lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix phpcs

Browse Source
This commit is contained in:
Laurent Destailleur 2022-11-24 16:40:44 +01:00
parent 40bc26a666
commit 53a1867be8
2 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/class/html.formprojet.class.php
View File

@ -188,7 +188,7 @@ class FormProjets
$sql .= natural_search(array('p.title', 'p.ref'), $filterkey);
}
if ($morefilter) {
$sql .= ' AND ('.$morefilter.')';
$sql .= ' AND ('.$this->db->sanitize($morefilter, 0, 1).')';
}
$sql .= " ORDER BY p.ref ASC";

9
htdocs/core/db/DoliDB.class.php
View File

@ -136,15 +136,12 @@ abstract class DoliDB implements Database
*
* @param string $stringtosanitize String to escape
* @param int $allowsimplequote 1=Allow simple quotes in string. When string is used as a list of SQL string ('aa', 'bb', ...)
* @param string $allowsequals 1=Allow equals sign
* @return string String escaped
*/
public function sanitize($stringtosanitize, $allowsimplequote = 0)
public function sanitize($stringtosanitize, $allowsimplequote = 0, $allowsequals = 0)
{
if ($allowsimplequote) {
return preg_replace('/[^a-z0-9_\-\.,\']/i', '', $stringtosanitize);
} else {
return preg_replace('/[^a-z0-9_\-\.,]/i', '', $stringtosanitize);
}
return preg_replace('/[^a-z0-9_\-\.,'.($allowsequals ? '=' : '').($allowsimplequote ? "\'" : '').']/i', '', $stringtosanitize);
}
/**