From 4a185ba063095269b08941f8966e82316b25eb11 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Fri, 12 Mar 2021 12:47:58 +0100 Subject: [PATCH 01/37] add warehouse quabtity + fix input new quantity --- htdocs/product/inventory/inventory.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index dea3b46c946..6c8f6ab5256 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -505,10 +505,10 @@ if ($object->id > 0) { } print ''; - print 'TODO'; + print $obj->qty_stock; print ''; print ''; - print 'rowid).'">'; + print 'rowid).'">'; print ''; print ''; print ''.img_delete().''; From 8a2e49d6e7e67b08a72013028e830245d1e1bb9c Mon Sep 17 00:00:00 2001 From: lvessiller Date: Fri, 26 Mar 2021 17:44:41 +0100 Subject: [PATCH 02/37] NEW date and user signature on proposal (Issue 16062) --- htdocs/comm/propal/card.php | 2 +- htdocs/comm/propal/class/propal.class.php | 112 +++++++++++++++++- htdocs/core/lib/functions2.lib.php | 55 +++++++++ .../install/mysql/migration/13.0.0-14.0.0.sql | 6 + .../install/mysql/tables/llx_propal.key.sql | 2 + htdocs/install/mysql/tables/llx_propal.sql | 4 +- htdocs/langs/fr_FR/main.lang | 1 + htdocs/langs/fr_FR/other.lang | 1 + 8 files changed, 179 insertions(+), 4 deletions(-) diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index cecb4fff28a..dc923e4e1dc 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -642,7 +642,7 @@ if (empty($reshook)) { if ($object->statut == $object::STATUS_VALIDATED) { $db->begin(); - $result = $object->cloture($user, GETPOST('statut', 'int'), GETPOST('note_private', 'restricthtml')); + $result = $object->signature($user, GETPOST('statut', 'int'), GETPOST('note_private', 'restricthtml')); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); $error++; diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 3674356af20..c9f736fcfff 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -140,6 +140,16 @@ class Propal extends CommonObject */ public $date_validation; + /** + * @var integer|string $date_signature; + */ + public $date_signature; + + /** + * @var User $user_signature + */ + public $user_signature; + /** * @var integer|string date of the quote; */ @@ -2489,6 +2499,97 @@ class Propal extends CommonObject } } + /** + * Sign the commercial proposal + * + * @param User $user Object user that close + * @param int $statut Status + * @param string $note Complete private note with this note + * @param int $notrigger 1=Does not execute triggers, 0=Execute triggers + * @return int <0 if KO, >0 if OK + */ + function signature($user, $statut, $note = '', $notrigger = 0) + { + global $langs,$conf; + + $error = 0; + $now = dol_now(); + + $this->db->begin(); + + $newprivatenote = dol_concatdesc($this->note_private, $note); + + $sql = "UPDATE ".MAIN_DB_PREFIX."propal"; + $sql .= " SET fk_statut = ".$statut.", note_private = '".$this->db->escape($newprivatenote)."', date_signature='".$this->db->idate($now)."', fk_user_signature=".$user->id; + $sql .= " WHERE rowid = ".$this->id; + + $resql = $this->db->query($sql); + if ($resql) { + $modelpdf = $conf->global->PROPALE_ADDON_PDF_ODT_CLOSED ? $conf->global->PROPALE_ADDON_PDF_ODT_CLOSED : $this->model_pdf; + $trigger_name = 'PROPAL_CLOSE_REFUSED'; + + if ($statut == self::STATUS_SIGNED) { + $trigger_name = 'PROPAL_CLOSE_SIGNED'; + $modelpdf = $conf->global->PROPALE_ADDON_PDF_ODT_TOBILL ? $conf->global->PROPALE_ADDON_PDF_ODT_TOBILL:$this->model_pdf; + + // The connected company is classified as a client + $soc=new Societe($this->db); + $soc->id = $this->socid; + $result = $soc->set_as_client(); + + if ($result < 0) { + $this->error=$this->db->lasterror(); + $this->db->rollback(); + return -2; + } + } + + if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) { + // Define output language + $outputlangs = $langs; + if (!empty($conf->global->MAIN_MULTILANGS)) { + $outputlangs = new Translate("", $conf); + $newlang = (GETPOST('lang_id','aZ09') ? GETPOST('lang_id','aZ09') : $this->thirdparty->default_lang); + $outputlangs->setDefaultLang($newlang); + } + + //$ret=$object->fetch($id); // Reload to get new records + $this->generateDocument($modelpdf, $outputlangs); + } + + if (!$error) { + $this->oldcopy= clone $this; + $this->statut = $statut; + $this->date_signature = $now; + $this->note_private = $newprivatenote; + } + + if (!$notrigger && empty($error)) { + // Call trigger + $result=$this->call_trigger($trigger_name, $user); + if ($result < 0) { + $error++; + } + // End call triggers + } + + if (!$error ) { + $this->db->commit(); + return 1; + } else { + $this->statut = $this->oldcopy->statut; + $this->date_signature = $this->oldcopy->date_signature; + $this->note_private = $this->oldcopy->note_private; + + $this->db->rollback(); + return -1; + } + } else { + $this->error=$this->db->lasterror(); + $this->db->rollback(); + return -1; + } + } /** * Close the commercial proposal @@ -3113,8 +3214,8 @@ class Propal extends CommonObject public function info($id) { $sql = "SELECT c.rowid, "; - $sql .= " c.datec, c.date_valid as datev, c.date_cloture as dateo,"; - $sql .= " c.fk_user_author, c.fk_user_valid, c.fk_user_cloture"; + $sql .= " c.datec, c.date_valid as datev, c.date_signature, c.date_cloture as dateo,"; + $sql .= " c.fk_user_author, c.fk_user_valid, c.fk_user_signature, c.fk_user_cloture"; $sql .= " FROM ".MAIN_DB_PREFIX."propal as c"; $sql .= " WHERE c.rowid = ".((int) $id); @@ -3128,6 +3229,7 @@ class Propal extends CommonObject $this->date_creation = $this->db->jdate($obj->datec); $this->date_validation = $this->db->jdate($obj->datev); + $this->date_signature = $this->db->jdate($obj->date_signature); $this->date_cloture = $this->db->jdate($obj->dateo); $cuser = new User($this->db); @@ -3140,6 +3242,12 @@ class Propal extends CommonObject $this->user_validation = $vuser; } + if ($obj->fk_user_signature) { + $user_signature = new User($this->db); + $user_signature->fetch($obj->fk_user_signature); + $this->user_signature = $user_signature; + } + if ($obj->fk_user_cloture) { $cluser = new User($this->db); $cluser->fetch($obj->fk_user_cloture); diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php index 0703df95255..3f7e02b9bad 100644 --- a/htdocs/core/lib/functions2.lib.php +++ b/htdocs/core/lib/functions2.lib.php @@ -507,6 +507,61 @@ function dol_print_object_info($object, $usetable = 0) } } + // User signature + if (!empty($object->user_signature)) { + if ($usetable) { + print ''; + } + print $langs->trans('SignedBy'); + if ($usetable) { + print ''; + } else { + print ': '; + } + if (is_object($object->user_signature)) { + if ($object->user_signature->id) { + print $object->user_signature->getNomUrl(-1, '', 0, 0, 0); + } else { + print $langs->trans('Unknown'); + } + } else { + $userstatic = new User($db); + $userstatic->fetch($object->user_signature); + if ($userstatic->id) { + print $userstatic->getNomUrl(-1, '', 0, 0, 0); + } else { + print $langs->trans('Unknown'); + } + } + if ($usetable) { + print ''; + } else { + print '
'; + } + } + + // Date signature + if (!empty($object->date_signature)) { + if ($usetable) { + print ''; + } + print $langs->trans('DateSigning'); + if ($usetable) { + print ''; + } else { + print ': '; + } + print dol_print_date($object->date_signature, 'dayhour'); + if ($deltadateforuser) { + print ' '.$langs->trans('CurrentHour').'   /   '.dol_print_date($object->date_signature,'dayhour', 'tzuserrel').'  '.$langs->trans('ClientHour'); + } + if ($usetable) { + print ''; + } else { + print '
'; + } + } + // User close if (!empty($object->user_cloture) || !empty($object->user_closing)) { if (isset($object->user_cloture) && !empty($object->user_cloture)) { diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index 772f0e51bdf..0c71b94f4f1 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -282,5 +282,11 @@ DELETE FROM llx_boxes_def WHERE file IN ('box_graph_ticket_by_severity', 'box_ti ALTER TABLE llx_c_ticket_category ADD COLUMN public integer DEFAULT 0; +ALTER TABLE llx_propal ADD COLUMN date_signature datetime AFTER date_valid; +ALTER TABLE llx_propal ADD COLUMN fk_user_signature integer AFTER fk_user_valid; +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_signature FOREIGN KEY (fk_user_signature) REFERENCES llx_user (rowid); +UPDATE llx_propal SET fk_user_signature = fk_user_cloture WHERE fk_user_signature IS NULL AND fk_user_cloture IS NOT NULL; +UPDATE llx_propal SET date_signature = date_cloture WHERE date_signature IS NULL AND date_cloture IS NOT NULL; + diff --git a/htdocs/install/mysql/tables/llx_propal.key.sql b/htdocs/install/mysql/tables/llx_propal.key.sql index 89a0c54ad83..d0265e6fcdf 100644 --- a/htdocs/install/mysql/tables/llx_propal.key.sql +++ b/htdocs/install/mysql/tables/llx_propal.key.sql @@ -24,6 +24,7 @@ ALTER TABLE llx_propal ADD UNIQUE INDEX uk_propal_ref (ref, entity); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_soc (fk_soc); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_author (fk_user_author); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_valid (fk_user_valid); +ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_signature (fk_user_signature); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_user_cloture (fk_user_cloture); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_projet (fk_projet); ALTER TABLE llx_propal ADD INDEX idx_propal_fk_account(fk_account); @@ -33,6 +34,7 @@ ALTER TABLE llx_propal ADD INDEX idx_propal_fk_warehouse(fk_warehouse); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_soc FOREIGN KEY (fk_soc) REFERENCES llx_societe (rowid); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_author FOREIGN KEY (fk_user_author) REFERENCES llx_user (rowid); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_valid FOREIGN KEY (fk_user_valid) REFERENCES llx_user (rowid); +ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_signature FOREIGN KEY (fk_user_signature) REFERENCES llx_user (rowid); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_user_cloture FOREIGN KEY (fk_user_cloture) REFERENCES llx_user (rowid); ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_projet FOREIGN KEY (fk_projet) REFERENCES llx_projet (rowid); --ALTER TABLE llx_propal ADD CONSTRAINT fk_propal_fk_warehouse FOREIGN KEY (fk_warehouse) REFERENCES llx_entrepot(rowid); diff --git a/htdocs/install/mysql/tables/llx_propal.sql b/htdocs/install/mysql/tables/llx_propal.sql index 004bb027d35..7c94086b3b9 100644 --- a/htdocs/install/mysql/tables/llx_propal.sql +++ b/htdocs/install/mysql/tables/llx_propal.sql @@ -37,11 +37,13 @@ create table llx_propal datep date, -- date de la propal fin_validite datetime, -- date de fin de validite date_valid datetime, -- date de validation + date_signature datetime, -- date signature date_cloture datetime, -- date de cloture fk_user_author integer, -- user making creation fk_user_modif integer, -- user making last change fk_user_valid integer, -- user validating - fk_user_cloture integer, -- user closing (signed or not) + fk_user_signature integer, -- user signing (signed or not) + fk_user_cloture integer, -- user closing fk_statut smallint DEFAULT 0 NOT NULL, -- 0=draft, 1=validated, 2=accepted, 3=refused, 4=billed/closed price real DEFAULT 0, -- (obsolete) remise_percent real DEFAULT 0, -- remise globale relative en pourcent (obsolete) diff --git a/htdocs/langs/fr_FR/main.lang b/htdocs/langs/fr_FR/main.lang index 86ba2247682..a8b13c7e914 100644 --- a/htdocs/langs/fr_FR/main.lang +++ b/htdocs/langs/fr_FR/main.lang @@ -278,6 +278,7 @@ DateModificationShort=Date modif. IPModification=Modification IP DateLastModification=Date de dernière modification DateValidation=Date validation +DateSigning=Date signature DateClosing=Date clôture DateDue=Date échéance DateValue=Date valeur diff --git a/htdocs/langs/fr_FR/other.lang b/htdocs/langs/fr_FR/other.lang index 3023cd7216e..a8078129464 100644 --- a/htdocs/langs/fr_FR/other.lang +++ b/htdocs/langs/fr_FR/other.lang @@ -114,6 +114,7 @@ DemoCompanyAll=Société avec de multiples activités (tous les modules principa CreatedBy=Créé par %s ModifiedBy=Modifié par %s ValidatedBy=Validé par %s +SignedBy=Signé par %s ClosedBy=Clôturé par %s CreatedById=Id utilisateur créateur ModifiedById=Id utilisateur du dernier changement From 05bf3cdab184ab8b1921afbec57d079c44f8ced4 Mon Sep 17 00:00:00 2001 From: lvessiller Date: Fri, 26 Mar 2021 17:59:16 +0100 Subject: [PATCH 03/37] FIX stickler-ci errors --- htdocs/comm/propal/class/propal.class.php | 4 ++-- htdocs/core/lib/functions2.lib.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index c9f736fcfff..d9f1654e37c 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -2508,7 +2508,7 @@ class Propal extends CommonObject * @param int $notrigger 1=Does not execute triggers, 0=Execute triggers * @return int <0 if KO, >0 if OK */ - function signature($user, $statut, $note = '', $notrigger = 0) + public function signature($user, $statut, $note = '', $notrigger = 0) { global $langs,$conf; @@ -2549,7 +2549,7 @@ class Propal extends CommonObject $outputlangs = $langs; if (!empty($conf->global->MAIN_MULTILANGS)) { $outputlangs = new Translate("", $conf); - $newlang = (GETPOST('lang_id','aZ09') ? GETPOST('lang_id','aZ09') : $this->thirdparty->default_lang); + $newlang = (GETPOST('lang_id', 'aZ09') ? GETPOST('lang_id', 'aZ09') : $this->thirdparty->default_lang); $outputlangs->setDefaultLang($newlang); } diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php index 3f7e02b9bad..e279ced2a3d 100644 --- a/htdocs/core/lib/functions2.lib.php +++ b/htdocs/core/lib/functions2.lib.php @@ -553,7 +553,7 @@ function dol_print_object_info($object, $usetable = 0) } print dol_print_date($object->date_signature, 'dayhour'); if ($deltadateforuser) { - print ' '.$langs->trans('CurrentHour').'   /   '.dol_print_date($object->date_signature,'dayhour', 'tzuserrel').'  '.$langs->trans('ClientHour'); + print ' '.$langs->trans('CurrentHour').'   /   '.dol_print_date($object->date_signature, 'dayhour', 'tzuserrel').'  '.$langs->trans('ClientHour'); } if ($usetable) { print ''; From 966d3a6f30abb899216fdbe3d7a913586e8a36b8 Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Mon, 29 Mar 2021 15:18:34 +0200 Subject: [PATCH 04/37] add setrecorded and commit to db --- htdocs/langs/en_US/stocks.lang | 3 +- .../inventory/class/inventory.class.php | 21 +++++ htdocs/product/inventory/inventory.php | 89 ++++++++++++++++--- 3 files changed, 102 insertions(+), 11 deletions(-) diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang index 8e949661c49..a7205207cf9 100644 --- a/htdocs/langs/en_US/stocks.lang +++ b/htdocs/langs/en_US/stocks.lang @@ -242,4 +242,5 @@ InventoryRealQtyHelp=Set value to 0 to reset qty
Keep field empty, or remove UpdateByScaning=Update by scaning UpdateByScaningProductBarcode=Update by scan (product barcode) UpdateByScaningLot=Update by scan (lot|serial barcode) -DisableStockChangeOfSubProduct=Deactivate the stock change for all the subproducts of this Kit during this movement. \ No newline at end of file +DisableStockChangeOfSubProduct=Deactivate the stock change for all the subproducts of this Kit during this movement. +LabelOfInventoryMovemement=Inventory %s \ No newline at end of file diff --git a/htdocs/product/inventory/class/inventory.class.php b/htdocs/product/inventory/class/inventory.class.php index ce585c51a10..dc1b46331fc 100644 --- a/htdocs/product/inventory/class/inventory.class.php +++ b/htdocs/product/inventory/class/inventory.class.php @@ -359,6 +359,27 @@ class Inventory extends CommonObject } } + /** + * Set to Recorded + * + * @param User $user User that creates + * @param bool $notrigger false=launch triggers after, true=disable triggers + * @return int <0 if KO, Id of created object if OK + */ + public function setRecorded(User $user, $notrigger = false) + { + $this->db->begin(); + + $result = $this->setStatut($this::STATUS_RECORDED, null, '', 'INVENTORY_RECORDED'); + + if ($result > 0) { + $this->db->commit(); + } else { + $this->db->rollback(); + return -1; + } + } + /** * Clone and object into another one * diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index 6c8f6ab5256..d8e76489ffc 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -27,6 +27,7 @@ include_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; include_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; include_once DOL_DOCUMENT_ROOT.'/product/inventory/class/inventory.class.php'; include_once DOL_DOCUMENT_ROOT.'/product/inventory/lib/inventory.lib.php'; +include_once DOL_DOCUMENT_ROOT.'/product/stock/class/mouvementstock.class.php'; // Load translation files required by the page $langs->loadLangs(array("stocks", "other", "productbatch")); @@ -98,6 +99,67 @@ $now = dol_now(); * Actions */ +if ($action == 'update' && $user->rights->stock->mouvement->creer) { + $stockmovment = new MouvementStock($db); + $stockmovment->origin = $object; + + $sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,'; + $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; + $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; + $sql .= ' WHERE id.fk_inventory = '.$object->id; + $resql = $db->query($sql); + if ($resql) { + $num = $db->num_rows($resql); + $i = 0; + $totalarray = array(); + while ($i < $num) { + $line = $db->fetch_object($resql); + $qty_view = $line->qty_view; + $qty_stock = $line->qty_stock; + $stock_movement_qty = $qty_view - $qty_stock; + if ($stock_movement_qty != 0) { + if ($stock_movement_qty < 0) { + $movement_type = 1; + } else { + $movement_type = 0; + } + $idstockmove = $stockmovment->_create($user, $line->fk_product, $line->fk_warehouse, $stock_movement_qty, $movement_type, 0, $langs->trans('LabelOfInventoryMovemement', $object->id), 'INV'.$object->id); + if ($idstockmove < 0) { + $error++; + setEventMessages($stockmovment->error, $stockmovment->errors, 'errors'); + } + } + $i++; + } + if (!$error) { + $object->setRecorded($user); + } + } +} + +if ($action =='updateinventorylines' && $permissiontoadd) { + $sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,'; + $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; + $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; + $sql .= ' WHERE id.fk_inventory = '.$object->id; + + $resql = $db->query($sql); + if ($resql) { + $num = $db->num_rows($resql); + $i = 0; + $totalarray = array(); + while ($i < $num) { + $line = $db->fetch_object($resql); + $lineid = $line->rowid; + $inventoryline = new InventoryLine($db); + $inventoryline->fetch($lineid); + $inventoryline->qty_view = GETPOST("id_".$inventoryline->id); + $inventoryline->update($user); + $i++; + } + } +} + $parameters = array(); $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { @@ -419,10 +481,12 @@ if ($object->id > 0) { print ''; print $form->textwithpicto($langs->trans("RealQty"), $langs->trans("InventoryRealQtyHelp")); print ''; - // Actions - print ''; - print ''; - print ''; + if ($object->status == $object::STATUS_VALIDATED) { + // Actions + print ''; + print ''; + print ''; + } // Line to add a new line in inventory if ($object->status == $object::STATUS_VALIDATED) { @@ -508,12 +572,17 @@ if ($object->id > 0) { print $obj->qty_stock; print ''; print ''; - print 'rowid).'">'; - print ''; - print ''; - print ''.img_delete().''; - print ''; - + if ($object->status == $object::STATUS_VALIDATED) { + $qty_view = GETPOST("id_".$obj->rowid) ? GETPOST("id_".