/lib/bank.lib.php @@ -72,7 +72,7 @@ function bank_prepare_head(Account $object) // List of all standing receipts $sql = "SELECT COUNT(DISTINCT(b.num_releve)) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; - $sql .= " WHERE b.fk_account = ".$object->id; + $sql .= " WHERE b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { @@ -83,7 +83,7 @@ function bank_prepare_head(Account $object) $db->free($resql); } - $head[$h][0] = DOL_URL_ROOT."/compta/bank/releve.php?account=".$object->id; + $head[$h][0] = DOL_URL_ROOT."/compta/bank/releve.php?account=".((int) $object->id); $head[$h][1] = $langs->trans("AccountStatements"); if (($nbReceipts) > 0) { $head[$h][1] .= ''.($nbReceipts).''; diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php index 0703df95255..e279ced2a3d 100644 --- a/htdocs/core/lib/functions2.lib.php +++ b/htdocs/core/lib/functions2.lib.php @@ -507,6 +507,61 @@ function dol_print_object_info($object, $usetable = 0) } } + // User signature + if (!empty($object->user_signature)) { + if ($usetable) { + print ''; + } else { + print '
'; + } + } + + // Date signature + if (!empty($object->date_signature)) { + if ($usetable) { + print ''; + } else { + print '
'; + } + } + // User close if (!empty($object->user_cloture) || !empty($object->user_closing)) { if (isset($object->user_cloture) && !empty($object->user_cloture)) { diff --git a/htdocs/core/lib/invoice2.lib.php b/htdocs/core/lib/invoice2.lib.php index e6680293b64..c5e2aeb0a16 100644 --- a/htdocs/core/lib/invoice2.lib.php +++ b/htdocs/core/lib/invoice2.lib.php @@ -96,7 +96,7 @@ function rebuild_merge_pdf($db, $langs, $conf, $diroutputpdf, $newlangid, $filte } if (in_array('bank', $filter)) { $sqlwhere .= " AND p.fk_bank = b.rowid"; - $sqlwhere .= " AND b.fk_account = ".$paymentbankid; + $sqlwhere .= " AND b.fk_account = ".((int) $paymentbankid); } $sqlorder = " ORDER BY p.datep ASC"; } diff --git a/htdocs/core/lib/price.lib.php b/htdocs/core/lib/price.lib.php index 3a73f47a6a0..9be293a81ab 100644 --- a/htdocs/core/lib/price.lib.php +++ b/htdocs/core/lib/price.lib.php @@ -151,8 +151,8 @@ function calcul_price_total($qty, $pu, $remise_percent_ligne, $txtva, $uselocalt $sql = "SELECT taux, localtax1, localtax2, localtax1_type, localtax2_type"; $sql .= " FROM ".MAIN_DB_PREFIX."c_tva as cv"; - $sql .= " WHERE cv.taux = ".$txtva; - $sql .= " AND cv.fk_pays = ".$countryid; + $sql .= " WHERE cv.taux = ".((float) $txtva); + $sql .= " AND cv.fk_pays = ".((int) $countryid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/core/lib/website.lib.php b/htdocs/core/lib/website.lib.php index 170202717c8..bf3b9f3dd07 100644 --- a/htdocs/core/lib/website.lib.php +++ b/htdocs/core/lib/website.lib.php @@ -846,9 +846,9 @@ function getPagesFromSearchCriterias($type, $algo, $searchstring, $max = 25, $so if (is_array($otherfilters) && !empty($otherfilters['category'])) { $sql .= ', '.MAIN_DB_PREFIX.'categorie_website_page as cwp'; } - $sql .= " WHERE wp.fk_website = ".$website->id; + $sql .= " WHERE wp.fk_website = ".((int) $website->id); if ($status >= 0) { - $sql .= " AND wp.status = ".$status; + $sql .= " AND wp.status = ".((int) $status); } if ($langcode) { $sql .= " AND wp.lang ='".$db->escape($langcode)."'"; diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index 3d3009fd667..b92937cdada 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -1696,7 +1696,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it // Search if perm already present $sql = "SELECT count(*) as nb FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE id = ".$r_id." AND entity = ".$entity; + $sql .= " WHERE id = ".((int) $r_id)." AND entity = ".((int) $entity); $resqlselect = $this->db->query($sql); if ($resqlselect) { diff --git a/htdocs/core/modules/expensereport/mod_expensereport_jade.php b/htdocs/core/modules/expensereport/mod_expensereport_jade.php index bbe2245a97d..b25ac15345b 100644 --- a/htdocs/core/modules/expensereport/mod_expensereport_jade.php +++ b/htdocs/core/modules/expensereport/mod_expensereport_jade.php @@ -163,7 +163,7 @@ class mod_expensereport_jade extends ModeleNumRefExpenseReport } $newref = str_replace(' ', '_', $user_author_infos).$expld_car.$prefix.$newref.$expld_car.dol_print_date($object->date_debut, '%y%m%d'); - $sqlbis = 'UPDATE '.MAIN_DB_PREFIX.'expensereport SET ref_number_int = '.$ref_number_int.' WHERE rowid = '.$object->id; + $sqlbis = 'UPDATE '.MAIN_DB_PREFIX.'expensereport SET ref_number_int = '.((int) $ref_number_int).' WHERE rowid = '.((int) $object->id); $resqlbis = $db->query($sqlbis); if (!$resqlbis) { dol_print_error($resqlbis); diff --git a/htdocs/core/modules/facture/mod_facture_mars.php b/htdocs/core/modules/facture/mod_facture_mars.php index cd36b4d322a..c7a69a82caa 100644 --- a/htdocs/core/modules/facture/mod_facture_mars.php +++ b/htdocs/core/modules/facture/mod_facture_mars.php @@ -55,6 +55,7 @@ class mod_facture_mars extends ModeleNumRefFactures */ public function __construct() { + global $conf; if (!empty($conf->global->INVOICE_NUMBERING_MARS_FORCE_PREFIX)) { $this->prefixinvoice = $conf->global->INVOICE_NUMBERING_MARS_FORCE_PREFIX; } diff --git a/htdocs/core/modules/facture/mod_facture_terre.php b/htdocs/core/modules/facture/mod_facture_terre.php index 2f142a1adc7..f3e38cf7db7 100644 --- a/htdocs/core/modules/facture/mod_facture_terre.php +++ b/htdocs/core/modules/facture/mod_facture_terre.php @@ -65,6 +65,7 @@ class mod_facture_terre extends ModeleNumRefFactures */ public function __construct() { + global $conf; if (!empty($conf->global->INVOICE_NUMBERING_TERRE_FORCE_PREFIX)) { $this->prefixinvoice = $conf->global->INVOICE_NUMBERING_TERRE_FORCE_PREFIX; } diff --git a/htdocs/core/modules/import/import_csv.modules.php b/htdocs/core/modules/import/import_csv.modules.php index 63a28fbe3d2..1768029b97e 100644 --- a/htdocs/core/modules/import/import_csv.modules.php +++ b/htdocs/core/modules/import/import_csv.modules.php @@ -790,7 +790,7 @@ class ImportCsv extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlSelect .= ' WHERE '.$keyfield.' = '.$lastinsertid; + $sqlSelect .= ' WHERE '.$keyfield.' = '.((int) $lastinsertid); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -824,7 +824,7 @@ class ImportCsv extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlend = ' WHERE '.$keyfield.' = '.$lastinsertid; + $sqlend = ' WHERE '.$keyfield.' = '.((int) $lastinsertid); $sql = $sqlstart.$sqlend; diff --git a/htdocs/core/modules/import/import_xlsx.modules.php b/htdocs/core/modules/import/import_xlsx.modules.php index 257e8f5253e..bc146c5ece7 100644 --- a/htdocs/core/modules/import/import_xlsx.modules.php +++ b/htdocs/core/modules/import/import_xlsx.modules.php @@ -830,7 +830,7 @@ class ImportXlsx extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlSelect .= ' WHERE ' . $keyfield . ' = ' . $lastinsertid; + $sqlSelect .= ' WHERE ' . $keyfield . ' = ' .((int) $lastinsertid); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -864,7 +864,7 @@ class ImportXlsx extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlend = ' WHERE ' . $keyfield . ' = ' . $lastinsertid; + $sqlend = ' WHERE ' . $keyfield . ' = '.((int) $lastinsertid); $sql = $sqlstart . $sqlend; diff --git a/htdocs/core/modules/mailings/modules_mailings.php b/htdocs/core/modules/mailings/modules_mailings.php index cb7eb93b074..7c0aa2b19b5 100644 --- a/htdocs/core/modules/mailings/modules_mailings.php +++ b/htdocs/core/modules/mailings/modules_mailings.php @@ -132,14 +132,14 @@ class MailingTargets // This can't be abstract as it is used for some method // phpcs:enable // Mise a jour nombre de destinataire dans table des mailings $sql = "SELECT COUNT(*) nb FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$mailing_id; + $sql .= " WHERE fk_mailing = ".((int) $mailing_id); $result = $this->db->query($sql); if ($result) { $obj = $this->db->fetch_object($result); $nb = $obj->nb; $sql = "UPDATE ".MAIN_DB_PREFIX."mailing"; - $sql .= " SET nbemail = ".$nb." WHERE rowid = ".$mailing_id; + $sql .= " SET nbemail = ".$nb." WHERE rowid = ".((int) $mailing_id); if (!$this->db->query($sql)) { dol_syslog($this->db->error()); $this->error = $this->db->error(); @@ -250,7 +250,7 @@ class MailingTargets // This can't be abstract as it is used for some method { // phpcs:enable $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$mailing_id; + $sql .= " WHERE fk_mailing = ".((int) $mailing_id); if (!$this->db->query($sql)) { dol_syslog($this->db->error()); diff --git a/htdocs/core/modules/modApi.class.php b/htdocs/core/modules/modApi.class.php index 0c6ebeb6f37..0f77a67c33b 100644 --- a/htdocs/core/modules/modApi.class.php +++ b/htdocs/core/modules/modApi.class.php @@ -245,8 +245,8 @@ class modApi extends DolibarrModules { // Remove old constants with entity fields different of 0 $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = ".$this->db->encrypt('MAIN_MODULE_API', 1), - "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = ".$this->db->encrypt('API_PRODUCTION_MODE', 1) + "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = '".$this->db->escape($this->db->encrypt('MAIN_MODULE_API'))."'", + "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = '".$this->db->escape($this->db->encrypt('API_PRODUCTION_MODE'))."'" ); return $this->_remove($sql, $options); diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index 2db081c8c27..10ef1aa5991 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -177,6 +177,7 @@ class modProduct extends DolibarrModules $r = 0; $alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p"; + $r++; $this->export_code[$r] = $this->rights_class.'_'.$r; $this->export_label[$r] = "Products"; // Translation key (used only if key ExportDataset_xxx_z not found) @@ -641,7 +642,16 @@ class modProduct extends DolibarrModules } // End add extra fields $this->import_fieldshidden_array[$r] = array('extra.fk_object'=>'lastrowid-'.MAIN_DB_PREFIX.'product'); // aliastable.field => ('user->id' or 'lastrowid-'.tableparent) - + $this->import_regex_array[$r] = array( + 'p.ref'=>'[^ ]', + 'p.price_base_type' => 'HT|TTC', + 'p.tosell'=>'^[0|1]$', + 'p.tobuy'=>'^[0|1]$', + 'p.fk_product_type'=>'^[0|1]$', + 'p.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$', + 'p.recuperableonly' => '^[0|1]$', + 'p.finished' => '^[0|1]$' + ); // field order as per structure of table llx_product $import_sample = array( 'p.ref' => "ref:PREF123456", @@ -893,7 +903,7 @@ class modProduct extends DolibarrModules $this->import_convertvalue_array[$r] = array( 'l.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') ); - $this->import_examplevalues_array[$r] = array('l.fk_product'=>'PRODUCT_REF or id:123456', 'l.lang'=>'en_US', 'l.label'=>'Label in en_US', 'l.description'=>'Desc in en_US'); + $this->import_examplevalues_array[$r] = array('l.fk_product'=>'ref:PRODUCT_REF or id:123456', 'l.lang'=>'en_US', 'l.label'=>'Label in en_US', 'l.description'=>'Desc in en_US'); $this->import_updatekeys_array[$r] = array('l.fk_product'=>'ProductOrService', 'l.lang'=>'Language'); } } diff --git a/htdocs/core/modules/modService.class.php b/htdocs/core/modules/modService.class.php index 4454100ff80..22e7059a82e 100644 --- a/htdocs/core/modules/modService.class.php +++ b/htdocs/core/modules/modService.class.php @@ -144,6 +144,7 @@ class modService extends DolibarrModules $r = 0; $alias_product_perentity = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p"; + $r++; $this->export_code[$r] = $this->rights_class.'_'.$r; $this->export_label[$r] = "Services"; // Translation key (used only if key ExportDataset_xxx_z not found) @@ -406,8 +407,8 @@ class modService extends DolibarrModules $this->export_entities_array[$r] = array_merge($this->export_entities_array[$r], array('p2.rowid'=>"subproduct", 'p2.ref'=>"subproduct", 'p2.label'=>"subproduct", 'p2.description'=>"subproduct")); $this->export_sql_start[$r] = 'SELECT DISTINCT '; $this->export_sql_end[$r] = ' FROM '.MAIN_DB_PREFIX.'product as p'; - if (!empty($conf->global->ACCOUNTANCY_COMPANY_SHARED)) { - $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_perentity as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity); + if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { + $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pac ON pac.fk_product = p.rowid AND pac.entity = " . ((int) $conf->entity); } $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extra ON p.rowid = extra.fk_object,'; $this->export_sql_end[$r] .= ' '.MAIN_DB_PREFIX.'product_association as pa, '.MAIN_DB_PREFIX.'product as p2'; @@ -450,13 +451,13 @@ class modService extends DolibarrModules 'p.weight' => "Weight", 'p.weight_units' => "WeightUnits", 'p.length' => "Length", - 'p.length_units' => "LengthUnit", + 'p.length_units' => "LengthUnits", 'p.width' => "Width", 'p.width_units' => "WidthUnits", 'p.height' => "Height", - 'p.height_units' => "HeightUnit", + 'p.height_units' => "HeightUnits", 'p.surface' => "Surface", - 'p.surface_units' => "SurfaceUnit", + 'p.surface_units' => "SurfaceUnits", 'p.volume' => "Volume", 'p.volume_units' => "VolumeUnits", 'p.duration' => "Duration", //duration of service @@ -470,13 +471,6 @@ class modService extends DolibarrModules 'p.datec' => 'DateCreation', 'p.cost_price' => "CostPrice", ); - if (!empty($conf->stock->enabled)) {//if Stock module enabled - $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array( - 'p.seuil_stock_alerte' => 'StockLimit', //lower limit for warning - 'p.pmp' => 'PMPValue', //weighted average price - 'p.desiredstock' => 'DesiredStock'//desired stock for replenishment feature - )); - } $this->import_convertvalue_array[$r] = array( 'p.weight_units' => array( @@ -535,6 +529,41 @@ class modService extends DolibarrModules 'dict' => 'DictionaryCountry' ) ); + + $this->import_regex_array[$r] = array( + 'p.ref' => '[^ ]', + 'p.price_base_type' => '\AHT\z|\ATTC\z', + 'p.tosell' => '^[0|1]$', + 'p.tobuy' => '^[0|1]$', + 'p.fk_product_type' => '^[0|1]$', + 'p.datec' => '^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$', + 'p.recuperableonly' => '^[0|1]$', + ); + + if (!empty($conf->stock->enabled)) {//if Stock module enabled + $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array( + 'p.fk_default_warehouse'=>'DefaultWarehouse', + 'p.tobatch'=>'ManageLotSerial', + 'p.seuil_stock_alerte' => 'StockLimit', //lower limit for warning + 'p.pmp' => 'PMPValue', //weighted average price + 'p.desiredstock' => 'DesiredStock'//desired stock for replenishment feature + )); + + $this->import_regex_array[$r] = array_merge($this->import_regex_array[$r], array( + 'p.tobatch' => '^[0|1|2]$' + )); + + $this->import_convertvalue_array[$r] = array_merge($this->import_convertvalue_array[$r], array( + 'p.fk_default_warehouse' => array( + 'rule' => 'fetchidfromref', + 'classfile' => '/product/stock/class/entrepot.class.php', + 'class' => 'Entrepot', + 'method' => 'fetch', + 'element'=> 'Warehouse' + ) + )); + } + if (!empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) { $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.cost_price'=>'CostPrice')); } @@ -569,7 +598,7 @@ class modService extends DolibarrModules $this->import_fieldshidden_array[$r] = array('extra.fk_object'=>'lastrowid-'.MAIN_DB_PREFIX.'product'); // aliastable.field => ('user->id' or 'lastrowid-'.tableparent) $this->import_regex_array[$r] = array( 'p.ref'=>'[^ ]', - 'p.price_base_type' => '\AHT\z|\ATTC\z', + 'p.price_base_type' => 'HT|TTC', 'p.tosell'=>'^[0|1]$', 'p.tobuy'=>'^[0|1]$', 'p.fk_product_type'=>'^[0|1]$', @@ -579,7 +608,7 @@ class modService extends DolibarrModules ); // field order as per structure of table llx_product $import_sample = array( - 'p.ref' => "PREF123456", + 'p.ref' => "ref:PREF123456", 'p.datec' => dol_print_date(dol_now(), '%Y-%m-%d'), 'p.label' => "Product name in default language", 'p.description' => "Product description in default language", @@ -616,7 +645,7 @@ class modService extends DolibarrModules 'p.surface_units' => 'm2', // Use a unit of measure from the dictionary. m2/cm2/mm2 etc....matches field "Short label" for unit type "surface" in table "' . MAIN_DB_PREFIX . 'c_units', 'p.volume' => "", 'p.volume_units' => 'm3', //Use a unit of measure from the dictionary. m3/cm3/mm3 etc....matches field "Short label" for unit type "volume" in table "' . MAIN_DB_PREFIX . 'c_units', - 'p.finished' => '0 (raw material) / 1 (finished goods)' + 'p.finished' => '0 (raw material) / 1 (finished goods), matches field "code" in dictionary table "'.MAIN_DB_PREFIX.'c_product_nature"' ); //clauses copied from import_fields_array if (!empty($conf->stock->enabled)) { @@ -718,7 +747,7 @@ class modService extends DolibarrModules 'sp.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') ); $this->import_examplevalues_array[$r] = array( - 'sp.fk_product' => "PRODUCT_REF or id:123456", + 'sp.fk_product' => "ref:PRODUCT_REF or id:123456", 'sp.fk_soc' => "My Supplier", 'sp.ref_fourn' => "XYZ-F123456", 'sp.quantity' => "5", @@ -755,8 +784,13 @@ class modService extends DolibarrModules 'sp.multicurrency_price'=>'' )); } + if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) { + $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array( + 'sp.packagning'=>'1', + )); + } - $this->import_updatekeys_array[$r] = array('sp.fk_product'=>'ProductOrService', 'sp.ref_fourn'=>'SupplierRef', 'sp.fk_soc'=>'Supplier'); + $this->import_updatekeys_array[$r] = array('sp.fk_product'=>'ProductOrService', 'sp.ref_fourn'=>'SupplierRef', 'sp.fk_soc'=>'Supplier'); } if (!empty($conf->global->PRODUIT_MULTIPRICES)) { @@ -783,7 +817,7 @@ class modService extends DolibarrModules $this->import_convertvalue_array[$r] = array( 'pr.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') ); - $this->import_examplevalues_array[$r] = array('pr.fk_product'=>"SERVICE_REF or id:123456", + $this->import_examplevalues_array[$r] = array('pr.fk_product'=>"ref:SERVICE_REF or id:123456", 'pr.price_base_type'=>"HT (for excl tax) or TTC (for inc tax)", 'pr.price_level'=>"1", 'pr.price'=>"100", 'pr.price_ttc'=>"110", 'pr.price_min'=>"100", 'pr.price_min_ttc'=>"110", @@ -806,7 +840,7 @@ class modService extends DolibarrModules $this->import_convertvalue_array[$r] = array( 'l.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') ); - $this->import_examplevalues_array[$r] = array('l.fk_product'=>'SERVICE_REF or id:123456', 'l.lang'=>'en_US', 'l.label'=>'Label in en_US', 'l.description'=>'Desc in en_US'); + $this->import_examplevalues_array[$r] = array('l.fk_product'=>'ref:SERVICE_REF or id:123456', 'l.lang'=>'en_US', 'l.label'=>'Label in en_US', 'l.description'=>'Desc in en_US'); $this->import_updatekeys_array[$r] = array('l.fk_product'=>'ProductOrService', 'l.lang'=>'Language'); } } diff --git a/htdocs/core/modules/modStock.class.php b/htdocs/core/modules/modStock.class.php index 3d46d606265..c9379fb25d6 100644 --- a/htdocs/core/modules/modStock.class.php +++ b/htdocs/core/modules/modStock.class.php @@ -172,6 +172,12 @@ class modStock extends DolibarrModules $this->rights[9][3] = 0; // Permission by default for new user (0/1) $this->rights[9][4] = 'inventory_advance'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) $this->rights[9][5] = 'changePMP'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) + + $this->rights[10][0] = 1016; + $this->rights[10][1] = 'inventoryDeletePermission'; // Permission label + $this->rights[10][3] = 0; // Permission by default for new user (0/1) + $this->rights[10][4] = 'inventory_advance'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) + $this->rights[10][5] = 'delete'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) } // Main menu entries diff --git a/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php b/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php index c6579700c9d..1822a5b8c95 100644 --- a/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php +++ b/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php @@ -291,7 +291,7 @@ class doc_generic_odt extends ModeleThirdPartyDoc $sql = "SELECT p.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as p"; - $sql .= " WHERE p.fk_soc = ".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $result = $this->db->query($sql); $num = $this->db->num_rows($result); diff --git a/htdocs/core/modules/supplier_invoice/doc/pdf_canelle.modules.php b/htdocs/core/modules/supplier_invoice/doc/pdf_canelle.modules.php index e5fa94135ad..e37caab3ed1 100644 --- a/htdocs/core/modules/supplier_invoice/doc/pdf_canelle.modules.php +++ b/htdocs/core/modules/supplier_invoice/doc/pdf_canelle.modules.php @@ -1023,7 +1023,7 @@ class pdf_canelle extends ModelePDFSuppliersInvoices $sql .= " cp.code"; $sql .= " FROM ".MAIN_DB_PREFIX."paiementfourn_facturefourn as pf, ".MAIN_DB_PREFIX."paiementfourn as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id"; - $sql .= " WHERE pf.fk_paiementfourn = p.rowid and pf.fk_facturefourn = ".$object->id; + $sql .= " WHERE pf.fk_paiementfourn = p.rowid and pf.fk_facturefourn = ".((int) $object->id); $sql .= " ORDER BY p.datep"; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php b/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php index 64d30eeeb93..0e571f26c98 100644 --- a/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php +++ b/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php @@ -198,7 +198,7 @@ class InterfaceStripe extends DolibarrTriggers } $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account"; - $sql .= " WHERE site='stripe' AND fk_soc = ".$object->id; + $sql .= " WHERE site='stripe' AND fk_soc = ".((int) $object->id); $this->db->query($sql); } diff --git a/htdocs/core/website.inc.php b/htdocs/core/website.inc.php index 67ba6e64edc..30ffee00248 100644 --- a/htdocs/core/website.inc.php +++ b/htdocs/core/website.inc.php @@ -93,7 +93,7 @@ if ($_SERVER['PHP_SELF'] != DOL_URL_ROOT.'/website/index.php') { // If we browsi if (GETPOST('l', 'aZ09')) { $sql = "SELECT wp.rowid, wp.lang, wp.pageurl, wp.fk_page"; $sql .= " FROM ".MAIN_DB_PREFIX."website_page as wp"; - $sql .= " WHERE wp.fk_website = ".$website->id; + $sql .= " WHERE wp.fk_website = ".((int) $website->id); $sql .= " AND (wp.fk_page = ".$pageid." OR wp.rowid = ".$pageid; if (is_object($websitepage) && $websitepage->fk_page > 0) { $sql .= " OR wp.fk_page = ".$websitepage->fk_page." OR wp.rowid = ".$websitepage->fk_page; diff --git a/htdocs/delivery/class/delivery.class.php b/htdocs/delivery/class/delivery.class.php index 5b14b509de4..18887a99e28 100644 --- a/htdocs/delivery/class/delivery.class.php +++ b/htdocs/delivery/class/delivery.class.php @@ -614,7 +614,7 @@ class Delivery extends CommonObject { if ($this->statut == 0) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."commandedet"; - $sql .= " WHERE rowid = ".