From 5ed25ab539541130f0106cd425553164b8d0ab5e Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Tue, 1 Dec 2009 16:48:14 +0000
Subject: [PATCH] Fix: missing addslashes

---
 htdocs/don.class.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/htdocs/don.class.php b/htdocs/don.class.php
index d17060d6710..80af95b0d43 100644
--- a/htdocs/don.class.php
+++ b/htdocs/don.class.php
@@ -363,13 +363,13 @@ class Don extends CommonObject
 		$sql = "UPDATE ".MAIN_DB_PREFIX."don SET ";
 		$sql .= "amount = " . $this->amount;
 		$sql .= ",fk_paiement = ".$this->modepaiementid;
-		$sql .= ",prenom = '".$this->prenom ."'";
-		$sql .= ",nom='".$this->nom."'";
-		$sql .= ",societe='".$this->societe."'";
-		$sql .= ",adresse='".$this->adresse."'";
+		$sql .= ",prenom = '".addslashes($this->prenom)."'";
+		$sql .= ",nom='".addslashes($this->nom)."'";
+		$sql .= ",societe='".addslashes($this->societe)."'";
+		$sql .= ",adresse='".addslashes($this->adresse)."'";
 		$sql .= ",cp='".$this->cp."'";
-		$sql .= ",ville='".$this->ville."'";
-		$sql .= ",pays='".$this->pays."'";
+		$sql .= ",ville='".addslashes($this->ville)."'";
+		$sql .= ",pays='".addslashes($this->pays)."'"; // TODO use fk_pays
 		$sql .= ",public=".$this->public;
 		$sql .= ",fk_don_projet=".($this->projetid>0?$this->projetid:'null');
 		$sql .= ",note='".addslashes($this->note)."'";