$obj->rowid) : $obj->qty_view; + print ''; + print ''; + print ''; + print ''.img_delete().''; + print ''; + } else { + print $obj->qty_view; + print ''; + } print ''; $i++; From 55560b7d38e3817f79e4448e5f265182958f861e Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Tue, 30 Mar 2021 12:35:20 +0200 Subject: [PATCH 05/37] Inventory module working --- htdocs/core/modules/modStock.class.php | 6 +++ htdocs/langs/en_US/stocks.lang | 5 ++- htdocs/product/inventory/card.php | 6 +++ .../inventory/class/inventory.class.php | 27 ++++++++++++- htdocs/product/inventory/inventory.php | 38 +++++++++---------- 5 files changed, 61 insertions(+), 21 deletions(-) diff --git a/htdocs/core/modules/modStock.class.php b/htdocs/core/modules/modStock.class.php index 3d46d606265..c9379fb25d6 100644 --- a/htdocs/core/modules/modStock.class.php +++ b/htdocs/core/modules/modStock.class.php @@ -172,6 +172,12 @@ class modStock extends DolibarrModules $this->rights[9][3] = 0; // Permission by default for new user (0/1) $this->rights[9][4] = 'inventory_advance'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) $this->rights[9][5] = 'changePMP'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) + + $this->rights[10][0] = 1016; + $this->rights[10][1] = 'inventoryDeletePermission'; // Permission label + $this->rights[10][3] = 0; // Permission by default for new user (0/1) + $this->rights[10][4] = 'inventory_advance'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) + $this->rights[10][5] = 'delete'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) } // Main menu entries diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang index a7205207cf9..639f025425a 100644 --- a/htdocs/langs/en_US/stocks.lang +++ b/htdocs/langs/en_US/stocks.lang @@ -184,6 +184,7 @@ inventoryCreatePermission=Create new inventory inventoryReadPermission=View inventories inventoryWritePermission=Update inventories inventoryValidatePermission=Validate inventory +inventoryDeletePermission=Delete inventory inventoryTitle=Inventory inventoryListTitle=Inventories inventoryListEmpty=No inventory in progress @@ -243,4 +244,6 @@ UpdateByScaning=Update by scaning UpdateByScaningProductBarcode=Update by scan (product barcode) UpdateByScaningLot=Update by scan (lot|serial barcode) DisableStockChangeOfSubProduct=Deactivate the stock change for all the subproducts of this Kit during this movement. -LabelOfInventoryMovemement=Inventory %s \ No newline at end of file +LabelOfInventoryMovemement=Inventory %s +ReOpen=Reopen +ConfirmFinish=Confirm closing \ No newline at end of file diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php index 92ad4c2176b..dda16746398 100644 --- a/htdocs/product/inventory/card.php +++ b/htdocs/product/inventory/card.php @@ -407,6 +407,12 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea print ''.$langs->trans("SetToDraft").''; } } + // Back to validate + if ($object->status == $object::STATUS_RECORDED) { + if ($permissiontoadd) { + print ''.$langs->trans("ReOpen").''; + } + } // Modify if ($object->status == $object::STATUS_DRAFT) { diff --git a/htdocs/product/inventory/class/inventory.class.php b/htdocs/product/inventory/class/inventory.class.php index dc1b46331fc..bf34dd04efc 100644 --- a/htdocs/product/inventory/class/inventory.class.php +++ b/htdocs/product/inventory/class/inventory.class.php @@ -52,7 +52,7 @@ class Inventory extends CommonObject /** * @var int Does object support extrafields ? 0=No, 1=Yes */ - public $isextrafieldmanaged = 1; + public $isextrafieldmanaged = 0; /** * @var string String with name of icon for inventory @@ -254,6 +254,7 @@ class Inventory extends CommonObject */ public function validate(User $user, $notrigger = false) { + global $conf; $this->db->begin(); $result = 0; @@ -380,6 +381,27 @@ class Inventory extends CommonObject } } + /** + * Set to Canceled + * + * @param User $user User that creates + * @param bool $notrigger false=launch triggers after, true=disable triggers + * @return int <0 if KO, Id of created object if OK + */ + public function setCanceled(User $user, $notrigger = false) + { + $this->db->begin(); + + $result = $this->setStatut($this::STATUS_CANCELED, null, '', 'INVENTORY_CANCELED'); + + if ($result > 0) { + $this->db->commit(); + } else { + $this->db->rollback(); + return -1; + } + } + /** * Clone and object into another one * @@ -587,9 +609,11 @@ class Inventory extends CommonObject $labelStatus[self::STATUS_DRAFT] = $langs->trans('Draft'); $labelStatus[self::STATUS_VALIDATED] = $langs->trans('Validated').' ('.$langs->trans('Started').')'; $labelStatus[self::STATUS_CANCELED] = $langs->trans('Canceled'); + $labelStatus[self::STATUS_RECORDED] = $langs->trans('Closed'); $labelStatusShort[self::STATUS_DRAFT] = $langs->trans('Draft'); $labelStatusShort[self::STATUS_VALIDATED] = $langs->trans('Started'); $labelStatusShort[self::STATUS_CANCELED] = $langs->trans('Canceled'); + $labelStatusShort[self::STATUS_RECORDED] = $langs->trans('Closed'); return dolGetStatus($labelStatus[$status], $labelStatusShort[$status], '', 'status'.$status, $mode); } @@ -649,6 +673,7 @@ class Inventory extends CommonObject public function initAsSpecimen() { $this->initAsSpecimenCommon(); + $this->title = ''; } } diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index d8e76489ffc..55f0ef51149 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -99,6 +99,10 @@ $now = dol_now(); * Actions */ +if ($action == 'cancel_record' && $permissiontoadd) { + $object->setCanceled($user); +} + if ($action == 'update' && $user->rights->stock->mouvement->creer) { $stockmovment = new MouvementStock($db); $stockmovment->origin = $object; @@ -285,6 +289,18 @@ if ($object->id > 0) { $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('ToClone'), $langs->trans('ConfirmCloneMyObject', $object->ref), 'confirm_clone', $formquestion, 'yes', 1); } + // Confirmation to close + if ($action == 'record') { + $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('Close'), $langs->trans('ConfirmFinish'), 'update', '', 0, 1); + $action = 'view'; + } + + // Confirmation to close + if ($action == 'confirm_cancel') { + $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id, $langs->trans('Cancel'), $langs->trans('ConfirmCancel'), 'cancel_record', '', 0, 1); + $action = 'view'; + } + // Call Hook formConfirm $parameters = array('formConfirm' => $formconfirm, 'lineid' => $lineid); $reshook = $hookmanager->executeHooks('formConfirm', $parameters, $object, $action); // Note that $action and $object may have been modified by hook @@ -369,24 +385,7 @@ if ($object->id > 0) { // Buttons for actions - if ($action == 'record') { - print '
'; - print ''; - print ''; - print ''; - if ($backtopage) { - print ''; - } - - print '
'; - print ''.$langs->trans("InventoryDesc").'
'; - print ''; - print '   '; - print ''; - print '
'; - print '
'; - print '
'; - } else { + if ($action != 'record') { print '
'."\n"; $parameters = array(); $reshook = $hookmanager->executeHooks('addMoreActionsButtons', $parameters, $object, $action); // Note that $action and $object may have been modified by hook @@ -422,7 +421,8 @@ if ($object->id > 0) { if ($object->status == Inventory::STATUS_VALIDATED) { if ($permissiontoadd) { - print ''.$langs->trans("Finish").''."\n"; + print ''.$langs->trans("Cancel").''."\n"; + print ''.$langs->trans("Close").''."\n"; } else { print ''.$langs->trans('Finish').''."\n"; } From bf42a2ad87eefdbc2cbdb4778763f0f24383debe Mon Sep 17 00:00:00 2001 From: lmarcouiller Date: Tue, 30 Mar 2021 14:38:53 +0200 Subject: [PATCH 06/37] Close #4951 : Add TestUnit --- .../inventory/class/inventory.class.php | 4 + test/phpunit/InventoryTest.php | 382 ++++++++++++++++++ 2 files changed, 386 insertions(+) create mode 100644 test/phpunit/InventoryTest.php diff --git a/htdocs/product/inventory/class/inventory.class.php b/htdocs/product/inventory/class/inventory.class.php index bf34dd04efc..e872d7e353a 100644 --- a/htdocs/product/inventory/class/inventory.class.php +++ b/htdocs/product/inventory/class/inventory.class.php @@ -329,6 +329,7 @@ class Inventory extends CommonObject } else { $this->db->rollback(); } + return $result; } /** @@ -358,6 +359,7 @@ class Inventory extends CommonObject } else { $this->db->rollback(); } + return $result; } /** @@ -379,6 +381,7 @@ class Inventory extends CommonObject $this->db->rollback(); return -1; } + return $result; } /** @@ -400,6 +403,7 @@ class Inventory extends CommonObject $this->db->rollback(); return -1; } + return $result; } /** diff --git a/test/phpunit/InventoryTest.php b/test/phpunit/InventoryTest.php new file mode 100644 index 00000000000..1d125a0311c --- /dev/null +++ b/test/phpunit/InventoryTest.php @@ -0,0 +1,382 @@ + + * Copyright (C) 2018 Frédéric France + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * or see https://www.gnu.org/ + */ + +/** + * \file test/phpunit/InventoryTest.php + * \ingroup test + * \brief PHPUnit test + * \remarks To run this script as CLI: phpunit filename.php + */ + +global $conf,$user,$langs,$db; +//define('TEST_DB_FORCE_TYPE','mysql'); // This is to force using mysql driver +//require_once 'PHPUnit/Autoload.php'; +require_once dirname(__FILE__).'/../../htdocs/master.inc.php'; +require_once dirname(__FILE__).'/../../htdocs/product/inventory/class/inventory.class.php'; + +if (empty($user->id)) { + print "Load permissions for admin user nb 1\n"; + $user->fetch(1); + $user->getrights(); +} +$conf->global->MAIN_DISABLE_ALL_MAILS=1; + + +/** + * Class for PHPUnit tests + * + * @backupGlobals disabled + * @backupStaticAttributes enabled + * @remarks backupGlobals must be disabled to have db,conf,user and lang not erased. + */ +class InventoryTest extends PHPUnit\Framework\TestCase +{ + protected $savconf; + protected $savuser; + protected $savlangs; + protected $savdb; + + /** + * Constructor + * We save global variables into local variables + * + * @return InventoryTest + */ + public function __construct() + { + parent::__construct(); + + //$this->sharedFixture + global $conf,$user,$langs,$db; + $this->savconf=$conf; + $this->savuser=$user; + $this->savlangs=$langs; + $this->savdb=$db; + + print __METHOD__." db->type=".$db->type." user->id=".$user->id; + //print " - db ".$db->db; + print "\n"; + } + + /** + * setUpBeforeClass + * + * @return void + */ + public static function setUpBeforeClass():void + { + global $conf,$user,$langs,$db; + + $db->begin(); // This is to have all actions inside a transaction even if test launched without suite. + + print __METHOD__."\n"; + } + + /** + * tearDownAfterClass + * + * @return void + */ + public static function tearDownAfterClass():void + { + global $conf,$user,$langs,$db; + $db->rollback(); + + print __METHOD__."\n"; + } + + /** + * Init phpunit tests + * + * @return void + */ + protected function setUp():void + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + print __METHOD__."\n"; + } + + /** + * End phpunit tests + * + * @return void + */ + protected function tearDown():void + { + print __METHOD__."\n"; + } + + /** + * testInventoryCreate + * + * @return int + */ + public function testInventoryCreate() + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject=new Inventory($db); + $localobject->initAsSpecimen(); + $result=$localobject->create($user); + $this->assertLessThan($result, 0); + print __METHOD__." result=".$result."\n"; + return $result; + } + + /** + * testInventoryFetch + * + * @param int $id Id invoice + * @return int + * + * @depends testInventoryCreate + * The depends says test is run only if previous is ok + */ + public function testInventoryFetch($id) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject=new Inventory($this->savdb); + $result=$localobject->fetch($id); + + $this->assertLessThan($result, 0); + print __METHOD__." id=".$id." result=".$result."\n"; + return $localobject; + } + + /** + * testInventoryUpdate + * + * @param Inventory $localobject Invoice + * @return int + * + * @depends testInventoryFetch + * The depends says test is run only if previous is ok + */ + public function testInventoryUpdate($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject->status = 9; + $localobject->title = 'test'; + $result=$localobject->update($user, $user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + $this->assertLessThan($result, 0); + return $localobject; + } + + + /** + * testInventoryValidate + * + * @param Inventory $localobject Invoice + * @return void + * + * @depends testInventoryUpdate + * The depends says test is run only if previous is ok + */ + public function testInventoryValidate($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $result=$localobject->validate($user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + + $this->assertLessThan($result, 0); + $this->assertEquals($localobject->status, '1'); + return $localobject; + } + + /** + * testInventorySetDraft + * + * @param Inventory $localobject Invoice + * @return void + * + * @depends testInventoryValidate + * The depends says test is run only if previous is ok + */ + public function testInventorySetDraft($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $result=$localobject->setDraft($user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + + $this->assertLessThan($result, 0); + $this->assertEquals($localobject->status, '0'); + return $localobject; + } + + /** + * testInventorySetRecorded + * + * @param Inventory $localobject Invoice + * @return void + * + * @depends testInventorySetDraft + * The depends says test is run only if previous is ok + */ + public function testInventorySetRecorded($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $result=$localobject->setRecorded($user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + + $this->assertLessThan($result, 0); + $this->assertEquals($localobject->status, '2'); + return $localobject; + } + + /** + * testInventorySetCanceled + * + * @param Inventory $localobject Invoice + * @return void + * + * @depends testInventorySetRecorded + * The depends says test is run only if previous is ok + */ + public function testInventorySetCanceled($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $result=$localobject->setCanceled($user); + print __METHOD__." id=".$localobject->id." result=".$result."\n"; + + $this->assertLessThan($result, 0); + $this->assertEquals($localobject->status, '9'); + return $localobject; + } + + /** + * testInventoryOther + * + * @param Inventory $localobject Invoice + * @return int + * @depends testInventorySetRecorded + * The depends says test is run only if previous is ok + */ + public function testInventoryOther($localobject) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject->info($localobject->id); + print __METHOD__." localobject->date_creation=".$localobject->date_creation."\n"; + $this->assertNotEquals($localobject->date_creation, ''); + return $localobject->id; + } + + /** + * testInventoryDelete + * + * @param int $id Id of invoice + * @return int + * @depends testInventoryOther + * The depends says test is run only if previous is ok + */ + public function testInventoryDelete($id) + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $localobject=new Inventory($this->savdb); + $result=$localobject->fetch($id); + $result=$localobject->delete($user); + print __METHOD__." id=".$id." result=".$result."\n"; + $this->assertLessThan($result, 0); + + return $result; + } + + /** + * Compare all public properties values of 2 objects + * + * @param Object $oA Object operand 1 + * @param Object $oB Object operand 2 + * @param boolean $ignoretype False will not report diff if type of value differs + * @param array $fieldstoignorearray Array of fields to ignore in diff + * @return array Array with differences + */ + public function objCompare($oA, $oB, $ignoretype = true, $fieldstoignorearray = array('id')) + { + $retAr=array(); + + if (get_class($oA) !== get_class($oB)) { + $retAr[]="Supplied objects are not of same class."; + } else { + $oVarsA=get_object_vars($oA); + $oVarsB=get_object_vars($oB); + $aKeys=array_keys($oVarsA); + foreach ($aKeys as $sKey) { + if (in_array($sKey, $fieldstoignorearray)) { + continue; + } + if (! $ignoretype && ($oVarsA[$sKey] !== $oVarsB[$sKey])) { + $retAr[]=$sKey.' : '.(is_object($oVarsA[$sKey])?get_class($oVarsA[$sKey]):$oVarsA[$sKey]).' <> '.(is_object($oVarsB[$sKey])?get_class($oVarsB[$sKey]):$oVarsB[$sKey]); + } + if ($ignoretype && ($oVarsA[$sKey] != $oVarsB[$sKey])) { + $retAr[]=$sKey.' : '.(is_object($oVarsA[$sKey])?get_class($oVarsA[$sKey]):$oVarsA[$sKey]).' <> '.(is_object($oVarsB[$sKey])?get_class($oVarsB[$sKey]):$oVarsB[$sKey]); + } + } + } + return $retAr; + } +} From 96b450a8495e753bd6562928c36cef6b6378bf85 Mon Sep 17 00:00:00 2001 From: Anthony Berton <34568357+bb2a@users.noreply.github.com> Date: Tue, 30 Mar 2021 14:58:47 +0200 Subject: [PATCH 07/37] 20210330 --- htdocs/admin/stock.php | 11 +++++++++++ htdocs/langs/en_US/stocks.lang | 1 + htdocs/langs/fr_FR/stocks.lang | 1 + 3 files changed, 13 insertions(+) diff --git a/htdocs/admin/stock.php b/htdocs/admin/stock.php index acab698f675..570ca0c2a5a 100644 --- a/htdocs/admin/stock.php +++ b/htdocs/admin/stock.php @@ -673,6 +673,17 @@ if (!empty($conf->global->MAIN_DEFAULT_WAREHOUSE_USER)) { print "\n"; print "\n"; } + +print ''; +print ''.$langs->trans("WarehouseAskWarehouseOnThirparty").''; +print ''; +if ($conf->use_javascript_ajax) { + print ajax_constantonoff('SOCIETE_ASK_FOR_WAREHOUSE'); +} else { + $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); + print $form->selectarray("SOCIETE_ASK_FOR_WAREHOUSE", $arrval, $conf->global->SOCIETE_ASK_FOR_WAREHOUSE); +} + print ''; print ''.