$lineid; + $sql .= " WHERE rowid = ".((int) $lineid); if ($this->db->query($sql)) { $this->update_price(); @@ -940,7 +940,7 @@ class Delivery extends CommonObject $sqlSourceLine .= ", p.ref, p.label"; $sqlSourceLine .= " FROM ".MAIN_DB_PREFIX.$this->linkedObjectsIds[0]['type']."det as st"; $sqlSourceLine .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON st.fk_product = p.rowid"; - $sqlSourceLine .= " WHERE fk_".$this->linked_object[0]['type']." = ".$this->linked_object[0]['linkid']; + $sqlSourceLine .= " WHERE fk_".$this->linked_object[0]['type']." = ".((int) $this->linked_object[0]['linkid']); $resultSourceLine = $this->db->query($sqlSourceLine); if ($resultSourceLine) { diff --git a/htdocs/don/card.php b/htdocs/don/card.php index 64dcf07cf8c..1dfade00bec 100644 --- a/htdocs/don/card.php +++ b/htdocs/don/card.php @@ -275,7 +275,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; // Remove file in doc form /*if ($action == 'remove_file') { - $object = new Don($db, 0, $_GET['id']); + $object = new Don($db, 0, GETPOST('id', 'int')); if ($object->fetch($id)) { require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php index a5fb676e314..1ec3ebe1cc5 100644 --- a/htdocs/don/class/don.class.php +++ b/htdocs/don/class/don.class.php @@ -702,7 +702,7 @@ class Don extends CommonObject $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = 1, fk_user_valid = ".$userid." WHERE rowid = ".$id." AND fk_statut = 0"; + $sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = 1, fk_user_valid = ".((int) $userid)." WHERE rowid = ".((int) $id)." AND fk_statut = 0"; $resql = $this->db->query($sql); if ($resql) { @@ -759,9 +759,9 @@ class Don extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = 2"; if ($modepayment) { - $sql .= ", fk_payment=".$modepayment; + $sql .= ", fk_payment = ".((int) $modepayment); } - $sql .= " WHERE rowid = ".$id." AND fk_statut = 1"; + $sql .= " WHERE rowid = ".((int) $id)." AND fk_statut = 1"; $resql = $this->db->query($sql); if ($resql) { @@ -843,7 +843,7 @@ class Don extends CommonObject $sql = "SELECT sum(amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."don"; - $sql .= " WHERE fk_statut = ".$param; + $sql .= " WHERE fk_statut = ".((int) $param); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); diff --git a/htdocs/don/class/donstats.class.php b/htdocs/don/class/donstats.class.php index e3deff2dc2d..07eb6d6588e 100644 --- a/htdocs/don/class/donstats.class.php +++ b/htdocs/don/class/donstats.class.php @@ -85,7 +85,7 @@ class DonationStats extends Stats //$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity; $this->where .= " AND d.entity = ".$conf->entity; if ($this->userid > 0) { - $this->where .= ' WHERE c.fk_user_author = '.$this->userid; + $this->where .= ' WHERE c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/don/payment/payment.php b/htdocs/don/payment/payment.php index d571940cc9b..cf6328d15c4 100644 --- a/htdocs/don/payment/payment.php +++ b/htdocs/don/payment/payment.php @@ -144,7 +144,7 @@ llxHeader(); $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_donation as p"; -$sql .= " WHERE p.fk_donation = ".$chid; +$sql .= " WHERE p.fk_donation = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php index d91181d0c51..f4914148f44 100644 --- a/htdocs/eventorganization/class/conferenceorbooth.class.php +++ b/htdocs/eventorganization/class/conferenceorbooth.class.php @@ -694,7 +694,7 @@ class ConferenceOrBooth extends ActionComm $sql = 'SELECT rowid, datec as datec, tms as datem,'; $sql .= ' fk_user_author, fk_user_mod'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.id = '.$id; + $sql .= ' WHERE t.id = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/expedition/class/expeditionstats.class.php b/htdocs/expedition/class/expeditionstats.class.php index 50382cef164..d25c7b52098 100644 --- a/htdocs/expedition/class/expeditionstats.class.php +++ b/htdocs/expedition/class/expeditionstats.class.php @@ -77,10 +77,10 @@ class ExpeditionStats extends Stats $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/expedition/contact.php b/htdocs/expedition/contact.php index d1bcab57412..9d5b7c4a8af 100644 --- a/htdocs/expedition/contact.php +++ b/htdocs/expedition/contact.php @@ -99,7 +99,7 @@ if ($action == 'addcontact' && $user->rights->expedition->creer) { $result = $objectsrc->swapContactStatus(GETPOST('ligne', 'int')); } elseif ($action == 'deletecontact' && $user->rights->expedition->creer) { // Efface un contact - $result = $objectsrc->delete_contact(GETPOST("lineid")); + $result = $objectsrc->delete_contact(GETPOST("lineid", 'int')); if ($result >= 0) { header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index c356ed708b2..a4c565bc1be 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -1191,7 +1191,7 @@ if (empty($reshook)) { } $object->update_totaux_del($object_ligne->total_ht, $object_ligne->total_tva); - header("Location: ".$_SERVER["PHP_SELF"]."?id=".$_GET['id']); + header("Location: ".$_SERVER["PHP_SELF"]."?id=".GETPOST('id', 'int')); exit; } else { setEventMessages($object->error, $object->errors, 'errors'); diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index 5ed3e777653..8ec99aa1007 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -663,7 +663,7 @@ class ExpenseReport extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."expensereport"; $sql .= " SET fk_statut = ".self::STATUS_CLOSED.", paid=1"; - $sql .= " WHERE rowid = ".$id." AND fk_statut = ".self::STATUS_APPROVED; + $sql .= " WHERE rowid = ".((int) $id)." AND fk_statut = ".self::STATUS_APPROVED; dol_syslog(get_class($this)."::set_paid sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -880,7 +880,7 @@ class ExpenseReport extends CommonObject if ($user->rights->expensereport->lire) { $sql = "SELECT de.fk_expensereport, de.date, de.comments, de.total_ht, de.total_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as de"; - $sql .= " WHERE de.fk_projet = ".$projectid; + $sql .= " WHERE de.fk_projet = ".((int) $projectid); dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); $result = $this->db->query($sql); @@ -973,7 +973,7 @@ class ExpenseReport extends CommonObject { $sql = 'SELECT tt.total_ht, tt.total_ttc, tt.total_tva'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as tt'; - $sql .= ' WHERE tt.'.$this->fk_element.' = '.$id; + $sql .= ' WHERE tt.'.$this->fk_element.' = '.((int) $id); $total_ht = 0; $total_tva = 0; $total_ttc = 0; @@ -1117,8 +1117,8 @@ class ExpenseReport extends CommonObject // Delete extrafields of lines and lines if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; - //$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; + //$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id); if (!$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -1154,7 +1154,7 @@ class ExpenseReport extends CommonObject // Delete main record if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { $error++; @@ -1384,7 +1384,7 @@ class ExpenseReport extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_APPROVED.", fk_user_approve = ".$fuser->id.","; + $sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_APPROVED.", fk_user_approve = ".((int) $fuser->id).","; $sql .= " date_approve='".$this->db->idate($this->date_approve)."'"; $sql .= ' WHERE rowid = '.$this->id; if ($this->db->query($sql)) { @@ -1434,7 +1434,7 @@ class ExpenseReport extends CommonObject // date de refus if ($this->status != self::STATUS_REFUSED) { $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_REFUSED.", fk_user_refuse = ".$fuser->id.","; + $sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_REFUSED.", fk_user_refuse = ".((int) $fuser->id).","; $sql .= " date_refuse='".$this->db->idate($now)."',"; $sql .= " detail_refuse='".$this->db->escape($details)."',"; $sql .= " fk_user_approve = NULL"; @@ -1558,7 +1558,7 @@ class ExpenseReport extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= " SET fk_statut = ".self::STATUS_CANCELED.", fk_user_cancel = ".$fuser->id; + $sql .= " SET fk_statut = ".self::STATUS_CANCELED.", fk_user_cancel = ".((int) $fuser->id); $sql .= ", date_cancel='".$this->db->idate($this->date_cancel)."'"; $sql .= " ,detail_cancel='".$this->db->escape($detail)."'"; $sql .= ' WHERE rowid = '.$this->id; @@ -2124,7 +2124,7 @@ class ExpenseReport extends CommonObject // Select des infos sur le type fees $sql = "SELECT c.code as code_type_fees, c.label as libelle_type_fees"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees as c"; - $sql .= " WHERE c.id = ".$type_fees_id; + $sql .= " WHERE c.id = ".((int) $type_fees_id); $resql = $this->db->query($sql); if ($resql) { $objp_fees = $this->db->fetch_object($resql); @@ -2136,7 +2136,7 @@ class ExpenseReport extends CommonObject // Select des informations du projet $sql = "SELECT p.ref as ref_projet, p.title as title_projet"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as p"; - $sql .= " WHERE p.rowid = ".$projet_id; + $sql .= " WHERE p.rowid = ".((int) $projet_id); $resql = $this->db->query($sql); if ($resql) { $objp_projet = $this->db->fetch_object($resql); @@ -2331,7 +2331,7 @@ class ExpenseReport extends CommonObject $ret = array(); $sql = "SELECT id, code, label"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees"; - $sql .= " WHERE active = ".$active; + $sql .= " WHERE active = ".((int) $active); dol_syslog(get_class($this)."::listOfTypes", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { @@ -2495,7 +2495,7 @@ class ExpenseReport extends CommonObject $type = 'expense_report'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -2757,7 +2757,7 @@ class ExpenseReportLine $sql = 'SELECT SUM(d.total_ttc) as total_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'expensereport_det d'; $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'expensereport e ON (d.fk_expensereport = e.rowid)'; - $sql .= ' WHERE e.fk_user_author = '.$fk_user; + $sql .= ' WHERE e.fk_user_author = '.((int) $fk_user); if (!empty($this->id)) { $sql .= ' AND d.rowid <> '.$this->id; } diff --git a/htdocs/expensereport/class/expensereport_rule.class.php b/htdocs/expensereport/class/expensereport_rule.class.php index 4e4d1009750..653f030b6d2 100644 --- a/htdocs/expensereport/class/expensereport_rule.class.php +++ b/htdocs/expensereport/class/expensereport_rule.class.php @@ -167,7 +167,7 @@ class ExpenseReportRule extends CoreObject if ($fk_user > 0) { $sql .= ' AND (er.is_for_all = 1'; $sql .= ' OR er.fk_user = '.$fk_user; - $sql .= ' OR er.fk_usergroup IN (SELECT ugu.fk_usergroup FROM '.MAIN_DB_PREFIX.'usergroup_user ugu WHERE ugu.fk_user = '.$fk_user.') )'; + $sql .= ' OR er.fk_usergroup IN (SELECT ugu.fk_usergroup FROM '.MAIN_DB_PREFIX.'usergroup_user ugu WHERE ugu.fk_user = '.((int) $fk_user).') )'; } $sql .= ' ORDER BY er.is_for_all, er.fk_usergroup, er.fk_user'; diff --git a/htdocs/expensereport/class/expensereportstats.class.php b/htdocs/expensereport/class/expensereportstats.class.php index ec71f530f51..8f3574f2952 100644 --- a/htdocs/expensereport/class/expensereportstats.class.php +++ b/htdocs/expensereport/class/expensereportstats.class.php @@ -114,7 +114,7 @@ class ExpenseReportStats extends Stats { $sql = "SELECT MONTH(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).") as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(e.".$this->datetouse.") = ".$year; + $sql .= " WHERE YEAR(e.".$this->datetouse.") = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/expensereport/class/paymentexpensereport.class.php b/htdocs/expensereport/class/paymentexpensereport.class.php index c9cf0cdaf41..c673316d491 100644 --- a/htdocs/expensereport/class/paymentexpensereport.class.php +++ b/htdocs/expensereport/class/paymentexpensereport.class.php @@ -607,7 +607,7 @@ class PaymentExpenseReport extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."payment_expensereport SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."payment_expensereport SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php index d50f6336669..b7057af86fc 100644 --- a/htdocs/expensereport/payment/payment.php +++ b/htdocs/expensereport/payment/payment.php @@ -206,7 +206,7 @@ if ($action == 'create' || empty($action)) { $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_expensereport as p, ".MAIN_DB_PREFIX."expensereport as e"; - $sql .= " WHERE p.fk_expensereport = e.rowid AND p.fk_expensereport = ".$id; + $sql .= " WHERE p.fk_expensereport = e.rowid AND p.fk_expensereport = ".((int) $id); $sql .= ' AND e.entity IN ('.getEntity('expensereport').')'; $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index d23b27278a1..1fef1ed7c03 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -1622,7 +1622,7 @@ class FichinterLigne extends CommonObjectLine $sql = "SELECT SUM(duree) as total_duration, min(date) as dateo, max(date) as datee "; $sql .= " FROM ".MAIN_DB_PREFIX."fichinterdet"; - $sql .= " WHERE fk_fichinter=".$this->fk_fichinter; + $sql .= " WHERE fk_fichinter=".((int) $this->fk_fichinter); dol_syslog("FichinterLigne::update_total", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1634,10 +1634,10 @@ class FichinterLigne extends CommonObjectLine } $sql = "UPDATE ".MAIN_DB_PREFIX."fichinter"; - $sql .= " SET duree = ".$total_duration; + $sql .= " SET duree = ".((int) $total_duration); $sql .= " , dateo = ".(!empty($obj->dateo) ? "'".$this->db->idate($obj->dateo)."'" : "null"); $sql .= " , datee = ".(!empty($obj->datee) ? "'".$this->db->idate($obj->datee)."'" : "null"); - $sql .= " WHERE rowid = ".$this->fk_fichinter; + $sql .= " WHERE rowid = ".((int) $this->fk_fichinter); dol_syslog("FichinterLigne::update_total", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/fichinter/class/fichinterrec.class.php b/htdocs/fichinter/class/fichinterrec.class.php index 8ed842a70c9..4fe35c32a2c 100644 --- a/htdocs/fichinter/class/fichinterrec.class.php +++ b/htdocs/fichinter/class/fichinterrec.class.php @@ -434,10 +434,10 @@ class FichinterRec extends Fichinter $error = 0; $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet_rec WHERE fk_fichinter = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet_rec WHERE fk_fichinter = ".((int) $rowid); dol_syslog($sql); if ($this->db->query($sql)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinter_rec WHERE rowid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinter_rec WHERE rowid = ".((int) $rowid); dol_syslog($sql); if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); @@ -784,8 +784,8 @@ class FichinterRec extends Fichinter } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET nb_gen_max = '.$nb; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' SET nb_gen_max = '.((int) $nb); + $sql .= ' WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG); if ($this->db->query($sql)) { @@ -811,8 +811,8 @@ class FichinterRec extends Fichinter } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET auto_validate = '.$validate; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' SET auto_validate = '.((int) $validate); + $sql .= ' WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/fichinter/class/fichinterstats.class.php b/htdocs/fichinter/class/fichinterstats.class.php index a0d22cf1e2a..297aeca7760 100644 --- a/htdocs/fichinter/class/fichinterstats.class.php +++ b/htdocs/fichinter/class/fichinterstats.class.php @@ -73,15 +73,15 @@ class FichinterStats extends Stats //$this->where.= " AND c.fk_statut > 0"; // Not draft and not cancelled } if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $this->where .= ($this->where ? ' AND ' : '')."c.entity IN (".getEntity('fichinter').')'; if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index fad9f001100..0dfb4047b4f 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -1157,7 +1157,7 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur SET fk_statut = ".$statut; + $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur SET fk_statut = ".((int) $statut); $sql .= " WHERE rowid = ".$this->id; dol_syslog(get_class($this)."::cancel", LOG_DEBUG); if ($this->db->query($sql)) { @@ -2306,7 +2306,7 @@ class CommandeFournisseur extends CommonOrder $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."commande_fournisseur"; - $sql .= " SET fk_statut = ".$statut; + $sql .= " SET fk_statut = ".((int) $statut); $sql .= " WHERE rowid = ".$this->id; $sql .= " AND fk_statut IN (".self::STATUS_ORDERSENT.",".self::STATUS_RECEIVED_PARTIALLY.")"; // Process running or Partially received diff --git a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php index 21c36ced633..0f8b8341a3d 100644 --- a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php +++ b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php @@ -674,8 +674,10 @@ class CommandeFournisseurDispatch extends CommonObject $sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; } elseif ($key == 't.datec' || $key == 't.tms' || $key == 't.eatby' || $key == 't.sellby' || $key == 't.batch') { $sqlwhere [] = $key.' = \''.$this->db->escape($value).'\''; + } elseif ($key == 'qty') { + $sqlwhere [] = $key.' = '.((float) $value); } else { - $sqlwhere [] = $key.' = '.$this->db->escape($value); + $sqlwhere [] = $key.' = '.((int) $value); } } } diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 55988f51169..ab7e6ea3fc4 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -1181,7 +1181,7 @@ class FactureFournisseur extends CommonInvoice if (!$error) { // If invoice was converted into a discount not yet consumed, we remove discount $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'societe_remise_except'; - $sql .= ' WHERE fk_invoice_supplier_source = '.$rowid; + $sql .= ' WHERE fk_invoice_supplier_source = '.((int) $rowid); $sql .= ' AND fk_invoice_supplier_line IS NULL'; $resql = $this->db->query($sql); @@ -1465,7 +1465,7 @@ class FactureFournisseur extends CommonInvoice $this->newref = dol_sanitizeFileName($num); $sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn"; - $sql .= " SET ref='".$num."', fk_statut = 1, fk_user_valid = ".$user->id.", date_valid = '".$this->db->idate($now)."'"; + $sql .= " SET ref='".$this->db->escape($num)."', fk_statut = 1, fk_user_valid = ".((int) $user->id).", date_valid = '".$this->db->idate($now)."'"; $sql .= " WHERE rowid = ".$this->id; dol_syslog(get_class($this)."::validate", LOG_DEBUG); @@ -2092,7 +2092,7 @@ class FactureFournisseur extends CommonInvoice // Libere remise liee a ligne de facture $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_invoice_supplier_line = NULL'; - $sql .= ' WHERE fk_invoice_supplier_line = '.$rowid; + $sql .= ' WHERE fk_invoice_supplier_line = '.((int) $rowid); dol_syslog(get_class($this)."::deleteline", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php index 708e3e621e4..c910cffe8d4 100644 --- a/htdocs/fourn/class/fournisseur.product.class.php +++ b/htdocs/fourn/class/fournisseur.product.class.php @@ -164,7 +164,7 @@ class ProductFournisseur extends Product $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_product = ".$this->id." AND fk_soc = ".$id_fourn; + $sql .= " WHERE fk_product = ".$this->id." AND fk_soc = ".((int) $id_fourn); dol_syslog(get_class($this)."::remove_fournisseur", LOG_DEBUG); $resql2 = $this->db->query($sql); @@ -208,7 +208,7 @@ class ProductFournisseur extends Product if (empty($error)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::remove_product_fournisseur_price", LOG_DEBUG); $resql = $this->db->query($sql); @@ -372,15 +372,15 @@ class ProductFournisseur extends Product } } $sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " SET fk_user = ".$user->id." ,"; + $sql .= " SET fk_user = ".((int) $user->id)." ,"; $sql .= " ref_fourn = '".$this->db->escape($ref_fourn)."',"; $sql .= " desc_fourn = '".$this->db->escape($desc_fourn)."',"; - $sql .= " price = ".$buyprice.","; - $sql .= " quantity = ".$qty.","; - $sql .= " remise_percent = ".$remise_percent.","; - $sql .= " remise = ".$remise.","; - $sql .= " unitprice = ".$unitBuyPrice.","; - $sql .= " fk_availability = ".$availability.","; + $sql .= " price = ".((float) $buyprice).","; + $sql .= " quantity = ".((float) $qty).","; + $sql .= " remise_percent = ".((float) $remise_percent).","; + $sql .= " remise = ".((float) $remise).","; + $sql .= " unitprice = ".((float) $unitBuyPrice).","; + $sql .= " fk_availability = ".((int) $availability).","; $sql .= " multicurrency_price = ".(isset($multicurrency_buyprice) ? "'".$this->db->escape(price2num($multicurrency_buyprice))."'" : 'null').","; $sql .= " multicurrency_unitprice = ".(isset($multicurrency_unitBuyPrice) ? "'".$this->db->escape(price2num($multicurrency_unitBuyPrice))."'" : 'null').","; $sql .= " multicurrency_tx = ".(isset($multicurrency_tx) ? "'".$this->db->escape($multicurrency_tx)."'" : '1').","; @@ -394,16 +394,16 @@ class ProductFournisseur extends Product //$sql.= " localtax1_type=".($localtaxtype1!=''?"'".$this->db->escape($localtaxtype1)."'":"'0'").","; //$sql.= " localtax2_type=".($localtaxtype2!=''?"'".$this->db->escape($localtaxtype2)."'":"'0'").","; $sql .= " default_vat_code=".($newdefaultvatcode ? "'".$this->db->escape($newdefaultvatcode)."'" : "null").","; - $sql .= " info_bits = ".$newnpr.","; - $sql .= " charges = ".$charges.","; // deprecated - $sql .= " delivery_time_days = ".($delivery_time_days != '' ? $delivery_time_days : 'null').","; + $sql .= " info_bits = ".((int) $newnpr).","; + $sql .= " charges = ".((float) $charges).","; // deprecated + $sql .= " delivery_time_days = ".($delivery_time_days != '' ? ((int) $delivery_time_days) : 'null').","; $sql .= " supplier_reputation = ".(empty($supplier_reputation) ? 'NULL' : "'".$this->db->escape($supplier_reputation)."'").","; $sql .= " barcode = ".(empty($barcode) ? 'NULL' : "'".$this->db->escape($barcode)."'").","; $sql .= " fk_barcode_type = ".(empty($fk_barcode_type) ? 'NULL' : "'".$this->db->escape($fk_barcode_type)."'"); if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) { $sql .= ", packaging = ".(empty($packaging) ? 1 : $packaging); } - $sql .= " WHERE rowid = ".$this->product_fourn_price_id; + $sql .= " WHERE rowid = ".((int) $this->product_fourn_price_id); // TODO Add price_base_type and price_ttc dol_syslog(get_class($this).'::update_buyprice update knowing id of line = product_fourn_price_id = '.$this->product_fourn_price_id, LOG_DEBUG); @@ -438,7 +438,7 @@ class ProductFournisseur extends Product // Delete price for this quantity $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_soc = ".$fourn->id." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".$qty." AND entity = ".$conf->entity; + $sql .= " WHERE fk_soc = ".$fourn->id." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".((float) $qty)." AND entity = ".