From 623917291085f3ee8293b0187eb9ea08c8bd8577 Mon Sep 17 00:00:00 2001 From: Yoan Mollard Date: Sun, 19 Jun 2022 19:30:10 +0200 Subject: [PATCH] Fixed sanitization of int --- htdocs/compta/accounting-files.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/htdocs/compta/accounting-files.php b/htdocs/compta/accounting-files.php index 571d17bea08..a0a592c72e1 100644 --- a/htdocs/compta/accounting-files.php +++ b/htdocs/compta/accounting-files.php @@ -181,7 +181,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " WHERE datef between ".$wheretail; $sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')'; $sql .= " AND t.fk_statut <> ".Facture::STATUS_DRAFT; - if (!empty($projectid)) $sql .= " AND fk_projet = ".$db->sanitize($projectid); + if(!empty($projectid)) $sql .= " AND fk_projet = ".((int) $projectid); } // Vendor invoices if (GETPOST('selectsupplierinvoices') && !empty($listofchoices['selectsupplierinvoices']['perms'])) { @@ -193,7 +193,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " WHERE datef between ".$wheretail; $sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')'; $sql .= " AND t.fk_statut <> ".FactureFournisseur::STATUS_DRAFT; - if (!empty($projectid)) $sql .= " AND fk_projet = ".$db->sanitize($projectid); + if(!empty($projectid)) $sql .= " AND fk_projet = ".((int) $projectid); } // Expense reports if (GETPOST('selectexpensereports') && !empty($listofchoices['selectexpensereports']['perms']) and empty($projectid)) { @@ -216,7 +216,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " WHERE datedon between ".$wheretail; $sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')'; $sql .= " AND t.fk_statut <> ".Don::STATUS_DRAFT; - if (!empty($projectid)) $sql .= " AND fk_projet = ".$db->sanitize($projectid); + if(!empty($projectid)) $sql .= " AND fk_projet = ".((int) $projectid); } // Payments of salaries if (GETPOST('selectpaymentsofsalaries') && !empty($listofchoices['selectpaymentsofsalaries']['perms'])) { @@ -228,7 +228,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " WHERE datep between ".$wheretail; $sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')'; //$sql.=" AND fk_statut <> ".PaymentSalary::STATUS_DRAFT; - if (!empty($projectid)) $sql .= " AND fk_projet = ".$db->sanitize($projectid); + if(!empty($projectid)) $sql .= " AND fk_projet = ".((int) $projectid); } // Social contributions if (GETPOST('selectsocialcontributions') && !empty($listofchoices['selectsocialcontributions']['perms'])) { @@ -240,7 +240,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " WHERE t.date_ech between ".$wheretail; $sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')'; //$sql.=" AND fk_statut <> ".ChargeSociales::STATUS_DRAFT; - if (!empty($projectid)) $sql .= " AND fk_projet = ".$db->sanitize($projectid); + if(!empty($projectid)) $sql .= " AND fk_projet = ".((int) $projectid); } // Various payments if (GETPOST('selectvariouspayment') && !empty($listofchoices['selectvariouspayment']['perms'])) { @@ -251,7 +251,7 @@ if (($action == 'searchfiles' || $action == 'dl')) { $sql .= " FROM ".MAIN_DB_PREFIX."payment_various as t"; $sql .= " WHERE datep between ".$wheretail; $sql .= " AND t.entity IN (".$db->sanitize($entity == 1 ? '0,1' : $entity).')'; - if (!empty($projectid)) $sql .= " AND fk_projet = ".$db->sanitize($projectid); + if(!empty($projectid)) $sql .= " AND fk_projet = ".((int) $projectid); } // Loan payments if (GETPOST('selectloanspayment') && !empty($listofchoices['selectloanspayment']['perms']) && empty($projectid)) {