$langs->trans("WarehouseAskWarehouseDuringPropal").''; print ''; diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang index 8e949661c49..0e9bd11ec4d 100644 --- a/htdocs/langs/en_US/stocks.lang +++ b/htdocs/langs/en_US/stocks.lang @@ -62,6 +62,7 @@ EnhancedValueOfWarehouses=Warehouses value UserWarehouseAutoCreate=Create a user warehouse automatically when creating a user AllowAddLimitStockByWarehouse=Manage also value for minimum and desired stock per pairing (product-warehouse) in addition to the value for minimum and desired stock per product RuleForWarehouse=Rule for warehouses +WarehouseAskWarehouseOnThirparty=Set a warehouse on thirparty WarehouseAskWarehouseDuringPropal=Set a warehouse on Commercial proposals WarehouseAskWarehouseDuringOrder=Set a warehouse on Sale orders UserDefaultWarehouse=Set a warehouse on Users diff --git a/htdocs/langs/fr_FR/stocks.lang b/htdocs/langs/fr_FR/stocks.lang index c29c3b26d82..2d2be548f3b 100644 --- a/htdocs/langs/fr_FR/stocks.lang +++ b/htdocs/langs/fr_FR/stocks.lang @@ -62,6 +62,7 @@ EnhancedValueOfWarehouses=Valorisation des stocks UserWarehouseAutoCreate=Créer automatiquement un stock/entrepôt propre à l'utilisateur lors de sa création AllowAddLimitStockByWarehouse=Gérez également les valeurs des stocks minimums et souhaités par paire (produit-entrepôt) en plus des valeurs de minimums et souhaités par produit RuleForWarehouse=Règle pour les entrepôts +WarehouseAskWarehouseOnThirparty=Définir un entrepôt sur les tiers WarehouseAskWarehouseDuringPropal=Définir un entrepôt sur les propositions WarehouseAskWarehouseDuringOrder=Définir un entrepôt sur les commandes UserDefaultWarehouse=Définir un entrepôt sur les utilisateurs From d098ca7becde5745ab8a4b637ca02bf86b28af6b Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Tue, 30 Mar 2021 16:01:35 +0200 Subject: [PATCH 08/37] Update llx_10_c_regions.sql LICENSE Australia Barbados Brazil Canada --- .../install/mysql/data/llx_10_c_regions.sql | 31 ++++++++++++------- 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/htdocs/install/mysql/data/llx_10_c_regions.sql b/htdocs/install/mysql/data/llx_10_c_regions.sql index 96ab85788ff..37394db47e0 100644 --- a/htdocs/install/mysql/data/llx_10_c_regions.sql +++ b/htdocs/install/mysql/data/llx_10_c_regions.sql @@ -12,6 +12,9 @@ -- Copyright (C) 2019~ Lao Tian <281388879@qq.com> -- Copyright (C) 2020-2021 Udo Tamm -- +-- +-- LICENSE ---------------------------------------------------------------------- +-- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by -- the Free Software Foundation; either version 3 of the License, or @@ -64,16 +67,32 @@ INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 2 INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 23, 2305, '', 0, 'Patagonia'); +-- Australia Regions (id country=28) +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 28, 2801, '', 0, 'Australia'); + + -- Austria Regions (id country=41) INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 41, 4101, '', 0, 'Österreich'); +-- Barbados Regions (id country=46) +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 46, 4601, '', 0, 'Barbados'); + + -- Belgium Regions (id country=2) insert into llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 2, 201, '',1,'Flandre'); insert into llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 2, 202, '',2,'Wallonie'); insert into llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 2, 203, '',3,'Bruxelles-Capitale'); +-- Brazil Regions (id country=56) +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 56, 5601, '', 0, 'Brasil'); + + +-- Canada Region (id country=14) +INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom) values ( 14, 1401, '', 0, 'Canada'); + + -- Regions France (id country=1) insert into llx_c_regions (fk_pays,code_region,cheflieu,tncc,nom) values ( 1, 1,'97105',3,'Guadeloupe'); insert into llx_c_regions (fk_pays,code_region,cheflieu,tncc,nom) values ( 1, 2,'97209',3,'Martinique'); @@ -197,20 +216,10 @@ insert into llx_c_regions (fk_pays,code_region,cheflieu,tncc,nom) values (10,102 INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 11, 1101, '', 0, 'United-States', 1); - --- Region Canada (id country=14) -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 14, 1401, '', 0, 'Canada', 1); - -- Regions The Netherlands (id country=17) INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 17, 1701, '', 0,'Provincies van Nederland ', 1); --- Regions Australia (id country=28) -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 28, 2801, '', 0, 'Australia', 1); - --- Regions Barbados (id country=46) -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 46, 4601, '', 0, 'Barbados', 1); - -- Regions Bolivia (id country=52) INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 52, 5201, '', 0, 'Chuquisaca', 1); INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 52, 5202, '', 0, 'La Paz', 1); @@ -222,8 +231,6 @@ INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) v INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 52, 5208, '', 0, 'El Beni', 1); INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 52, 5209, '', 0, 'Pando', 1); --- Regions Brazil (id country=56) -INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 56, 5601, '', 0, 'Brasil', 1); -- Regions Colombie (id country=70) INSERT INTO llx_c_regions (fk_pays, code_region, cheflieu, tncc, nom, active) values ( 70, 7001, '', 0, 'Colombie', 1); From a9bc37c63e31cbd97cb0cd879f027489ea8d0e63 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Tue, 30 Mar 2021 16:19:07 +0200 Subject: [PATCH 09/37] Update llx_20_c_departements.sql --- .../mysql/data/llx_20_c_departements.sql | 125 ++++++++++-------- 1 file changed, 67 insertions(+), 58 deletions(-) diff --git a/htdocs/install/mysql/data/llx_20_c_departements.sql b/htdocs/install/mysql/data/llx_20_c_departements.sql index 9e47a9ec050..1a6e7970cde 100644 --- a/htdocs/install/mysql/data/llx_20_c_departements.sql +++ b/htdocs/install/mysql/data/llx_20_c_departements.sql @@ -7,8 +7,12 @@ -- Copyright (C) 2007 Patrick Raguin -- Copyright (C) 2010-2016 Juanjo Menent -- Copyright (C) 2012 Sebastian Neuwert --- Copyright (C) 2012 Ricardo Schluter --- Copyright (C) 2015 Ferran Marcet +-- Copyright (C) 2012 Ricardo Schluter +-- Copyright (C) 2015 Ferran Marcet +-- Copyright (C) 2020-2021 Udo Tamm +-- +-- +-- LICENSE ---------------------------------------------------------------------- -- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by @@ -25,13 +29,13 @@ -- --- WARNING ------------------------------------------------------------------- +-- WARNING --------------------------------------------------------------------- -- Do not put comments at the end of the lines, this file is parsed during -- the install and all '-' prefixed texts are removed. -- Do not concatenate the values in a single query, for the same reason. --- NOTES ---------------------------------- +-- NOTES ----------------------------------------------------------------------- -- Departements/Cantons/Provinces/States -- -- Algeria @@ -39,9 +43,11 @@ -- Argentina -- Australia -- Austria +-- Barbados -- Belgium -- Canada --- +-- France +-- Germany -- TEMPLATE ------------------------------------------------------------------------------------------------------------- @@ -139,26 +145,40 @@ INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc -- Australia States & Territories (id country=28) -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'NSW','',1,'','New South Wales'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'VIC','',1,'','Victoria'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'QLD','',1,'','Queensland'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'SA' ,'',1,'','South Australia'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'ACT','',1,'','Australia Capital Territory'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'TAS','',1,'','Tasmania'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'WA' ,'',1,'','Western Australia'); -insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801,'NT' ,'',1,'','Northern Territory'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'NSW','',1,'','New South Wales'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'VIC','',1,'','Victoria'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'QLD','',1,'','Queensland'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'SA' ,'',1,'','South Australia'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'ACT','',1,'','Australia Capital Territory'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'TAS','',1,'','Tasmania'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'WA' ,'',1,'','Western Australia'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (2801, 'NT' ,'',1,'','Northern Territory'); -- Austria States / Österreich Bundesländer (id country=41) -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'B','BURGENLAND','Burgenland',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'K','KAERNTEN','Kärnten',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'N','NIEDEROESTERREICH','Niederösterreich',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'O','OBEROESTERREICH','Oberösterreich',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'S','SALZBURG','Salzburg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'ST','STEIERMARK','Steiermark',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'T','TIROL','Tirol',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'V','VORARLBERG','Vorarlberg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101,'W','WIEN','Wien',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'B','BURGENLAND','Burgenland',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'K','KAERNTEN','Kärnten',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'N','NIEDEROESTERREICH','Niederösterreich',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'O','OBEROESTERREICH','Oberösterreich',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'S','SALZBURG','Salzburg',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'ST','STEIERMARK','Steiermark',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'T','TIROL','Tirol',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'V','VORARLBERG','Vorarlberg',1); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (4101, 'W','WIEN','Wien',1); + + +-- Barbados Parish (id country=46) +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'CC', 'Oistins', 0, 'CC', 'Christ Church'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SA', 'Greenland', 0, 'SA', 'Saint Andrew'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SG', 'Bulkeley', 0, 'SG', 'Saint George'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'JA', 'Holetown', 0, 'JA', 'Saint James'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SJ', 'Four Roads', 0, 'SJ', 'Saint John'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SB', 'Bathsheba', 0, 'SB', 'Saint Joseph'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SL', 'Crab Hill', 0, 'SL', 'Saint Lucy'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SM', 'Bridgetown', 0, 'SM', 'Saint Michael'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SP', 'Speightstown', 0, 'SP', 'Saint Peter'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'SC', 'Crane', 0, 'SC', 'Saint Philip'); +INSERT INTO llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) VALUES (4601, 'ST', 'Hillaby', 0, 'ST', 'Saint Thomas'); -- Belgium Provinces (id country=2) @@ -188,12 +208,12 @@ insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values (1401,'NL','',1,'','Newfoundland and Labrador'); --- Departements France (id country=1) -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 1,'971','97105',3,'GUADELOUPE','Guadeloupe'); -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 2,'972','97209',3,'MARTINIQUE','Martinique'); -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 3,'973','97302',3,'GUYANE','Guyane'); -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 4,'974','97411',3,'REUNION','Réunion'); -insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values ( 6,'976','97601',3,'MAYOTTE','Mayotte'); +-- France Departements (id country=1) +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 1,'971','97105',3,'GUADELOUPE','Guadeloupe'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 2,'972','97209',3,'MARTINIQUE','Martinique'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 3,'973','97302',3,'GUYANE','Guyane'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 4,'974','97411',3,'REUNION','Réunion'); +insert into llx_c_departements (fk_region, code_departement, cheflieu, tncc, ncc, nom) values ( 6,'976','97601',3,'MAYOTTE','Mayotte'); insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (84,'01','01053',5,'AIN','Ain'); insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (32,'02','02408',5,'AISNE','Aisne'); @@ -293,6 +313,25 @@ insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,no insert into llx_c_departements (fk_region, code_departement,cheflieu,tncc,ncc,nom) values (11,'95','95500',2,'VAL-D OISE','Val-d Oise'); +-- Germany States / Bundesländer (id country=5) +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'BW', 'BADEN-WÜRTTEMBERG', 'Baden-Württemberg'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'BY', 'BAYERN', 'Bayern'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'BE', 'BERLIN', 'Berlin'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'BB', 'BRANDENBURG', 'Brandenburg'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'HB', 'BREMEN', 'Bremen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'HH', 'HAMBURG', 'Hamburg'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'HE', 'HESSEN', 'Hessen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'MV', 'MECKLENBURG-VORPOMMERN', 'Mecklenburg-Vorpommern'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'NI', 'NIEDERSACHSEN', 'Niedersachsen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'NW', 'NORDRHEIN-WESTFALEN', 'Nordrhein-Westfalen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'RP', 'RHEINLAND-PFALZ', 'Rheinland-Pfalz'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'SL', 'SAARLAND', 'Saarland'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'SN', 'SACHSEN', 'Sachsen'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'ST', 'SACHSEN-ANHALT', 'Sachsen-Anhalt'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'SH', 'SCHLESWIG-HOLSTEIN', 'Schleswig-Holstein'); +INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom) VALUES (501, 'TH', 'THÜRINGEN', 'Thüringen'); + + -- Provinces Italy (id=3) insert into llx_c_departements (code_departement,fk_region,cheflieu,tncc,ncc,nom) values ('AG',315,NULL,NULL,NULL,'AGRIGENTO'); insert into llx_c_departements (code_departement,fk_region,cheflieu,tncc,ncc,nom) values ('AL',312,NULL,NULL,NULL,'ALESSANDRIA'); @@ -685,23 +724,6 @@ INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('ZA', '403', '49', 3, 'ZAMORA', 'Zamora'); INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom) VALUES ('Z', '402', '50', 1, 'ZARAGOZA', 'Zaragoza'); --- Provinces Germany (id country=5) -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'BW','BADEN-WÜRTTEMBERG','Baden-Württemberg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'BY','BAYERN','Bayern',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'BE','BERLIN','Berlin',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'BB','BRANDENBURG','Brandenburg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'HB','BREMEN','Bremen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'HH','HAMBURG','Hamburg',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'HE','HESSEN','Hessen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'MV','MECKLENBURG-VORPOMMERN','Mecklenburg-Vorpommern',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'NI','NIEDERSACHSEN','Niedersachsen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'NW','NORDRHEIN-WESTFALEN','Nordrhein-Westfalen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'RP','RHEINLAND-PFALZ','Rheinland-Pfalz',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'SL','SAARLAND','Saarland',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'SN','SACHSEN','Sachsen',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'ST','SACHSEN-ANHALT','Sachsen-Anhalt',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'SH','SCHLESWIG-HOLSTEIN','Schleswig-Holstein',1); -INSERT INTO llx_c_departements (fk_region, code_departement, ncc, nom, active) VALUES (501,'TH','THÜRINGEN','Thüringen',1); -- Provinces Greece (id country=102) INSERT INTO llx_c_departements (code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('66', 10201, '', 0, '', 'Αθήνα', 1); @@ -1005,19 +1027,6 @@ INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, nc INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('CU', 8601, '', 0, '', 'Cuscatlan', 1); --- Parish Barbados (id country=46) -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('CC', 4601, 'Oistins', 0, 'CC', 'Christ Church', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SA', 4601, 'Greenland', 0, 'SA', 'Saint Andrew', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SG', 4601, 'Bulkeley', 0, 'SG', 'Saint George', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('JA', 4601, 'Holetown', 0, 'JA', 'Saint James', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SJ', 4601, 'Four Roads', 0, 'SJ', 'Saint John', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SB', 4601, 'Bathsheba', 0, 'SB', 'Saint Joseph', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SL', 4601, 'Crab Hill', 0, 'SL', 'Saint Lucy', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SM', 4601, 'Bridgetown', 0, 'SM', 'Saint Michael', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SP', 4601, 'Speightstown', 0, 'SP', 'Saint Peter', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('SC', 4601, 'Crane', 0, 'SC', 'Saint Philip', 1); -INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('ST', 4601, 'Hillaby', 0, 'ST', 'Saint Thomas', 1); - -- Provinces Brazil (id country=56) INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('AC', 5601, 'ACRE', 0, 'AC', 'Acre', 1); INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('AL', 5601, 'ALAGOAS', 0, 'AL', 'Alagoas', 1); From 6e422d26f33f31e59ef0e067988a00e3bf71db2b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 11:36:50 +0200 Subject: [PATCH 10/37] FIX #yogosha5746 - next step (wip) --- htdocs/accountancy/admin/categories_list.php | 2 +- .../class/accountancycategory.class.php | 2 +- .../class/accountancyexport.class.php | 4 +- htdocs/accountancy/journal/bankjournal.php | 2 +- htdocs/comm/action/class/actioncomm.class.php | 2 +- htdocs/comm/propal/class/propal.class.php | 4 +- .../comm/propal/class/propalestats.class.php | 6 +- htdocs/commande/class/commande.class.php | 6 +- htdocs/commande/class/commandestats.class.php | 4 +- .../bank/class/paymentvarious.class.php | 2 +- htdocs/compta/bank/releve.php | 3 +- .../cashcontrol/class/cashcontrol.class.php | 2 +- htdocs/compta/facture/card.php | 2 +- .../facture/class/facture-rec.class.php | 6 +- htdocs/compta/facture/class/facture.class.php | 11 +- .../facture/class/facturestats.class.php | 4 +- .../compta/localtax/class/localtax.class.php | 4 +- .../compta/paiement/class/cpaiement.class.php | 2 +- .../compta/paiement/class/paiement.class.php | 6 +- .../sociales/class/cchargesociales.class.php | 2 +- htdocs/core/class/commoninvoice.class.php | 2 +- htdocs/core/class/commonobject.class.php | 18 +-- htdocs/core/class/dolreceiptprinter.class.php | 2 +- .../expensereport/mod_expensereport_jade.php | 2 +- .../modules/import/import_csv.modules.php | 4 +- .../modules/import/import_xlsx.modules.php | 4 +- htdocs/don/class/donstats.class.php | 2 +- .../class/conferenceorbooth.class.php | 2 +- .../class/expeditionstats.class.php | 4 +- .../class/expensereport.class.php | 4 +- .../class/expensereport_rule.class.php | 2 +- htdocs/fichinter/class/fichinterrec.class.php | 8 +- .../fichinter/class/fichinterstats.class.php | 4 +- .../fournisseur.commande.dispatch.class.php | 4 +- .../fourn/class/fournisseur.facture.class.php | 4 +- htdocs/install/lib/repair.lib.php | 2 +- htdocs/install/repair.php | 4 +- htdocs/install/upgrade2.php | 2 +- .../class/multicurrency.class.php | 2 +- htdocs/product/class/product.class.php | 4 +- .../class/productfournisseurprice.class.php | 113 ++++++------------ htdocs/product/fournisseurs.php | 2 +- htdocs/product/stock/class/entrepot.class.php | 4 +- .../stock/class/mouvementstock.class.php | 2 +- .../class/productstockentrepot.class.php | 2 +- .../product/stock/lib/replenishment.lib.php | 4 +- htdocs/product/stock/replenish.php | 2 +- htdocs/product/stock/stockatdate.php | 2 +- htdocs/projet/tasks/time.php | 6 +- htdocs/public/emailing/mailing-read.php | 6 +- htdocs/salaries/class/salary.class.php | 2 +- htdocs/societe/class/societe.class.php | 2 +- .../class/supplier_proposal.class.php | 2 +- .../variants/class/ProductAttribute.class.php | 2 +- htdocs/website/class/websitepage.class.php | 4 +- htdocs/zapier/class/hook.class.php | 4 +- 56 files changed, 140 insertions(+), 175 deletions(-) diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index deae39aef54..c61674921f1 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -149,7 +149,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { // Check that all fields are filled $ok = 1; foreach ($listfield as $f => $value) { - if ($value == 'formula' && empty($_POST['formula'])) { + if ($value == 'formula' && !GETPOST('formula')) { continue; } if ($value == 'range_account' && empty($_POST['range_account'])) { diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 1bdc0f438bf..9301c809125 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -863,7 +863,7 @@ class AccountancyCategory // extends CommonObject if (!empty($cat_id)) { $sql = "SELECT t.rowid, t.account_number, t.label as account_label"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t"; - $sql .= " WHERE t.fk_accounting_category = ".$cat_id; + $sql .= " WHERE t.fk_accounting_category = ".((int) $cat_id); $sql .= " AND t.entity = ".$conf->entity; $sql .= " ORDER BY t.account_number"; } else { diff --git a/htdocs/accountancy/class/accountancyexport.class.php b/htdocs/accountancy/class/accountancyexport.class.php index ac8c3db644b..ad3e863cc8c 100644 --- a/htdocs/accountancy/class/accountancyexport.class.php +++ b/htdocs/accountancy/class/accountancyexport.class.php @@ -1644,7 +1644,7 @@ class AccountancyExport // Get new customer invoice ref and company name $sql = 'SELECT f.