$conf->entity; $resql = $this->db->query($sql); if ($resql) { // Add price for this quantity to supplier @@ -885,8 +885,8 @@ class ProductFournisseur extends Product $expression_id = $expression_id != 0 ? $expression_id : 'NULL'; $sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " SET fk_supplier_price_expression = ".$expression_id; - $sql .= " WHERE rowid = ".$this->product_fourn_price_id; + $sql .= " SET fk_supplier_price_expression = ".((int) $expression_id); + $sql .= " WHERE rowid = ".((int) $this->product_fourn_price_id); dol_syslog(get_class($this)."::setSupplierPriceExpression", LOG_DEBUG); diff --git a/htdocs/fourn/recap-fourn.php b/htdocs/fourn/recap-fourn.php index 06ad90ec858..97a6b53f2e2 100644 --- a/htdocs/fourn/recap-fourn.php +++ b/htdocs/fourn/recap-fourn.php @@ -73,7 +73,7 @@ if ($socid > 0) { $sql .= " f.paye as paye, f.fk_statut as statut, f.rowid as facid,"; $sql .= " u.login, u.rowid as userid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_fourn as f,".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$societe->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $societe->id); $sql .= " AND f.entity IN (".getEntity("facture_fourn").")"; // Recognition of the entity attributed to this invoice for Multicompany $sql .= " AND f.fk_user_valid = u.rowid"; $sql .= " ORDER BY f.datef DESC"; diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 4b5c742b3f1..ffd394a35b3 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -2069,7 +2069,7 @@ class Holiday extends CommonObject $sql = "SELECT rowid, code, label, affect, delay, newByMonth"; $sql .= " FROM ".MAIN_DB_PREFIX."c_holiday_types"; - $sql .= " WHERE (fk_country IS NULL OR fk_country = ".$mysoc->country_id.')'; + $sql .= " WHERE (fk_country IS NULL OR fk_country = ".((int) $mysoc->country_id).')'; if ($active >= 0) { $sql .= " AND active = ".((int) $active); } diff --git a/htdocs/install/lib/repair.lib.php b/htdocs/install/lib/repair.lib.php index 6133f3eccc8..242fbff25d4 100644 --- a/htdocs/install/lib/repair.lib.php +++ b/htdocs/install/lib/repair.lib.php @@ -106,7 +106,7 @@ function checkLinkedElements($sourcetype, $targettype) foreach ($elements as $key => $element) { if (!checkElementExist($element[$sourcetype], $sourcetable) || !checkElementExist($element[$targettype], $targettable)) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'element_element'; - $sql .= ' WHERE rowid = '.$key; + $sql .= ' WHERE rowid = '.((int) $key); $resql = $db->query($sql); $deleted++; } diff --git a/htdocs/install/mysql/data/llx_10_c_regions.sql b/htdocs/install/mysql/data/llx_10_c_regions.sql index 96ab85788ff..b054ca383ef 100644 --- a/htdocs/install/mysql/data/llx_10_c_regions.sql +++ b/htdocs/install/mysql/data/llx_10_c_regions.sql @@ -64,16 +64,32 @@ INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 2 INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 23, 2305, '', 0, 'Patagonia'); +-- Australia Regions (id country=28) +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 28, 2801, '', 0, 'Australia'); + + -- Austria Regions (id country=41) INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 41, 4101, '', 0, 'Österreich'); +-- Barbados Regions (id country=46) +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 46, 4601, '', 0, 'Barbados'); + + -- Belgium Regions (id country=2) insert into llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 2, 201, '',1,'Flandre'); insert into llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 2, 202, '',2,'Wallonie'); insert into llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 2, 203, '',3,'Bruxelles-Capitale'); +-- Brazil Regions (id country=56) +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 56, 5601, '', 0, 'Brasil'); + + +-- Canada Region (id country=14) +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 14, 1401, '', 0, 'Canada'); + + -- Regions France (id country=1) insert into llx_c_regions (fk_pays,code_region,cheflieu,tncc,nom) values ( 1, 1,'97105',3,'Guadeloupe'); insert into llx_c_regions (fk_pays,code_region,cheflieu,tncc,nom) values ( 1, 2,'97209',3,'Martinique'); @@ -197,20 +213,10 @@ insert into llx_c_regions (fk_pays,code_region,cheflieu,tncc,nom) values (10,102 INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 11, 1101, '', 0, 'United-States', 1); - --- Region Canada (id country=14) -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 14, 1401, '', 0, 'Canada', 1); - -- Regions The Netherlands (id country=17) INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 17, 1701, '', 0,'Provincies van Nederland ', 1); --- Regions Australia (id country=28) -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 28, 2801, '', 0, 'Australia', 1); - --- Regions Barbados (id country=46) -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 46, 4601, '', 0, 'Barbados', 1); - -- Regions Bolivia (id country=52) INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 52, 5201, '', 0, 'Chuquisaca', 1); INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 52, 5202, '', 0, 'La Paz', 1); @@ -222,8 +228,6 @@ INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) v INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 52, 5208, '', 0, 'El Beni', 1); INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 52, 5209, '', 0, 'Pando', 1); --- Regions Brazil (id country=56) -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 56, 5601, '', 0, 'Brasil', 1); -- Regions Colombie (id country=70) INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 70, 7001, '', 0, 'Colombie', 1); diff --git a/htdocs/install/mysql/data/llx_20_c_departements.sql b/htdocs/install/mysql/data/llx_20_c_departements.sql index 9e47a9ec050..2ac7a30a99b 100644 --- a/htdocs/install/mysql/data/llx_20_c_departements.sql +++ b/htdocs/install/mysql/data/llx_20_c_departements.sql @@ -7,8 +7,9 @@ -- Copyright (C) 2007 Patrick Raguin -- Copyright (C) 2010-2016 Juanjo Menent -- Copyright (C) 2012 Sebastian Neuwert --- Copyright (C) 2012 Ricardo Schluter --- Copyright (C) 2015 Ferran Marcet +-- Copyright (C) 2012 Ricardo Schluter +-- Copyright (C) 2015 Ferran Marcet +-- Copyright (C) 2020-2021 Udo Tamm -- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by @@ -25,13 +26,13 @@ -- --- WARNING ------------------------------------------------------------------- +-- WARNING --------------------------------------------------------------------- -- Do not put comments at the end of the lines, this file is parsed during -- the install and all '-' prefixed texts are removed. -- Do not concatenate the values in a single query, for the same reason. --- NOTES ---------------------------------- +-- NOTES ----------------------------------------------------------------------- -- Departements/Cantons/Provinces/States -- -- Algeria @@ -39,9 +40,11 @@ -- Argentina -- Australia -- Austria +-- Barbados -- Belgium -- Canada --- +-- France +-- Germany -- TEMPLATE ------------------------------------------------------------------------------------------------------------- @@ -139,26 +142,40 @@ INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc -- Australia States & Territories (id country=28) -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'NSW','',1,'','New South Wales'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'VIC','',1,'','Victoria'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'QLD','',1,'','Queensland'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'SA' ,'',1,'','South Australia'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'ACT','',1,'','Australia Capital Territory'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'TAS','',1,'','Tasmania'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'WA' ,'',1,'','Western Australia'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'NT' ,'',1,'','Northern Territory'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'NSW','',1,'','New South Wales'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'VIC','',1,'','Victoria'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'QLD','',1,'','Queensland'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'SA' ,'',1,'','South Australia'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'ACT','',1,'','Australia Capital Territory'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'TAS','',1,'','Tasmania'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'WA' ,'',1,'','Western Australia'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'NT' ,'',1,'','Northern Territory'); -- Austria States / Österreich Bundesländer (id country=41) -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'B','BURGENLAND','Burgenland',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'K','KAERNTEN','Kärnten',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'N','NIEDEROESTERREICH','Niederösterreich',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'O','OBEROESTERREICH','Oberösterreich',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'S','SALZBURG','Salzburg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'ST','STEIERMARK','Steiermark',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'T','TIROL','Tirol',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'V','VORARLBERG','Vorarlberg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'W','WIEN','Wien',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'B','BURGENLAND','Burgenland',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'K','KAERNTEN','Kärnten',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'N','NIEDEROESTERREICH','Niederösterreich',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'O','OBEROESTERREICH','Oberösterreich',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'S','SALZBURG','Salzburg',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'ST','STEIERMARK','Steiermark',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'T','TIROL','Tirol',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'V','VORARLBERG','Vorarlberg',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'W','WIEN','Wien',1); + + +-- Barbados Parish (id country=46) +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'CC', 'Oistins', 0, 'CC', 'Christ Church'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SA', 'Greenland', 0, 'SA', 'Saint Andrew'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SG', 'Bulkeley', 0, 'SG', 'Saint George'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'JA', 'Holetown', 0, 'JA', 'Saint James'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SJ', 'Four Roads', 0, 'SJ', 'Saint John'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SB', 'Bathsheba', 0, 'SB', 'Saint Joseph'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SL', 'Crab Hill', 0, 'SL', 'Saint Lucy'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SM', 'Bridgetown', 0, 'SM', 'Saint Michael'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SP', 'Speightstown', 0, 'SP', 'Saint Peter'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SC', 'Crane', 0, 'SC', 'Saint Philip'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'ST', 'Hillaby', 0, 'ST', 'Saint Thomas'); -- Belgium Provinces (id country=2) @@ -188,12 +205,12 @@ insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (1401,'NL','',1,'','Newfoundland and Labrador'); --- Departements France (id country=1) -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 1,'971','97105',3,'GUADELOUPE','Guadeloupe'); -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 2,'972','97209',3,'MARTINIQUE','Martinique'); -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 3,'973','97302',3,'GUYANE','Guyane'); -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 4,'974','97411',3,'REUNION','Réunion'); -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 6,'976','97601',3,'MAYOTTE','Mayotte'); +-- France Departements (id country=1) +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 1,'971','97105',3,'GUADELOUPE','Guadeloupe'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 2,'972','97209',3,'MARTINIQUE','Martinique'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 3,'973','97302',3,'GUYANE','Guyane'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 4,'974','97411',3,'REUNION','Réunion'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 6,'976','97601',3,'MAYOTTE','Mayotte'); insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (84,'01','01053',5,'AIN','Ain'); insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (32,'02','02408',5,'AISNE','Aisne'); @@ -293,6 +310,25 @@ insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,no insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (11,'95','95500',2,'VAL-D OISE','Val-d Oise'); +-- Germany States / Bundesländer (id country=5) +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'BW', 'BADEN-WÜRTTEMBERG', 'Baden-Württemberg'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'BY', 'BAYERN', 'Bayern'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'BE', 'BERLIN', 'Berlin'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'BB', 'BRANDENBURG', 'Brandenburg'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'HB', 'BREMEN', 'Bremen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'HH', 'HAMBURG', 'Hamburg'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'HE', 'HESSEN', 'Hessen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'MV', 'MECKLENBURG-VORPOMMERN', 'Mecklenburg-Vorpommern'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'NI', 'NIEDERSACHSEN', 'Niedersachsen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'NW', 'NORDRHEIN-WESTFALEN', 'Nordrhein-Westfalen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'RP', 'RHEINLAND-PFALZ', 'Rheinland-Pfalz'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'SL', 'SAARLAND', 'Saarland'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'SN', 'SACHSEN', 'Sachsen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'ST', 'SACHSEN-ANHALT', 'Sachsen-Anhalt'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'SH', 'SCHLESWIG-HOLSTEIN', 'Schleswig-Holstein'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'TH', 'THÜRINGEN', 'Thüringen'); + + -- Provinces Italy (id=3) insert into llx_c_departements (code_departement,fk_region,cheflieu,tncc,ncc,nom) values ('AG',315,NULL,NULL,NULL,'AGRIGENTO'); insert into llx_c_departements (code_departement,fk_region,cheflieu,tncc,ncc,nom) values ('AL',312,NULL,NULL,NULL,'ALESSANDRIA'); @@ -685,23 +721,6 @@ INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('ZA', '403', '49', 3, 'ZAMORA', 'Zamora'); INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('Z', '402', '50', 1, 'ZARAGOZA', 'Zaragoza'); --- Provinces Germany (id country=5) -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'BW','BADEN-WÜRTTEMBERG','Baden-Württemberg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'BY','BAYERN','Bayern',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'BE','BERLIN','Berlin',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'BB','BRANDENBURG','Brandenburg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'HB','BREMEN','Bremen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'HH','HAMBURG','Hamburg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'HE','HESSEN','Hessen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'MV','MECKLENBURG-VORPOMMERN','Mecklenburg-Vorpommern',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'NI','NIEDERSACHSEN','Niedersachsen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'NW','NORDRHEIN-WESTFALEN','Nordrhein-Westfalen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'RP','RHEINLAND-PFALZ','Rheinland-Pfalz',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'SL','SAARLAND','Saarland',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'SN','SACHSEN','Sachsen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'ST','SACHSEN-ANHALT','Sachsen-Anhalt',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'SH','SCHLESWIG-HOLSTEIN','Schleswig-Holstein',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'TH','THÜRINGEN','Thüringen',1); -- Provinces Greece (id country=102) INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('66', 10201, '', 0, '', 'Αθήνα', 1); @@ -1005,19 +1024,6 @@ INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, nc INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('CU', 8601, '', 0, '', 'Cuscatlan', 1); --- Parish Barbados (id country=46) -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('CC', 4601, 'Oistins', 0, 'CC', 'Christ Church', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SA', 4601, 'Greenland', 0, 'SA', 'Saint Andrew', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SG', 4601, 'Bulkeley', 0, 'SG', 'Saint George', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('JA', 4601, 'Holetown', 0, 'JA', 'Saint James', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SJ', 4601, 'Four Roads', 0, 'SJ', 'Saint John', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SB', 4601, 'Bathsheba', 0, 'SB', 'Saint Joseph', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SL', 4601, 'Crab Hill', 0, 'SL', 'Saint Lucy', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SM', 4601, 'Bridgetown', 0, 'SM', 'Saint Michael', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SP', 4601, 'Speightstown', 0, 'SP', 'Saint Peter', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SC', 4601, 'Crane', 0, 'SC', 'Saint Philip', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('ST', 4601, 'Hillaby', 0, 'ST', 'Saint Thomas', 1); - -- Provinces Brazil (id country=56) INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('AC', 5601, 'ACRE', 0, 'AC', 'Acre', 1); INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('AL', 5601, 'ALAGOAS', 0, 'AL', 'Alagoas', 1); diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index f908d57a5af..564749d662d 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -310,5 +310,12 @@ ALTER TABLE llx_societe_perentity ADD INDEX idx_societe_perentity_fk_soc (fk_soc ALTER TABLE llx_societe_perentity ADD UNIQUE INDEX uk_societe_perentity (fk_soc, entity); ALTER TABLE llx_c_ticket_category ADD COLUMN public integer DEFAULT 0; +ALTER TABLE llc_c_ticket_category MODIFY COLUMN pos integer DEFAULT 0 NOT NULL; +ALTER TABLE llx_propal ADD COLUMN date_signature datetime AFTER date_valid; +ALTER TABLE llx_propal ADD COLUMN fk_user_signature integer AFTER fk_user_valid; +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_signature FOREIGN KEY (fk_user_signature) REFERENCES llx_user (rowid); + +UPDATE llx_propal SET fk_user_signature = fk_user_cloture WHERE fk_user_signature IS NULL AND fk_user_cloture IS NOT NULL; +UPDATE llx_propal SET date_signature = date_cloture WHERE date_signature IS NULL AND date_cloture IS NOT NULL; diff --git a/htdocs/install/mysql/tables/llx_c_ticket_category.sql b/htdocs/install/mysql/tables/llx_c_ticket_category.sql index c42c3f029d4..317be25e142 100644 --- a/htdocs/install/mysql/tables/llx_c_ticket_category.sql +++ b/htdocs/install/mysql/tables/llx_c_ticket_category.sql @@ -21,7 +21,7 @@ create table llx_c_ticket_category entity integer DEFAULT 1, code varchar(32) NOT NULL, label varchar(128) NOT NULL, - pos varchar(32) NOT NULL, + pos integer DEFAULT 0 NOT NULL, public integer DEFAULT 0, use_default integer DEFAULT 1, active integer DEFAULT 1, diff --git a/htdocs/install/mysql/tables/llx_propal.key.sql b/htdocs/install/mysql/tables/llx_propal.key.sql index 89a0c54ad83..d0265e6fcdf 100644 --- a/htdocs/install/mysql/tables/llx_propal.key.sql +++ b/htdocs/install/mysql/tables/llx_propal.key.sql @@ -24,6 +24,7 @@ ALTER TABLE llx_propal ADD UNIQUE INDEX uk_propal_ref (ref, entity); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_soc (fk_soc); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_author (fk_user_author); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_valid (fk_user_valid); +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_signature (fk_user_signature); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_cloture (fk_user_cloture); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_projet (fk_projet); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_account(fk_account); @@ -33,6 +34,7 @@ ALTER TABLE llx_propal ADD INDEX idx_propal_fk_warehouse(fk_warehouse); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_soc FOREIGN KEY (fk_soc) REFERENCES llx_societe (rowid); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_author FOREIGN KEY (fk_user_author) REFERENCES llx_user (rowid); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_valid FOREIGN KEY (fk_user_valid) REFERENCES llx_user (rowid); +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_signature FOREIGN KEY (fk_user_signature) REFERENCES llx_user (rowid); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_cloture FOREIGN KEY (fk_user_cloture) REFERENCES llx_user (rowid); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_projet FOREIGN KEY (fk_projet) REFERENCES llx_projet (rowid); --ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_warehouse FOREIGN KEY (fk_warehouse) REFERENCES llx_entrepot(rowid); diff --git a/htdocs/install/mysql/tables/llx_propal.sql b/htdocs/install/mysql/tables/llx_propal.sql index 004bb027d35..7c94086b3b9 100644 --- a/htdocs/install/mysql/tables/llx_propal.sql +++ b/htdocs/install/mysql/tables/llx_propal.sql @@ -37,11 +37,13 @@ create table llx_propal datep date, -- date de la propal fin_validite datetime, -- date de fin de validite date_valid datetime, -- date de validation + date_signature datetime, -- date signature date_cloture datetime, -- date de cloture fk_user_author integer, -- user making creation fk_user_modif integer, -- user making last change fk_user_valid integer, -- user validating - fk_user_cloture integer, -- user closing (signed or not) + fk_user_signature integer, -- user signing (signed or not) + fk_user_cloture integer, -- user closing fk_statut smallint DEFAULT 0 NOT NULL, -- 0=draft, 1=validated, 2=accepted, 3=refused, 4=billed/closed price real DEFAULT 0, -- (obsolete) remise_percent real DEFAULT 0, -- remise globale relative en pourcent (obsolete) diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index 1d695f40249..1f80d37efd8 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -933,14 +933,14 @@ if ($ok && GETPOST('clean_product_stock_batch', 'alpha')) { } if ($methodtofix == 'updatestock') { // Method 2 - print ' -> Update qty of product_stock with qty = '.($obj->reelbatch ? $obj->reelbatch : '0').' for ps.rowid = '.$obj->psrowid; + print ' -> Update qty of product_stock with qty = '.($obj->reelbatch ? ((float) $obj->reelbatch) : '0').' for ps.rowid = '.((int) $obj->psrowid); if (GETPOST('clean_product_stock_batch') == 'confirmed') { $error = 0; $db->begin(); $sql2 = "UPDATE ".MAIN_DB_PREFIX."product_stock"; - $sql2 .