lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed sanitization of int

Browse Source
This commit is contained in:
Yoan Mollard 2022-06-19 19:30:10 +02:00
parent 13511d983e
commit 6239172910
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
htdocs/compta/accounting-files.php
View File

@ -181,7 +181,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " WHERE datef between ".$wheretail;
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.fk_statut <> ".Facture::STATUS_DRAFT;
if (!empty($projectid)) $sql .= " AND fk_projet = ".$db->sanitize($projectid);
if(!empty($projectid)) $sql .= " AND fk_projet = ".((int) $projectid);
}
// Vendor invoices
if (GETPOST('selectsupplierinvoices') && !empty($listofchoices['selectsupplierinvoices']['perms'])) {
@ -193,7 +193,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " WHERE datef between ".$wheretail;
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.fk_statut <> ".FactureFournisseur::STATUS_DRAFT;
if (!empty($projectid)) $sql .= " AND fk_projet = ".$db->sanitize($projectid);
if(!empty($projectid)) $sql .= " AND fk_projet = ".((int) $projectid);
}
// Expense reports
if (GETPOST('selectexpensereports') && !empty($listofchoices['selectexpensereports']['perms']) and empty($projectid)) {
@ -216,7 +216,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " WHERE datedon between ".$wheretail;
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
$sql .= " AND t.fk_statut <> ".Don::STATUS_DRAFT;
if (!empty($projectid)) $sql .= " AND fk_projet = ".$db->sanitize($projectid);
if(!empty($projectid)) $sql .= " AND fk_projet = ".((int) $projectid);
}
// Payments of salaries
if (GETPOST('selectpaymentsofsalaries') && !empty($listofchoices['selectpaymentsofsalaries']['perms'])) {
@ -228,7 +228,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " WHERE datep between ".$wheretail;
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
//$sql.=" AND fk_statut <> ".PaymentSalary::STATUS_DRAFT;
if (!empty($projectid)) $sql .= " AND fk_projet = ".$db->sanitize($projectid);
if(!empty($projectid)) $sql .= " AND fk_projet = ".((int) $projectid);
}
// Social contributions
if (GETPOST('selectsocialcontributions') && !empty($listofchoices['selectsocialcontributions']['perms'])) {
@ -240,7 +240,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " WHERE t.date_ech between ".$wheretail;
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
//$sql.=" AND fk_statut <> ".ChargeSociales::STATUS_DRAFT;
if (!empty($projectid)) $sql .= " AND fk_projet = ".$db->sanitize($projectid);
if(!empty($projectid)) $sql .= " AND fk_projet = ".((int) $projectid);
}
// Various payments
if (GETPOST('selectvariouspayment') && !empty($listofchoices['selectvariouspayment']['perms'])) {
@ -251,7 +251,7 @@ if (($action == 'searchfiles' || $action == 'dl')) {
$sql .= " FROM ".MAIN_DB_PREFIX."payment_various as t";
$sql .= " WHERE datep between ".$wheretail;
$sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')';
if (!empty($projectid)) $sql .= " AND fk_projet = ".$db->sanitize($projectid);
if(!empty($projectid)) $sql .= " AND fk_projet = ".((int) $projectid);
}
// Loan payments
if (GETPOST('selectloanspayment') && !empty($listofchoices['selectloanspayment']['perms']) && empty($projectid)) {