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture as f'; $sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON f.fk_soc = s.rowid'; - $sql .= ' WHERE f.rowid = ' . $line->fk_doc; + $sql .= ' WHERE f.rowid = '.((int) $line->fk_doc); $resql = $this->db->query($sql); if ($resql) { if ($obj = $this->db->fetch_object($resql)) { @@ -1658,7 +1658,7 @@ class AccountancyExport // Get new supplier invoice ref and company name $sql = 'SELECT ff.ref, s.nom FROM ' . MAIN_DB_PREFIX . 'facture_fourn as ff'; $sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe AS s ON ff.fk_soc = s.rowid'; - $sql .= ' WHERE ff.rowid = ' . $line->fk_doc; + $sql .= ' WHERE ff.rowid = '.((int) $line->fk_doc); $resql = $this->db->query($sql); if ($resql) { if ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index 9093721bff6..9878f67890c 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -421,7 +421,7 @@ if ($result) { //$tabtp[$obj->rowid][$account_pay_loan] += $obj->amount; $sqlmid = 'SELECT pl.amount_capital, pl.amount_insurance, pl.amount_interest, l.accountancy_account_capital, l.accountancy_account_insurance, l.accountancy_account_interest'; $sqlmid .= ' FROM '.MAIN_DB_PREFIX.'payment_loan as pl, '.MAIN_DB_PREFIX.'loan as l'; - $sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.$obj->rowid; + $sqlmid .= ' WHERE l.rowid = pl.fk_loan AND pl.fk_bank = '.((int) $obj->rowid); dol_syslog("accountancy/journal/bankjournal.php:: sqlmid=".$sqlmid, LOG_DEBUG); $resultmid = $db->query($sqlmid); diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 4bef5ddcd16..715da90f3a7 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -1367,7 +1367,7 @@ class ActionComm extends CommonObject $sql .= ' fk_user_author,'; $sql .= ' fk_user_mod'; $sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm as a'; - $sql .= ' WHERE a.id = '.$id; + $sql .= ' WHERE a.id = '.((int) $id); dol_syslog(get_class($this)."::info", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 0388768fc1f..32206a0c251 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -2997,7 +2997,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal'; - $sql .= ' SET fk_availability = '.$availability_id; + $sql .= ' SET fk_availability = '.((int) $availability_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__.' availability('.$availability_id.')', LOG_DEBUG); @@ -3061,7 +3061,7 @@ class Propal extends CommonObject $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'propal'; - $sql .= ' SET fk_input_reason = '.$demand_reason_id; + $sql .= ' SET fk_input_reason = '.((int) $demand_reason_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__.' demand_reason('.$demand_reason_id.')', LOG_DEBUG); diff --git a/htdocs/comm/propal/class/propalestats.class.php b/htdocs/comm/propal/class/propalestats.class.php index f64bc31c6ac..a06945a09a6 100644 --- a/htdocs/comm/propal/class/propalestats.class.php +++ b/htdocs/comm/propal/class/propalestats.class.php @@ -100,18 +100,18 @@ class PropaleStats extends Stats $this->where .= " AND p.fk_soc = ".$this->socid; } if ($this->userid > 0) { - $this->where .= ' AND fk_user_author = '.$this->userid; + $this->where .= ' AND fk_user_author = '.((int) $this->userid); } if ($typentid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = p.fk_soc'; - $this->where .= ' AND s.fk_typent = '.$typentid; + $this->where .= ' AND s.fk_typent = '.((int) $typentid); } if ($categid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cs ON cs.fk_soc = p.fk_soc'; $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as c ON c.rowid = cs.fk_categorie'; - $this->where .= ' AND c.rowid = '.$categid; + $this->where .= ' AND c.rowid = '.((int) $categid); } } diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 2f2f0a4d81c..607753d90fa 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -2417,7 +2417,7 @@ class Commande extends CommonOrder $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; $sql .= ' SET remise_percent = '.((float) $remise); - $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;'; + $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT; dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); @@ -2743,7 +2743,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; - $sql .= ' SET fk_availability = '.$availability_id; + $sql .= ' SET fk_availability = '.((int) $availability_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); @@ -2807,7 +2807,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; - $sql .= ' SET fk_input_reason = '.$demand_reason_id; + $sql .= ' SET fk_input_reason = '.((int) $demand_reason_id); $sql .= ' WHERE rowid='.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); diff --git a/htdocs/commande/class/commandestats.class.php b/htdocs/commande/class/commandestats.class.php index a266dc0c4cf..85036543e18 100644 --- a/htdocs/commande/class/commandestats.class.php +++ b/htdocs/commande/class/commandestats.class.php @@ -100,13 +100,13 @@ class CommandeStats extends Stats if ($typentid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = c.fk_soc'; - $this->where .= ' AND s.fk_typent = '.$typentid; + $this->where .= ' AND s.fk_typent = '.((int) $typentid); } if ($categid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cats ON cats.fk_soc = c.fk_soc'; $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as cat ON cat.rowid = cats.fk_categorie'; - $this->where .= ' AND cat.rowid = '.$categid; + $this->where .= ' AND cat.rowid = '.((int) $categid); } } diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index dccdcd5cd24..86a70a35311 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -572,7 +572,7 @@ class PaymentVarious extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'payment_various SET fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index dc71a1d2d27..010b4a08fde 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -179,7 +179,8 @@ $sqlrequestforbankline = $sql; if ($action == 'confirm_editbankreceipt' && !empty($oldbankreceipt) && !empty($newbankreceipt)) { // TODO Add a test to check newbankreceipt does not exists yet - $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.$id; + $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX.'bank'; + $sqlupdate .= ' SET num_releve = "'.$db->escape($newbankreceipt).'" WHERE num_releve = "'.$db->escape($oldbankreceipt).'" AND fk_account = '.((int) $id); $result = $db->query($sqlupdate); if ($result < 0) { dol_print_error($db); diff --git a/htdocs/compta/cashcontrol/class/cashcontrol.class.php b/htdocs/compta/cashcontrol/class/cashcontrol.class.php index 1563309a3c4..cfd201e3ec4 100644 --- a/htdocs/compta/cashcontrol/class/cashcontrol.class.php +++ b/htdocs/compta/cashcontrol/class/cashcontrol.class.php @@ -213,7 +213,7 @@ class CashControl extends CommonObject if (!$error) { $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."pos_cash_fence"); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'pos_cash_fence SET ref = rowid where rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'pos_cash_fence SET ref = rowid where rowid = '.((int) $this->id); $this->db->query($sql); } diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index b891ae6eec7..bf30e2b011f 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -3091,7 +3091,7 @@ if ($action == 'create') { $sql = 'SELECT r.rowid, r.titre as title, r.total_ttc'; $sql .= ' FROM '.MAIN_DB_PREFIX.'facture_rec as r'; - $sql .= ' WHERE r.fk_soc = '.$invoice_predefined->socid; + $sql .= ' WHERE r.fk_soc = '.((int) $invoice_predefined->socid); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php index 674b5917b17..b93f48ff655 100644 --- a/htdocs/compta/facture/class/facture-rec.class.php +++ b/htdocs/compta/facture/class/facture-rec.class.php @@ -1808,7 +1808,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET nb_gen_max = '.$nb; + $sql .= ' SET nb_gen_max = '.((int) $nb); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG); @@ -1835,7 +1835,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET auto_validate = '.$validate; + $sql .= ' SET auto_validate = '.((int) $validate); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); @@ -1862,7 +1862,7 @@ class FactureRec extends CommonInvoice } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET generate_pdf = '.$validate; + $sql .= ' SET generate_pdf = '.((int) $validate); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this)."::setGeneratePdf", LOG_DEBUG); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 111ace7c415..7e9300be61c 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -2282,9 +2282,9 @@ class Facture extends CommonInvoice // Invoice line extrafileds $main = MAIN_DB_PREFIX.'facturedet'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_facture = $rowid)"; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid); // Delete invoice line - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facturedet WHERE fk_facture = '.$rowid; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facturedet WHERE fk_facture = '.((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); @@ -3585,8 +3585,7 @@ class Facture extends CommonInvoice { $sql = 'SELECT fd.situation_percent FROM '.MAIN_DB_PREFIX.'facturedet fd INNER JOIN '.MAIN_DB_PREFIX.'facture f ON (fd.fk_facture = f.rowid) - WHERE fd.fk_prev_id = '.$idline.' - AND f.fk_statut <> 0'; + WHERE fd.fk_prev_id = '.((int) $idline).' AND f.fk_statut <> 0'; $result = $this->db->query($sql); if (!$result) { @@ -3663,7 +3662,7 @@ class Facture extends CommonInvoice // Libere remise liee a ligne de facture $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_facture_line = NULL'; - $sql .= ' WHERE fk_facture_line = '.$rowid; + $sql .= ' WHERE fk_facture_line = '.((int) $rowid); dol_syslog(get_class($this)."::deleteline", LOG_DEBUG); $result = $this->db->query($sql); @@ -4610,7 +4609,7 @@ class Facture extends CommonInvoice $this->db->begin(); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture SET situation_final = '.$this->situation_final.' where rowid = '.((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/facture/class/facturestats.class.php b/htdocs/compta/facture/class/facturestats.class.php index 47644e4b13e..31c4704bb77 100644 --- a/htdocs/compta/facture/class/facturestats.class.php +++ b/htdocs/compta/facture/class/facturestats.class.php @@ -105,13 +105,13 @@ class FactureStats extends Stats if ($typentid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = f.fk_soc'; - $this->where .= ' AND s.fk_typent = '.$typentid; + $this->where .= ' AND s.fk_typent = '.((int) $typentid); } if ($categid) { $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cs ON cs.fk_soc = f.fk_soc'; $this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie as c ON c.rowid = cs.fk_categorie'; - $this->where .= ' AND c.rowid = '.$categid; + $this->where .= ' AND c.rowid = '.((int) $categid); } } diff --git a/htdocs/compta/localtax/class/localtax.class.php b/htdocs/compta/localtax/class/localtax.class.php index 46b2b2b7805..2adfe41330b 100644 --- a/htdocs/compta/localtax/class/localtax.class.php +++ b/htdocs/compta/localtax/class/localtax.class.php @@ -559,8 +559,8 @@ class Localtax extends CommonObject public function update_fk_bank($id) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.$id; - $sql .= ' WHERE rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'localtax SET fk_bank = '.((int) $id); + $sql .= ' WHERE rowid = '.((int) $this->id); $result = $this->db->query($sql); if ($result) { return 1; diff --git a/htdocs/compta/paiement/class/cpaiement.class.php b/htdocs/compta/paiement/class/cpaiement.class.php index d1cd1f0015b..e9623f55c11 100644 --- a/htdocs/compta/paiement/class/cpaiement.class.php +++ b/htdocs/compta/paiement/class/cpaiement.class.php @@ -187,7 +187,7 @@ class Cpaiement $sql .= ' WHERE t.entity IN ('.getEntity('c_paiement').')'; $sql .= " AND t.code = '".$this->db->escape($ref)."'"; } else { - $sql .= ' WHERE t.id = '.$id; + $sql .= ' WHERE t.id = '.((int) $id); } $resql = $this->db->query($sql); diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index 9dcc57a47f2..5647295d171 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -736,7 +736,7 @@ class Paiement extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' set fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(get_class($this).'::update_fk_bank', LOG_DEBUG); @@ -855,7 +855,7 @@ class Paiement extends CommonObject */ public function validate(User $user = null) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 1 WHERE rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 1 WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this).'::valide', LOG_DEBUG); $result = $this->db->query($sql); @@ -876,7 +876,7 @@ class Paiement extends CommonObject */ public function reject(User $user = null) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 2 WHERE rowid = '.$this->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET statut = 2 WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this).'::reject', LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/sociales/class/cchargesociales.class.php b/htdocs/compta/sociales/class/cchargesociales.class.php index 4ae06f378b8..8cfadd84f4f 100644 --- a/htdocs/compta/sociales/class/cchargesociales.class.php +++ b/htdocs/compta/sociales/class/cchargesociales.class.php @@ -190,7 +190,7 @@ class Cchargesociales if (null !== $ref) { $sql .= " WHERE t.code = '".$this->db->escape($ref)."'"; } else { - $sql .= ' WHERE t.id = '.$id; + $sql .= ' WHERE t.id = '.((int) $id); } $resql = $this->db->query($sql); diff --git a/htdocs/core/class/commoninvoice.class.php b/htdocs/core/class/commoninvoice.class.php index 6366cf52756..50d94da8531 100644 --- a/htdocs/core/class/commoninvoice.class.php +++ b/htdocs/core/class/commoninvoice.class.php @@ -801,7 +801,7 @@ abstract class CommonInvoice extends CommonObject { // phpcs:enable $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'prelevement_facture_demande'; - $sql .= ' WHERE rowid = '.$did; + $sql .= ' WHERE rowid = '.((int) $did); $sql .= ' AND traite = 0'; if ($this->db->query($sql)) { return 0; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 48e92d58172..410c896d329 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -2332,7 +2332,7 @@ abstract class CommonObject $fieldname = 'multicurrency_tx'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.$rate; + $sql .= ' SET '.$fieldname.' = '.((float) $rate); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -2617,7 +2617,7 @@ abstract class CommonObject $fieldname = 'retained_warranty_fk_cond_reglement'; $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET '.$fieldname.' = '.$id; + $sql .= ' SET '.$fieldname.' = '.((int) $id); $sql .= ' WHERE rowid='.((int) $this->id); if ($this->db->query($sql)) { @@ -3062,11 +3062,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.$rang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; $sql .= ' AND rang = '.($rang - 1); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang - 1); + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang - 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -3093,11 +3093,11 @@ abstract class CommonObject $fieldposition = 'position'; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.$rang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) $rang); $sql .= ' WHERE '.$this->fk_element.' = '.$this->id; - $sql .= ' AND rang = '.($rang + 1); + $sql .= ' AND rang = '.((int) ($rang + 1)); if ($this->db->query($sql)) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.($rang + 1); + $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element_line.' SET '.$fieldposition.' = '.((int) ($rang + 1)); $sql .= ' WHERE rowid = '.((int) $rowid); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -4221,7 +4221,7 @@ abstract class CommonObject public function getSpecialCode($lineid) { $sql = 'SELECT special_code FROM '.MAIN_DB_PREFIX.$this->table_element_line; - $sql .= ' WHERE rowid = '.$lineid; + $sql .= ' WHERE rowid = '.((int) $lineid); $resql = $this->db->query($sql); if ($resql) { $row = $this->db->fetch_row($resql); @@ -7656,7 +7656,7 @@ abstract class CommonObject public static function commonReplaceThirdparty(DoliDB $db, $origin_id, $dest_id, array $tables, $ignoreerrors = 0) { foreach ($tables as $table) { - $sql = 'UPDATE '.MAIN_DB_PREFIX.$table.' SET fk_soc = '.$dest_id.' WHERE fk_soc = '.$origin_id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.$table.' SET fk_soc = '.((int) $dest_id).' WHERE fk_soc = '.((int) $origin_id); if (!$db->query($sql)) { if ($ignoreerrors) { diff --git a/htdocs/core/class/dolreceiptprinter.class.php b/htdocs/core/class/dolreceiptprinter.class.php index 49eda053b8d..be13eb94849 100644 --- a/htdocs/core/class/dolreceiptprinter.class.php +++ b/htdocs/core/class/dolreceiptprinter.class.php @@ -879,7 +879,7 @@ class dolReceiptPrinter extends Printer $error = 0; $sql = 'SELECT rowid, name, fk_type, fk_profile, parameter'; $sql .= ' FROM '.MAIN_DB_PREFIX.'printer_receipt'; - $sql .= ' WHERE rowid = '.$printerid; + $sql .= ' WHERE rowid = '.((int) $printerid); $sql .= ' AND entity = '.$conf->entity; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/modules/expensereport/mod_expensereport_jade.php b/htdocs/core/modules/expensereport/mod_expensereport_jade.php index bbe2245a97d..b25ac15345b 100644 --- a/htdocs/core/modules/expensereport/mod_expensereport_jade.php +++ b/htdocs/core/modules/expensereport/mod_expensereport_jade.php @@ -163,7 +163,7 @@ class mod_expensereport_jade extends ModeleNumRefExpenseReport } $newref = str_replace(' ', '_', $user_author_infos).$expld_car.$prefix.$newref.$expld_car.dol_print_date($object->date_debut, '%y%m%d'); - $sqlbis = 'UPDATE '.MAIN_DB_PREFIX.'expensereport SET ref_number_int = '.$ref_number_int.' WHERE rowid = '.$object->id; + $sqlbis = 'UPDATE '.MAIN_DB_PREFIX.'expensereport SET ref_number_int = '.((int) $ref_number_int).' WHERE rowid = '.((int) $object->id); $resqlbis = $db->query($sqlbis); if (!$resqlbis) { dol_print_error($resqlbis); diff --git a/htdocs/core/modules/import/import_csv.modules.php b/htdocs/core/modules/import/import_csv.modules.php index 63a28fbe3d2..1768029b97e 100644 --- a/htdocs/core/modules/import/import_csv.modules.php +++ b/htdocs/core/modules/import/import_csv.modules.php @@ -790,7 +790,7 @@ class ImportCsv extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlSelect .= ' WHERE '.$keyfield.' = '.$lastinsertid; + $sqlSelect .= ' WHERE '.$keyfield.' = '.((int) $lastinsertid); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -824,7 +824,7 @@ class ImportCsv extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlend = ' WHERE '.$keyfield.' = '.$lastinsertid; + $sqlend = ' WHERE '.$keyfield.' = '.((int) $lastinsertid); $sql = $sqlstart.$sqlend; diff --git a/htdocs/core/modules/import/import_xlsx.modules.php b/htdocs/core/modules/import/import_xlsx.modules.php index 257e8f5253e..bc146c5ece7 100644 --- a/htdocs/core/modules/import/import_xlsx.modules.php +++ b/htdocs/core/modules/import/import_xlsx.modules.php @@ -830,7 +830,7 @@ class ImportXlsx extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlSelect .= ' WHERE ' . $keyfield . ' = ' . $lastinsertid; + $sqlSelect .= ' WHERE ' . $keyfield . ' = ' .((int) $lastinsertid); $resql = $this->db->query($sqlSelect); if ($resql) { @@ -864,7 +864,7 @@ class ImportXlsx extends ModeleImports if (empty($keyfield)) { $keyfield = 'rowid'; } - $sqlend = ' WHERE ' . $keyfield . ' = ' . $lastinsertid; + $sqlend = ' WHERE ' . $keyfield . ' = '.((int) $lastinsertid); $sql = $sqlstart . $sqlend; diff --git a/htdocs/don/class/donstats.class.php b/htdocs/don/class/donstats.class.php index e3deff2dc2d..07eb6d6588e 100644 --- a/htdocs/don/class/donstats.class.php +++ b/htdocs/don/class/donstats.class.php @@ -85,7 +85,7 @@ class DonationStats extends Stats //$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity; $this->where .