= " SET reel = ".($obj->reelbatch ? $obj->reelbatch : '0')." WHERE rowid = ".$obj->psrowid; + $sql2 .= " SET reel = ".($obj->reelbatch ? ((float) $obj->reelbatch) : '0')." WHERE rowid = ".((int) $obj->psrowid); $resql2 = $db->query($sql2); if ($resql2) { // We update product_stock, so we must fill p.stock into product too. @@ -1027,7 +1027,7 @@ if ($ok && GETPOST('set_empty_time_spent_amount', 'alpha')) { if (GETPOST('set_empty_time_spent_amount') == 'confirmed') { $sql2 = "UPDATE ".MAIN_DB_PREFIX."projet_task_time"; - $sql2 .= " SET thm = ".$obj->user_thm." WHERE thm IS NULL AND fk_user = ".$obj->user_id; + $sql2 .= " SET thm = ".$obj->user_thm." WHERE thm IS NULL AND fk_user = ".((int) $obj->user_id); $resql2 = $db->query($sql2); if (!$resql2) { $error++; @@ -1318,8 +1318,8 @@ if ($ok && GETPOST('repair_link_dispatch_lines_supplier_order_lines')) { } while ($obj_dispatch = $db->fetch_object($resql_dispatch)) { $sql_line = 'SELECT line.rowid, line.qty FROM '.MAIN_DB_PREFIX.'commande_fournisseurdet AS line'; - $sql_line .= ' WHERE line.fk_commande = '.$obj_dispatch->fk_commande; - $sql_line .= ' AND line.fk_product = '.$obj_dispatch->fk_product; + $sql_line .= ' WHERE line.fk_commande = '.((int) $obj_dispatch->fk_commande); + $sql_line .= ' AND line.fk_product = '.((int) $obj_dispatch->fk_product); $resql_line = $db->query($sql_line); // s’il y a plusieurs lignes avec le même produit sur cette commande fournisseur, @@ -1347,8 +1347,8 @@ if ($ok && GETPOST('repair_link_dispatch_lines_supplier_order_lines')) { $qty_for_line = min($remaining_qty, $obj_line->qty); if ($first_iteration) { $sql_attach = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch'; - $sql_attach .= ' SET fk_commandefourndet = '.$obj_line->rowid.', qty = '.$qty_for_line; - $sql_attach .= ' WHERE rowid = '.$obj_dispatch->rowid; + $sql_attach .= ' SET fk_commandefourndet = '.((int) $obj_line->rowid).', qty = '.((float) $qty_for_line); + $sql_attach .= ' WHERE rowid = '.((int) $obj_dispatch->rowid); $first_iteration = false; } else { $sql_attach_values = array( diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index d613e4a18b0..32959af80cc 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -678,7 +678,7 @@ function migrate_paiements($db, $langs, $conf) $res += $db->query($sql); - $sql = "UPDATE ".MAIN_DB_PREFIX."paiement SET fk_facture = 0 WHERE rowid = ".$row[$i][0]; + $sql = "UPDATE ".MAIN_DB_PREFIX."paiement SET fk_facture = 0 WHERE rowid = ".((int) $row[$i][0]); $res += $db->query($sql); @@ -1342,7 +1342,7 @@ function migrate_paiementfourn_facturefourn($db, $langs, $conf) // Verifier si la ligne est deja dans la nouvelle table. On ne veut pas inserer de doublons. $check_sql = 'SELECT fk_paiementfourn, fk_facturefourn'; $check_sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn'; - $check_sql .= ' WHERE fk_paiementfourn = '.$select_obj->rowid.' AND fk_facturefourn = '.$select_obj->fk_facture_fourn; + $check_sql .= ' WHERE fk_paiementfourn = '.((int) $select_obj->rowid).' AND fk_facturefourn = '.((int) $select_obj->fk_facture_fourn); $check_resql = $db->query($check_sql); if ($check_resql) { $check_num = $db->num_rows($check_resql); @@ -2161,7 +2161,7 @@ function migrate_detail_livraison($db, $langs, $conf) if ($resql2) { $sql = "SELECT total_ht"; $sql .= " FROM ".MAIN_DB_PREFIX."livraison"; - $sql .= " WHERE rowid = ".$obj->fk_livraison; + $sql .= " WHERE rowid = ".((int) $obj->fk_livraison); $resql3 = $db->query($sql); if ($resql3) { @@ -2864,7 +2864,7 @@ function migrate_project_task_time($db, $langs, $conf) foreach ($totaltime as $taskid => $total_duration) { $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET"; $sql .= " duration_effective = ".$total_duration; - $sql .= " WHERE rowid = ".$taskid; + $sql .= " WHERE rowid = ".((int) $taskid); $resql = $db->query($sql); if (!$resql) { @@ -3235,7 +3235,7 @@ function migrate_mode_reglement($db, $langs, $conf) $sqlSelect = "SELECT id"; $sqlSelect .= " FROM ".MAIN_DB_PREFIX."c_paiement"; - $sqlSelect .= " WHERE id = ".$old_id; + $sqlSelect .= " WHERE id = ".((int) $old_id); $sqlSelect .= " AND code = '".$db->escape($elements['code'][$key])."'"; $resql = $db->query($sqlSelect); @@ -3246,23 +3246,23 @@ function migrate_mode_reglement($db, $langs, $conf) $db->begin(); - $sqla = "UPDATE ".MAIN_DB_PREFIX."paiement SET "; - $sqla .= "fk_paiement = ".$elements['new_id'][$key]; - $sqla .= " WHERE fk_paiement = ".$old_id; - $sqla .= " AND fk_paiement IN (SELECT id FROM ".MAIN_DB_PREFIX."c_paiement WHERE id = ".$old_id." AND code = '".$db->escape($elements['code'][$key])."')"; + $sqla = "UPDATE ".MAIN_DB_PREFIX."paiement SET"; + $sqla .= " fk_paiement = ".((int) $elements['new_id'][$key]); + $sqla .= " WHERE fk_paiement = ".((int) $old_id); + $sqla .= " AND fk_paiement IN (SELECT id FROM ".MAIN_DB_PREFIX."c_paiement WHERE id = ".((int) $old_id)." AND code = '".$db->escape($elements['code'][$key])."')"; $resqla = $db->query($sqla); - $sql = "UPDATE ".MAIN_DB_PREFIX."c_paiement SET "; - $sql .= "id = ".$elements['new_id'][$key]; - $sql .= " WHERE id = ".$old_id; + $sql = "UPDATE ".MAIN_DB_PREFIX."c_paiement SET"; + $sql .= " id = ".((int) $elements['new_id'][$key]); + $sql .= " WHERE id = ".((int) $old_id); $sql .= " AND code = '".$db->escape($elements['code'][$key])."'"; $resql = $db->query($sql); if ($resqla && $resql) { foreach ($elements['tables'] as $table) { $sql = "UPDATE ".MAIN_DB_PREFIX.$table." SET "; - $sql .= "fk_mode_reglement = ".$elements['new_id'][$key]; - $sql .= " WHERE fk_mode_reglement = ".$old_id; + $sql .= "fk_mode_reglement = ".((int) $elements['new_id'][$key]); + $sql .= " WHERE fk_mode_reglement = ".((int) $old_id); $resql = $db->query($sql); if (!$resql) { @@ -3786,16 +3786,16 @@ function migrate_remise_except_entity($db, $langs, $conf) $sqlSelect2 = "SELECT f.entity"; $sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."facture as f"; - $sqlSelect2 .= " WHERE f.rowid = ".$fk_facture; + $sqlSelect2 .= " WHERE f.rowid = ".((int) $fk_facture); } elseif (!empty($obj->fk_facture_line)) { $sqlSelect2 = "SELECT f.entity"; $sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."facturedet as fd"; - $sqlSelect2 .= " WHERE fd.rowid = ".$obj->fk_facture_line; + $sqlSelect2 .= " WHERE fd.rowid = ".((int) $obj->fk_facture_line); $sqlSelect2 .= " AND fd.fk_facture = f.rowid"; } else { $sqlSelect2 = "SELECT s.entity"; $sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sqlSelect2 .= " WHERE s.rowid = ".$obj->fk_soc; + $sqlSelect2 .= " WHERE s.rowid = ".((int) $obj->fk_soc); } $resql2 = $db->query($sqlSelect2); diff --git a/htdocs/intracommreport/class/intracommreport.class.php b/htdocs/intracommreport/class/intracommreport.class.php index cd4765161e9..a36a489ea70 100644 --- a/htdocs/intracommreport/class/intracommreport.class.php +++ b/htdocs/intracommreport/class/intracommreport.class.php @@ -417,7 +417,7 @@ class IntracommReport extends CommonObject ( SELECT fk_product FROM '.MAIN_DB_PREFIX.'categorie_product - WHERE fk_categorie = '.$categ_fraisdeport->id.' + WHERE fk_categorie = '.((int) $categ_fraisdeport->id).' ) )'; diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang index 8e949661c49..f9c76a73019 100644 --- a/htdocs/langs/en_US/stocks.lang +++ b/htdocs/langs/en_US/stocks.lang @@ -62,6 +62,7 @@ EnhancedValueOfWarehouses=Warehouses value UserWarehouseAutoCreate=Create a user warehouse automatically when creating a user AllowAddLimitStockByWarehouse=Manage also value for minimum and desired stock per pairing (product-warehouse) in addition to the value for minimum and desired stock per product RuleForWarehouse=Rule for warehouses +WarehouseAskWarehouseOnThirparty=Set a warehouse on thirparty WarehouseAskWarehouseDuringPropal=Set a warehouse on Commercial proposals WarehouseAskWarehouseDuringOrder=Set a warehouse on Sale orders UserDefaultWarehouse=Set a warehouse on Users @@ -184,6 +185,7 @@ inventoryCreatePermission=Create new inventory inventoryReadPermission=View inventories inventoryWritePermission=Update inventories inventoryValidatePermission=Validate inventory +inventoryDeletePermission=Delete inventory inventoryTitle=Inventory inventoryListTitle=Inventories inventoryListEmpty=No inventory in progress @@ -242,4 +244,7 @@ InventoryRealQtyHelp=Set value to 0 to reset qty
Keep field empty, or remove UpdateByScaning=Update by scaning UpdateByScaningProductBarcode=Update by scan (product barcode) UpdateByScaningLot=Update by scan (lot|serial barcode) -DisableStockChangeOfSubProduct=Deactivate the stock change for all the subproducts of this Kit during this movement. \ No newline at end of file +DisableStockChangeOfSubProduct=Deactivate the stock change for all the subproducts of this Kit during this movement. +LabelOfInventoryMovemement=Inventory %s +ReOpen=Reopen +ConfirmFinish=Confirm closing \ No newline at end of file diff --git a/htdocs/langs/fr_FR/main.lang b/htdocs/langs/fr_FR/main.lang index 86ba2247682..a8b13c7e914 100644 --- a/htdocs/langs/fr_FR/main.lang +++ b/htdocs/langs/fr_FR/main.lang @@ -278,6 +278,7 @@ DateModificationShort=Date modif. IPModification=Modification IP DateLastModification=Date de dernière modification DateValidation=Date validation +DateSigning=Date signature DateClosing=Date clôture DateDue=Date échéance DateValue=Date valeur diff --git a/htdocs/langs/fr_FR/other.lang b/htdocs/langs/fr_FR/other.lang index 3023cd7216e..a8078129464 100644 --- a/htdocs/langs/fr_FR/other.lang +++ b/htdocs/langs/fr_FR/other.lang @@ -114,6 +114,7 @@ DemoCompanyAll=Société avec de multiples activités (tous les modules principa CreatedBy=Créé par %s ModifiedBy=Modifié par %s ValidatedBy=Validé par %s +SignedBy=Signé par %s ClosedBy=Clôturé par %s CreatedById=Id utilisateur créateur ModifiedById=Id utilisateur du dernier changement diff --git a/htdocs/langs/fr_FR/stocks.lang b/htdocs/langs/fr_FR/stocks.lang index c29c3b26d82..2d2be548f3b 100644 --- a/htdocs/langs/fr_FR/stocks.lang +++ b/htdocs/langs/fr_FR/stocks.lang @@ -62,6 +62,7 @@ EnhancedValueOfWarehouses=Valorisation des stocks UserWarehouseAutoCreate=Créer automatiquement un stock/entrepôt propre à l'utilisateur lors de sa création AllowAddLimitStockByWarehouse=Gérez également les valeurs des stocks minimums et souhaités par paire (produit-entrepôt) en plus des valeurs de minimums et souhaités par produit RuleForWarehouse=Règle pour les entrepôts +WarehouseAskWarehouseOnThirparty=Définir un entrepôt sur les tiers WarehouseAskWarehouseDuringPropal=Définir un entrepôt sur les propositions WarehouseAskWarehouseDuringOrder=Définir un entrepôt sur les commandes UserDefaultWarehouse=Définir un entrepôt sur les utilisateurs diff --git a/htdocs/loan/card.php b/htdocs/loan/card.php index 9e9e1a0a992..c3c08b6cf2f 100644 --- a/htdocs/loan/card.php +++ b/htdocs/loan/card.php @@ -636,7 +636,7 @@ if ($id > 0) { $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepayment = c.id"; $sql .= ", ".MAIN_DB_PREFIX."loan as l"; - $sql .= " WHERE p.fk_loan = ".$id; + $sql .= " WHERE p.fk_loan = ".((int) $id); $sql .= " AND p.fk_loan = l.rowid"; $sql .= " AND l.entity IN ( ".getEntity('loan').")"; $sql .= " ORDER BY dp DESC"; diff --git a/htdocs/loan/class/loanschedule.class.php b/htdocs/loan/class/loanschedule.class.php index bc819f747ca..54d4607ab70 100644 --- a/htdocs/loan/class/loanschedule.class.php +++ b/htdocs/loan/class/loanschedule.class.php @@ -447,7 +447,7 @@ class LoanSchedule extends CommonObject $sql .= " t.fk_user_creat,"; $sql .= " t.fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t"; - $sql .= " WHERE t.fk_loan = ".$loanid; + $sql .= " WHERE t.fk_loan = ".((int) $loanid); dol_syslog(get_class($this)."::fetchAll", LOG_DEBUG); $resql = $this->db->query($sql); @@ -535,7 +535,7 @@ class LoanSchedule extends CommonObject { $sql = "SELECT p.datep"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as p "; - $sql .= " WHERE p.fk_loan = ".$loanid; + $sql .= " WHERE p.fk_loan = ".((int) $loanid); $sql .= " ORDER BY p.datep DESC "; $sql .= " LIMIT 1 "; @@ -563,7 +563,7 @@ class LoanSchedule extends CommonObject $sql = "SELECT p.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as p "; - $sql .= " WHERE p.fk_loan = ".$loanid; + $sql .= " WHERE p.fk_loan = ".((int) $loanid); if (!empty($datemax)) { $sql .= " AND p.datep > '".$this->db->idate($datemax)."'"; } diff --git a/htdocs/loan/class/paymentloan.class.php b/htdocs/loan/class/paymentloan.class.php index c7f1940943b..cf0a8e87f63 100644 --- a/htdocs/loan/class/paymentloan.class.php +++ b/htdocs/loan/class/paymentloan.class.php @@ -594,12 +594,12 @@ class PaymentLoan extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."payment_loan SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."payment_loan SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { - $this->fk_bank = $id_bank; + $this->fk_bank = ((int) $id_bank); return 1; } else { $this->error = $this->db->error(); diff --git a/htdocs/loan/payment/card.php b/htdocs/loan/payment/card.php index cf4466bb0da..675401e34f9 100644 --- a/htdocs/loan/payment/card.php +++ b/htdocs/loan/payment/card.php @@ -58,7 +58,7 @@ if ($id > 0) { if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->loan->delete) { $db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."loan_schedule SET fk_bank = 0 WHERE fk_bank = ".$payment->fk_bank; + $sql = "UPDATE ".MAIN_DB_PREFIX."loan_schedule SET fk_bank = 0 WHERE fk_bank = ".((int) $payment->fk_bank); $db->query($sql); $fk_loan = $payment->fk_loan; @@ -66,7 +66,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->loan->del $result = $payment->delete($user); if ($result > 0) { $db->commit(); - header("Location: ".DOL_URL_ROOT."/loan/card.php?id=".$fk_loan); + header("Location: ".DOL_URL_ROOT."/loan/card.php?id=".urlencode($fk_loan)); exit; } else { setEventMessages($payment->error, $payment->errors, 'errors'); diff --git a/htdocs/loan/payment/payment.php b/htdocs/loan/payment/payment.php index eec24d9b3e2..58783be181e 100644 --- a/htdocs/loan/payment/payment.php +++ b/htdocs/loan/payment/payment.php @@ -239,7 +239,7 @@ if ($action == 'create') { $sql = "SELECT SUM(amount_capital) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan"; - $sql .= " WHERE fk_loan = ".$chid; + $sql .= " WHERE fk_loan = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/margin/agentMargins.php b/htdocs/margin/agentMargins.php index a27393c8bb2..1ac670c4a7f 100644 --- a/htdocs/margin/agentMargins.php +++ b/htdocs/margin/agentMargins.php @@ -290,7 +290,7 @@ if ($result) { // sql nb sellers $sql_seller = "SELECT COUNT(sc.rowid) as nb"; $sql_seller .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql_seller .= " WHERE sc.fk_soc = ".$objp->socid; + $sql_seller .= " WHERE sc.fk_soc = ".((int) $objp->socid); $sql_seller .= " LIMIT 1"; $resql_seller = $db->query($sql_seller); diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php index 6a17e500a69..df687f84e56 100644 --- a/htdocs/modulebuilder/template/class/myobject.class.php +++ b/htdocs/modulebuilder/template/class/myobject.class.php @@ -579,9 +579,9 @@ class MyObject extends CommonObject $sql .= ", date_validation = '".$this->db->idate($now)."'"; } if (!empty($this->fields['fk_user_valid'])) { - $sql .= ", fk_user_valid = ".$user->id; + $sql .= ", fk_user_valid = ".((int) $user->id); } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/multicurrency/class/multicurrency.class.php b/htdocs/multicurrency/class/multicurrency.class.php index 7886bd35774..5067a6e91d5 100644 --- a/htdocs/multicurrency/class/multicurrency.class.php +++ b/htdocs/multicurrency/class/multicurrency.class.php @@ -591,7 +591,7 @@ class MultiCurrency extends CommonObject { global $db; - $sql = 'SELECT multicurrency_tx FROM '.MAIN_DB_PREFIX.$table.' WHERE rowid = '.$fk_facture; + $sql = 'SELECT multicurrency_tx FROM '.MAIN_DB_PREFIX.$table.' WHERE rowid = '.((int) $fk_facture); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/opensurvey/class/opensurveysondage.class.php b/htdocs/opensurvey/class/opensurveysondage.class.php index badb3f60149..e11fb65184a 100644 --- a/htdocs/opensurvey/class/opensurveysondage.class.php +++ b/htdocs/opensurvey/class/opensurveysondage.class.php @@ -594,7 +594,7 @@ class Opensurveysondage extends CommonObject */ public function deleteComment($id_comment) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'opensurvey_comments WHERE id_comment = '.$id_comment.' AND id_sondage = "'.$this->db->escape($this->id_sondage).'"'; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'opensurvey_comments WHERE id_comment = '.((int) $id_comment).' AND id_sondage = "'.$this->db->escape($this->id_sondage).'"'; $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index 25bd65a77fe..6d12259a39f 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -53,7 +53,7 @@ $nblines = $object->fetch_lines(); // Return to the results if (GETPOST('retoursondage')) { - header('Location: results.php?id='.$_GET['id']); + header('Location: results.php?id='.GETPOST('id', 'int')); exit; } @@ -283,7 +283,7 @@ for ($i = 0; $i < $nblines; $i++) { if ($compteur == $i) { $sql2 = 'DELETE FROM '.MAIN_DB_PREFIX.'opensurvey_user_studs'; - $sql2 .= ' WHERE id_users = '.$db->escape($obj->id_users); + $sql2 .= " WHERE id_users = ".((int) $obj->id_users); $resql2 = $db->query($sql2); } diff --git a/htdocs/product/admin/price_rules.php b/htdocs/product/admin/price_rules.php index fada766f065..2166ada6138 100644 --- a/htdocs/product/admin/price_rules.php +++ b/htdocs/product/admin/price_rules.php @@ -86,7 +86,7 @@ if ($action == 'update') { if (!$db->query($sql)) { //If we could not create, then we try updating $sql = "UPDATE ".MAIN_DB_PREFIX."product_pricerules"; - $sql .= " SET fk_level = ".$db->escape($i_fk_level).", var_percent = ".$i_var_percent.", var_min_percent = ".$i_var_min_percent." WHERE level = ".$i; + $sql .= " SET fk_level = ".$db->escape($i_fk_level).", var_percent = ".$i_var_percent.", var_min_percent = ".$i_var_min_percent." WHERE level = ".((int) $i); if (!$db->query($sql)) { setEventMessages($langs->trans('ErrorSavingChanges'), null, 'errors'); diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 80dd87d76f7..16bbc508ac9 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1820,9 +1820,9 @@ class Product extends CommonObject $sql .= ", pfp.packaging"; } $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; - $sql .= " WHERE pfp.rowid = ".$prodfournprice; + $sql .= " WHERE pfp.rowid = ".((int) $prodfournprice); if ($qty > 0) { - $sql .= " AND pfp.quantity <= ".$qty; + $sql .= " AND pfp.quantity <= ".((float) $qty); } $sql .= " ORDER BY pfp.quantity DESC"; @@ -1874,15 +1874,15 @@ class Product extends CommonObject $sql .= " pfp.multicurrency_price, pfp.multicurrency_unitprice, pfp.multicurrency_tx, pfp.fk_multicurrency, pfp.multicurrency_code,"; $sql .= " pfp.packaging"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; - $sql .= " WHERE pfp.fk_product = ".$product_id; + $sql .= " WHERE pfp.fk_product = ".((int) $product_id); if ($fourn_ref != 'none') { $sql .= " AND pfp.ref_fourn = '".$this->db->escape($fourn_ref)."'"; } if ($fk_soc > 0) { - $sql .= " AND pfp.fk_soc = ".$fk_soc; + $sql .= " AND pfp.fk_soc = ".((int) $fk_soc); } if ($qty > 0) { - $sql .= " AND pfp.quantity <= ".$qty; + $sql .= " AND pfp.quantity <= ".((float) $qty); } $sql .= " ORDER BY pfp.quantity DESC"; $sql .= " LIMIT 1"; @@ -2360,7 +2360,7 @@ class Product extends CommonObject $sql = "SELECT price, price_ttc, price_min, price_min_ttc,"; $sql .= " price_base_type, tva_tx, default_vat_code, tosell, price_by_qty, rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price"; - $sql .= " WHERE fk_product = ".$this->id; + $sql .= " WHERE fk_product = ".((int) $this->id); $sql .= " ORDER BY date_price DESC, rowid DESC"; $sql .= " LIMIT 1"; $resql = $this->db->query($sql); @@ -2374,7 +2374,7 @@ class Product extends CommonObject if ($this->prices_by_qty[0] == 1) { $sql = "SELECT rowid,price, unitprice, quantity, remise_percent, remise, remise, price_base_type"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price = ".$this->prices_by_qty_id[0]; + $sql .= " WHERE fk_product_price = ".((int) $this->prices_by_qty_id[0]); $sql .= " ORDER BY quantity ASC"; $resultat = array(); $resql = $this->db->query($sql); @@ -3862,7 +3862,7 @@ class Product extends CommonObject // Check not already father of id_pere (to avoid father -> child -> father links) $sql = 'SELECT fk_product_pere from '.MAIN_DB_PREFIX.'product_association'; - $sql .= ' WHERE fk_product_pere = '.$id_fils.' AND fk_product_fils = '.$id_pere; + $sql .= ' WHERE fk_product_pere = '.((int) $id_fils).' AND fk_product_fils = '.((int) $id_pere); if (!$this->db->query($sql)) { dol_print_error($this->db); return -1; @@ -3875,7 +3875,7 @@ class Product extends CommonObject return -1; } else { $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'product_association(fk_product_pere,fk_product_fils,qty,incdec)'; - $sql .= ' VALUES ('.$id_pere.', '.$id_fils.', '.$qty.', '.$incdec.')'; + $sql .= ' VALUES ('.((int) $id_pere).', '.((int) $id_fils).', '.((float) $qty).', '.((int) $incdec).')'; if (!$this->db->query($sql)) { dol_print_error($this->db); return -1; @@ -3946,8 +3946,8 @@ class Product extends CommonObject } $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_association"; - $sql .= " WHERE fk_product_pere = ".$fk_parent; - $sql .= " AND fk_product_fils = ".$fk_child; + $sql .= " WHERE fk_product_pere = ".((int) $fk_parent); + $sql .= " AND fk_product_fils = ".((int) $fk_child); dol_syslog(get_class($this).'::del_sousproduit', LOG_DEBUG); if (!$this->db->query($sql)) { @@ -4040,14 +4040,14 @@ class Product extends CommonObject $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_soc = ".$id_fourn; + $sql .= " WHERE fk_soc = ".((int) $id_fourn); if ($ref_fourn) { $sql .= " AND ref_fourn = '".$this->db->escape($ref_fourn)."'"; } else { $sql .= " AND (ref_fourn = '' OR ref_fourn IS NULL)"; } - $sql .= " AND quantity = ".$quantity; - $sql .= " AND fk_product = ".$this->id; + $sql .= " AND quantity = ".((float) $quantity); + $sql .= " AND fk_product = ".((int) $this->id); $sql .= " AND entity IN (".getEntity('productsupplierprice').")"; $resql = $this->db->query($sql); @@ -4198,7 +4198,7 @@ class Product extends CommonObject $sql .= ", multicurrency_price"; $sql .= ", multicurrency_price_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price"; - $sql .= " WHERE fk_product = ".$fromId; + $sql .= " WHERE fk_product = ".((int) $fromId); $sql .= " ORDER BY date_price DESC"; if ($conf->global->PRODUIT_MULTIPRICES_LIMIT > 0) { $sql .= " LIMIT ".