From 1a38d075a6830754de0bd68d6b14a188b2b21851 Mon Sep 17 00:00:00 2001 From: Bastien Schils <12594973+WimpyMan@users.noreply.github.com> Date: Mon, 17 May 2021 18:34:23 +0200 Subject: [PATCH 1/3] html.form.class.php: Fixed SQL error (projects) 1. Strings should be quoted by single quotes 2. GROUP BY declaration must list all fields from SELECT statement --- htdocs/core/class/html.form.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 7f52cb099a1..55cb6270455 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -8118,8 +8118,8 @@ class Form } // Search all projects - $sql = 'SELECT f.rowid, f.ref as fref, "nolabel" as flabel, p.rowid as pid, f.ref, - p.title, p.fk_soc, p.fk_statut, p.public,'; + $sql = "SELECT f.rowid, f.ref as fref, 'nolabel' as flabel, p.rowid as pid, f.ref, + p.title, p.fk_soc, p.fk_statut, p.public,"; $sql .= ' s.nom as name'; $sql .= ' FROM '.MAIN_DB_PREFIX.'projet as p'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = p.fk_soc,'; @@ -8129,7 +8129,7 @@ class Form //if ($projectsListId) $sql.= " AND p.rowid IN (".$projectsListId.")"; //if ($socid == 0) $sql.= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)"; //if ($socid > 0) $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)"; - $sql .= " GROUP BY f.ref ORDER BY p.ref, f.ref ASC"; + $sql .= " GROUP BY f.ref, f.rowid, flabel,pid, p.title, p.fk_soc, p.fk_statut, p.public, name ORDER BY p.ref, f.ref ASC"; $resql = $this->db->query($sql); if ($resql) From 6170b28c3b1419468bbb9dd05c18b057d3cf0af8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 18 May 2021 11:58:49 +0200 Subject: [PATCH 2/3] FIx #17651 --- htdocs/product/stock/replenish.php | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index 5d8e1f4a790..d316d6cdf98 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -48,7 +48,7 @@ $hookmanager->initHooks(array('stockreplenishlist')); //checks if a product has been ordered -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $sref = GETPOST('sref', 'alpha'); $snom = GETPOST('snom', 'alpha'); $sall = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml')); @@ -308,7 +308,7 @@ if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entre $sql = 'SELECT p.rowid, p.ref, p.label, p.description, p.price,'; -$sql .= ' p.price_ttc, p.price_base_type,p.fk_product_type,'; +$sql .= ' p.price_ttc, p.price_base_type, p.fk_product_type,'; $sql .= ' p.tms as datem, p.duration, p.tobuy,'; $sql .= ' p.desiredstock, p.seuil_stock_alerte,'; if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0) { @@ -326,11 +326,8 @@ $sql .= $hookmanager->resPrint; $sql .= ' FROM '.MAIN_DB_PREFIX.'product as p'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_stock as s ON p.rowid = s.fk_product'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'entrepot AS ent ON s.fk_entrepot = ent.rowid AND ent.entity IN('.getEntity('stock').')'; -if ($fk_supplier > 0) { - $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'product_fournisseur_price pfp ON (pfp.fk_product = p.rowid AND pfp.fk_soc = '.$fk_supplier.')'; -} if (!empty($conf->global->STOCK_ALLOW_ADD_LIMIT_STOCK_BY_WAREHOUSE) && $fk_entrepot > 0) { - $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_warehouse_properties AS pse ON (p.rowid = pse.fk_product AND pse.fk_entrepot = '.$fk_entrepot.')'; + $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_warehouse_properties AS pse ON (p.rowid = pse.fk_product AND pse.fk_entrepot = '.((int) $fk_entrepot).')'; } // Add fields from hooks @@ -352,6 +349,9 @@ if ($sref) $sql .= natural_search('p.ref', $sref); if ($snom) $sql .= natural_search('p.label', $snom); $sql .= ' AND p.tobuy = 1'; if (!empty($canvas)) $sql .= ' AND p.canvas = "'.$db->escape($canvas).'"'; +if ($fk_supplier > 0) { + $sql .= ' AND EXISTS (SELECT pfp.rowid FROM '.MAIN_DB_PREFIX.'product_fournisseur_price as pfp WHERE pfp.fk_product = p.rowid AND pfp.fk_soc = '.((int) $fk_supplier).' AND pfp.entity IN ('.getEntity('product_fournisseur_price').'))'; +} $sql .= ' GROUP BY p.rowid, p.ref, p.label, p.description, p.price'; $sql .= ', p.price_ttc, p.price_base_type,p.fk_product_type, p.tms'; $sql .= ', p.duration, p.tobuy'; @@ -762,7 +762,9 @@ while ($i < ($limit ? min($num, $limit) : $num)) print ''.$alertstock.''; // Current stock (all warehouses) - print ''.$warning.$stock.''; + print ''.$warning.$stock; + print ''; + print ''; // Already ordered print ''.$ordered.' '.$picto.''; From 495d2e79f4ecec7d61326e77c448638bdc5df9f5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 18 May 2021 12:35:30 +0200 Subject: [PATCH 3/3] Update html.form.class.php --- htdocs/core/class/html.form.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 55cb6270455..e70337e195d 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -8129,7 +8129,7 @@ class Form //if ($projectsListId) $sql.= " AND p.rowid IN (".$projectsListId.")"; //if ($socid == 0) $sql.= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)"; //if ($socid > 0) $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)"; - $sql .= " GROUP BY f.ref, f.rowid, flabel,pid, p.title, p.fk_soc, p.fk_statut, p.public, name ORDER BY p.ref, f.ref ASC"; + $sql .= "ORDER BY p.ref, f.ref ASC"; $resql = $this->db->query($sql); if ($resql)