= " AND d.entity = ".$conf->entity; if ($this->userid > 0) { - $this->where .= ' WHERE c.fk_user_author = '.$this->userid; + $this->where .= ' WHERE c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php index d91181d0c51..f4914148f44 100644 --- a/htdocs/eventorganization/class/conferenceorbooth.class.php +++ b/htdocs/eventorganization/class/conferenceorbooth.class.php @@ -694,7 +694,7 @@ class ConferenceOrBooth extends ActionComm $sql = 'SELECT rowid, datec as datec, tms as datem,'; $sql .= ' fk_user_author, fk_user_mod'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.id = '.$id; + $sql .= ' WHERE t.id = '.((int) $id); $result = $this->db->query($sql); if ($result) { if ($this->db->num_rows($result)) { diff --git a/htdocs/expedition/class/expeditionstats.class.php b/htdocs/expedition/class/expeditionstats.class.php index 50382cef164..d25c7b52098 100644 --- a/htdocs/expedition/class/expeditionstats.class.php +++ b/htdocs/expedition/class/expeditionstats.class.php @@ -77,10 +77,10 @@ class ExpeditionStats extends Stats $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; } if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index 681675fd54c..d9b58667574 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -973,7 +973,7 @@ class ExpenseReport extends CommonObject { $sql = 'SELECT tt.total_ht, tt.total_ttc, tt.total_tva'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as tt'; - $sql .= ' WHERE tt.'.$this->fk_element.' = '.$id; + $sql .= ' WHERE tt.'.$this->fk_element.' = '.((int) $id); $total_ht = 0; $total_tva = 0; $total_ttc = 0; @@ -2757,7 +2757,7 @@ class ExpenseReportLine $sql = 'SELECT SUM(d.total_ttc) as total_amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'expensereport_det d'; $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'expensereport e ON (d.fk_expensereport = e.rowid)'; - $sql .= ' WHERE e.fk_user_author = '.$fk_user; + $sql .= ' WHERE e.fk_user_author = '.((int) $fk_user); if (!empty($this->id)) { $sql .= ' AND d.rowid <> '.$this->id; } diff --git a/htdocs/expensereport/class/expensereport_rule.class.php b/htdocs/expensereport/class/expensereport_rule.class.php index 4e4d1009750..653f030b6d2 100644 --- a/htdocs/expensereport/class/expensereport_rule.class.php +++ b/htdocs/expensereport/class/expensereport_rule.class.php @@ -167,7 +167,7 @@ class ExpenseReportRule extends CoreObject if ($fk_user > 0) { $sql .= ' AND (er.is_for_all = 1'; $sql .= ' OR er.fk_user = '.$fk_user; - $sql .= ' OR er.fk_usergroup IN (SELECT ugu.fk_usergroup FROM '.MAIN_DB_PREFIX.'usergroup_user ugu WHERE ugu.fk_user = '.$fk_user.') )'; + $sql .= ' OR er.fk_usergroup IN (SELECT ugu.fk_usergroup FROM '.MAIN_DB_PREFIX.'usergroup_user ugu WHERE ugu.fk_user = '.((int) $fk_user).') )'; } $sql .= ' ORDER BY er.is_for_all, er.fk_usergroup, er.fk_user'; diff --git a/htdocs/fichinter/class/fichinterrec.class.php b/htdocs/fichinter/class/fichinterrec.class.php index 8ed842a70c9..960a2734706 100644 --- a/htdocs/fichinter/class/fichinterrec.class.php +++ b/htdocs/fichinter/class/fichinterrec.class.php @@ -784,8 +784,8 @@ class FichinterRec extends Fichinter } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET nb_gen_max = '.$nb; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' SET nb_gen_max = '.((int) $nb); + $sql .= ' WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this)."::setMaxPeriod", LOG_DEBUG); if ($this->db->query($sql)) { @@ -811,8 +811,8 @@ class FichinterRec extends Fichinter } $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element; - $sql .= ' SET auto_validate = '.$validate; - $sql .= ' WHERE rowid = '.$this->id; + $sql .= ' SET auto_validate = '.((int) $validate); + $sql .= ' WHERE rowid = '.((int) $this->id); dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/fichinter/class/fichinterstats.class.php b/htdocs/fichinter/class/fichinterstats.class.php index a0d22cf1e2a..2daede1457a 100644 --- a/htdocs/fichinter/class/fichinterstats.class.php +++ b/htdocs/fichinter/class/fichinterstats.class.php @@ -78,10 +78,10 @@ class FichinterStats extends Stats $this->where .= ($this->where ? ' AND ' : '')."c.entity IN (".getEntity('fichinter').')'; if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php index 21c36ced633..0f8b8341a3d 100644 --- a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php +++ b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php @@ -674,8 +674,10 @@ class CommandeFournisseurDispatch extends CommonObject $sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\''; } elseif ($key == 't.datec' || $key == 't.tms' || $key == 't.eatby' || $key == 't.sellby' || $key == 't.batch') { $sqlwhere [] = $key.' = \''.$this->db->escape($value).'\''; + } elseif ($key == 'qty') { + $sqlwhere [] = $key.' = '.((float) $value); } else { - $sqlwhere [] = $key.' = '.$this->db->escape($value); + $sqlwhere [] = $key.' = '.((int) $value); } } } diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 73e8be88c37..ab7e6ea3fc4 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -1181,7 +1181,7 @@ class FactureFournisseur extends CommonInvoice if (!$error) { // If invoice was converted into a discount not yet consumed, we remove discount $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'societe_remise_except'; - $sql .= ' WHERE fk_invoice_supplier_source = '.$rowid; + $sql .= ' WHERE fk_invoice_supplier_source = '.((int) $rowid); $sql .= ' AND fk_invoice_supplier_line IS NULL'; $resql = $this->db->query($sql); @@ -2092,7 +2092,7 @@ class FactureFournisseur extends CommonInvoice // Libere remise liee a ligne de facture $sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except'; $sql .= ' SET fk_invoice_supplier_line = NULL'; - $sql .= ' WHERE fk_invoice_supplier_line = '.$rowid; + $sql .= ' WHERE fk_invoice_supplier_line = '.((int) $rowid); dol_syslog(get_class($this)."::deleteline", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/install/lib/repair.lib.php b/htdocs/install/lib/repair.lib.php index 6133f3eccc8..242fbff25d4 100644 --- a/htdocs/install/lib/repair.lib.php +++ b/htdocs/install/lib/repair.lib.php @@ -106,7 +106,7 @@ function checkLinkedElements($sourcetype, $targettype) foreach ($elements as $key => $element) { if (!checkElementExist($element[$sourcetype], $sourcetable) || !checkElementExist($element[$targettype], $targettable)) { $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'element_element'; - $sql .= ' WHERE rowid = '.$key; + $sql .= ' WHERE rowid = '.((int) $key); $resql = $db->query($sql); $deleted++; } diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index 9357128d050..1eb980ae173 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -1347,8 +1347,8 @@ if ($ok && GETPOST('repair_link_dispatch_lines_supplier_order_lines')) { $qty_for_line = min($remaining_qty, $obj_line->qty); if ($first_iteration) { $sql_attach = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch'; - $sql_attach .= ' SET fk_commandefourndet = '.$obj_line->rowid.', qty = '.$qty_for_line; - $sql_attach .= ' WHERE rowid = '.$obj_dispatch->rowid; + $sql_attach .= ' SET fk_commandefourndet = '.((int) $obj_line->rowid).', qty = '.((float) $qty_for_line); + $sql_attach .= ' WHERE rowid = '.((int) $obj_dispatch->rowid); $first_iteration = false; } else { $sql_attach_values = array( diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index ec322733c7d..de4ff58d018 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -1342,7 +1342,7 @@ function migrate_paiementfourn_facturefourn($db, $langs, $conf) // Verifier si la ligne est deja dans la nouvelle table. On ne veut pas inserer de doublons. $check_sql = 'SELECT fk_paiementfourn, fk_facturefourn'; $check_sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn'; - $check_sql .= ' WHERE fk_paiementfourn = '.$select_obj->rowid.' AND fk_facturefourn = '.$select_obj->fk_facture_fourn; + $check_sql .= ' WHERE fk_paiementfourn = '.$select_obj->rowid.' AND fk_facturefourn = '.((int) $select_obj->fk_facture_fourn); $check_resql = $db->query($check_sql); if ($check_resql) { $check_num = $db->num_rows($check_resql); diff --git a/htdocs/multicurrency/class/multicurrency.class.php b/htdocs/multicurrency/class/multicurrency.class.php index 7886bd35774..5067a6e91d5 100644 --- a/htdocs/multicurrency/class/multicurrency.class.php +++ b/htdocs/multicurrency/class/multicurrency.class.php @@ -591,7 +591,7 @@ class MultiCurrency extends CommonObject { global $db; - $sql = 'SELECT multicurrency_tx FROM '.MAIN_DB_PREFIX.$table.' WHERE rowid = '.$fk_facture; + $sql = 'SELECT multicurrency_tx FROM '.MAIN_DB_PREFIX.$table.' WHERE rowid = '.((int) $fk_facture); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $db->query($sql); diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 4ae3d682c07..ad3b694f137 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -3862,7 +3862,7 @@ class Product extends CommonObject // Check not already father of id_pere (to avoid father -> child -> father links) $sql = 'SELECT fk_product_pere from '.MAIN_DB_PREFIX.'product_association'; - $sql .= ' WHERE fk_product_pere = '.$id_fils.' AND fk_product_fils = '.$id_pere; + $sql .= ' WHERE fk_product_pere = '.((int) $id_fils).' AND fk_product_fils = '.((int) $id_pere); if (!$this->db->query($sql)) { dol_print_error($this->db); return -1; @@ -3875,7 +3875,7 @@ class Product extends CommonObject return -1; } else { $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'product_association(fk_product_pere,fk_product_fils,qty,incdec)'; - $sql .= ' VALUES ('.$id_pere.', '.$id_fils.', '.$qty.', '.$incdec.')'; + $sql .= ' VALUES ('.((int) $id_pere).', '.((int) $id_fils).', '.((float) $qty).', '.((int) $incdec).')'; if (!$this->db->query($sql)) { dol_print_error($this->db); return -1; diff --git a/htdocs/product/class/productfournisseurprice.class.php b/htdocs/product/class/productfournisseurprice.class.php index 71e25b0c4e1..13fa8433d07 100644 --- a/htdocs/product/class/productfournisseurprice.class.php +++ b/htdocs/product/class/productfournisseurprice.class.php @@ -181,10 +181,8 @@ class ProductFournisseurPrice extends CommonObject if (empty($conf->multicompany->enabled) && isset($this->fields['entity'])) $this->fields['entity']['enabled'] = 0; // Unset fields that are disabled - foreach ($this->fields as $key => $val) - { - if (isset($val['enabled']) && empty($val['enabled'])) - { + foreach ($this->fields as $key => $val) { + if (isset($val['enabled']) && empty($val['enabled'])) { unset($this->fields[$key]); } } @@ -241,14 +239,11 @@ class ProductFournisseurPrice extends CommonObject if (property_exists($object, 'date_modification')) { $object->date_modification = null; } // ... // Clear extrafields that are unique - if (is_array($object->array_options) && count($object->array_options) > 0) - { + if (is_array($object->array_options) && count($object->array_options) > 0) { $extrafields->fetch_name_optionals_label($this->table_element); - foreach ($object->array_options as $key => $option) - { + foreach ($object->array_options as $key => $option) { $shortkey = preg_replace('/options_/', '', $key); - if (!empty($extrafields->attributes[$this->table_element]['unique'][$shortkey])) - { + if (!empty($extrafields->attributes[$this->table_element]['unique'][$shortkey])) { //var_dump($key); var_dump($clonedObj->array_options[$key]); exit; unset($object->array_options[$key]); } @@ -264,20 +259,16 @@ class ProductFournisseurPrice extends CommonObject $this->errors = $object->errors; } - if (!$error) - { + if (!$error) { // copy internal contacts - if ($this->copy_linked_contact($object, 'internal') < 0) - { + if ($this->copy_linked_contact($object, 'internal') < 0) { $error++; } } - if (!$error) - { + if (!$error) { // copy external contacts if same company - if (property_exists($this, 'socid') && $this->socid == $object->socid) - { + if (property_exists($this, 'socid') && $this->socid == $object->socid) { if ($this->copy_linked_contact($object, 'external') < 0) $error++; } @@ -362,8 +353,7 @@ class ProductFournisseurPrice extends CommonObject if ($resql) { $num = $this->db->num_rows($resql); $i = 0; - while ($i < ($limit ? min($limit, $num) : $num)) - { + while ($i < ($limit ? min($limit, $num) : $num)) { $obj = $this->db->fetch_object($resql); $record = new self($this->db); @@ -424,8 +414,7 @@ class ProductFournisseurPrice extends CommonObject $error = 0; // Protection - if ($this->status == self::STATUS_VALIDATED) - { + if ($this->status == self::STATUS_VALIDATED) { dol_syslog(get_class($this)."::validate action abandonned: already validated", LOG_WARNING); return 0; } @@ -435,8 +424,7 @@ class ProductFournisseurPrice extends CommonObject $this->db->begin(); // Define new ref - if (!$error && (preg_match('/^[\(]?PROV/i', $this->ref) || empty($this->ref))) // empty should not happened, but when it occurs, the test save life - { + if (!$error && (preg_match('/^[\(]?PROV/i', $this->ref) || empty($this->ref))) { // empty should not happened, but when it occurs, the test save life $num = $this->getNextNumRef(); } else { $num = $this->ref; @@ -454,15 +442,13 @@ class ProductFournisseurPrice extends CommonObject dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); - if (!$resql) - { + if (!$resql) { dol_print_error($this->db); $this->error = $this->db->lasterror(); $error++; } - if (!$error && !$notrigger) - { + if (!$error && !$notrigger) { // Call trigger $result = $this->call_trigger('PRODUCTFOURNISSEURPRICE_VALIDATE', $user); if ($result < 0) $error++; @@ -470,13 +456,11 @@ class ProductFournisseurPrice extends CommonObject } } - if (!$error) - { + if (!$error) { $this->oldref = $this->ref; // Rename directory if dir was a temporary ref - if (preg_match('/^[\(]?PROV/i', $this->ref)) - { + if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'productfournisseurprice/".$this->db->escape($this->newref)."'"; $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'productfournisseurprice/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; @@ -488,17 +472,14 @@ class ProductFournisseurPrice extends CommonObject $newref = dol_sanitizeFileName($num); $dirsource = $conf->buypricehistory->dir_output.'/productfournisseurprice/'.$oldref; $dirdest = $conf->buypricehistory->dir_output.'/productfournisseurprice/'.$newref; - if (!$error && file_exists($dirsource)) - { + if (!$error && file_exists($dirsource)) { dol_syslog(get_class($this)."::validate() rename dir ".$dirsource." into ".$dirdest); - if (@rename($dirsource, $dirdest)) - { + if (@rename($dirsource, $dirdest)) { dol_syslog("Rename ok"); // Rename docs starting with $oldref with $newref $listoffiles = dol_dir_list($conf->buypricehistory->dir_output.'/productfournisseurprice/'.$newref, 'files', 1, '^'.preg_quote($oldref, '/')); - foreach ($listoffiles as $fileentry) - { + foreach ($listoffiles as $fileentry) { $dirsource = $fileentry['name']; $dirdest = preg_replace('/^'.preg_quote($oldref, '/').'/', $newref, $dirsource); $dirsource = $fileentry['path'].'/'.$dirsource; @@ -511,14 +492,12 @@ class ProductFournisseurPrice extends CommonObject } // Set new ref and current status - if (!$error) - { + if (!$error) { $this->ref = $num; $this->status = self::STATUS_VALIDATED; } - if (!$error) - { + if (!$error) { $this->db->commit(); return 1; } else { @@ -538,8 +517,7 @@ class ProductFournisseurPrice extends CommonObject public function setDraft($user, $notrigger = 0) { // Protection - if ($this->status <= self::STATUS_DRAFT) - { + if ($this->status <= self::STATUS_DRAFT) { return 0; } @@ -556,8 +534,7 @@ class ProductFournisseurPrice extends CommonObject public function cancel($user, $notrigger = 0) { // Protection - if ($this->status != self::STATUS_VALIDATED) - { + if ($this->status != self::STATUS_VALIDATED) { return 0; } @@ -574,8 +551,7 @@ class ProductFournisseurPrice extends CommonObject public function reopen($user, $notrigger = 0) { // Protection - if ($this->status != self::STATUS_CANCELED) - { + if ($this->status != self::STATUS_CANCELED) { return 0; } @@ -609,8 +585,7 @@ class ProductFournisseurPrice extends CommonObject $url = dol_buildpath('/buypricehistory/productfournisseurprice_card.php', 1).'?id='.$this->id; - if ($option != 'nolink') - { + if ($option != 'nolink') { // Add param to save lastsearch_values or not $add_save_lastsearch_values = ($save_lastsearch_value == 1 ? 1 : 0); if ($save_lastsearch_value == -1 && preg_match('/list\.php/', $_SERVER["PHP_SELF"])) $add_save_lastsearch_values = 1; @@ -618,10 +593,8 @@ class ProductFournisseurPrice extends CommonObject } $linkclose = ''; - if (empty($notooltip)) - { - if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) - { + if (empty($notooltip)) { + if (!empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { $label = $langs->trans("ShowProductFournisseurPrice"); $linkclose .= ' alt="'.dol_escape_htmltag($label, 1).'"'; } @@ -699,8 +672,7 @@ class ProductFournisseurPrice extends CommonObject public function LibStatut($status, $mode = 0) { // phpcs:enable - if (empty($this->labelStatus) || empty($this->labelStatusShort)) - { + if (empty($this->labelStatus) || empty($this->labelStatusShort)) { global $langs; //$langs->load("buypricehistory@buypricehistory"); $this->labelStatus[self::STATUS_DRAFT] = $langs->trans('Draft'); @@ -729,30 +701,25 @@ class ProductFournisseurPrice extends CommonObject $sql = 'SELECT rowid, date_creation as datec, tms as datem,'; $sql .= ' fk_user_creat, fk_user_modif'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.rowid = '.$id; + $sql .= ' WHERE t.rowid = '.((int) $id); $result = $this->db->query($sql); - if ($result) - { - if ($this->db->num_rows($result)) - { + if ($result) { + if ($this->db->num_rows($result)) { $obj = $this->db->fetch_object($result); $this->id = $obj->rowid; - if ($obj->fk_user_author) - { + if ($obj->fk_user_author) { $cuser = new User($this->db); $cuser->fetch($obj->fk_user_author); $this->user_creation = $cuser; } - if ($obj->fk_user_valid) - { + if ($obj->fk_user_valid) { $vuser = new User($this->db); $vuser->fetch($obj->fk_user_valid); $this->user_validation = $vuser; } - if ($obj->fk_user_cloture) - { + if ($obj->fk_user_cloture) { $cluser = new User($this->db); $cluser->fetch($obj->fk_user_cloture); $this->user_cloture = $cluser; @@ -794,8 +761,7 @@ class ProductFournisseurPrice extends CommonObject $conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON = 'mod_productfournisseurprice_standard'; } - if (!empty($conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON)) - { + if (!empty($conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON)) { $mybool = false; $file = $conf->global->BUYPRICEHISTORY_PRODUCTFOURNISSEURPRICE_ADDON.".php"; @@ -803,16 +769,14 @@ class ProductFournisseurPrice extends CommonObject // Include file with class $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); - foreach ($dirmodels as $reldir) - { + foreach ($dirmodels as $reldir) { $dir = dol_buildpath($reldir."core/modules/buypricehistory/"); // Load file with numbering class (if found) $mybool |= @include_once $dir.$file; } - if ($mybool === false) - { + if ($mybool === false) { dol_print_error('', "Failed to include file ".$file); return ''; } @@ -821,8 +785,7 @@ class ProductFournisseurPrice extends CommonObject $obj = new $classname(); $numref = $obj->getNextValue($this); - if ($numref != '' && $numref != '-1') - { + if ($numref != '' && $numref != '-1') { return $numref; } else { $this->error = $obj->error; diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index ff18c361ff9..cde318cda81 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -290,7 +290,7 @@ if (empty($reshook)) { foreach ($extrafield_values as $key => $value) { $sql .