$conf->global->PRODUIT_MULTIPRICES_LIMIT; @@ -4230,7 +4230,7 @@ class Product extends CommonObject $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'product_association (fk_product_pere, fk_product_fils, qty)'; $sql .= " SELECT ".$toId.", fk_product_fils, qty FROM ".MAIN_DB_PREFIX."product_association"; - $sql .= " WHERE fk_product_pere = ".$fromId; + $sql .= " WHERE fk_product_pere = ".((int) $fromId); dol_syslog(get_class($this).'::clone_association', LOG_DEBUG); if (!$this->db->query($sql)) { @@ -4262,7 +4262,7 @@ class Product extends CommonObject . " datec, fk_product, fk_soc, ref_fourn, fk_user_author )" . " SELECT '".$this->db->idate($now)."', ".$toId.", fk_soc, ref_fourn, fk_user_author" . " FROM ".MAIN_DB_PREFIX."product_fournisseur" - . " WHERE fk_product = ".$fromId; + . " WHERE fk_product = ".((int) $fromId); if ( ! $this->db->query($sql ) ) { @@ -4273,9 +4273,9 @@ class Product extends CommonObject // les prix de fournisseurs. $sql = "INSERT ".MAIN_DB_PREFIX."product_fournisseur_price ("; $sql .= " datec, fk_product, fk_soc, price, quantity, fk_user)"; - $sql .= " SELECT '".$this->db->idate($now)."', ".$toId.", fk_soc, price, quantity, fk_user"; + $sql .= " SELECT '".$this->db->idate($now)."', ".((int) $toId).", fk_soc, price, quantity, fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_product = ".$fromId; + $sql .= " WHERE fk_product = ".((int) $fromId); dol_syslog(get_class($this).'::clone_fournisseurs', LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 046aed05a10..9b0d29b4cdd 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -814,7 +814,7 @@ class Productcustomerprice extends CommonObject // Find all susidiaries $sql = "SELECT s.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sql .= " WHERE s.parent = ".$this->fk_soc; + $sql .= " WHERE s.parent = ".((int) $this->fk_soc); $sql .= " AND s.entity IN (".getEntity('societe').")"; dol_syslog(get_class($this)."::setPriceOnAffiliateThirdparty", LOG_DEBUG); diff --git a/htdocs/product/class/productfournisseurprice.class.php b/htdocs/product/class/productfournisseurprice.class.php index 71e25b0c4e1..709afcb6d20 100644 --- a/htdocs/product/class/productfournisseurprice.class.php +++ b/htdocs/product/class/productfournisseurprice.class.php @@ -181,10 +181,8 @@ class ProductFournisseurPrice extends CommonObject if (empty($conf->multicompany->enabled) && isset($this->fields['entity'])) $this->fields['entity']['enabled'] = 0; // Unset fields that are disabled - foreach ($this->fields as $key => $val) - { - if (isset($val['enabled']) && empty($val['enabled'])) - { + foreach ($this->fields as $key => $val) { + if (isset($val['enabled']) && empty($val['enabled'])) { unset($this->fields[$key]); } } @@ -241,14 +239,11 @@ class ProductFournisseurPrice extends CommonObject if (property_exists($object, 'date_modification')) { $object->date_modification = null; } // ... // Clear extrafields that are unique - if (is_array($object->array_options) && count($object->array_options) > 0) - { + if (is_array($object->array_options) && count($object->array_options) > 0) { $extrafields->fetch_name_optionals_label($this->table_element); - foreach ($object->array_options as $key => $option) - { + foreach ($object->array_options as $key => $option) { $shortkey = preg_replace('/options_/', '', $key); - if (!empty($extrafields->attributes[$this->table_element]['unique'][$shortkey])) - { + if (!empty($extrafields->attributes[$this->table_element]['unique'][$shortkey])) { //var_dump($key); var_dump($clonedObj->array_options[$key]); exit; unset($object->array_options[$key]); } @@ -264,20 +259,16 @@ class ProductFournisseurPrice extends CommonObject $this->errors = $object->errors; } - if (!$error) - { + if (!$error) { // copy internal contacts - if ($this->copy_linked_contact($object, 'internal') < 0) - { + if ($this->copy_linked_contact($object, 'internal') < 0) { $error++; } } - if (!$error) - { + if (!$error) { // copy external contacts if same company - if (property_exists($this, 'socid') && $this->socid == $object->socid) - { + if (property_exists($this, 'socid') && $this->socid == $object->socid) { if ($this->copy_linked_contact($object, 'external') < 0) $error++; } @@ -362,8 +353,7 @@ class ProductFournisseurPrice extends CommonObject if ($resql) { $num = $this->db->num_rows($resql); $i = 0; - while ($i < ($limit ? min($limit, $num) : $num)) - { + while ($i < ($limit ? min($limit, $num) : $num)) { $obj = $this->db->fetch_object($resql); $record = new self($this->db); @@ -424,8 +414,7 @@ class ProductFournisseurPrice extends CommonObject $error = 0; // Protection - if ($this->status == self::STATUS_VALIDATED) - { + if ($this->status == self::STATUS_VALIDATED) { dol_syslog(get_class($this)."::validate action abandonned: already validated", LOG_WARNING); return 0; } @@ -435,8 +424,7 @@ class ProductFournisseurPrice extends CommonObject $this->db->begin(); // Define new ref - if (!$error && (preg_match('/^[\(]?PROV/i', $this->ref) || empty($this->ref))) // empty should not happened, but when it occurs, the test save life - { + if (!$error && (preg_match('/^[\(]?PROV/i', $this->ref) || empty($this->ref))) { // empty should not happened, but when it occurs, the test save life $num = $this->getNextNumRef(); } else { $num = $this->ref; @@ -450,19 +438,17 @@ class ProductFournisseurPrice extends CommonObject $sql .= " status = ".self::STATUS_VALIDATED; if (!empty($this->fields['date_validation'])) $sql .= ", date_validation = '".$this->db->idate($now)."'"; if (!empty($this->fields['fk_user_valid'])) $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); - if (!$resql) - { + if (!$resql) { dol_print_error($this->db); $this->error = $this->db->lasterror(); $error++; } - if (!$error && !$notrigger) - { + if (!$error && !$notrigger) { // Call trigger $result = $this->call_trigger('PRODUCTFOURNISSEURPRICE_VALIDATE', $user); if ($result < 0) $error++; @@ -470,13 +456,11 @@ class ProductFournisseurPrice extends CommonObject } } - if (!$error) - { + if (!$error) { $this->oldref = $this->ref; // Rename directory if dir was a temporary ref - if (preg_match('/^[\(]?PROV/i', $this->ref)) - { + if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'productfournisseurprice/".$this->db->escape($this->newref)."'"; $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'productfournisseurprice/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; @@ -488,17 +472,14 @@ class ProductFournisseurPrice extends CommonObject $newref = dol_sanitizeFileName($num); $dirsource = $conf->buypricehistory->dir_output.'/productfournisseurprice/'.$oldref; $dirdest = $conf->buypricehistory->dir_output.'/productfournisseurprice/'.$newref; - if (!$error && file_exists($dirsource)) - { + if (!$error && file_exists($dirsource)) { dol_syslog(get_class($this)."::validate() rename dir ".$dirsource." into ".$dirdest); - if (@rename($dirsource, $dirdest)) - { + if (@rename($dirsource, $dirdest)) { dol_syslog("Rename ok"); // Rename docs starting with $oldref with $newref $listoffiles = dol_dir_list($conf->buypricehistory->dir_output.'/productfournisseurprice/'.$newref, 'files', 1, '^'.preg_quote($oldref, '/')); - foreach ($listoffiles as $fileentry) - { + foreach ($listoffiles as $fileentry) { $dirsource = $fileentry['name']; $dirdest = preg_replace('/^'.preg_quote($oldref, '/').'/', $newref, $dirsource); $dirsource = $fileentry['path'].'/'.$dirsource; @@ -511,14 +492,12 @@ class ProductFournisseurPrice extends CommonObject } // Set new ref and current status - if (!$error) - { + if (!$error) { $this->ref = $num; $this->status = self::STATUS_VALIDATED; } - if (!$error) - { + if (!$error) { $this->db->commit(); return 1; } else { @@ -538,8 +517,7 @@ class ProductFournisseurPrice extends CommonObject public function setDraft($user, $notrigger = 0) { // Protection - if ($this->status <= self::STATUS_DRAFT) - { + if ($this->status <= self::STATUS_DRAFT) { return 0; } @@ -556,8 +534,7 @@ class ProductFournisseurPrice extends CommonObject public function cancel($user, $notrigger = 0) { // Protection - if ($this->status != self::STATUS_VALIDATED) - { + if ($this->status != self::STATUS_VALIDATED) { return 0; } @@ -574,8 +551,7 @@ class ProductFournisseurPrice extends CommonObject public function reopen($user, $notrigger = 0) { // Protection - if ($this->status != self::STATUS_CANCELED) - { + if ($this->status != self::STATUS_CANCELED) { return 0; } @@ -609,8 +585,7 @@ class ProductFournisseurPrice extends CommonObject $url = dol_buildpath('/buypricehistory/productfournisseurprice_card.php', 1).'?id='.$this->id; - if ($option != 'nolink') - { + if ($option != 'nolink') { // Add param to save lastsearch_values or not $add_save_lastsearch_values = ($save_lastsearch_value == 1 ? 1 : 0); if ($save_lastsearch_value == -1 && preg_match('/list\.php/', $_SERVER["PHP_SELF"])) $add_save_lastsearch_values = 1; @@ -618,10 +593,8 @@ class ProductFournisseurPrice extends CommonObject } $linkclose = ''; - if (empty($notooltip)) - { - if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) - { + if (empty($notooltip)) { + if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { $label = $langs->trans("ShowProductFournisseurPrice"); $linkclose .= ' alt="'.dol_escape_htmltag($label, 1).'"'; } @@ -699,8 +672,7 @@ class ProductFournisseurPrice extends CommonObject public function LibStatut($status, $mode = 0) { // phpcs:enable - if (empty($this->labelStatus) || empty($this->labelStatusShort)) - { + if (empty($this->labelStatus) || empty($this->labelStatusShort)) { global $langs; //$langs->load("buypricehistory@buypricehistory"); $this->labelStatus[self::STATUS_DRAFT] = $langs->trans('Draft'); @@ -729,30 +701,25 @@ class ProductFournisseurPrice extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); - if ($result) - { - if ($this->db->num_rows($result)) - { + if ($result) { + if ($this->db->num_rows($result)) { $obj = $this->db->fetch_object($result); $this->id = $obj->rowid; - if ($obj->fk_user_author) - { + if ($obj->fk_user_author) { $cuser = new User($this->db); $cuser->fetch($obj->fk_user_author); $this->user_creation = $cuser; } - if ($obj->fk_user_valid) - { + if ($obj->fk_user_valid) { $vuser = new User($this->db); $vuser->fetch($obj->fk_user_valid); $this->user_validation = $vuser; } - if ($obj->fk_user_cloture) - { + if ($obj->fk_user_cloture) { $cluser = new User($this->db); $cluser->fetch($obj->fk_user_cloture); $this->user_cloture = $cluser; @@ -794,8 +761,7 @@ class ProductFournisseurPrice extends CommonObject $conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON = 'mod_productfournisseurprice_standard'; } - if (!empty($conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON)) - { + if (!empty($conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON)) { $mybool = false; $file = $conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON.".php"; @@ -803,16 +769,14 @@ class ProductFournisseurPrice extends CommonObject // Include file with class $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); - foreach ($dirmodels as $reldir) - { + foreach ($dirmodels as $reldir) { $dir = dol_buildpath($reldir."core/modules/buypricehistory/"); // Load file with numbering class (if found) $mybool |= @include_once $dir.$file; } - if ($mybool === false) - { + if ($mybool === false) { dol_print_error('', "Failed to include file ".$file); return ''; } @@ -821,8 +785,7 @@ class ProductFournisseurPrice extends CommonObject $obj = new $classname(); $numref = $obj->getNextValue($this); - if ($numref != '' && $numref != '-1') - { + if ($numref != '' && $numref != '-1') { return $numref; } else { $this->error = $obj->error; diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php index f7cf48df5e0..a1d92cc492a 100644 --- a/htdocs/product/class/propalmergepdfproduct.class.php +++ b/htdocs/product/class/propalmergepdfproduct.class.php @@ -239,7 +239,7 @@ class Propalmergepdfproduct extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t"; - $sql .= " WHERE t.fk_product = ".$product_id; + $sql .= " WHERE t.fk_product = ".((int) $product_id); if ($conf->global->MAIN_MULTILANGS && !empty($lang)) { $sql .= " AND t.lang = '".$this->db->escape($lang)."'"; } diff --git a/htdocs/product/composition/card.php b/htdocs/product/composition/card.php index 6dd6a0ac89d..442232686d3 100644 --- a/htdocs/product/composition/card.php +++ b/htdocs/product/composition/card.php @@ -171,11 +171,11 @@ $help_url = ''; $shortlabel = dol_trunc($object->label, 16); if (GETPOST("type") == '0' || ($object->type == Product::TYPE_PRODUCT)) { $title = $langs->trans('Product')." ".$shortlabel." - ".$langs->trans('AssociatedProducts'); - $help_url = 'EN:Module_Products|FR:Module_Produits|ES:Módulo_Productos'; + $help_url = 'EN:Module_Products|FR:Module_Produits|ES:Módulo_Productos|DE:Modul_Produkte'; } if (GETPOST("type") == '1' || ($object->type == Product::TYPE_SERVICE)) { $title = $langs->trans('Service')." ".$shortlabel." - ".$langs->trans('AssociatedProducts'); - $help_url = 'EN:Module_Services_En|FR:Module_Services|ES:Módulo_Servicios'; + $help_url = 'EN:Module_Services_En|FR:Module_Services|ES:Módulo_Servicios|DE:Modul_Leistungen'; } llxHeader('', $title, $help_url); diff --git a/htdocs/product/dynamic_price/class/price_expression.class.php b/htdocs/product/dynamic_price/class/price_expression.class.php index 546c2050990..db0c427c334 100644 --- a/htdocs/product/dynamic_price/class/price_expression.class.php +++ b/htdocs/product/dynamic_price/class/price_expression.class.php @@ -327,7 +327,7 @@ class PriceExpression if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_global_variable.class.php b/htdocs/product/dynamic_price/class/price_global_variable.class.php index 29505ff8573..5286b932ca7 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable.class.php @@ -250,7 +250,7 @@ class PriceGlobalVariable if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php index f43d6bc731d..96e77d661ab 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php @@ -275,7 +275,7 @@ class PriceGlobalVariableUpdater if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 77659142744..6e3b487a429 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -62,9 +62,9 @@ $extrafields = new ExtraFields($db); // If socid provided by ajax company selector if (!empty($_REQUEST['search_fourn_id'])) { - $_GET['id_fourn'] = $_GET['search_fourn_id']; - $_POST['id_fourn'] = $_POST['search_fourn_id']; - $_REQUEST['id_fourn'] = $_REQUEST['search_fourn_id']; + $_GET['id_fourn'] = GETPOST('search_fourn_id', 'int'); + $_POST['id_fourn'] = GETPOST('search_fourn_id', 'int'); + $_REQUEST['id_fourn'] = GETPOST('search_fourn_id', 'int'); } // Security check @@ -290,7 +290,7 @@ if (empty($reshook)) { foreach ($extrafield_values as $key => $value) { $sql .= str_replace('options_', '', $key).' = "'.$value.'", '; } - $sql = substr($sql, 0, strlen($sql) - 2).' WHERE fk_object = '.$object->product_fourn_price_id; + $sql = substr($sql, 0, strlen($sql) - 2).' WHERE fk_object = '.((int) $object->product_fourn_price_id); } // Execute the sql command from above @@ -793,7 +793,7 @@ END; $sql .= ", ".$key; } $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields"; - $sql .= " WHERE fk_object = ".$rowid; + $sql .= " WHERE fk_object = ".((int) $rowid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -1145,7 +1145,7 @@ END; $sql .= ", ".$key; } $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields"; - $sql .= " WHERE fk_object = ".$productfourn->product_fourn_price_id; + $sql .= " WHERE fk_object = ".((int) $productfourn->product_fourn_price_id); $resql = $db->query($sql); if ($resql) { if ($db->num_rows($resql) != 1) { diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php index 92ad4c2176b..dda16746398 100644 --- a/htdocs/product/inventory/card.php +++ b/htdocs/product/inventory/card.php @@ -407,6 +407,12 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''.$langs->trans("SetToDraft").''; } } + // Back to validate + if ($object->status == $object::STATUS_RECORDED) { + if ($permissiontoadd) { + print ''.$langs->trans("ReOpen").''; + } + } // Modify if ($object->status == $object::STATUS_DRAFT) { diff --git a/htdocs/product/inventory/class/inventory.class.php b/htdocs/product/inventory/class/inventory.class.php index ce585c51a10..e872d7e353a 100644 --- a/htdocs/product/inventory/class/inventory.class.php +++ b/htdocs/product/inventory/class/inventory.class.php @@ -52,7 +52,7 @@ class Inventory extends CommonObject /** * @var int Does object support extrafields ? 0=No, 1=Yes */ - public $isextrafieldmanaged = 1; + public $isextrafieldmanaged = 0; /** * @var string String with name of icon for inventory @@ -254,6 +254,7 @@ class Inventory extends CommonObject */ public function validate(User $user, $notrigger = false) { + global $conf; $this->db->begin(); $result = 0; @@ -328,6 +329,7 @@ class Inventory extends CommonObject } else { $this->db->rollback(); } + return $result; } /** @@ -357,6 +359,51 @@ class Inventory extends CommonObject } else { $this->db->rollback(); } + return $result; + } + + /** + * Set to Recorded + * + * @param User $user User that creates + * @param bool $notrigger false=launch triggers after, true=disable triggers + * @return int <0 if KO, Id of created object if OK + */ + public function setRecorded(User $user, $notrigger = false) + { + $this->db->begin(); + + $result = $this->setStatut($this::STATUS_RECORDED, null, '', 'INVENTORY_RECORDED'); + + if ($result > 0) { + $this->db->commit(); + } else { + $this->db->rollback(); + return -1; + } + return $result; + } + + /** + * Set to Canceled + * + * @param User $user User that creates + * @param bool $notrigger false=launch triggers after, true=disable triggers + * @return int <0 if KO, Id of created object if OK + */ + public function setCanceled(User $user, $notrigger = false) + { + $this->db->begin(); + + $result = $this->setStatut($this::STATUS_CANCELED, null, '', 'INVENTORY_CANCELED'); + + if ($result > 0) { + $this->db->commit(); + } else { + $this->db->rollback(); + return -1; + } + return $result; } /** @@ -566,9 +613,11 @@ class Inventory extends CommonObject $labelStatus[self::STATUS_DRAFT] = $langs->trans('Draft'); $labelStatus[self::STATUS_VALIDATED] = $langs->trans('Validated').' ('.$langs->trans('Started').')'; $labelStatus[self::STATUS_CANCELED] = $langs->trans('Canceled'); + $labelStatus[self::STATUS_RECORDED] = $langs->trans('Closed'); $labelStatusShort[self::STATUS_DRAFT] = $langs->trans('Draft'); $labelStatusShort[self::STATUS_VALIDATED] = $langs->trans('Started'); $labelStatusShort[self::STATUS_CANCELED] = $langs->trans('Canceled'); + $labelStatusShort[self::STATUS_RECORDED] = $langs->trans('Closed'); return dolGetStatus($labelStatus[$status], $labelStatusShort[$status], '', 'status'.$status, $mode); } @@ -628,6 +677,7 @@ class Inventory extends CommonObject public function initAsSpecimen() { $this->initAsSpecimenCommon(); + $this->title = ''; } } diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index dea3b46c946..30f3a5347dd 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -27,6 +27,7 @@ include_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; include_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; include_once DOL_DOCUMENT_ROOT.'/product/inventory/class/inventory.class.php'; include_once DOL_DOCUMENT_ROOT.'/product/inventory/lib/inventory.lib.php'; +include_once DOL_DOCUMENT_ROOT.'/product/stock/class/mouvementstock.class.php'; // Load translation files required by the page $langs->loadLangs(array("stocks", "other", "productbatch")); @@ -98,6 +99,71 @@ $now = dol_now(); * Actions */ +if ($action == 'cancel_record' && $permissiontoadd) { + $object->setCanceled($user); +} + +if ($action == 'update' && $user->rights->stock->mouvement->creer) { + $stockmovment = new MouvementStock($db); + $stockmovment->origin = $object; + + $sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,'; + $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; + $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; + $sql .= ' WHERE id.fk_inventory = '.$object->id; + $resql = $db->query($sql); + if ($resql) { + $num = $db->num_rows($resql); + $i = 0; + $totalarray = array(); + while ($i < $num) { + $line = $db->fetch_object($resql); + $qty_view = $line->qty_view; + $qty_stock = $line->qty_stock; + $stock_movement_qty = $qty_view - $qty_stock; + if ($stock_movement_qty != 0) { + if ($stock_movement_qty < 0) { + $movement_type = 1; + } else { + $movement_type = 0; + } + $idstockmove = $stockmovment->_create($user, $line->fk_product, $line->fk_warehouse, $stock_movement_qty, $movement_type, 0, $langs->trans('LabelOfInventoryMovemement', $object->id), 'INV'.$object->id); + if ($idstockmove < 0) { + $error++; + setEventMessages($stockmovment->error, $stockmovment->errors, 'errors'); + } + } + $i++; + } + if (!$error) { + $object->setRecorded($user); + } + } +} + +if ($action =='updateinventorylines' && $permissiontoadd) { + $sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,'; + $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; + $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; + $sql .= ' WHERE id.fk_inventory = '.$object->id; + + $resql = $db->query($sql); + if ($resql) { + $num = $db->num_rows($resql); + $i = 0; + $totalarray = array(); + while ($i < $num) { + $line = $db->fetch_object($resql); + $lineid = $line->rowid; + $inventoryline = new InventoryLine($db); + $inventoryline->fetch($lineid); + $inventoryline->qty_view = GETPOST("id_".$inventoryline->id); + $inventoryline->update($user); + $i++; + } + } +} + $parameters = array(); $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { @@ -223,6 +289,18 @@ if ($object->id > 0) { $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ToClone'), $langs->trans('ConfirmCloneMyObject', $object->ref), 'confirm_clone', $formquestion, 'yes', 1); } + // Confirmation to close + if ($action == 'record') { + $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('Close'), $langs->trans('ConfirmFinish'), 'update', '', 0, 1); + $action = 'view'; + } + + // Confirmation to close + if ($action == 'confirm_cancel') { + $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('Cancel'), $langs->trans('ConfirmCancel'), 'cancel_record', '', 0, 1); + $action = 'view'; + } + // Call Hook formConfirm $parameters = array('formConfirm' => $formconfirm, 'lineid' => $lineid); $reshook = $hookmanager->executeHooks('formConfirm', $parameters, $object, $action); // Note that $action and $object may have been modified by hook @@ -307,24 +385,7 @@ if ($object->id > 0) { // Buttons for actions - if ($action == 'record') { - print '
'; - print ''; - print ''; - print ''; - if ($backtopage) { - print ''; - } - - print '
'; - print ''.$langs->trans("InventoryDesc").'