= str_replace('options_', '', $key).' = "'.$value.'", '; } - $sql = substr($sql, 0, strlen($sql) - 2).' WHERE fk_object = '.$object->product_fourn_price_id; + $sql = substr($sql, 0, strlen($sql) - 2).' WHERE fk_object = '.((int) $object->product_fourn_price_id); } // Execute the sql command from above diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 327c428e9c9..214a12ead14 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -782,7 +782,7 @@ class Entrepot extends CommonObject $parentid = $this->fk_parent; // If parent_id not defined on current object, we do not start consecutive searches of parents $i = 0; while ($parentid > 0 && $i < $protection) { - $sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'entrepot WHERE rowid = '.$parentid; + $sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'entrepot WHERE rowid = '.((int) $parentid); $resql = $this->db->query($sql); if ($resql) { $objarbo = $this->db->fetch_object($resql); @@ -817,7 +817,7 @@ class Entrepot extends CommonObject $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'entrepot - WHERE fk_parent = '.$id; + WHERE fk_parent = '.((int) $id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php index 102e3ba1700..74803f63909 100644 --- a/htdocs/product/stock/class/mouvementstock.class.php +++ b/htdocs/product/stock/class/mouvementstock.class.php @@ -896,7 +896,7 @@ class MouvementStock extends CommonObject $nb = 0; $sql = 'SELECT SUM(value) as nb from '.MAIN_DB_PREFIX.'stock_mouvement'; - $sql .= ' WHERE fk_product = '.$productidselected; + $sql .= ' WHERE fk_product = '.((int) $productidselected); $sql .= " AND datem < '".$this->db->idate($datebefore)."'"; dol_syslog(get_class($this).__METHOD__.'', LOG_DEBUG); diff --git a/htdocs/product/stock/class/productstockentrepot.class.php b/htdocs/product/stock/class/productstockentrepot.class.php index 88fc636e07e..aea8c3e1f14 100644 --- a/htdocs/product/stock/class/productstockentrepot.class.php +++ b/htdocs/product/stock/class/productstockentrepot.class.php @@ -196,7 +196,7 @@ class ProductStockEntrepot extends CommonObject if (!empty($id)) { $sql .= ' WHERE t.rowid = '.((int) $id); } else { - $sql .= ' WHERE t.fk_product = '.$fk_product.' AND t.fk_entrepot = '.$fk_entrepot; + $sql .= ' WHERE t.fk_product = '.((int) $fk_product).' AND t.fk_entrepot = '.((int) $fk_entrepot); } $resql = $this->db->query($sql); diff --git a/htdocs/product/stock/lib/replenishment.lib.php b/htdocs/product/stock/lib/replenishment.lib.php index d0415ccad78..1faa67ad860 100644 --- a/htdocs/product/stock/lib/replenishment.lib.php +++ b/htdocs/product/stock/lib/replenishment.lib.php @@ -39,7 +39,7 @@ function dolDispatchToDo($order_id) // Count nb of quantity dispatched per product $sql = 'SELECT fk_product, SUM(qty) FROM '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch'; - $sql .= ' WHERE fk_commande = '.$order_id; + $sql .= ' WHERE fk_commande = '.((int) $order_id); $sql .= ' GROUP BY fk_product'; $sql .= ' ORDER by fk_product'; $resql = $db->query($sql); @@ -51,7 +51,7 @@ function dolDispatchToDo($order_id) // Count nb of quantity to dispatch per product $sql = 'SELECT fk_product, SUM(qty) FROM '.MAIN_DB_PREFIX.'commande_fournisseurdet'; - $sql .= ' WHERE fk_commande = '.$order_id; + $sql .= ' WHERE fk_commande = '.((int) $order_id); $sql .= ' AND fk_product > 0'; if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) { $sql .= ' AND product_type = 0'; diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index 904fa9b7e94..b282984cef5 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -756,7 +756,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { if (!empty($conf->global->MAIN_MULTILANGS)) { $sql = 'SELECT label,description'; $sql .= ' FROM '.MAIN_DB_PREFIX.'product_lang'; - $sql .= ' WHERE fk_product = '.$objp->rowid; + $sql .= ' WHERE fk_product = '.((int) $objp->rowid); $sql .= ' AND lang = "'.$langs->getDefaultLang().'"'; $sql .= ' LIMIT 1'; diff --git a/htdocs/product/stock/stockatdate.php b/htdocs/product/stock/stockatdate.php index bdac3a70f54..d9a9be0cd70 100644 --- a/htdocs/product/stock/stockatdate.php +++ b/htdocs/product/stock/stockatdate.php @@ -487,7 +487,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { { $sql = 'SELECT label,description'; $sql .= ' FROM '.MAIN_DB_PREFIX.'product_lang'; - $sql .= ' WHERE fk_product = '.$objp->rowid; + $sql .= ' WHERE fk_product = '.((int) $objp->rowid); $sql .= ' AND lang = "'.$langs->getDefaultLang().'"'; $sql .= ' LIMIT 1'; diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index 54f622b95a1..1c3cacb4cee 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -428,7 +428,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($langs->trans("TimeSpentForInvoice", $username).' : '.$qtyhourtext, $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).') AND fk_user = '.((int) $userid); $result = $db->query($sql); if (!$result) { @@ -467,7 +467,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($value['note'], $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).') AND fk_user = '.((int) $userid); $result = $db->query($sql); if (!$result) { @@ -503,7 +503,7 @@ if ($action == 'confirm_generateinvoice') { $lineid = $tmpinvoice->addline($lineName, $pu_ht, round($qtyhour / $prodDurationHours, 2), $txtva, $localtax1, $localtax2, ($idprod > 0 ? $idprod : 0)); // Update lineid into line of timespent - $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.$lineid.', invoice_id = '.$tmpinvoice->id; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'projet_task_time SET invoice_line_id = '.((int) $lineid).', invoice_id = '.((int) $tmpinvoice->id); $sql .= ' WHERE rowid IN ('.$db->sanitize(join(',', $toselect)).')'; $result = $db->query($sql); if (!$result) { diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php index 454201203cc..91418707d3a 100644 --- a/htdocs/public/emailing/mailing-read.php +++ b/htdocs/public/emailing/mailing-read.php @@ -122,19 +122,19 @@ if (!empty($tag)) { //Update status of target $statut = '2'; - $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE rowid = ".((int) $obj->rowid); + $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".((int) $statut)." WHERE rowid = ".((int) $obj->rowid); $resql = $db->query($sql); if (!$resql) dol_print_error($db); //Update status communication of thirdparty prospect if ($obj->source_id > 0 && $obj->source_type == 'thirdparty' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid = '.$obj->source_id; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid = '.((int) $obj->source_id); $resql = $db->query($sql); } //Update status communication of contact prospect if ($obj->source_id > 0 && $obj->source_type == 'contact' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.$obj->source_id.')'; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '((int) $obj->source_id).')'; $resql = $db->query($sql); } } diff --git a/htdocs/salaries/class/salary.class.php b/htdocs/salaries/class/salary.class.php index fdd1bfd7f73..85ccfc0a1db 100644 --- a/htdocs/salaries/class/salary.class.php +++ b/htdocs/salaries/class/salary.class.php @@ -463,7 +463,7 @@ class Salary extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.$id_bank; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'salary SET fk_bank = '.((int) $id_bank); $sql .= ' WHERE rowid = '.$this->id; $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 7746001dea7..99453db7ac4 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -4620,7 +4620,7 @@ class Societe extends CommonObject $resql = $db->query($sql); while ($obj = $db->fetch_object($resql)) { - $db->query('DELETE FROM '.MAIN_DB_PREFIX.'societe_commerciaux WHERE rowid = '.$obj->rowid); + $db->query('DELETE FROM '.MAIN_DB_PREFIX.'societe_commerciaux WHERE rowid = '.((int) $obj->rowid)); } /** diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index bbb06f2a2da..0320a663ea8 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1777,7 +1777,7 @@ class SupplierProposal extends CommonObject $price = price2num($product->subprice * $product->qty, 'MU'); $unitPrice = price2num($product->subprice, 'MU'); - $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_fournisseur_price SET '.(!empty($product->ref_fourn) ? 'ref_fourn = "'.$product->ref_fourn.'", ' : '').' price ='.$price.', unitprice ='.$unitPrice.' WHERE rowid = '.$idProductFournPrice; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_fournisseur_price SET '.(!empty($product->ref_fourn) ? 'ref_fourn = "'.$this->db->escape($product->ref_fourn).'", ' : '').' price ='.((float) $price).', unitprice ='.((float) $unitPrice).' WHERE rowid = '.((int) $idProductFournPrice); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/variants/class/ProductAttribute.class.php b/htdocs/variants/class/ProductAttribute.class.php index a4e9f92eb10..1e7f44bb936 100644 --- a/htdocs/variants/class/ProductAttribute.class.php +++ b/htdocs/variants/class/ProductAttribute.class.php @@ -319,7 +319,7 @@ class ProductAttribute extends CommonObject $newrang = $this->rang + 1; } - $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_attribute SET rang = '.$this->rang.' WHERE rang = '.$newrang; + $sql = 'UPDATE '.MAIN_DB_PREFIX.'product_attribute SET rang = '.((int) $this->rang).' WHERE rang = '.((int) $newrang); if (!$this->db->query($sql)) { $this->db->rollback(); diff --git a/htdocs/website/class/websitepage.class.php b/htdocs/website/class/websitepage.class.php index 3dbdb353a3e..32c8c0b8688 100644 --- a/htdocs/website/class/websitepage.class.php +++ b/htdocs/website/class/websitepage.class.php @@ -407,7 +407,7 @@ class WebsitePage extends CommonObject $sql .= " t.object_type,"; $sql .= " t.fk_object"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.fk_website = '.$websiteid; + $sql .= ' WHERE t.fk_website = '.((int) $websiteid); // Manage filter (same than into countAll) $sqlwhere = array(); if (count($filter) > 0) { @@ -509,7 +509,7 @@ class WebsitePage extends CommonObject $sql = 'SELECT COUNT(t.rowid) as nb'; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.fk_website = '.$websiteid; + $sql .= ' WHERE t.fk_website = '.((int) $websiteid); // Manage filter (same than into fetchAll) $sqlwhere = array(); if (count($filter) > 0) { diff --git a/htdocs/zapier/class/hook.class.php b/htdocs/zapier/class/hook.class.php index 92066e496e2..5197296f659 100644 --- a/htdocs/zapier/class/hook.class.php +++ b/htdocs/zapier/class/hook.class.php @@ -416,13 +416,13 @@ class Hook extends CommonObject $sql .= ' t.rowid'; // TODO Get all fields $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; - $sql .= ' WHERE t.entity = '.$conf->entity; + $sql .= ' WHERE t.entity = '.((int) $conf->entity); // Manage filter $sqlwhere = array(); if (count($filter) > 0) { foreach ($filter as $key => $value) { if ($key == 't.rowid') { - $sqlwhere[] = $key.'='.$value; + $sqlwhere[] = $key.' = '.((int) $value); } elseif (strpos($key, 'date') !== false) { $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\''; } elseif ($key == 'customsql') { From 804fbd421d9c97f36e795b96b9b00c7c6fd64275 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Tue, 30 Mar 2021 16:44:41 +0200 Subject: [PATCH 11/37] Update card.php --- htdocs/product/composition/card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/product/composition/card.php b/htdocs/product/composition/card.php index 6dd6a0ac89d..442232686d3 100644 --- a/htdocs/product/composition/card.php +++ b/htdocs/product/composition/card.php @@ -171,11 +171,11 @@ $help_url = ''; $shortlabel = dol_trunc($object->label, 16); if (GETPOST("type") == '0' || ($object->type == Product::TYPE_PRODUCT)) { $title = $langs->trans('Product')." ".$shortlabel." - ".$langs->trans('AssociatedProducts'); - $help_url = 'EN:Module_Products|FR:Module_Produits|ES:Módulo_Productos'; + $help_url = 'EN:Module_Products|FR:Module_Produits|ES:Módulo_Productos|DE:Modul_Produkte'; } if (GETPOST("type") == '1' || ($object->type == Product::TYPE_SERVICE)) { $title = $langs->trans('Service')." ".$shortlabel." - ".$langs->trans('AssociatedProducts'); - $help_url = 'EN:Module_Services_En|FR:Module_Services|ES:Módulo_Servicios'; + $help_url = 'EN:Module_Services_En|FR:Module_Services|ES:Módulo_Servicios|DE:Modul_Leistungen'; } llxHeader('', $title, $help_url); From 7a4303183525dc3746105dc5a02bd055d1be073c Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Tue, 30 Mar 2021 17:14:11 +0200 Subject: [PATCH 12/37] Update CODE_OF_CONDUCT.md https --- .github/CODE_OF_CONDUCT.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md index 9a84fdbbda0..1c46e8e2d50 100644 --- a/.github/CODE_OF_CONDUCT.md +++ b/.github/CODE_OF_CONDUCT.md @@ -77,8 +77,8 @@ contact@dolibarr.org ## 10. License and attribution -This Code of Conduct is distributed under a [Creative Commons Attribution-ShareAlike license](http://creativecommons.org/licenses/by-sa/3.0/). +This Code of Conduct is distributed under a [Creative Commons Attribution-ShareAlike license](https://creativecommons.org/licenses/by-sa/3.0/). -Portions of text derived from the [Django Code of Conduct](https://www.djangoproject.com/conduct/) and the [Geek Feminism Anti-Harassment Policy](http://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Policy). +Portions of text derived from the [Django Code of Conduct](https://www.djangoproject.com/conduct/) and the [Geek Feminism Anti-Harassment Policy](https://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Policy). -Retrieved on November 22, 2016 from [http://citizencodeofconduct.org/](http://citizencodeofconduct.org/) +Retrieved on November 22, 2016 from [https://citizencodeofconduct.org/](http://citizencodeofconduct.org/) From 17d0da276491f68d25d7bfde360ed168d356d55f Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Tue, 30 Mar 2021 17:16:16 +0200 Subject: [PATCH 13/37] Update COPYING --- COPYING | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/COPYING b/COPYING index 2a000655e93..e60008693e0 100644 --- a/COPYING +++ b/COPYING @@ -1,7 +1,7 @@ GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 - Copyright (C) 2007 Free Software Foundation, Inc. + Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. From 0585712014f995d34b6a6fc1700542177da67959 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Tue, 30 Mar 2021 17:18:49 +0200 Subject: [PATCH 14/37] Update type_translation.php LICENSE https:// --- htdocs/adherents/type_translation.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/htdocs/adherents/type_translation.php b/htdocs/adherents/type_translation.php index a99f1f990ad..7111f9c905c 100644 --- a/htdocs/adherents/type_translation.php +++ b/htdocs/adherents/type_translation.php @@ -4,6 +4,9 @@ * Copyright (C) 2010-2012 Destailleur Laurent * Copyright (C) 2014 Henry Florian * + * + * LICENSE + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or @@ -15,8 +18,8 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * or see http://www.gnu.org/ + * along with this program. If not, see . + * or see https://www.gnu.org/ */ /** From 87c9b4b9fd8f1f08d849318eeb0c30f52d2f55c8 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Tue, 30 Mar 2021 17:21:10 +0200 Subject: [PATCH 15/37] Update PSWebServiceLibrary.class.php https:// --- htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php b/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php index bf63f4c42ab..adaf82d6964 100644 --- a/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php +++ b/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php @@ -7,7 +7,7 @@ * This source file is subject to the Open Software License (OSL 3.0) * that is bundled with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: -* http://opensource.org/licenses/osl-3.0.php +* https://opensource.org/licenses/osl-3.0.php * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to license@prestashop.com so we can send you a copy immediately. @@ -16,11 +16,11 @@ * * Do not edit or add to this file if you wish to upgrade PrestaShop to newer * versions in the future. If you wish to customize PrestaShop for your -* needs please refer to http://www.prestashop.com for more information. +* needs please refer to https://www.prestashop.com for more information. * * @author PrestaShop SA * @copyright 2007-2013 PrestaShop SA -* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) +* @license https://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) * International Registered Trademark & Property of PrestaShop SA * PrestaShop Webservice Library * @package PrestaShopWebservice From 3259d70e72cd2a56e65e849c12c40515e416d8cc Mon Sep 17 00:00:00 2001 From: Gauthier PC portable 024 Date: Tue, 30 Mar 2021 17:23:05 +0200 Subject: [PATCH 16/37] FIX : several fix after lists uniformization --- htdocs/compta/sociales/list.php | 2 +- htdocs/compta/sociales/payments.php | 9 +++++---- htdocs/compta/tva/list.php | 5 ----- htdocs/compta/tva/payments.php | 4 ++-- htdocs/salaries/payments.php | 2 +- 5 files changed, 9 insertions(+), 13 deletions(-) diff --git a/htdocs/compta/sociales/list.php b/htdocs/compta/sociales/list.php index 0614532605f..0ef916c3ef7 100644 --- a/htdocs/compta/sociales/list.php +++ b/htdocs/compta/sociales/list.php @@ -233,7 +233,7 @@ if ($year > 0) { if ($search_typeid) { $sql .= " AND cs.fk_type=".$db->escape($search_typeid); } -$sql .= " GROUP BY cs.rowid, cs.fk_type, cs.fk_user, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle, cs.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos"; +$sql .= " GROUP BY cs.rowid, cs.fk_type, cs.fk_user, cs.amount, cs.date_ech, cs.libelle, cs.paye, cs.periode, c.libelle, cs.fk_account, ba.label, ba.ref, ba.number, ba.account_number, ba.iban_prefix, ba.bic, ba.currency_code, ba.clos, pay.code, u.lastname"; if (!empty($conf->projet->enabled)) { $sql .= ", p.rowid, p.ref, p.title"; } diff --git a/htdocs/compta/sociales/payments.php b/htdocs/compta/sociales/payments.php index c11f13c14fa..e8e4102b5cc 100644 --- a/htdocs/compta/sociales/payments.php +++ b/htdocs/compta/sociales/payments.php @@ -169,7 +169,8 @@ if (preg_match('/^cs\./', $sortfield) || preg_match('/^c\./', $sortfield) || preg_match('/^pc\./', $sortfield) || preg_match('/^pct\./', $sortfield) - || preg_match('/^u\./', $sortfield)) { + || preg_match('/^u\./', $sortfield) + || preg_match('/^ba\./', $sortfield)) { $sql .= $db->order($sortfield, $sortorder); } @@ -233,8 +234,8 @@ print "\n"; print ''; print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "pc.rowid", "", $param, '', $sortfield, $sortorder); print_liste_field_titre("SocialContribution", $_SERVER["PHP_SELF"], "c.libelle", "", $param, '', $sortfield, $sortorder); -print_liste_field_titre("Type", $_SERVER["PHP_SELF"], "cs.fk_type", "", $param, '', $sortfield, $sortorder); -print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "cs.date_ech", "", $param, 'width="140px"', $sortfield, $sortorder); +print_liste_field_titre("TypeContrib", $_SERVER["PHP_SELF"], "cs.fk_type", "", $param, '', $sortfield, $sortorder); +print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "cs.periode", "", $param, 'width="140px"', $sortfield, $sortorder); print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "pc.datep", "", $param, 'align="center"', $sortfield, $sortorder); print_liste_field_titre("Employee", $_SERVER["PHP_SELF"], "u.rowid", "", $param, "", $sortfield, $sortorder); print_liste_field_titre("PaymentMode", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder); @@ -316,7 +317,7 @@ while ($i < min($num, $limit)) { print ''; print ''; - if ($obj->fk_bank > 0) { + if ($obj->bid > 0) { $accountstatic->id = $obj->bid; $accountstatic->ref = $obj->bref; $accountstatic->number = $obj->bnumber; diff --git a/htdocs/compta/tva/list.php b/htdocs/compta/tva/list.php index 16e780e4b0d..ac9e7b55ecd 100644 --- a/htdocs/compta/tva/list.php +++ b/htdocs/compta/tva/list.php @@ -57,7 +57,6 @@ $search_dateend_end = dol_mktime(23, 59, 59, GETPOST('search_dateend_endmonth', $search_datepayment_start = dol_mktime(0, 0, 0, GETPOST('search_datepayment_startmonth', 'int'), GETPOST('search_datepayment_startday', 'int'), GETPOST('search_datepayment_startyear', 'int')); $search_datepayment_end = dol_mktime(23, 59, 59, GETPOST('search_datepayment_endmonth', 'int'), GETPOST('search_datepayment_endday', 'int'), GETPOST('search_datepayment_endyear', 'int')); $search_type = GETPOST('search_type', 'int'); -$search_cheque = GETPOST('search_cheque', 'alpha'); $search_account = GETPOST('search_account', 'int'); $search_amount = GETPOST('search_amount', 'alpha'); $search_status = GETPOST('search_status', 'int'); @@ -123,7 +122,6 @@ if (empty($reshook)) { $search_datepayment_start = ''; $search_datepayment_end = ''; $search_type = ''; - $search_cheque = ''; $search_account = ''; $search_amount = ''; $search_status = ''; @@ -268,9 +266,6 @@ if (!empty($search_datepayment_end)) { if (!empty($search_type) && $search_type > 0) { $param .= '&search_type='.$search_type; } -if (!empty($search_cheque)) { - $param .= '&search_cheque="'.$search_cheque.'"'; -} if (!empty($search_account) && $search_account > 0) { $param .= '&search_account='.$search_account; } diff --git a/htdocs/compta/tva/payments.php b/htdocs/compta/tva/payments.php index 83399d5a5c8..3ebb9a335fc 100644 --- a/htdocs/compta/tva/payments.php +++ b/htdocs/compta/tva/payments.php @@ -120,11 +120,11 @@ if (!empty($conf->tax->enabled) && $user->rights->tax->charges->lire) { print ''; print ''; print_liste_field_titre("RefPayment", $_SERVER["PHP_SELF"], "ptva.rowid", "", $param, '', $sortfield, $sortorder); - print_liste_field_titre("VATDeclaration", $_SERVER["PHP_SELF"], "tva.label", "", $param, '', $sortfield, $sortorder); + print_liste_field_titre("VATDeclaration", $_SERVER["PHP_SELF"], "tva.rowid", "", $param, '', $sortfield, $sortorder); print_liste_field_titre("PeriodEndDate", $_SERVER["PHP_SELF"], "tva.datev", "", $param, 'width="140px"', $sortfield, $sortorder); print_liste_field_titre("DatePayment", $_SERVER["PHP_SELF"], "ptva.datep", "", $param, 'align="center"', $sortfield, $sortorder); print_liste_field_titre("PaymentMode", $_SERVER["PHP_SELF"], "pct.code", "", $param, '', $sortfield, $sortorder); - print_liste_field_titre("Numero", $_SERVER["PHP_SELF"], "pc.num_paiement", "", $param, '', $sortfield, $sortorder, '', 'ChequeOrTransferNumber'); + print_liste_field_titre("Numero", $_SERVER["PHP_SELF"], "ptva.num_paiement", "", $param, '', $sortfield, $sortorder, '', 'ChequeOrTransferNumber'); if (!empty($conf->banque->enabled)) { print_liste_field_titre("BankTransactionLine", $_SERVER["PHP_SELF"], "ptva.fk_bank", "", $param, '', $sortfield, $sortorder); print_liste_field_titre("BankAccount", $_SERVER["PHP_SELF"], "bank.ref", "", $param, '', $sortfield, $sortorder); diff --git a/htdocs/salaries/payments.php b/htdocs/salaries/payments.php index c91613f2327..18c29f9d5aa 100644 --- a/htdocs/salaries/payments.php +++ b/htdocs/salaries/payments.php @@ -485,7 +485,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { $accountstatic->accountancy_journal = $accountingjournal->getNomUrl(0, 1, 1, '', 1); } $accountstatic->label = $obj->blabel; - print $accountstatic->getNomUrl(1); + if($accountstatic->id > 0) print $accountstatic->getNomUrl(1); } else print ' '; print ''; if (!$i) $totalarray['nbfield']++; From 4903f92172b7d96d5d71ebc1645514fd083bae39 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Tue, 30 Mar 2021 15:26:15 +0000 Subject: [PATCH 17/37] Fixing style errors. --- htdocs/salaries/payments.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/salaries/payments.php b/htdocs/salaries/payments.php index 18c29f9d5aa..b3a398c8c45 100644 --- a/htdocs/salaries/payments.php +++ b/htdocs/salaries/payments.php @@ -485,7 +485,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) { $accountstatic->accountancy_journal = $accountingjournal->getNomUrl(0, 1, 1, '', 1); } $accountstatic->label = $obj->blabel; - if($accountstatic->id > 0) print $accountstatic->getNomUrl(1); + if ($accountstatic->id > 0) print $accountstatic->getNomUrl(1); } else print ' '; print ''; if (!$i) $totalarray['nbfield']++; From 9ad3ba15724c350c0eb60bd19902b32e9bc58dfb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 17:28:58 +0200 Subject: [PATCH 18/37] Fix regression in export --- htdocs/core/modules/modFacture.class.php | 4 +- htdocs/core/modules/modProduct.class.php | 17 ++++-- htdocs/core/modules/modService.class.php | 77 +++++++++++++++++------- 3 files changed, 70 insertions(+), 28 deletions(-) diff --git a/htdocs/core/modules/modFacture.class.php b/htdocs/core/modules/modFacture.class.php index 25653fb216a..a1c582f87aa 100644 --- a/htdocs/core/modules/modFacture.class.php +++ b/htdocs/core/modules/modFacture.class.php @@ -207,7 +207,7 @@ class modFacture extends DolibarrModules //-------- $r = 1; - $alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p"; + $alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pac"; $this->export_code[$r] = $this->rights_class.'_'.$r; $this->export_label[$r] = 'CustomersInvoicesAndInvoiceLines'; // Translation key (used only if key ExportDataset_xxx_z not found) $this->export_icon[$r] = 'invoice'; @@ -296,7 +296,7 @@ class modFacture extends DolibarrModules $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'facturedet_extrafields as extra2 on fd.rowid = extra2.fk_object'; $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p on (fd.fk_product = p.rowid)'; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pac ON pac.fk_product = p.rowid AND pac.entity = " . ((int) $conf->entity); } $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extra3 on p.rowid = extra3.fk_object'; $this->export_sql_end[$r] .= ' WHERE f.fk_soc = s.rowid AND f.rowid = fd.fk_facture'; diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index 85cf49ebf73..68d336c3a39 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -176,7 +176,7 @@ class modProduct extends DolibarrModules //-------- $r = 0; - $alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p"; + $alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pac"; $r++; $this->export_code[$r] = $this->rights_class.'_'.$r; $this->export_label[$r] = "Products"; // Translation key (used only if key ExportDataset_xxx_z not found) @@ -446,7 +446,7 @@ class modProduct extends DolibarrModules $this->export_sql_start[$r] = 'SELECT DISTINCT '; $this->export_sql_end[$r] = ' FROM '.MAIN_DB_PREFIX.'product as p'; if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { - $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pa ON pa.fk_product = p.rowid AND pa.entity = " . ((int) $conf->entity); + $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pac ON pac.fk_product = p.rowid AND pac.entity = " . ((int) $conf->entity); } $this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extra ON p.rowid = extra.fk_object,'; $this->export_sql_end[$r] .= ' '.MAIN_DB_PREFIX.'product_association as pa, '.MAIN_DB_PREFIX.'product as p2'; @@ -641,7 +641,16 @@ class modProduct extends DolibarrModules } // End add extra fields $this->import_fieldshidden_array[$r] = array('extra.fk_object'=>'lastrowid-'.MAIN_DB_PREFIX.'product'); // aliastable.field => ('user->id' or 'lastrowid-'.tableparent) - + $this->import_regex_array[$r] = array( + 'p.ref'=>'[^ ]', + 'p.price_base_type' => 'HT|TTC', + 'p.tosell'=>'^[0|1]$', + 'p.tobuy'=>'^[0|1]$', + 'p.fk_product_type'=>'^[0|1]$', + 'p.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$', + 'p.recuperableonly' => '^[0|1]$', + 'p.finished' => '^[0|1]$' + ); // field order as per structure of table llx_product $import_sample = array( 'p.ref' => "ref:PREF123456", @@ -893,7 +902,7 @@ class modProduct extends DolibarrModules $this->import_convertvalue_array[$r] = array( 'l.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') ); - $this->import_examplevalues_array[$r] = array('l.fk_product'=>'PRODUCT_REF or id:123456', 'l.lang'=>'en_US', 'l.label'=>'Label in en_US', 'l.description'=>'Desc in en_US'); + $this->import_examplevalues_array[$r] = array('l.fk_product'=>'ref:PRODUCT_REF or id:123456', 'l.lang'=>'en_US', 'l.label'=>'Label in en_US', 'l.description'=>'Desc in en_US'); $this->import_updatekeys_array[$r] = array('l.fk_product'=>'ProductOrService', 'l.lang'=>'Language'); } } diff --git a/htdocs/core/modules/modService.class.php b/htdocs/core/modules/modService.class.php index dda0447371a..ae4c7e223fe 100644 --- a/htdocs/core/modules/modService.class.php +++ b/htdocs/core/modules/modService.class.php @@ -143,7 +143,7 @@ class modService extends DolibarrModules //-------- $r = 0; - $alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "pa" : "p"; + $alias_product_accounting = empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED) ? "p" : "pac"; $r++; $this->export_code[$r] = $this->rights_class.'_'.$r; $this->export_label[$r] = "Services"; // Translation key (used only if key ExportDataset_xxx_z not found) @@ -368,8 +368,8 @@ class modService extends DolibarrModules $this->export_fields_array[$r] = array_merge($this->export_fields_array[$r], array('pa.qty'=>'Qty', 'pa.incdec'=>'ComposedProductIncDecStock')); $this->export_TypeFields_array[$r] = array( 'p.ref'=>"Text", 'p.label'=>"Text", 'p.description'=>"Text", 'p.url'=>"Text", - $alias_product_accounting . 'p.accountancy_code_sell'=>"Text", $alias_product_accounting . '.accountancy_code_sell_intra'=>"Text", $alias_product_accounting . '.accountancy_code_sell_export'=>"Text", - $alias_product_accounting . 'p.accountancy_code_buy'=>"Text", $alias_product_accounting . '.accountancy_code_buy_intra'=>"Text", $alias_product_accounting . '.accountancy_code_buy_export'=>"Text", + $alias_product_accounting . '.accountancy_code_sell'=>"Text", $alias_product_accounting . '.accountancy_code_sell_intra'=>"Text", $alias_product_accounting . '.accountancy_code_sell_export'=>"Text", + $alias_product_accounting . '.accountancy_code_buy'=>"Text", $alias_product_accounting . '.accountancy_code_buy_intra'=>"Text", $alias_product_accounting . '.accountancy_code_buy_export'=>"Text", 'p.note'=>"Text", 'p.note_public'=>"Text", 'p.weight'=>"Numeric", 'p.length'=>"Numeric", 'p.surface'=>"Numeric", 'p.volume'=>"Numeric", 'p.customcode'=>'Text', 'p.price_base_type'=>"Text", 'p.price'=>"Numeric", 'p.price_ttc'=>"Numeric", 'p.tva_tx'=>'Numeric', 'p.tosell'=>"Boolean", 'p.tobuy'=>"Boolean", @@ -406,8 +406,8 @@ class modService extends DolibarrModules $this->export_entities_array[$r] = array_merge($this->export_entities_array[$r], array('p2.rowid'=>"subproduct", 'p2.ref'=>"subproduct", 'p2.label'=>"subproduct", 'p2.description'=>"subproduct")); $this->export_sql_start[$r] = 'SELECT DISTINCT '; $this->export_sql_end[$r] = ' FROM '.MAIN_DB_PREFIX.'product as p'; - if (!empty($conf->global->ACCOUNTANCY_COMPANY_SHARED)) { - $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_accounting as sa ON sa.fk_soc = s.rowid AND sa.entity = " . ((int) $conf->entity); + if (!empty($conf->global->MAIN_PRODUCT_PERENTITY_SHARED)) { + $this->export_sql_end[$r] .= " LEFT JOIN " . MAIN_DB_PREFIX . "product_accounting as pac ON pac.fk_product = p.rowid AND pac.entity = " . ((int) $conf->entity); } $this->export_sql_end[$r] .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_extrafields as extra ON p.rowid = extra.fk_object,'; $this->export_sql_end[$r] .= ' '.MAIN_DB_PREFIX.'product_association as pa, '.MAIN_DB_PREFIX.'product as p2'; @@ -450,13 +450,13 @@ class modService extends DolibarrModules 'p.weight' => "Weight", 'p.weight_units' => "WeightUnits", 'p.length' => "Length", - 'p.length_units' => "LengthUnit", + 'p.length_units' => "LengthUnits", 'p.width' => "Width", 'p.width_units' => "WidthUnits", 'p.height' => "Height", - 'p.height_units' => "HeightUnit", + 'p.height_units' => "HeightUnits", 'p.surface' => "Surface", - 'p.surface_units' => "SurfaceUnit", + 'p.surface_units' => "SurfaceUnits", 'p.volume' => "Volume", 'p.volume_units' => "VolumeUnits", 'p.duration' => "Duration", //duration of service @@ -470,13 +470,6 @@ class modService extends DolibarrModules 'p.datec' => 'DateCreation', 'p.cost_price' => "CostPrice", ); - if (!empty($conf->stock->enabled)) {//if Stock module enabled - $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array( - 'p.seuil_stock_alerte' => 'StockLimit', //lower limit for warning - 'p.pmp' => 'PMPValue', //weighted average price - 'p.desiredstock' => 'DesiredStock'//desired stock for replenishment feature - )); - } $this->import_convertvalue_array[$r] = array( 'p.weight_units' => array( @@ -535,6 +528,41 @@ class modService extends DolibarrModules 'dict' => 'DictionaryCountry' ) ); + + $this->import_regex_array[$r] = array( + 'p.ref' => '[^ ]', + 'p.price_base_type' => '\AHT\z|\ATTC\z', + 'p.tosell' => '^[0|1]$', + 'p.tobuy' => '^[0|1]$', + 'p.fk_product_type' => '^[0|1]$', + 'p.datec' => '^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$', + 'p.recuperableonly' => '^[0|1]$', + ); + + if (!empty($conf->stock->enabled)) {//if Stock module enabled + $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array( + 'p.fk_default_warehouse'=>'DefaultWarehouse', + 'p.tobatch'=>'ManageLotSerial', + 'p.seuil_stock_alerte' => 'StockLimit', //lower limit for warning + 'p.pmp' => 'PMPValue', //weighted average price + 'p.desiredstock' => 'DesiredStock'//desired stock for replenishment feature + )); + + $this->import_regex_array[$r] = array_merge($this->import_regex_array[$r], array( + 'p.tobatch' => '^[0|1|2]$' + )); + + $this->import_convertvalue_array[$r] = array_merge($this->import_convertvalue_array[$r], array( + 'p.fk_default_warehouse' => array( + 'rule' => 'fetchidfromref', + 'classfile' => '/product/stock/class/entrepot.class.php', + 'class' => 'Entrepot', + 'method' => 'fetch', + 'element'=> 'Warehouse' + ) + )); + } + if (!empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) { $this->import_fields_array[$r] = array_merge($this->import_fields_array[$r], array('p.cost_price'=>'CostPrice')); } @@ -569,7 +597,7 @@ class modService extends DolibarrModules $this->import_fieldshidden_array[$r] = array('extra.fk_object'=>'lastrowid-'.MAIN_DB_PREFIX.'product'); // aliastable.field => ('user->id' or 'lastrowid-'.tableparent) $this->import_regex_array[$r] = array( 'p.ref'=>'[^ ]', - 'p.price_base_type' => '\AHT\z|\ATTC\z', + 'p.price_base_type' => 'HT|TTC', 'p.tosell'=>'^[0|1]$', 'p.tobuy'=>'^[0|1]$', 'p.fk_product_type'=>'^[0|1]$', @@ -579,7 +607,7 @@ class modService extends DolibarrModules ); // field order as per structure of table llx_product $import_sample = array( - 'p.ref' => "PREF123456", + 'p.ref' => "ref:PREF123456", 'p.datec' => dol_print_date(dol_now(), '%Y-%m-%d'), 'p.label' => "Product name in default language", 'p.description' => "Product description in default language", @@ -616,7 +644,7 @@ class modService extends DolibarrModules 'p.surface_units' => 'm2', // Use a unit of measure from the dictionary. m2/cm2/mm2 etc....matches field "Short label" for unit type "surface" in table "' . MAIN_DB_PREFIX . 'c_units', 'p.volume' => "", 'p.volume_units' => 'm3', //Use a unit of measure from the dictionary. m3/cm3/mm3 etc....matches field "Short label" for unit type "volume" in table "' . MAIN_DB_PREFIX . 'c_units', - 'p.finished' => '0 (raw material) / 1 (finished goods)' + 'p.finished' => '0 (raw material) / 1 (finished goods), matches field "code" in dictionary table "'.MAIN_DB_PREFIX.'c_product_nature"' ); //clauses copied from import_fields_array if (!empty($conf->stock->enabled)) { @@ -718,7 +746,7 @@ class modService extends DolibarrModules 'sp.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') ); $this->import_examplevalues_array[$r] = array( - 'sp.fk_product' => "PRODUCT_REF or id:123456", + 'sp.fk_product' => "ref:PRODUCT_REF or id:123456", 'sp.fk_soc' => "My Supplier", 'sp.ref_fourn' => "XYZ-F123456", 'sp.quantity' => "5", @@ -755,8 +783,13 @@ class modService extends DolibarrModules 'sp.multicurrency_price'=>'' )); } + if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) { + $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array( + 'sp.packagning'=>'1', + )); + } - $this->import_updatekeys_array[$r] = array('sp.fk_product'=>'ProductOrService', 'sp.ref_fourn'=>'SupplierRef', 'sp.fk_soc'=>'Supplier'); + $this->import_updatekeys_array[$r] = array('sp.fk_product'=>'ProductOrService', 'sp.ref_fourn'=>'SupplierRef', 'sp.fk_soc'=>'Supplier'); } if (!empty($conf->global->PRODUIT_MULTIPRICES)) { @@ -783,7 +816,7 @@ class modService extends DolibarrModules $this->import_convertvalue_array[$r] = array( 'pr.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') ); - $this->import_examplevalues_array[$r] = array('pr.fk_product'=>"SERVICE_REF or id:123456", + $this->import_examplevalues_array[$r] = array('pr.fk_product'=>"ref:SERVICE_REF or id:123456", 'pr.price_base_type'=>"HT (for excl tax) or TTC (for inc tax)", 'pr.price_level'=>"1", 'pr.price'=>"100", 'pr.price_ttc'=>"110", 'pr.price_min'=>"100", 'pr.price_min_ttc'=>"110", @@ -806,7 +839,7 @@ class modService extends DolibarrModules $this->import_convertvalue_array[$r] = array( 'l.fk_product'=>array('rule'=>'fetchidfromref', 'classfile'=>'/product/class/product.class.php', 'class'=>'Product', 'method'=>'fetch', 'element'=>'Product') ); - $this->import_examplevalues_array[$r] = array('l.fk_product'=>'SERVICE_REF or id:123456', 'l.lang'=>'en_US', 'l.label'=>'Label in en_US', 'l.description'=>'Desc in en_US'); + $this->import_examplevalues_array[$r] = array('l.fk_product'=>'ref:SERVICE_REF or id:123456', 'l.lang'=>'en_US', 'l.label'=>'Label in en_US', 'l.description'=>'Desc in en_US'); $this->import_updatekeys_array[$r] = array('l.fk_product'=>'ProductOrService', 'l.lang'=>'Language'); } } From c80a8517d4feb8b84869c42b8f8867553af84be7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 17:39:48 +0200 Subject: [PATCH 19/37] Fix position of line for ticket group --- htdocs/install/mysql/migration/13.0.0-14.0.0.sql | 2 +- htdocs/install/mysql/tables/llx_c_ticket_category.sql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql index f908d57a5af..e96b20d90f4 100644 --- a/htdocs/install/mysql/migration/13.0.0-14.0.0.sql +++ b/htdocs/install/mysql/migration/13.0.0-14.0.0.sql @@ -310,5 +310,5 @@ ALTER TABLE llx_societe_perentity ADD INDEX idx_societe_perentity_fk_soc (fk_soc ALTER TABLE llx_societe_perentity ADD UNIQUE INDEX uk_societe_perentity (fk_soc, entity); ALTER TABLE llx_c_ticket_category ADD COLUMN public integer DEFAULT 0; - +ALTER TABLE llc_c_ticket_category MODIFY COLUMN pos integer DEFAULT 0 NOT NULL; diff --git a/htdocs/install/mysql/tables/llx_c_ticket_category.sql b/htdocs/install/mysql/tables/llx_c_ticket_category.sql index c42c3f029d4..317be25e142 100644 --- a/htdocs/install/mysql/tables/llx_c_ticket_category.sql +++ b/htdocs/install/mysql/tables/llx_c_ticket_category.sql @@ -21,7 +21,7 @@ create table llx_c_ticket_category entity integer DEFAULT 1, code varchar(32) NOT NULL, label varchar(128) NOT NULL, - pos varchar(32) NOT NULL, + pos integer DEFAULT 0 NOT NULL, public integer DEFAULT 0, use_default integer DEFAULT 1, active integer DEFAULT 1, From 5935d7d0826f097efe5fc970dad869ee9d056c1f Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Tue, 30 Mar 2021 17:42:44 +0200 Subject: [PATCH 20/37] Update sms.php href="https://www.dolistore.com/ --- htdocs/admin/sms.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/sms.php b/htdocs/admin/sms.php index 9ddbc3361c8..f84425eda4d 100644 --- a/htdocs/admin/sms.php +++ b/htdocs/admin/sms.php @@ -156,7 +156,7 @@ asort($listofmethods); if (!count($listofmethods)) { $descnosms = $langs->trans("NoSmsEngine", '{Dolistore}'); - $descnosms = str_replace('{Dolistore}', 'DoliStore', $descnosms); + $descnosms = str_replace('{Dolistore}', 'DoliStore', $descnosms); print '
'.$descnosms.'