'; - print ''; - print '   '; - print ''; - print '
'; - print '
'; - print ''; - } else { + if ($action != 'record') { print '
'."\n"; $parameters = array(); $reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been modified by hook @@ -360,7 +421,8 @@ if ($object->id > 0) { if ($object->status == Inventory::STATUS_VALIDATED) { if ($permissiontoadd) { - print ''.$langs->trans("Finish").''."\n"; + print ''.$langs->trans("Cancel").''."\n"; + print ''.$langs->trans("Close").''."\n"; } else { print ''.$langs->trans('Finish').''."\n"; } @@ -419,10 +481,12 @@ if ($object->id > 0) { print '
'; - // Actions - print ''; - print ''; + if ($object->status == $object::STATUS_VALIDATED) { + // Actions + print ''; + print ''; + } // Line to add a new line in inventory if ($object->status == $object::STATUS_VALIDATED) { @@ -453,7 +517,7 @@ if ($object->id > 0) { $sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,'; $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; - $sql .= ' WHERE id.fk_inventory = '.$object->id; + $sql .= ' WHERE id.fk_inventory = '.((int) $object->id); $cacheOfProducts = array(); $cacheOfWarehouses = array(); @@ -505,15 +569,20 @@ if ($object->id > 0) { } print ''; print ''; - print ''; - + if ($object->status == $object::STATUS_VALIDATED) { + $qty_view = GETPOST("id_".$obj->rowid) ? GETPOST("id_".$obj->rowid) : $obj->qty_view; + print ''; + print ''; + print ''; + } else { + print $obj->qty_view; + print ''; + } print ''; $i++; diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 940c2ba04f9..f97acd96504 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -473,7 +473,7 @@ if ($searchCategoryProductOperator == 1) { if (intval($searchCategoryProduct) == -2) { $searchCategoryProductSqlList[] = "cp.fk_categorie IS NULL"; } elseif (intval($searchCategoryProduct) > 0) { - $searchCategoryProductSqlList[] = "p.rowid IN (SELECT fk_product FROM ".MAIN_DB_PREFIX."categorie_product WHERE fk_categorie = ".$searchCategoryProduct.")"; + $searchCategoryProductSqlList[] = "p.rowid IN (SELECT fk_product FROM ".MAIN_DB_PREFIX."categorie_product WHERE fk_categorie = ".((int) $searchCategoryProduct).")"; } } if (!empty($searchCategoryProductSqlList)) { @@ -1530,7 +1530,7 @@ if ($resql) { // then reuse the cache array if we need prices for other price levels $sqlp = "SELECT p.rowid, p.fk_product, p.price, p.price_ttc, p.price_level, p.date_price, p.price_base_type"; $sqlp .= " FROM ".MAIN_DB_PREFIX."product_price as p"; - $sqlp .= " WHERE fk_product = ".$obj->rowid; + $sqlp .= " WHERE fk_product = ".((int) $obj->rowid); $sqlp .= " ORDER BY p.date_price DESC, p.rowid DESC, p.price_level ASC"; $resultp = $db->query($sqlp); if ($resultp) { diff --git a/htdocs/product/price.php b/htdocs/product/price.php index ee86d43c09f..6647201b719 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -429,12 +429,12 @@ if (empty($reshook)) { // Ajout / mise à jour if ($rowid > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."product_price_by_qty SET"; - $sql .= " price='".$db->escape($price)."',"; - $sql .= " unitprice=".$unitPrice.","; - $sql .= " quantity=".$quantity.","; - $sql .= " remise_percent=".$remise_percent.","; - $sql .= " remise=".$remise; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " price=".((float) $price)."',"; + $sql .= " unitprice=".((float) $unitPrice).","; + $sql .= " quantity=".((float) $quantity).","; + $sql .= " remise_percent=".((float) $remise_percent).","; + $sql .= " remise=".((float) $remise); + $sql .= " WHERE rowid = ".((int) $rowid); $result = $db->query($sql); if (!$result) { @@ -442,7 +442,7 @@ if (empty($reshook)) { } } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_price_by_qty (fk_product_price,price,unitprice,quantity,remise_percent,remise) values ("; - $sql .= $priceid.','.$price.','.$unitPrice.','.$quantity.','.$remise_percent.','.$remise.')'; + $sql .= ((int) $priceid).','.((float) $price).','.((float) $unitPrice).','.((float) $quantity).','.((float) $remise_percent).','.((float) $remise).')'; $result = $db->query($sql); if (!$result) { @@ -460,7 +460,7 @@ if (empty($reshook)) { $rowid = GETPOST('rowid', 'int'); if (!empty($rowid)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); $result = $db->query($sql); } else { @@ -472,7 +472,7 @@ if (empty($reshook)) { $priceid = GETPOST('priceid', 'int'); if (!empty($rowid)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price = ".$priceid; + $sql .= " WHERE fk_product_price = ".((int) $priceid); $result = $db->query($sql); } else { @@ -1413,11 +1413,11 @@ if ((empty($conf->global->PRODUIT_CUSTOMER_PRICES) || $action == 'showlog_defaul $sql .= " p.date_price as dp, p.fk_price_expression, u.rowid as user_id, u.login"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price as p,"; $sql .= " ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE fk_product = ".$object->id; + $sql .= " WHERE fk_product = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('productprice').")"; $sql .= " AND p.fk_user_author = u.rowid"; if (!empty($socid) && !empty($conf->global->PRODUIT_MULTIPRICES)) { - $sql .= " AND p.price_level = ".$soc->price_level; + $sql .= " AND p.price_level = ".((int) $soc->price_level); } $sql .= " ORDER BY p.date_price DESC, p.rowid DESC, p.price_level ASC"; // $sql .= $db->plimit(); diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 30dba05e417..214a12ead14 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -436,7 +436,7 @@ class Entrepot extends CommonObject $sql .= " model_pdf, import_key"; $sql .= " FROM ".MAIN_DB_PREFIX."entrepot"; if ($id) { - $sql .= " WHERE rowid = '".$id."'"; + $sql .= " WHERE rowid = ".((int) $id); } else { $sql .= " WHERE entity = ".$conf->entity; if ($ref) { @@ -782,7 +782,7 @@ class Entrepot extends CommonObject $parentid = $this->fk_parent; // If parent_id not defined on current object, we do not start consecutive searches of parents $i = 0; while ($parentid > 0 && $i < $protection) { - $sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'entrepot WHERE rowid = '.$parentid; + $sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'entrepot WHERE rowid = '.((int) $parentid); $resql = $this->db->query($sql); if ($resql) { $objarbo = $this->db->fetch_object($resql); @@ -817,7 +817,7 @@ class Entrepot extends CommonObject $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'entrepot - WHERE fk_parent = '.$id; + WHERE fk_parent = '.((int) $id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php index 8b2d729c29c..d8dad67bee2 100644 --- a/htdocs/product/stock/class/mouvementstock.class.php +++ b/htdocs/product/stock/class/mouvementstock.class.php @@ -488,7 +488,7 @@ class MouvementStock extends CommonObject if (!$error) { $sql = "SELECT rowid, reel FROM ".MAIN_DB_PREFIX."product_stock"; - $sql .= " WHERE fk_entrepot = ".$entrepot_id." AND fk_product = ".$fk_product; // This is a unique key + $sql .= " WHERE fk_entrepot = ".((int) $entrepot_id)." AND fk_product = ".((int) $fk_product); // This is a unique key dol_syslog(get_class($this)."::_create check if a record already exists in product_stock", LOG_DEBUG); $resql = $this->db->query($sql); @@ -544,12 +544,12 @@ class MouvementStock extends CommonObject { if ($alreadyarecord > 0) { - $sql = "UPDATE ".MAIN_DB_PREFIX."product_stock SET reel = reel + ".$qty; - $sql .= " WHERE fk_entrepot = ".$entrepot_id." AND fk_product = ".$fk_product; + $sql = "UPDATE ".MAIN_DB_PREFIX."product_stock SET reel = reel + ".((float) $qty); + $sql .= " WHERE fk_entrepot = ".((int) $entrepot_id)." AND fk_product = ".((int) $fk_product); } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_stock"; $sql .= " (reel, fk_entrepot, fk_product) VALUES "; - $sql .= " (".$qty.", ".$entrepot_id.", ".$fk_product.")"; + $sql .= " (".((float) $qty).", ".((int) $entrepot_id).", ".((int) $fk_product).")"; } dol_syslog(get_class($this)."::_create update stock value", LOG_DEBUG); @@ -602,11 +602,11 @@ class MouvementStock extends CommonObject $newpmp = price2num($newpmp, 'MU'); // $sql = "UPDATE ".MAIN_DB_PREFIX."product SET pmp = ".$newpmp.", stock = ".$this->db->ifsql("stock IS NULL", 0, "stock") . " + ".$qty; - // $sql.= " WHERE rowid = ".$fk_product; + // $sql.= " WHERE rowid = ".((int) $fk_product); // Update pmp + denormalized fields because we change content of produt_stock. Warning: Do not use "SET p.stock", does not works with pgsql - $sql = "UPDATE ".MAIN_DB_PREFIX."product as p SET pmp = ".$newpmp.","; + $sql = "UPDATE ".MAIN_DB_PREFIX."product as p SET pmp = ".((float) $newpmp).","; $sql .= " stock=(SELECT SUM(ps.reel) FROM ".MAIN_DB_PREFIX."product_stock as ps WHERE ps.fk_product = p.rowid)"; - $sql .= " WHERE rowid = ".$fk_product; + $sql .= " WHERE rowid = ".((int) $fk_product); dol_syslog(get_class($this)."::_create update AWP", LOG_DEBUG); $resql = $this->db->query($sql); @@ -763,7 +763,7 @@ class MouvementStock extends CommonObject $sql = "SELECT fk_product_pere, fk_product_fils, qty"; $sql .= " FROM ".MAIN_DB_PREFIX."product_association"; - $sql .= " WHERE fk_product_pere = ".$idProduct; + $sql .= " WHERE fk_product_pere = ".((int) $idProduct); $sql .= " AND incdec = 1"; dol_syslog(get_class($this)."::_createSubProduct for parent product ".$idProduct, LOG_DEBUG); @@ -875,7 +875,7 @@ class MouvementStock extends CommonObject $nbSP=0; $resql = "SELECT count(*) as nb FROM ".MAIN_DB_PREFIX."product_association"; - $resql.= " WHERE fk_product_pere = ".$id; + $resql.= " WHERE fk_product_pere = ".((int) $id); if ($this->db->query($resql)) { $obj=$this->db->fetch_object($resql); @@ -896,7 +896,7 @@ class MouvementStock extends CommonObject $nb = 0; $sql = 'SELECT SUM(value) as nb from '.MAIN_DB_PREFIX.'stock_mouvement'; - $sql .= ' WHERE fk_product = '.$productidselected; + $sql .= ' WHERE fk_product = '.((int) $productidselected); $sql .= " AND datem < '".$this->db->idate($datebefore)."'"; dol_syslog(get_class($this).__METHOD__.'', LOG_DEBUG); @@ -1284,7 +1284,7 @@ class MouvementStock extends CommonObject $sql = "SELECT sum(pb.qty) as cpt"; $sql .= " FROM ".MAIN_DB_PREFIX."product_batch as pb"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."product_stock as ps ON ps.rowid = pb.fk_product_stock"; - $sql .= " WHERE ps.fk_product = " . $fk_product; + $sql .= " WHERE ps.fk_product = " . ((int) $fk_product); $sql .= " AND pb.batch = '" . $this->db->escape($batch) . "'"; $result = $this->db->query($sql); diff --git a/htdocs/product/stock/class/productlot.class.php b/htdocs/product/stock/class/productlot.class.php index 9b6c0a38a1c..f05d6ebc168 100644 --- a/htdocs/product/stock/class/productlot.class.php +++ b/htdocs/product/stock/class/productlot.class.php @@ -275,7 +275,7 @@ class Productlot extends CommonObject $sql .= " t.import_key"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; if ($product_id > 0 && $batch != '') { - $sql .= " WHERE t.batch = '".$this->db->escape($batch)."' AND t.fk_product = ".$product_id; + $sql .= " WHERE t.batch = '".$this->db->escape($batch)."' AND t.fk_product = ".((int) $product_id); } else { $sql .= ' WHERE t.rowid = '.((int) $id); } diff --git a/htdocs/product/stock/class/productstockentrepot.class.php b/htdocs/product/stock/class/productstockentrepot.class.php index 88fc636e07e..aea8c3e1f14 100644 --- a/htdocs/product/stock/class/productstockentrepot.class.php +++ b/htdocs/product/stock/class/productstockentrepot.class.php @@ -196,7 +196,7 @@ class ProductStockEntrepot extends CommonObject if (!empty($id)) { $sql .= ' WHERE t.rowid = '.((int) $id); } else { - $sql .= ' WHERE t.fk_product = '.$fk_product.' AND t.fk_entrepot = '.$fk_entrepot; + $sql .= ' WHERE t.fk_product = '.((int) $fk_product).' AND t.fk_entrepot = '.((int) $fk_entrepot); } $resql = $this->db->query($sql); diff --git a/htdocs/product/stock/fiche-valo.php b/htdocs/product/stock/fiche-valo.php index 34380efbe7a..a2a15a34e53 100644 --- a/htdocs/product/stock/fiche-valo.php +++ b/htdocs/product/stock/fiche-valo.php @@ -28,7 +28,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/stock.lib.php'; // Load translation files required by the page $langs->loadLangs(array('products', 'stocks', 'companies')); -$mesg = ''; + +$id = GETPOST('id', 'int'); // Security check $result = restrictedArea($user, 'stock'); @@ -43,18 +44,13 @@ $form = new Form($db); $help_url = 'EN:Module_Stocks_En|FR:Module_Stock|ES:Módulo_Stocks'; llxHeader("", $langs->trans("WarehouseCard"), $help_url); -if ($_GET["id"]) { - if ($mesg) { - print $mesg; - } - +if ($id > 0) { $entrepot = new Entrepot($db); - $result = $entrepot->fetch($_GET["id"]); + $result = $entrepot->fetch($id); if ($result < 0) { dol_print_error($db); } - $head = stock_prepare_head($entrepot); print dol_get_fiche_head($head, 'value', $langs->trans("Warehouse"), 0, 'stock'); diff --git a/htdocs/product/stock/lib/replenishment.lib.php b/htdocs/product/stock/lib/replenishment.lib.php index d0415ccad78..1faa67ad860 100644 --- a/htdocs/product/stock/lib/replenishment.lib.php +++ b/htdocs/product/stock/lib/replenishment.lib.php @@ -39,7 +39,7 @@ function dolDispatchToDo($order_id) // Count nb of quantity dispatched per product $sql = 'SELECT fk_product, SUM(qty) FROM '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch'; - $sql .= ' WHERE fk_commande = '.$order_id; + $sql .= ' WHERE fk_commande = '.((int) $order_id); $sql .= ' GROUP BY fk_product'; $sql .= ' ORDER by fk_product'; $resql = $db->query($sql); @@ -51,7 +51,7 @@ function dolDispatchToDo($order_id) // Count nb of quantity to dispatch per product $sql = 'SELECT fk_product, SUM(qty) FROM '.MAIN_DB_PREFIX.'commande_fournisseurdet'; - $sql .= ' WHERE fk_commande = '.$order_id; + $sql .= ' WHERE fk_commande = '.((int) $order_id); $sql .= ' AND fk_product > 0'; if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) { $sql .= ' AND product_type = 0'; diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index 904fa9b7e94..393fbc73ae2 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -205,7 +205,7 @@ if ($action == 'order' && GETPOST('valid')) { $order = new CommandeFournisseur($db); // Check if an order for the supplier exists $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."commande_fournisseur"; - $sql .= " WHERE fk_soc = ".$suppliersid[$i]; + $sql .= " WHERE fk_soc = ".((int) $suppliersid[$i]); $sql .= " AND source = 42 AND fk_statut = 0"; $sql .= " AND entity IN (".getEntity('commande_fournisseur').")"; $sql .= " ORDER BY date_creation DESC"; @@ -756,7 +756,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { if (!empty($conf->global->MAIN_MULTILANGS)) { $sql = 'SELECT label,description'; $sql .= ' FROM '.MAIN_DB_PREFIX.'product_lang'; - $sql .= ' WHERE fk_product = '.$objp->rowid; + $sql .= ' WHERE fk_product = '.((int) $objp->rowid); $sql .= ' AND lang = "'.$langs->getDefaultLang().'"'; $sql .= ' LIMIT 1'; diff --git a/htdocs/product/stock/stockatdate.php b/htdocs/product/stock/stockatdate.php index bdac3a70f54..d9a9be0cd70 100644 --- a/htdocs/product/stock/stockatdate.php +++ b/htdocs/product/stock/stockatdate.php @@ -487,7 +487,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { { $sql = 'SELECT label,description'; $sql .= ' FROM '.MAIN_DB_PREFIX.'product_lang'; - $sql .= ' WHERE fk_product = '.$objp->rowid; + $sql .= ' WHERE fk_product = '.((int) $objp->rowid); $sql .= ' AND lang = "'.$langs->getDefaultLang().'"'; $sql .= ' LIMIT 1'; diff --git a/htdocs/projet/activity/perday.php b/htdocs/projet/activity/perday.php index 5b30d77ca21..fc5ea53e98a 100644 --- a/htdocs/projet/activity/perday.php +++ b/htdocs/projet/activity/perday.php @@ -50,7 +50,7 @@ if ($mode == 'mine') { $mine = 1; } -$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); +$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); $hookmanager->initHooks(array('timesheetperdaycard')); diff --git a/htdocs/projet/activity/permonth.php b/htdocs/projet/activity/permonth.php index 7f40ab1c9a1..5fd76694c34 100644 --- a/htdocs/projet/activity/permonth.php +++ b/htdocs/projet/activity/permonth.php @@ -48,7 +48,7 @@ if ($mode == 'mine') { $mine = 1; } -$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); +$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); // Security check $socid = 0; diff --git a/htdocs/projet/activity/perweek.php b/htdocs/projet/activity/perweek.php index b6cd2c04f10..4201fca41b6 100644 --- a/htdocs/projet/activity/perweek.php +++ b/htdocs/projet/activity/perweek.php @@ -50,7 +50,7 @@ if ($mode == 'mine') { $mine = 1; } -$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); +$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); $hookmanager->initHooks(array('timesheetperweekcard')); diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 8bf9c727f4e..8253980c034 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -463,7 +463,7 @@ class Project extends CommonObject $sql .= ", accept_booth_suggestions = ".($this->accept_booth_suggestions ? 1 : 0); $sql .= ", price_registration = ".(strcmp($this->price_registration, '') ? price2num($this->price_registration) : "null"); $sql .= ", price_booth = ".(strcmp($this->price_booth, '') ? price2num($this->price_booth) : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -771,7 +771,7 @@ class Project extends CommonObject 'actioncomm'=>'fk_project', 'mrp_mo'=>'fk_project' ); foreach ($listoftables as $key => $value) { - $sql = "UPDATE ".MAIN_DB_PREFIX.$key." SET ".$value." = NULL where ".$value." = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX.$key." SET ".$value." = NULL where ".$value." = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->errors[] = $this->db->lasterror(); @@ -783,7 +783,7 @@ class Project extends CommonObject // Remove linked categories. if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_project"; - $sql .= " WHERE fk_project = ".$this->id; + $sql .= " WHERE fk_project = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { @@ -808,7 +808,7 @@ class Project extends CommonObject foreach ($elements as $table) { if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table; - $sql .= " WHERE fk_project = ".$this->id; + $sql .= " WHERE fk_project = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { @@ -900,17 +900,17 @@ class Project extends CommonObject if ($type == 'agenda') { $sql = "SELECT COUNT(id) as nb FROM ".MAIN_DB_PREFIX."actioncomm WHERE fk_project = ".$this->id." AND entity IN (".getEntity('agenda').")"; } elseif ($type == 'expensereport') { - $sql = "SELECT COUNT(ed.rowid) as nb FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet = ".$this->id; + $sql = "SELECT COUNT(ed.rowid) as nb FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet = ".((int) $this->id); } elseif ($type == 'project_task') { $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt WHERE pt.fk_projet = ".$this->id; } elseif ($type == 'project_task_time') { // Case we want to duplicate line foreach user - $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."projet_task_time as ptt WHERE pt.rowid = ptt.fk_task AND pt.fk_projet = ".$this->id; + $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."projet_task_time as ptt WHERE pt.rowid = ptt.fk_task AND pt.fk_projet = ".((int) $this->id); } elseif ($type == 'stock_mouvement') { - $sql = 'SELECT COUNT(ms.rowid) as nb FROM '.MAIN_DB_PREFIX."stock_mouvement as ms, ".MAIN_DB_PREFIX."entrepot as e WHERE e.rowid = ms.fk_entrepot AND e.entity IN (".getEntity('stock').") AND ms.origintype = 'project' AND ms.fk_origin = ".$this->id." AND ms.type_mouvement = 1"; + $sql = 'SELECT COUNT(ms.rowid) as nb FROM '.MAIN_DB_PREFIX."stock_mouvement as ms, ".MAIN_DB_PREFIX."entrepot as e WHERE e.rowid = ms.fk_entrepot AND e.entity IN (".getEntity('stock').") AND ms.origintype = 'project' AND ms.fk_origin = ".((int) $this->id)." AND ms.type_mouvement = 1"; } elseif ($type == 'loan') { - $sql = 'SELECT COUNT(l.rowid) as nb FROM '.MAIN_DB_PREFIX."loan as l WHERE l.entity IN (".getEntity('loan').") AND l.fk_projet = ".$this->id; + $sql = 'SELECT COUNT(l.rowid) as nb FROM '.MAIN_DB_PREFIX."loan as l WHERE l.entity IN (".getEntity('loan').") AND l.fk_projet = ".((int) $this->id); } else { - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$tablename." WHERE ".$projectkey." = ".$this->id." AND entity IN (".getEntity($type).")"; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$tablename." WHERE ".$projectkey." = ".((int) $this->id)." AND entity IN (".getEntity($type).")"; } $result = $this->db->query($sql); @@ -1033,7 +1033,7 @@ class Project extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."projet"; - $sql .= " SET fk_statut = ".self::STATUS_CLOSED.", fk_user_close = ".$user->id.", date_close = '".$this->db->idate($now)."'"; + $sql .= " SET fk_statut = ".self::STATUS_CLOSED.", fk_user_close = ".((int) $user->id).", date_close = '".$this->db->idate($now)."'"; $sql .= " WHERE rowid = ".$this->id; $sql .= " AND fk_statut = ".self::STATUS_VALIDATED; diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 091409539a8..fe8b2eeb8e3 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -1197,11 +1197,11 @@ class Task extends CommonObject if ($ret > 0) { // Recalculate amount of time spent for task and update denormalized field $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task"; - $sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".$this->id.")"; + $sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".((int) $this->id).")"; if (isset($this->progress)) { - $sql .= ", progress = ".$this->progress; // Do not overwrite value if not provided + $sql .= ", progress = ".((float) $this->progress); // Do not overwrite value if not provided } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::addTimeSpent", LOG_DEBUG); if (!$this->db->query($sql)) { @@ -1210,8 +1210,8 @@ class Task extends CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task_time"; - $sql .= " SET thm = (SELECT thm FROM ".MAIN_DB_PREFIX."user WHERE rowid = ".$this->timespent_fk_user.")"; // set average hour rate of user - $sql .= " WHERE rowid = ".$tasktime_id; + $sql .= " SET thm = (SELECT thm FROM ".MAIN_DB_PREFIX."user WHERE rowid = ".((int) $this->timespent_fk_user).")"; // set average hour rate of user + $sql .= " WHERE rowid = ".((int) $tasktime_id); dol_syslog(get_class($this)."::addTimeSpent", LOG_DEBUG); if (!$this->db->query($sql)) { @@ -1317,9 +1317,9 @@ class Task extends CommonObject $sql .= " SUM(t.task_duration) as nbseconds,"; $sql .= " SUM(t.task_duration / 3600 * ".$this->db->ifsql("t.thm IS NULL", 0, "t.thm").") as amount, SUM(".$this->db->ifsql("t.thm IS NULL", 1, 0).") as nblinesnull"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t"; - $sql .= " WHERE t.fk_task = ".$id; + $sql .= " WHERE t.fk_task = ".((int) $id); if (is_object($fuser) && $fuser->id > 0) { - $sql .= " AND fk_user = ".$fuser->id; + $sql .= " AND fk_user = ".((int) $fuser->id); } if ($dates > 0) { $datefieldname = "task_datehour"; @@ -1552,8 +1552,8 @@ class Task extends CommonObject $newDuration = $this->timespent_duration - $this->timespent_old_duration; $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task"; - $sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".$this->db->escape($this->id).")"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".((int) $this->id).")"; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::updateTimeSpent", LOG_DEBUG); if (!$this->db->query($sql)) { diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php index fe434891fa9..92f4e4e3b15 100644 --- a/htdocs/projet/contact.php +++ b/htdocs/projet/contact.php @@ -223,7 +223,7 @@ if ($action == 'swapstatut' && $user->rights->projet->creer) { // Delete a contact if (($action == 'deleteline' || $action == 'deletecontact') && $user->rights->projet->creer) { $object->fetch($id); - $result = $object->delete_contact(GETPOST("lineid")); + $result = $object->delete_contact(GETPOST("lineid", 'int')); if ($result >= 0) { header("Location: contact.php?id=".$object->id); diff --git a/htdocs/projet/tasks/comment.php b/htdocs/projet/tasks/comment.php index c0ebc6850cc..aaa8bd0cd89 100644 --- a/htdocs/projet/tasks/comment.php +++ b/htdocs/projet/tasks/comment.php @@ -284,14 +284,14 @@ if ($id > 0 || !empty($ref)) { print dol_get_fiche_head($head, 'task_comment', $langs->trans("Task"), -1, 'projecttask'); if ($action == 'delete') { - print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$_GET["id"].'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete"); + print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".GETPOST("id", "int").'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete"); } if (!GETPOST('withproject') || empty($projectstatic->id)) { $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1); $object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")"; } else { - $object->next_prev_filter = " fk_projet = ".$projectstatic->id; + $object->next_prev_filter = " fk_projet = ".((int) $projectstatic->id); } $morehtmlref = ''; diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 0f6b67a0482..780d387512e 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -474,14 +474,14 @@ if ($id > 0 || !empty($ref)) { print dol_get_fiche_head($head, 'task_task', $langs->trans("Task"), -1, 'projecttask', 0, '', 'reposition'); if ($action == 'delete') { - print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$_GET["id"].'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete"); + print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".GETPOST("id", 'int').'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete"); } if (!GETPOST('withproject') || empty($projectstatic->id)) { $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1); $object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")"; } else { - $object->next_prev_filter = " fk_projet = ".$projectstatic->id; + $object->next_prev_filter = " fk_projet = ".((int) $projectstatic->id); } $morehtmlref = ''; diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index 54f622b95a1..1c3cacb4cee 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -428,7 +428,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($langs->trans("TimeSpentForInvoice", $username).' : '.$qtyhourtext, $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).') AND fk_user = '.((int) $userid); $result = $db->query($sql); if (!$result) { @@ -467,7 +467,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($value['note'], $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).') AND fk_user = '.((int) $userid); $result = $db->query($sql); if (!$result) { @@ -503,7 +503,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($lineName, $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).')'; $result = $db->query($sql); if (!$result) { diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php index 454201203cc..ea9eeb377e7 100644 --- a/htdocs/public/emailing/mailing-read.php +++ b/htdocs/public/emailing/mailing-read.php @@ -122,19 +122,19 @@ if (!empty($tag)) { //Update status of target $statut = '2'; - $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE rowid = ".((int) $obj->rowid); + $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".((int) $statut)." WHERE rowid = ".((int) $obj->rowid); $resql = $db->query($sql); if (!$resql) dol_print_error($db); //Update status communication of thirdparty prospect if ($obj->source_id > 0 && $obj->source_type == 'thirdparty' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid = '.$obj->source_id; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid = '.((int) $obj->source_id); $resql = $db->query($sql); } //Update status communication of contact prospect if ($obj->source_id > 0 && $obj->source_type == 'contact' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.$obj->source_id.')'; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.((int) $obj->source_id).')'; $resql = $db->query($sql); } } diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php index a19c1212761..80e092f2951 100644 --- a/htdocs/public/members/public_list.php +++ b/htdocs/public/members/public_list.php @@ -131,7 +131,7 @@ llxHeaderVierge($langs->trans("ListOfValidatedPublicMembers"), $morehead); $sql = "SELECT rowid, firstname, lastname, societe, zip, town, email, birth, photo"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent"; -$sql .= " WHERE entity = ".$entity; +$sql .= " WHERE entity = ".((int) $entity); $sql .= " AND statut = 1"; $sql .= " AND public = 1"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/public/stripe/ipn.php b/htdocs/public/stripe/ipn.php index d39f48f2dfe..f44bc0b1c99 100644 --- a/htdocs/public/stripe/ipn.php +++ b/htdocs/public/stripe/ipn.php @@ -373,7 +373,7 @@ if ($event->type == 'payout.created') { } } elseif ($event->type == 'payment_method.detached') { $db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_rib WHERE number = '".$db->escape($event->data->object->id)."' and status = ".$servicestatus; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_rib WHERE number = '".$db->escape($event->data->object->id)."' and status = ".((int) $servicestatus); $db->query($sql); $db->commit(); } elseif ($event->type == 'charge.succeeded') { diff --git a/htdocs/reception/class/reception.class.php b/htdocs/reception/class/reception.class.php index a8a55c7faf2..b2f31505c44 100644 --- a/htdocs/reception/class/reception.class.php +++ b/htdocs/reception/class/reception.class.php @@ -1410,7 +1410,7 @@ class Reception extends CommonObject if (!empty($this->shipping_method_id)) { $sql = "SELECT em.code, em.tracking"; $sql .= " FROM ".MAIN_DB_PREFIX."c_shipment_mode as em"; - $sql .= " WHERE em.rowid = ".$this->shipping_method_id; + $sql .= " WHERE em.rowid = ".((int) $this->shipping_method_id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/reception/contact.php b/htdocs/reception/contact.php index 58e046ec0bb..3caa9a90fea 100644 --- a/htdocs/reception/contact.php +++ b/htdocs/reception/contact.php @@ -110,7 +110,7 @@ if ($action == 'addcontact' && $user->rights->reception->creer) { $result = $objectsrc->swapContactStatus(GETPOST('ligne', 'int')); } elseif ($action == 'deletecontact' && $user->rights->reception->creer) { // Efface un contact - $result = $objectsrc->delete_contact(GETPOST("lineid")); + $result = $objectsrc->delete_contact(GETPOST("lineid", 'int')); if ($result >= 0) { header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); diff --git a/htdocs/recruitment/class/recruitmentjobposition.class.php b/htdocs/recruitment/class/recruitmentjobposition.class.php index d82e2265e7e..68fb7a1fea6 100644 --- a/htdocs/recruitment/class/recruitmentjobposition.class.php +++ b/htdocs/recruitment/class/recruitmentjobposition.class.php @@ -670,7 +670,7 @@ class RecruitmentJobPosition extends CommonObject $newprivatenote = dol_concatdesc($this->note_private, $note); $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " SET status = ".$status.", note_private = '".$this->db->escape($newprivatenote)."'"; + $sql .= " SET status = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."'"; //$sql .= ", date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; $sql .= " WHERE rowid = ".$this->id; diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index 5ab07cdd536..4979a883d9c 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -410,7 +410,7 @@ class Dolresource extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid =".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this), LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/resource/element_resource.php b/htdocs/resource/element_resource.php index c16018a30c1..24be7dfbb5a 100644 --- a/htdocs/resource/element_resource.php +++ b/htdocs/resource/element_resource.php @@ -118,7 +118,7 @@ if (empty($reshook)) { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = '".$db->escape($resource_type)."'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($objstat->element)."'"; - $sql .= " WHERE er.resource_id = ".$resource_id; + $sql .= " WHERE er.resource_id = ".((int) $resource_id); $sql .= " AND er.busy = 1"; $sql .= " AND ("; @@ -193,8 +193,8 @@ if (empty($reshook)) { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = '".$db->escape($object->resource_type)."'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($object->element_type)."'"; - $sql .= " WHERE er.resource_id = ".$object->resource_id; - $sql .= " AND ac.id != ".$object->element_id; + $sql .= " WHERE er.resource_id = ".((int) $object->resource_id); + $sql .= " AND ac.id <> ".((int) $object->element_id); $sql .= " AND er.busy = 1"; $sql .= " AND ("; diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index e1225f15258..afd152fb785 100755 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -780,7 +780,7 @@ if ($id) { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepayment = c.id"; $sql .= ", ".MAIN_DB_PREFIX."salary as salaire"; - $sql .= " WHERE p.fk_salary = ".$id; + $sql .= " WHERE p.fk_salary = ".((int) $id); $sql .= " AND p.fk_salary = salaire.rowid"; $sql .= " AND salaire.entity IN (".getEntity('tax').")"; $sql .= " ORDER BY dp DESC"; diff --git a/htdocs/salaries/class/paymentsalary.class.php b/htdocs/salaries/class/paymentsalary.class.php index dc7e310d560..dcb50dac49a 100644 --- a/htdocs/salaries/class/paymentsalary.class.php +++ b/htdocs/salaries/class/paymentsalary.class.php @@ -570,7 +570,7 @@ class PaymentSalary extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."payment_salary SET fk_bank = ".$id_bank." WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."payment_salary SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/salaries/class/salariesstats.class.php b/htdocs/salaries/class/salariesstats.class.php index f8a7d618fb0..b3e6c20a0ca 100644 --- a/htdocs/salaries/class/salariesstats.class.php +++ b/htdocs/salaries/class/salariesstats.class.php @@ -64,7 +64,7 @@ class SalariesStats extends Stats $this->where = " entity = ".$conf->entity; if ($this->socid > 0) { - $this->where .= " AND fk_soc = ".$this->socid; + $this->where .= " AND fk_soc = ".((int) $this->socid); } if (is_array($this->userid) && count($this->userid) > 0) { $this->where .= ' AND fk_user IN ('.$this->db->sanitize(join(',', $this->userid)).')'; @@ -101,7 +101,7 @@ class SalariesStats extends Stats { $sql = "SELECT MONTH(datep) as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(datep) = ".$year; + $sql .= " WHERE YEAR(datep) = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index fdd1bfd7f73..85ccfc0a1db 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -463,7 +463,7 @@ class Salary extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/salaries/paiement_salary.php b/htdocs/salaries/paiement_salary.php index eb9fe8bfd17..6c282eac94d 100644 --- a/htdocs/salaries/paiement_salary.php +++ b/htdocs/salaries/paiement_salary.php @@ -188,12 +188,12 @@ if ($action == 'create') { $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p"; - $sql .= " WHERE p.fk_salary = ".$chid; + $sql .= " WHERE p.fk_salary = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); $sumpaid = $obj->total; - $db->free(); + $db->free($resql); } /*print ''; print '';*/ diff --git a/htdocs/salaries/payment_salary/card.php b/htdocs/salaries/payment_salary/card.php index c6d1fd7d07f..51f80b23efd 100644 --- a/htdocs/salaries/payment_salary/card.php +++ b/htdocs/salaries/payment_salary/card.php @@ -255,7 +255,7 @@ print '
'; if ($action == '') { if ($user->rights->salaries->delete) { if (!$disable_delete) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/salaries/payments.php b/htdocs/salaries/payments.php index c91613f2327..0ec83a55595 100644 --- a/htdocs/salaries/payments.php +++ b/htdocs/salaries/payments.php @@ -485,7 +485,9 @@ while ($i < ($limit ? min($num, $limit) : $num)) { $accountstatic->accountancy_journal = $accountingjournal->getNomUrl(0, 1, 1, '', 1); } $accountstatic->label = $obj->blabel; - print $accountstatic->getNomUrl(1); + if ($accountstatic->id > 0) { + print $accountstatic->getNomUrl(1); + } } else print ' '; print ''; if (!$i) $totalarray['nbfield']++; diff --git a/htdocs/societe/ajaxcompanies.php b/htdocs/societe/ajaxcompanies.php index 3221aafff55..28b105df9a0 100644 --- a/htdocs/societe/ajaxcompanies.php +++ b/htdocs/societe/ajaxcompanies.php @@ -66,12 +66,12 @@ if (GETPOST('newcompany') || GETPOST('socid', 'int') || GETPOST('id_fourn')) { $return_arr = array(); // Define filter on text typed - $socid = $_GET['newcompany'] ? $_GET['newcompany'] : ''; + $socid = GETPOST('newcompany'); if (!$socid) { - $socid = $_GET['socid'] ? $_GET['socid'] : ''; + $socid = GETPOST('socid', 'int'); } if (!$socid) { - $socid = $_GET['id_fourn'] ? $_GET['id_fourn'] : ''; + $socid = GETPOST('id_fourn', 'int'); } $sql = "SELECT rowid, nom"; @@ -90,7 +90,7 @@ if (GETPOST('newcompany') || GETPOST('socid', 'int') || GETPOST('id_fourn')) { $sql .= " OR code_fournisseur LIKE '%".$db->escape($socid)."%'"; } if (!empty($conf->global->SOCIETE_ALLOW_SEARCH_ON_ROWID)) { - $sql .= " OR rowid = '".$db->escape($socid)."'"; + $sql .= " OR rowid = ".((int) $socid); } $sql .= ")"; } diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index fd4fde95243..2a5f2b84a53 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -792,7 +792,7 @@ if (empty($reshook)) { // Update linked member if (!$error && $object->fk_soc > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."adherent"; - $sql .= " SET fk_soc = NULL WHERE fk_soc = ".$id; + $sql .= " SET fk_soc = NULL WHERE fk_soc = ".((int) $socid); if (!$object->db->query($sql)) { $error++; $object->error .= $object->db->lasterror(); diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php index ddc9fa41fdb..6fd5160d8a6 100644 --- a/htdocs/societe/class/api_thirdparties.class.php +++ b/htdocs/societe/class/api_thirdparties.class.php @@ -1017,7 +1017,7 @@ class Thirdparties extends DolibarrApi $sql = "SELECT f.ref, f.type as factype, re.fk_facture_source, re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc, re.description, re.fk_facture, re.fk_facture_line"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re, ".MAIN_DB_PREFIX."facture as f"; - $sql .= " WHERE f.rowid = re.fk_facture_source AND re.fk_soc = ".$id; + $sql .= " WHERE f.rowid = re.fk_facture_source AND re.fk_soc = ".((int) $id); if ($filter == "available") { $sql .= " AND re.fk_facture IS NULL AND re.fk_facture_line IS NULL"; } @@ -1155,7 +1155,7 @@ class Thirdparties extends DolibarrApi $sql .= " owner_address, default_rib, label, datec, tms as datem, rum, frstrecur"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib"; if ($id) { - $sql .= " WHERE fk_soc = ".$id." "; + $sql .= " WHERE fk_soc = ".((int) $id); } @@ -1505,7 +1505,7 @@ class Thirdparties extends DolibarrApi throw new RestException(422, 'Unprocessable Entity: You must pass the site attribute in your request data !'); } - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."'"; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."'"; $result = $this->db->query($sql); if ($result && $this->db->num_rows($result) == 0) { @@ -1585,7 +1585,7 @@ class Thirdparties extends DolibarrApi // We found an existing SocieteAccount entity, we are replacing it } else { if (isset($request_data['site']) && $request_data['site'] !== $site) { - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."' "; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."' "; $result = $this->db->query($sql); if ($result && $this->db->num_rows($result) !== 0) { @@ -1649,7 +1649,7 @@ class Thirdparties extends DolibarrApi } else { // If the user tries to edit the site member, we check first if if (isset($request_data['site']) && $request_data['site'] !== $site) { - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."' "; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."' "; $result = $this->db->query($sql); if ($result && $this->db->num_rows($result) !== 0) { @@ -1733,7 +1733,7 @@ class Thirdparties extends DolibarrApi */ $sql = "SELECT rowid, fk_soc, key_account, site, date_creation, tms"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id; + $sql .= " FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id); $result = $this->db->query($sql); diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php index 6b09d88ac71..eefb71b6772 100644 --- a/htdocs/societe/class/client.class.php +++ b/htdocs/societe/class/client.class.php @@ -104,7 +104,7 @@ class Client extends Societe $sql = "SELECT id, code, libelle as label, picto FROM ".MAIN_DB_PREFIX."c_stcomm"; if ($active >= 0) { - $sql .= " WHERE active = ".$active; + $sql .= " WHERE active = ".((int) $active); } $resql = $this->db->query($sql); $num = $this->db->num_rows($resql); diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index c611ccab462..3e410019b22 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -217,12 +217,12 @@ class CompanyBankAccount extends Account $sql .= " WHERE rowid = ".((int) $id); } if ($socid) { - $sql .= " WHERE fk_soc = ".$socid; + $sql .= " WHERE fk_soc = ".((int) $socid); if ($default > -1) { - $sql .= " AND default_rib = ".$this->db->escape($default); + $sql .= " AND default_rib = ".((int) $default); } if ($type) { - $sql .= " AND type ='".$this->db->escape($type)."'"; + $sql .= " AND type = '".$this->db->escape($type)."'"; } } @@ -351,12 +351,12 @@ class CompanyBankAccount extends Account $this->db->begin(); $sql2 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 0"; - $sql2 .= " WHERE type = 'ban' AND fk_soc = ".$obj->fk_soc; + $sql2 .= " WHERE type = 'ban' AND fk_soc = ".((int) $obj->fk_soc); dol_syslog(get_class($this).'::setAsDefault', LOG_DEBUG); $result2 = $this->db->query($sql2); $sql3 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 1"; - $sql3 .= " WHERE rowid = ".$obj->id; + $sql3 .= " WHERE rowid = ".((int) $obj->id); dol_syslog(get_class($this).'::setAsDefault', LOG_DEBUG); $result3 = $this->db->query($sql3); diff --git a/htdocs/societe/class/companypaymentmode.class.php b/htdocs/societe/class/companypaymentmode.class.php index db19840fd8e..1f11e6a29c3 100644 --- a/htdocs/societe/class/companypaymentmode.class.php +++ b/htdocs/societe/class/companypaymentmode.class.php @@ -318,7 +318,7 @@ class CompanyPaymentMode extends CommonObject public function fetch($id, $ref = null, $socid = 0, $type = '', $morewhere = '') { if ($socid) { - $morewhere .= " AND fk_soc = ".$this->db->escape($socid)." AND default_rib = 1"; + $morewhere .= " AND fk_soc = ".((int) $socid)." AND default_rib = 1"; } if ($type) { $morewhere .= " AND type = '".$this->db->escape($type)."'"; @@ -464,7 +464,7 @@ class CompanyPaymentMode extends CommonObject $this->db->begin(); $sql2 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 0, tms = tms"; - $sql2 .= " WHERE default_rib <> 0 AND fk_soc = ".$obj->fk_soc; + $sql2 .= " WHERE default_rib <> 0 AND fk_soc = ".((int) $obj->fk_soc); if ($type) { $sql2 .= " AND type = '".$this->db->escape($type)."'"; } @@ -472,7 +472,7 @@ class CompanyPaymentMode extends CommonObject $result2 = $this->db->query($sql2); $sql3 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 1"; - $sql3 .= " WHERE rowid = ".$obj->id; + $sql3 .= " WHERE rowid = ".((int) $obj->id); if ($type) { $sql3 .= " AND type = '".$this->db->escape($type)."'"; } diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 954ebe94673..6874c4b3b2d 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1907,7 +1907,7 @@ class Societe extends CommonObject } } else { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete; - $sql .= " WHERE fk_soc = ".$id; + $sql .= " WHERE fk_soc = ".((int) $id); if (!$this->db->query($sql)) { $error++; $this->errors[] = $this->db->lasterror(); @@ -1930,7 +1930,7 @@ class Societe extends CommonObject if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; $sql .= " SET parent = NULL"; - $sql .= " WHERE parent = ".$id; + $sql .= " WHERE parent = ".((int) $id); if (!$this->db->query($sql)) { $error++; $this->errors[] = $this->db->lasterror(); @@ -1985,7 +1985,7 @@ class Societe extends CommonObject $newclient = 3; //If prospect, we keep prospect tag } $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; - $sql .= " SET client = ".$newclient; + $sql .= " SET client = ".((int) $newclient); $sql .= " WHERE rowid = ".$this->id; $resql = $this->db->query($sql); @@ -2326,7 +2326,7 @@ class Societe extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux"; - $sql .= " WHERE fk_soc = ".$this->id." AND fk_user =".$commid; + $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid); $resql = $this->db->query($sql); if (!$resql) { @@ -2389,7 +2389,7 @@ class Societe extends CommonObject if ($this->id > 0 && $commid > 0) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux "; - $sql .= " WHERE fk_soc = ".$this->id." AND fk_user =".$commid; + $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::del_commercial Erreur"); @@ -4620,7 +4620,7 @@ class Societe extends CommonObject $resql = $db->query($sql); while ($obj = $db->fetch_object($resql)) { - $db->query('DELETE FROM '.MAIN_DB_PREFIX.'societe_commerciaux WHERE rowid = '.$obj->rowid); + $db->query('DELETE FROM '.MAIN_DB_PREFIX.'societe_commerciaux WHERE rowid = '.((int) $obj->rowid)); } /** diff --git a/htdocs/societe/class/societeaccount.class.php b/htdocs/societe/class/societeaccount.class.php index 5be05d99a56..8fbbbbcee6e 100644 --- a/htdocs/societe/class/societeaccount.class.php +++ b/htdocs/societe/class/societeaccount.class.php @@ -284,7 +284,7 @@ class SocieteAccount extends CommonObject { $sql = "SELECT sa.key_account as key_account, sa.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_account as sa"; - $sql .= " WHERE sa.fk_soc = ".$id; + $sql .= " WHERE sa.fk_soc = ".((int) $id); $sql .= " AND sa.entity IN (".getEntity('societe').")"; $sql .= " AND sa.site = '".$this->db->escape($site)."' AND sa.status = ".((int) $status); $sql .= " AND sa.key_account IS NOT NULL AND sa.key_account <> ''"; diff --git a/htdocs/societe/consumption.php b/htdocs/societe/consumption.php index a7ef895041e..3190ad5e64e 100644 --- a/htdocs/societe/consumption.php +++ b/htdocs/societe/consumption.php @@ -146,7 +146,7 @@ if ($object->client) { print ' ('.$langs->trans("WrongCustomerCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -183,7 +183,7 @@ if ($object->fournisseur) { print ' ('.$langs->trans("WrongSupplierCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."commande_fournisseur where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."commande_fournisseur where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -229,7 +229,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices $documentstatic = new Fichinter($db); $sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, \'1\' as doc_type, f.datec as dateprint, f.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."fichinter as f LEFT JOIN ".MAIN_DB_PREFIX."fichinterdet as d ON d.fk_fichinter = f.rowid"; // Must use left join to work also with option that disable usage of lines. - $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND f.entity = ".$conf->entity; $dateprint = 'f.datec'; $doc_number = 'f.ref'; @@ -239,7 +239,7 @@ if ($type_element == 'invoice') { // Customer : show products from invoices $documentstatic = new Facture($db); $sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, f.type as doc_type, f.datef as dateprint, f.fk_statut as status, f.paye as paid, '; $tables_from = MAIN_DB_PREFIX."facture as f,".MAIN_DB_PREFIX."facturedet as d"; - $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_facture = f.rowid"; $where .= " AND f.entity IN (".getEntity('invoice').")"; $dateprint = 'f.datef'; @@ -251,7 +251,7 @@ if ($type_element == 'propal') { $documentstatic = new Propal($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.datep as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."propal as c,".MAIN_DB_PREFIX."propaldet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_propal = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $datePrint = 'c.datep'; @@ -263,7 +263,7 @@ if ($type_element == 'order') { $documentstatic = new Commande($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_commande as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."commande as c,".MAIN_DB_PREFIX."commandedet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_commande = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_commande'; @@ -275,7 +275,7 @@ if ($type_element == 'supplier_invoice') { // Supplier : Show products from inv $documentstatic = new FactureFournisseur($db); $sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, \'1\' as doc_type, f.datef as dateprint, f.fk_statut as status, f.paye as paid, '; $tables_from = MAIN_DB_PREFIX."facture_fourn as f,".MAIN_DB_PREFIX."facture_fourn_det as d"; - $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_facture_fourn = f.rowid"; $where .= " AND f.entity = ".$conf->entity; $dateprint = 'f.datef'; @@ -287,7 +287,7 @@ if ($type_element == 'supplier_proposal') { $documentstatic = new SupplierProposal($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."supplier_proposal as c,".MAIN_DB_PREFIX."supplier_proposaldet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_supplier_proposal = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_valid'; @@ -299,7 +299,7 @@ if ($type_element == 'supplier_order') { // Supplier : Show products from order $documentstatic = new CommandeFournisseur($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."commande_fournisseur as c,".MAIN_DB_PREFIX."commande_fournisseurdet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_commande = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_valid'; @@ -312,7 +312,7 @@ if ($type_element == 'contract') { // Order $documentstaticline = new ContratLigne($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_contrat as dateprint, d.statut as status, '; $tables_from = MAIN_DB_PREFIX."contrat as c,".MAIN_DB_PREFIX."contratdet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_contrat = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_valid'; diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php index 8c321b1386d..dc8d95ef42f 100644 --- a/htdocs/societe/paymentmodes.php +++ b/htdocs/societe/paymentmodes.php @@ -517,10 +517,10 @@ if (empty($reshook)) { $db->begin(); if (empty($newcu)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; } else { $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX."societe_account"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! } $resql = $db->query($sql); @@ -542,7 +542,7 @@ if (empty($reshook)) { } else { $sql = 'UPDATE '.MAIN_DB_PREFIX."societe_account"; $sql .= " SET key_account = '".$db->escape(GETPOST('key_account', 'alpha'))."', site_account = '".$db->escape($site_account)."'"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! $resql = $db->query($sql); } } @@ -761,7 +761,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print ' ('.$langs->trans("WrongCustomerCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -823,7 +823,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print ' ('.$langs->trans("WrongSupplierCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); diff --git a/htdocs/societe/societecontact.php b/htdocs/societe/societecontact.php index c37f61e4fe2..2a6dd2176df 100644 --- a/htdocs/societe/societecontact.php +++ b/htdocs/societe/societecontact.php @@ -227,7 +227,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " t.libelle as type, t.subscription"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent as d"; $sql .= ", ".MAIN_DB_PREFIX."adherent_type as t"; - $sql .= " WHERE d.fk_soc = ".$id; + $sql .= " WHERE d.fk_soc = ".((int) $id); $sql .= " AND d.fk_adherent_type = t.rowid"; dol_syslog("get list sql=".$sql); diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index ecd506e2cb4..0320a663ea8 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1541,13 +1541,13 @@ class SupplierProposal extends CommonObject $remise = trim($remise) ?trim($remise) : 0; if (!empty($user->rights->supplier_proposal->creer)) { - $remise = price2num($remise); + $remise = price2num($remise, 2); - $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal SET remise_percent = ".$remise; + $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal SET remise_percent = ".((float) $remise); $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; if ($this->db->query($sql)) { - $this->remise_percent = $remise; + $this->remise_percent = ((float) $remise); $this->update_price(1); return 1; } else { @@ -1569,13 +1569,15 @@ class SupplierProposal extends CommonObject public function set_remise_absolue($user, $remise) { // phpcs:enable - $remise = trim($remise) ?trim($remise) : 0; + if (empty($remise)) { + $remise = 0; + } + + $remise = price2num($remise); if (!empty($user->rights->supplier_proposal->creer)) { - $remise = price2num($remise); - $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal "; - $sql .= " SET remise_absolue = ".$remise; + $sql .= " SET remise_absolue = ".((float) $remise); $sql .= " WHERE rowid = ".$this->id." AND fk_statut = 0"; if ($this->db->query($sql)) { @@ -1608,7 +1610,7 @@ class SupplierProposal extends CommonObject $error = 0; $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; - $sql .= " SET fk_statut = ".$this->statut.","; + $sql .= " SET fk_statut = ".((int) $this->statut).","; if (!empty($note)) { $sql .= " note_private = '".$this->db->escape($note)."',"; } @@ -1669,7 +1671,7 @@ class SupplierProposal extends CommonObject $this->db->begin(); $sql = "UPDATE ".MAIN_DB_PREFIX."supplier_proposal"; - $sql .= " SET fk_statut = ".$status.", note_private = '".$this->db->escape($note)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; + $sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($note)."', date_cloture='".$this->db->idate($now)."', fk_user_cloture=".$user->id; $sql .= " WHERE rowid = ".$this->id; $resql = $this->db->query($sql); @@ -1775,7 +1777,7 @@ class SupplierProposal extends CommonObject $price = price2num($product->subprice * $product->qty, 'MU'); $unitPrice = price2num($product->subprice, 'MU'); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_fournisseur_price SET '.(!empty($product->ref_fourn) ? 'ref_fourn = "'.$product->ref_fourn.'", ' : '').' price ='.$price.', unitprice ='.$unitPrice.' WHERE rowid = '.$idProductFournPrice; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_fournisseur_price SET '.(!empty($product->ref_fourn) ? 'ref_fourn = "'.$this->db->escape($product->ref_fourn).'", ' : '').' price ='.((float) $price).', unitprice ='.((float) $unitPrice).' WHERE rowid = '.((int) $idProductFournPrice); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/takepos/receipt.php b/htdocs/takepos/receipt.php index dd895eb4265..e9d721a44e3 100644 --- a/htdocs/takepos/receipt.php +++ b/htdocs/takepos/receipt.php @@ -260,7 +260,7 @@ if ($conf->global->TAKEPOS_PRINT_PAYMENT_METHOD) { $sql .= " cp.code"; $sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id"; - $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$facid; + $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $facid); $sql .= " ORDER BY p.datep"; $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 57d0066323d..1d77e323c10 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -568,7 +568,7 @@ class Ticket extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; if ($id) { - $sql .= " WHERE t.rowid = ".$this->db->escape($id); + $sql .= " WHERE t.rowid = ".((int) $id); } else { $sql .= " WHERE t.entity IN (".getEntity($this->element, 1).")"; if (!empty($ref)) { diff --git a/htdocs/ticket/class/ticketstats.class.php b/htdocs/ticket/class/ticketstats.class.php index 51449c6b233..2bcd0fe89fc 100644 --- a/htdocs/ticket/class/ticketstats.class.php +++ b/htdocs/ticket/class/ticketstats.class.php @@ -98,7 +98,7 @@ class TicketStats extends Stats { $sql = "SELECT MONTH(datec) as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(datec) = ".$year; + $sql .= " WHERE YEAR(datec) = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index c1224285c7c..b3303492417 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -871,7 +871,7 @@ class User extends CommonObject $nid = $obj->id; $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights"; - $sql .= " WHERE fk_user = ".$this->id." AND fk_id=".$nid; + $sql .= " WHERE fk_user = ".$this->id." AND fk_id = ".((int) $nid); $sql .= " AND entity = ".$entity; if (!$this->db->query($sql)) { $error++; @@ -1110,16 +1110,14 @@ class User extends CommonObject // Check parameters if ($this->statut == $status) { return 0; - } else { - $this->statut = $status; } $this->db->begin(); // Save in database $sql = "UPDATE ".MAIN_DB_PREFIX."user"; - $sql .= " SET statut = ".$this->statut; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " SET statut = ".((int) $status); + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); dol_syslog(get_class($this)."::setstatus", LOG_DEBUG); @@ -1136,6 +1134,8 @@ class User extends CommonObject $this->db->rollback(); return -$error; } else { + $this->status = $status; + $this->statut = $status; $this->db->commit(); return 1; } @@ -1199,7 +1199,7 @@ class User extends CommonObject // If contact, remove link if ($this->contact_id > 0) { - $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET fk_user_creat = null WHERE rowid = ".$this->contact_id; + $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET fk_user_creat = null WHERE rowid = ".((int) $this->contact_id); if (!$error && !$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -1737,7 +1737,7 @@ class User extends CommonObject // If user is linked to a member, remove old link to this member if ($this->fk_member > 0) { dol_syslog(get_class($this)."::update remove link with member. We will recreate it later", LOG_DEBUG); - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL where fk_member = ".$this->fk_member; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = NULL where fk_member = ".((int) $this->fk_member); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->error(); $this->db->rollback(); return -5; @@ -1745,7 +1745,7 @@ class User extends CommonObject } // Set link to user dol_syslog(get_class($this)."::update set link with member", LOG_DEBUG); - $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member =".($this->fk_member > 0 ? $this->fk_member : 'null')." where rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member =".($this->fk_member > 0 ? ((int) $this->fk_member) : 'null')." where rowid = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->error(); $this->db->rollback(); return -5; diff --git a/htdocs/variants/class/ProductAttribute.class.php b/htdocs/variants/class/ProductAttribute.class.php index a4e9f92eb10..1e7f44bb936 100644 --- a/htdocs/variants/class/ProductAttribute.class.php +++ b/htdocs/variants/class/ProductAttribute.class.php @@ -319,7 +319,7 @@ class ProductAttribute extends CommonObject $newrang = $this->rang + 1; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_attribute SET rang = '.$this->rang.' WHERE rang = '.$newrang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_attribute SET rang = '.((int) $this->rang).' WHERE rang = '.((int) $newrang); if (!$this->db->query($sql)) { $this->db->rollback(); diff --git a/htdocs/webservices/server_contact.php b/htdocs/webservices/server_contact.php index 9f57a445cc3..a28371443d5 100644 --- a/htdocs/webservices/server_contact.php +++ b/htdocs/webservices/server_contact.php @@ -503,7 +503,7 @@ function getContactsForThirdParty($authentication, $idthirdparty) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as d ON c.fk_departement = d.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON c.rowid = u.fk_socpeople"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid"; - $sql .= " WHERE c.fk_soc = ".$idthirdparty; + $sql .= " WHERE c.fk_soc = ".((int) $idthirdparty); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/webservices/server_productorservice.php b/htdocs/webservices/server_productorservice.php index 259f3ec67fe..95b7246d021 100644 --- a/htdocs/webservices/server_productorservice.php +++ b/htdocs/webservices/server_productorservice.php @@ -1006,7 +1006,7 @@ function getProductsForCategory($authentication, $id, $lang = '') $table = "product"; $field = "product"; $sql = "SELECT fk_".$field." FROM ".MAIN_DB_PREFIX."categorie_".$table; - $sql .= " WHERE fk_categorie = ".$id; + $sql .= " WHERE fk_categorie = ".((int) $id); $sql .= " ORDER BY fk_".$field." ASC"; diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 27ede3cd0ef..80d31f0024d 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -1281,7 +1281,7 @@ class Website extends CommonObject $objectpagestatic = new WebsitePage($this->db); - $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'website_page WHERE fk_website = '.$this->id; + $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'website_page WHERE fk_website = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { @@ -1414,10 +1414,10 @@ class Website extends CommonObject $sql = "SELECT wp.rowid, wp.lang, wp.pageurl, wp.fk_page"; $sql .= " FROM ".MAIN_DB_PREFIX."website_page as wp"; - $sql .= " WHERE wp.fk_website = ".$website->id; + $sql .= " WHERE wp.fk_website = ".((int) $website->id); $sql .= " AND (wp.fk_page = ".((int) $pageid)." OR wp.rowid = ".((int) $pageid); if ($tmppage->fk_page > 0) { - $sql .= " OR wp.fk_page = ".$tmppage->fk_page." OR wp.rowid = ".$tmppage->fk_page; + $sql .= " OR wp.fk_page = ".((int) $tmppage->fk_page)." OR wp.rowid = ".((int) $tmppage->fk_page); } $sql .= ")"; diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php index 3dbdb353a3e..32c8c0b8688 100644 --- a/htdocs/website/class/websitepage.class.php +++ b/htdocs/website/class/websitepage.class.php @@ -407,7 +407,7 @@ class WebsitePage extends CommonObject $sql .= " t.object_type,"; $sql .= " t.fk_object"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.fk_website = '.$websiteid; + $sql .= ' WHERE t.fk_website = '.((int) $websiteid); // Manage filter (same than into countAll) $sqlwhere = array(); if (count($filter) > 0) { @@ -509,7 +509,7 @@ class WebsitePage extends CommonObject $sql = 'SELECT COUNT(t.rowid) as nb'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.fk_website = '.$websiteid; + $sql .= ' WHERE t.fk_website = '.((int) $websiteid); // Manage filter (same than into fetchAll) $sqlwhere = array(); if (count($filter) > 0) { diff --git a/htdocs/zapier/class/hook.class.php b/htdocs/zapier/class/hook.class.php index 92066e496e2..5197296f659 100644 --- a/htdocs/zapier/class/hook.class.php +++ b/htdocs/zapier/class/hook.class.php @@ -416,13 +416,13 @@ class Hook extends CommonObject $sql .= ' t.rowid'; // TODO Get all fields $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.entity = '.$conf->entity; + $sql .= ' WHERE t.entity = '.((int) $conf->entity); // Manage filter $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key.' = '.((int) $value); } elseif (strpos($key, 'date') !== false) { $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; } elseif ($key == 'customsql') { diff --git a/test/phpunit/InventoryTest.php b/test/phpunit/InventoryTest.php new file mode 100644 index 00000000000..1d125a0311c --- /dev/null +++ b/test/phpunit/InventoryTest.php @@ -0,0 +1,382 @@ + + * Copyright (C) 2018 Frédéric France + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file test/phpunit/InventoryTest.php + * \ingroup test + * \brief PHPUnit test + * \remarks To run this script as CLI: phpunit filename.php + */ + +global $conf,$user,$langs,$db; +//define('TEST_DB_FORCE_TYPE','mysql'); // This is to force using mysql driver +//require_once 'PHPUnit/Autoload.php'; +require_once dirname(__FILE__).'/../../htdocs/master.inc.php'; +require_once dirname(__FILE__).'/../../htdocs/product/inventory/class/inventory.class.php'; + +if (empty($user->id)) { + print "Load permissions for admin user nb 1\n"; + $user->fetch(1); + $user->getrights(); +} +$conf->global->MAIN_DISABLE_ALL_MAILS=1; + + +/** + * Class for PHPUnit tests + * + * @backupGlobals disabled + * @backupStaticAttributes enabled + * @remarks backupGlobals must be disabled to have db,conf,user and lang not erased. + */ +class InventoryTest extends PHPUnit\Framework\TestCase +{ + protected $savconf; + protected $savuser; + protected $savlangs; + protected $savdb; + + /** + * Constructor + * We save global variables into local variables + * + * @return InventoryTest + */ + public function __construct() + { + parent::__construct(); + + //$this->sharedFixture + global $conf,$user,$langs,$db; + $this->savconf=$conf; + $this->savuser=$user; + $this->savlangs=$langs; + $this->savdb=$db; + + print __METHOD__." db->type=".$db->type." user->id=".$user->id; + //print " - db ".$db->db; + print "\n"; + } + + /** + * setUpBeforeClass + * + * @return void + */ + public static function setUpBeforeClass():void + { + global $conf,$user,$langs,$db; + + $db->begin(); // This is to have all actions inside a transaction even if test launched without suite. + + print __METHOD__."\n"; + } + + /** + * tearDownAfterClass + * + * @return void + */ + public static function tearDownAfterClass():void + { + global $conf,$user,$langs,$db; + $db->rollback(); + + print __METHOD__."\n"; + } + + /** + * Init phpunit tests + * + * @return void + */ + protected function setUp():void + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + print __METHOD__."\n"; + } + + /** + * End phpunit tests + * + * @return void + */ + protected function tearDown():void + { + print __METHOD__."\n"; + } + + /** + * testInventoryCreate + * + * @return int + */ + public function testInventoryCreate() + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject=new Inventory($db); + $localobject->initAsSpecimen(); + $result=$localobject->create($user); + $this->assertLessThan($result, 0); + print __METHOD__." result=".$result."\n"; + return $result; + } + + /** + * testInventoryFetch + * + * @param int $id Id invoice + * @return int + * + * @depends testInventoryCreate + * The depends says test is run only if previous is ok + */ + public function testInventoryFetch($id) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject=new Inventory($this->savdb); + $result=$localobject->fetch($id); + + $this->assertLessThan($result, 0); + print __METHOD__." id=".$id." result=".$result."\n"; + return $localobject; + } + + /** + * testInventoryUpdate + * + * @param Inventory $localobject Invoice + * @return int + * + * @depends testInventoryFetch + * The depends says test is run only if previous is ok + */ + public function testInventoryUpdate($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject->status = 9; + $localobject->title = 'test'; + $result=$localobject->update($user, $user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + $this->assertLessThan($result, 0); + return $localobject; + } + + + /** + * testInventoryValidate + * + * @param Inventory $localobject Invoice + * @return void + * + * @depends testInventoryUpdate + * The depends says test is run only if previous is ok + */ + public function testInventoryValidate($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $result=$localobject->validate($user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + + $this->assertLessThan($result, 0); + $this->assertEquals($localobject->status, '1'); + return $localobject; + } + + /** + * testInventorySetDraft + * + * @param Inventory $localobject Invoice + * @return void + * + * @depends testInventoryValidate + * The depends says test is run only if previous is ok + */ + public function testInventorySetDraft($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $result=$localobject->setDraft($user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + + $this->assertLessThan($result, 0); + $this->assertEquals($localobject->status, '0'); + return $localobject; + } + + /** + * testInventorySetRecorded + * + * @param Inventory $localobject Invoice + * @return void + * + * @depends testInventorySetDraft + * The depends says test is run only if previous is ok + */ + public function testInventorySetRecorded($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $result=$localobject->setRecorded($user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + + $this->assertLessThan($result, 0); + $this->assertEquals($localobject->status, '2'); + return $localobject; + } + + /** + * testInventorySetCanceled + * + * @param Inventory $localobject Invoice + * @return void + * + * @depends testInventorySetRecorded + * The depends says test is run only if previous is ok + */ + public function testInventorySetCanceled($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $result=$localobject->setCanceled($user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + + $this->assertLessThan($result, 0); + $this->assertEquals($localobject->status, '9'); + return $localobject; + } + + /** + * testInventoryOther + * + * @param Inventory $localobject Invoice + * @return int + * @depends testInventorySetRecorded + * The depends says test is run only if previous is ok + */ + public function testInventoryOther($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject->info($localobject->id); + print __METHOD__." localobject->date_creation=".$localobject->date_creation."\n"; + $this->assertNotEquals($localobject->date_creation, ''); + return $localobject->id; + } + + /** + * testInventoryDelete + * + * @param int $id Id of invoice + * @return int + * @depends testInventoryOther + * The depends says test is run only if previous is ok + */ + public function testInventoryDelete($id) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject=new Inventory($this->savdb); + $result=$localobject->fetch($id); + $result=$localobject->delete($user); + print __METHOD__." id=".$id." result=".$result."\n"; + $this->assertLessThan($result, 0); + + return $result; + } + + /** + * Compare all public properties values of 2 objects + * + * @param Object $oA Object operand 1 + * @param Object $oB Object operand 2 + * @param boolean $ignoretype False will not report diff if type of value differs + * @param array $fieldstoignorearray Array of fields to ignore in diff + * @return array Array with differences + */ + public function objCompare($oA, $oB, $ignoretype = true, $fieldstoignorearray = array('id')) + { + $retAr=array(); + + if (get_class($oA) !== get_class($oB)) { + $retAr[]="Supplied objects are not of same class."; + } else { + $oVarsA=get_object_vars($oA); + $oVarsB=get_object_vars($oB); + $aKeys=array_keys($oVarsA); + foreach ($aKeys as $sKey) { + if (in_array($sKey, $fieldstoignorearray)) { + continue; + } + if (! $ignoretype && ($oVarsA[$sKey] !== $oVarsB[$sKey])) { + $retAr[]=$sKey.' : '.(is_object($oVarsA[$sKey])?get_class($oVarsA[$sKey]):$oVarsA[$sKey]).' <> '.(is_object($oVarsB[$sKey])?get_class($oVarsB[$sKey]):$oVarsB[$sKey]); + } + if ($ignoretype && ($oVarsA[$sKey] != $oVarsB[$sKey])) { + $retAr[]=$sKey.' : '.(is_object($oVarsA[$sKey])?get_class($oVarsA[$sKey]):$oVarsA[$sKey]).' <> '.(is_object($oVarsB[$sKey])?get_class($oVarsB[$sKey]):$oVarsB[$sKey]); + } + } + } + return $retAr; + } +}
'; + } + print $langs->trans('SignedBy'); + if ($usetable) { + print ''; + } else { + print ': '; + } + if (is_object($object->user_signature)) { + if ($object->user_signature->id) { + print $object->user_signature->getNomUrl(-1, '', 0, 0, 0); + } else { + print $langs->trans('Unknown'); + } + } else { + $userstatic = new User($db); + $userstatic->fetch($object->user_signature); + if ($userstatic->id) { + print $userstatic->getNomUrl(-1, '', 0, 0, 0); + } else { + print $langs->trans('Unknown'); + } + } + if ($usetable) { + print '
'; + } + print $langs->trans('DateSigning'); + if ($usetable) { + print ''; + } else { + print ': '; + } + print dol_print_date($object->date_signature, 'dayhour'); + if ($deltadateforuser) { + print ' '.$langs->trans('CurrentHour').'   /   '.dol_print_date($object->date_signature, 'dayhour', 'tzuserrel').'  '.$langs->trans('ClientHour'); + } + if ($usetable) { + print '
'; print $form->textwithpicto($langs->trans("RealQty"), $langs->trans("InventoryRealQtyHelp")); print ''; - print '
'; + print '
'; - print 'TODO'; + print $obj->qty_stock; print ''; - print 'rowid).'">'; - print ''; - print ''.img_delete().''; - print ''; + print ''.img_delete().''; + print '
'.$langs->trans("AlreadyPaid").''.price($sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).'
'.$langs->trans("RemainderToPay").''.price($total-$sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).'