'; } From fae3cca4947d9c160a0a7da1d6a7f84e8eb07411 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 17:45:15 +0200 Subject: [PATCH 21/37] FIX #yogosha5746 - next step (work in progress) --- htdocs/compta/facture/class/facture.class.php | 6 +++--- htdocs/compta/paiement/cheque/class/remisecheque.class.php | 2 +- htdocs/core/class/commonobject.class.php | 2 +- htdocs/install/repair.php | 4 ++-- htdocs/install/upgrade2.php | 2 +- htdocs/intracommreport/class/intracommreport.class.php | 2 +- htdocs/opensurvey/class/opensurveysondage.class.php | 2 +- htdocs/opensurvey/results.php | 2 +- htdocs/product/inventory/inventory.php | 2 +- htdocs/website/class/website.class.php | 2 +- 10 files changed, 13 insertions(+), 13 deletions(-) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 7e9300be61c..3c0722684ca 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -2233,7 +2233,7 @@ class Facture extends CommonInvoice if (!$error) { // If invoice was converted into a discount not yet consumed, we remove discount $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'societe_remise_except'; - $sql .= ' WHERE fk_facture_source = '.$rowid; + $sql .= ' WHERE fk_facture_source = '.((int) $rowid); $sql .= ' AND fk_facture_line IS NULL'; $resql = $this->db->query($sql); @@ -4575,7 +4575,7 @@ class Facture extends CommonInvoice global $conf; $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'facture'; - $sql .= ' WHERE situation_cycle_ref = '.$this->situation_cycle_ref; + $sql .= ' WHERE situation_cycle_ref = '.((int) $this->situation_cycle_ref); $sql .= ' AND situation_counter < '.$this->situation_counter; $sql .= ' AND entity = '.($this->entity > 0 ? $this->entity : $conf->entity); $resql = $this->db->query($sql); @@ -4654,7 +4654,7 @@ class Facture extends CommonInvoice if (!empty($this->situation_cycle_ref)) { // No point in testing anything if we're not inside a cycle $sql = 'SELECT max(situation_counter) FROM '.MAIN_DB_PREFIX.'facture'; - $sql .= ' WHERE situation_cycle_ref = '.$this->situation_cycle_ref; + $sql .= ' WHERE situation_cycle_ref = '.((int) $this->situation_cycle_ref); $sql .= ' AND entity = '.($this->entity > 0 ? $this->entity : $conf->entity); $resql = $this->db->query($sql); diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php index 71e8ab10b38..489d4c7cec0 100644 --- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php @@ -746,7 +746,7 @@ class RemiseCheque extends CommonObject // Get invoices list to reopen them $sql = 'SELECT pf.fk_facture, pf.amount'; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf'; - $sql .= ' WHERE pf.fk_paiement = '.$payment->id; + $sql .= ' WHERE pf.fk_paiement = '.((int) $payment->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 410c896d329..967691c34be 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -4047,7 +4047,7 @@ abstract class CommonObject global $db; - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.$fk_object_where; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.((int) $fk_object_where); $resql = $db->query($sql); if (empty($resql)) { diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index 1eb980ae173..1f80d37efd8 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -1318,8 +1318,8 @@ if ($ok && GETPOST('repair_link_dispatch_lines_supplier_order_lines')) { } while ($obj_dispatch = $db->fetch_object($resql_dispatch)) { $sql_line = 'SELECT line.rowid, line.qty FROM '.MAIN_DB_PREFIX.'commande_fournisseurdet AS line'; - $sql_line .= ' WHERE line.fk_commande = '.$obj_dispatch->fk_commande; - $sql_line .= ' AND line.fk_product = '.$obj_dispatch->fk_product; + $sql_line .= ' WHERE line.fk_commande = '.((int) $obj_dispatch->fk_commande); + $sql_line .= ' AND line.fk_product = '.((int) $obj_dispatch->fk_product); $resql_line = $db->query($sql_line); // s’il y a plusieurs lignes avec le même produit sur cette commande fournisseur, diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index de4ff58d018..fb63847c3e6 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -1342,7 +1342,7 @@ function migrate_paiementfourn_facturefourn($db, $langs, $conf) // Verifier si la ligne est deja dans la nouvelle table. On ne veut pas inserer de doublons. $check_sql = 'SELECT fk_paiementfourn, fk_facturefourn'; $check_sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn'; - $check_sql .= ' WHERE fk_paiementfourn = '.$select_obj->rowid.' AND fk_facturefourn = '.((int) $select_obj->fk_facture_fourn); + $check_sql .= ' WHERE fk_paiementfourn = '.((int) $select_obj->rowid).' AND fk_facturefourn = '.((int) $select_obj->fk_facture_fourn); $check_resql = $db->query($check_sql); if ($check_resql) { $check_num = $db->num_rows($check_resql); diff --git a/htdocs/intracommreport/class/intracommreport.class.php b/htdocs/intracommreport/class/intracommreport.class.php index cd4765161e9..a36a489ea70 100644 --- a/htdocs/intracommreport/class/intracommreport.class.php +++ b/htdocs/intracommreport/class/intracommreport.class.php @@ -417,7 +417,7 @@ class IntracommReport extends CommonObject ( SELECT fk_product FROM '.MAIN_DB_PREFIX.'categorie_product - WHERE fk_categorie = '.$categ_fraisdeport->id.' + WHERE fk_categorie = '.((int) $categ_fraisdeport->id).' ) )'; diff --git a/htdocs/opensurvey/class/opensurveysondage.class.php b/htdocs/opensurvey/class/opensurveysondage.class.php index badb3f60149..e11fb65184a 100644 --- a/htdocs/opensurvey/class/opensurveysondage.class.php +++ b/htdocs/opensurvey/class/opensurveysondage.class.php @@ -594,7 +594,7 @@ class Opensurveysondage extends CommonObject */ public function deleteComment($id_comment) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'opensurvey_comments WHERE id_comment = '.$id_comment.' AND id_sondage = "'.$this->db->escape($this->id_sondage).'"'; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'opensurvey_comments WHERE id_comment = '.((int) $id_comment).' AND id_sondage = "'.$this->db->escape($this->id_sondage).'"'; $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index 0cf9cff7932..6d12259a39f 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -283,7 +283,7 @@ for ($i = 0; $i < $nblines; $i++) { if ($compteur == $i) { $sql2 = 'DELETE FROM '.MAIN_DB_PREFIX.'opensurvey_user_studs'; - $sql2 .= ' WHERE id_users = '.$db->escape($obj->id_users); + $sql2 .= " WHERE id_users = ".((int) $obj->id_users); $resql2 = $db->query($sql2); } diff --git a/htdocs/product/inventory/inventory.php b/htdocs/product/inventory/inventory.php index dea3b46c946..85be4ec7325 100644 --- a/htdocs/product/inventory/inventory.php +++ b/htdocs/product/inventory/inventory.php @@ -453,7 +453,7 @@ if ($object->id > 0) { $sql = 'SELECT id.rowid, id.datec as date_creation, id.tms as date_modification, id.fk_inventory, id.fk_warehouse,'; $sql .= ' id.fk_product, id.batch, id.qty_stock, id.qty_view, id.qty_regulated'; $sql .= ' FROM '.MAIN_DB_PREFIX.'inventorydet as id'; - $sql .= ' WHERE id.fk_inventory = '.$object->id; + $sql .= ' WHERE id.fk_inventory = '.((int) $object->id); $cacheOfProducts = array(); $cacheOfWarehouses = array(); diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 27ede3cd0ef..171918238b8 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -1281,7 +1281,7 @@ class Website extends CommonObject $objectpagestatic = new WebsitePage($this->db); - $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'website_page WHERE fk_website = '.$this->id; + $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'website_page WHERE fk_website = '.((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { From d2290a8e13d3744a7fbc3198e5b82d2cae01731d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 17:53:25 +0200 Subject: [PATCH 22/37] FIX #yogosha5746 - next step (work in progress) --- htdocs/accountancy/admin/account.php | 2 +- htdocs/accountancy/bookkeeping/list.php | 2 +- htdocs/accountancy/class/accountancycategory.class.php | 2 +- htdocs/accountancy/closure/index.php | 6 +++--- htdocs/accountancy/customer/index.php | 2 +- htdocs/accountancy/expensereport/list.php | 2 +- htdocs/accountancy/supplier/index.php | 2 +- htdocs/accountancy/supplier/list.php | 2 +- .../canvas/actions_adherentcard_common.class.php | 2 +- htdocs/adherents/class/adherent.class.php | 10 +++++----- htdocs/adherents/class/adherent_type.class.php | 2 +- htdocs/adherents/class/adherentstats.class.php | 2 +- htdocs/public/emailing/mailing-read.php | 2 +- 13 files changed, 19 insertions(+), 19 deletions(-) diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index cf2bd2065a2..39bf2b07b29 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -218,7 +218,7 @@ if ($db->type == 'pgsql') { } else { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = aa.account_parent AND a2.entity = ".$conf->entity; } -$sql .= " WHERE asy.rowid = ".$pcgver; +$sql .= " WHERE asy.rowid = ".((int) $pcgver); //print $sql; if (strlen(trim($search_account))) { $lengthpaddingaccount = 0; diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index 8daefea76d2..b3f946e9245 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -520,7 +520,7 @@ if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->ex $sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping"; $sql .= " SET date_export = '".$db->idate($now)."'"; $sql .= " , date_validated = '".$db->idate($now)."'"; - $sql .= " WHERE rowid = ".$movement->id; + $sql .= " WHERE rowid = ".((int) $movement->id); dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported sql=".$sql, LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 9301c809125..3e171110c8b 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -428,7 +428,7 @@ class AccountancyCategory // extends CommonObject global $conf; $sql = "SELECT t.rowid, t.account_number, t.label"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t"; - $sql .= " WHERE t.fk_accounting_category = ".$id; + $sql .= " WHERE t.fk_accounting_category = ".((int) $id); $sql .= " AND t.entity = ".$conf->entity; $this->lines_display = array(); diff --git a/htdocs/accountancy/closure/index.php b/htdocs/accountancy/closure/index.php index 3ba552cdfa4..390c288b606 100644 --- a/htdocs/accountancy/closure/index.php +++ b/htdocs/accountancy/closure/index.php @@ -91,9 +91,9 @@ if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting- $sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping"; $sql .= " SET date_validated = '".$db->idate($now)."'"; - $sql .= " WHERE rowid = ".$movement->id; - $sql .= " AND doc_date >= '" . dol_print_date($date_start, 'dayrfc') . "'"; - $sql .= " AND doc_date <= '" . dol_print_date($date_end, 'dayrfc') . "'"; + $sql .= " WHERE rowid = ".((int) $movement->id); + $sql .= " AND doc_date >= '" . $db->idate($date_start) . "'"; + $sql .= " AND doc_date <= '" . $db->idate($date_end) . "'"; dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated sql=".$sql, LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php index 354652c653c..6a8289f9d39 100644 --- a/htdocs/accountancy/customer/index.php +++ b/htdocs/accountancy/customer/index.php @@ -208,7 +208,7 @@ if ($action == 'validatehistory') { if ($objp->aarowid_suggest > 0) { $sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facturedet"; $sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest); - $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid; + $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid); $resqlupdate = $db->query($sqlupdate); if (!$resqlupdate) { diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index c7a1dec2d94..98decf4d27a 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -154,7 +154,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { } else { $sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det"; $sql .= " SET fk_code_ventilation = ".((int) $monCompte); - $sql .= " WHERE rowid = ".$monId; + $sql .= " WHERE rowid = ".((int) $monId); $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php index fc295fdafa4..392551708de 100644 --- a/htdocs/accountancy/supplier/index.php +++ b/htdocs/accountancy/supplier/index.php @@ -194,7 +194,7 @@ if ($action == 'validatehistory') { if ($objp->aarowid_suggest > 0) { $sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; $sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest); - $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid; + $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid); $resqlupdate = $db->query($sqlupdate); if (!$resqlupdate) { diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index c322ebef9a2..847e330e8e4 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -178,7 +178,7 @@ if ($massaction == 'ventil') { } else { $sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; $sql .= " SET fk_code_ventilation = ".((int) $monCompte); - $sql .= " WHERE rowid = ".$monId; + $sql .= " WHERE rowid = ".((int) $monId); $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); diff --git a/htdocs/adherents/canvas/actions_adherentcard_common.class.php b/htdocs/adherents/canvas/actions_adherentcard_common.class.php index 3c6e72cc783..2c0e1d992cc 100644 --- a/htdocs/adherents/canvas/actions_adherentcard_common.class.php +++ b/htdocs/adherents/canvas/actions_adherentcard_common.class.php @@ -273,7 +273,7 @@ abstract class ActionsAdherentCardCommon // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { - $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id; + $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index eca8668e308..79fef823883 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -692,7 +692,7 @@ class Adherent extends CommonObject $sql .= ", datevalid = '".$this->db->idate($this->datevalid)."'"; // Must be modified only when validating a member } $sql .= ", fk_user_mod = ".($user->id > 0 ? $user->id : 'null'); // Can be null because member can be create by a guest - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); // If we change the type of membership, we set also label of new type if (!empty($this->oldcopy) && $this->typeid != $this->oldcopy->typeid) { @@ -964,7 +964,7 @@ class Adherent extends CommonObject } // Remove category - $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -975,7 +975,7 @@ class Adherent extends CommonObject // Remove subscription if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1007,7 +1007,7 @@ class Adherent extends CommonObject // Remove adherent if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1154,7 +1154,7 @@ class Adherent extends CommonObject // Set link to user if ($userid > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id); - $sql .= " WHERE rowid = ".$userid; + $sql .= " WHERE rowid = ".((int) $userid); dol_syslog(get_class($this)."::setUserId", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index 460cefdeed3..b2f181e59be 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -425,7 +425,7 @@ class AdherentType extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent_type"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/adherents/class/adherentstats.class.php b/htdocs/adherents/class/adherentstats.class.php index 62d0e03e27e..1f3dbd32cb6 100644 --- a/htdocs/adherents/class/adherentstats.class.php +++ b/htdocs/adherents/class/adherentstats.class.php @@ -72,7 +72,7 @@ class AdherentStats extends Stats $this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")"; //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id; if ($this->memberid) { - $this->where .= " AND m.rowid = ".$this->memberid; + $this->where .= " AND m.rowid = ".((int) $this->memberid); } //if ($this->userid > 0) $this->where.=' AND fk_user_author = '.$this->userid; } diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php index 91418707d3a..ea9eeb377e7 100644 --- a/htdocs/public/emailing/mailing-read.php +++ b/htdocs/public/emailing/mailing-read.php @@ -134,7 +134,7 @@ if (!empty($tag)) { //Update status communication of contact prospect if ($obj->source_id > 0 && $obj->source_type == 'contact' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '((int) $obj->source_id).')'; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.((int) $obj->source_id).')'; $resql = $db->query($sql); } } From 3744bc6a7a819513a0f30152ed2fc27d4e21c3e4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 17:53:25 +0200 Subject: [PATCH 23/37] FIX #yogosha5746 - next step (work in progress) --- htdocs/accountancy/admin/account.php | 2 +- htdocs/accountancy/bookkeeping/list.php | 2 +- .../class/accountancycategory.class.php | 2 +- htdocs/accountancy/closure/index.php | 6 ++--- htdocs/accountancy/customer/index.php | 2 +- htdocs/accountancy/expensereport/list.php | 2 +- htdocs/accountancy/supplier/index.php | 2 +- htdocs/accountancy/supplier/list.php | 2 +- .../actions_adherentcard_common.class.php | 2 +- htdocs/adherents/class/adherent.class.php | 10 ++++----- .../adherents/class/adherent_type.class.php | 2 +- .../adherents/class/adherentstats.class.php | 2 +- htdocs/admin/boxes.php | 2 +- htdocs/admin/external_rss.php | 2 +- htdocs/admin/menus/index.php | 8 +++---- htdocs/admin/translation.php | 2 +- htdocs/api/class/api_setup.class.php | 22 +++++++++---------- htdocs/asset/class/asset_type.class.php | 2 +- htdocs/categories/class/categorie.class.php | 2 +- htdocs/comm/mailing/card.php | 2 +- .../mailing/class/advtargetemailing.class.php | 8 +++---- htdocs/comm/mailing/class/mailing.class.php | 4 ++-- htdocs/comm/propal/class/propal.class.php | 2 +- htdocs/commande/card.php | 2 +- htdocs/commande/class/commande.class.php | 4 ++-- htdocs/compta/bank/class/account.class.php | 6 ++--- .../bank/class/api_bankaccounts.class.php | 2 +- .../bank/class/paymentvarious.class.php | 2 +- htdocs/compta/bank/line.php | 12 +++++----- htdocs/compta/bank/releve.php | 2 +- .../compta/cashcontrol/cashcontrol_card.php | 2 +- htdocs/compta/charges/index.php | 2 +- .../deplacement/class/deplacement.class.php | 2 +- .../class/deplacementstats.class.php | 2 +- htdocs/compta/facture/card.php | 2 +- .../facture/class/api_invoices.class.php | 2 +- .../facture/class/facture-rec.class.php | 8 +++---- htdocs/compta/facture/class/facture.class.php | 2 +- htdocs/compta/facture/list.php | 2 +- htdocs/compta/localtax/list.php | 2 +- htdocs/compta/paiement_charge.php | 2 +- htdocs/compta/paiement_vat.php | 2 +- .../class/bonprelevement.class.php | 6 ++--- htdocs/compta/prelevement/fiche-stat.php | 2 +- htdocs/compta/recap-compta.php | 2 +- htdocs/compta/sociales/card.php | 2 +- .../class/paymentsocialcontribution.class.php | 2 +- htdocs/compta/tva/card.php | 2 +- .../actions_contactcard_common.class.php | 2 +- htdocs/contact/class/contact.class.php | 4 ++-- htdocs/contact/consumption.php | 2 +- htdocs/contrat/class/contrat.class.php | 4 ++-- .../box_accountancy_suspense_account.php | 2 +- htdocs/core/boxes/box_bookmarks.php | 2 +- htdocs/core/class/comment.class.php | 2 +- htdocs/core/class/commonobject.class.php | 14 ++++++------ htdocs/core/class/ctypent.class.php | 3 +-- htdocs/core/class/ctyperesource.class.php | 5 +---- htdocs/core/class/discount.class.php | 6 ++--- htdocs/core/class/dolreceiptprinter.class.php | 2 +- htdocs/core/class/fiscalyear.class.php | 4 ++-- htdocs/core/class/html.form.class.php | 2 +- .../class/html.formexpensereport.class.php | 2 +- htdocs/core/class/link.class.php | 6 ++--- htdocs/core/lib/bank.lib.php | 4 ++-- htdocs/core/lib/invoice2.lib.php | 2 +- htdocs/core/lib/price.lib.php | 4 ++-- htdocs/core/lib/website.lib.php | 4 ++-- htdocs/core/modules/DolibarrModules.class.php | 2 +- .../modules/mailings/modules_mailings.php | 2 +- htdocs/core/modules/modApi.class.php | 4 ++-- .../societe/doc/doc_generic_odt.modules.php | 2 +- .../doc/pdf_canelle.modules.php | 2 +- .../interface_80_modStripe_Stripe.class.php | 2 +- htdocs/core/website.inc.php | 2 +- htdocs/delivery/class/delivery.class.php | 4 ++-- htdocs/don/class/don.class.php | 6 ++--- htdocs/don/payment/payment.php | 2 +- .../class/expensereport.class.php | 2 +- htdocs/public/emailing/mailing-read.php | 2 +- 80 files changed, 136 insertions(+), 140 deletions(-) diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index cf2bd2065a2..39bf2b07b29 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -218,7 +218,7 @@ if ($db->type == 'pgsql') { } else { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = aa.account_parent AND a2.entity = ".$conf->entity; } -$sql .= " WHERE asy.rowid = ".$pcgver; +$sql .= " WHERE asy.rowid = ".((int) $pcgver); //print $sql; if (strlen(trim($search_account))) { $lengthpaddingaccount = 0; diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index 8daefea76d2..b3f946e9245 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -520,7 +520,7 @@ if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->ex $sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping"; $sql .= " SET date_export = '".$db->idate($now)."'"; $sql .= " , date_validated = '".$db->idate($now)."'"; - $sql .= " WHERE rowid = ".$movement->id; + $sql .= " WHERE rowid = ".((int) $movement->id); dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported sql=".$sql, LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 9301c809125..3e171110c8b 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -428,7 +428,7 @@ class AccountancyCategory // extends CommonObject global $conf; $sql = "SELECT t.rowid, t.account_number, t.label"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t"; - $sql .= " WHERE t.fk_accounting_category = ".$id; + $sql .= " WHERE t.fk_accounting_category = ".((int) $id); $sql .= " AND t.entity = ".$conf->entity; $this->lines_display = array(); diff --git a/htdocs/accountancy/closure/index.php b/htdocs/accountancy/closure/index.php index 3ba552cdfa4..390c288b606 100644 --- a/htdocs/accountancy/closure/index.php +++ b/htdocs/accountancy/closure/index.php @@ -91,9 +91,9 @@ if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting- $sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping"; $sql .= " SET date_validated = '".$db->idate($now)."'"; - $sql .= " WHERE rowid = ".$movement->id; - $sql .= " AND doc_date >= '" . dol_print_date($date_start, 'dayrfc') . "'"; - $sql .= " AND doc_date <= '" . dol_print_date($date_end, 'dayrfc') . "'"; + $sql .= " WHERE rowid = ".((int) $movement->id); + $sql .= " AND doc_date >= '" . $db->idate($date_start) . "'"; + $sql .= " AND doc_date <= '" . $db->idate($date_end) . "'"; dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated sql=".$sql, LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php index 354652c653c..6a8289f9d39 100644 --- a/htdocs/accountancy/customer/index.php +++ b/htdocs/accountancy/customer/index.php @@ -208,7 +208,7 @@ if ($action == 'validatehistory') { if ($objp->aarowid_suggest > 0) { $sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facturedet"; $sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest); - $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid; + $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid); $resqlupdate = $db->query($sqlupdate); if (!$resqlupdate) { diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index c7a1dec2d94..98decf4d27a 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -154,7 +154,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { } else { $sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det"; $sql .= " SET fk_code_ventilation = ".((int) $monCompte); - $sql .= " WHERE rowid = ".$monId; + $sql .= " WHERE rowid = ".((int) $monId); $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php index fc295fdafa4..392551708de 100644 --- a/htdocs/accountancy/supplier/index.php +++ b/htdocs/accountancy/supplier/index.php @@ -194,7 +194,7 @@ if ($action == 'validatehistory') { if ($objp->aarowid_suggest > 0) { $sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; $sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest); - $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid; + $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid); $resqlupdate = $db->query($sqlupdate); if (!$resqlupdate) { diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index c322ebef9a2..847e330e8e4 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -178,7 +178,7 @@ if ($massaction == 'ventil') { } else { $sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; $sql .= " SET fk_code_ventilation = ".((int) $monCompte); - $sql .= " WHERE rowid = ".$monId; + $sql .= " WHERE rowid = ".((int) $monId); $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); diff --git a/htdocs/adherents/canvas/actions_adherentcard_common.class.php b/htdocs/adherents/canvas/actions_adherentcard_common.class.php index 3c6e72cc783..2c0e1d992cc 100644 --- a/htdocs/adherents/canvas/actions_adherentcard_common.class.php +++ b/htdocs/adherents/canvas/actions_adherentcard_common.class.php @@ -273,7 +273,7 @@ abstract class ActionsAdherentCardCommon // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { - $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id; + $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index eca8668e308..79fef823883 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -692,7 +692,7 @@ class Adherent extends CommonObject $sql .= ", datevalid = '".$this->db->idate($this->datevalid)."'"; // Must be modified only when validating a member } $sql .= ", fk_user_mod = ".($user->id > 0 ? $user->id : 'null'); // Can be null because member can be create by a guest - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); // If we change the type of membership, we set also label of new type if (!empty($this->oldcopy) && $this->typeid != $this->oldcopy->typeid) { @@ -964,7 +964,7 @@ class Adherent extends CommonObject } // Remove category - $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -975,7 +975,7 @@ class Adherent extends CommonObject // Remove subscription if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1007,7 +1007,7 @@ class Adherent extends CommonObject // Remove adherent if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1154,7 +1154,7 @@ class Adherent extends CommonObject // Set link to user if ($userid > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id); - $sql .= " WHERE rowid = ".$userid; + $sql .= " WHERE rowid = ".((int) $userid); dol_syslog(get_class($this)."::setUserId", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index 460cefdeed3..b2f181e59be 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -425,7 +425,7 @@ class AdherentType extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent_type"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/adherents/class/adherentstats.class.php b/htdocs/adherents/class/adherentstats.class.php index 62d0e03e27e..1f3dbd32cb6 100644 --- a/htdocs/adherents/class/adherentstats.class.php +++ b/htdocs/adherents/class/adherentstats.class.php @@ -72,7 +72,7 @@ class AdherentStats extends Stats $this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")"; //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id; if ($this->memberid) { - $this->where .= " AND m.rowid = ".$this->memberid; + $this->where .= " AND m.rowid = ".((int) $this->memberid); } //if ($this->userid > 0) $this->where.=' AND fk_user_author = '.$this->userid; } diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index 5b89eefc4f7..741a6157dcd 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -93,7 +93,7 @@ if ($action == 'add') { $arrayofexistingboxid = array(); $nbboxonleft = $nbboxonright = 0; $sql = "SELECT box_id, box_order FROM ".MAIN_DB_PREFIX."boxes"; - $sql .= " WHERE position = ".$pos." AND fk_user = ".$fk_user." AND entity = ".$conf->entity; + $sql .= " WHERE position = ".((int) $pos)." AND fk_user = ".((int) $fk_user)." AND entity = ".((int) $conf->entity); dol_syslog("boxes.php activate box", LOG_DEBUG); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/admin/external_rss.php b/htdocs/admin/external_rss.php index 0ef302765e8..b8b412ad6f8 100644 --- a/htdocs/admin/external_rss.php +++ b/htdocs/admin/external_rss.php @@ -140,7 +140,7 @@ if (GETPOST("delete")) { $resql = $db->query($sql); $sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes_def"; - $sql .= " WHERE rowid = ".$obj->rowid; + $sql .= " WHERE rowid = ".((int) $obj->rowid); $resql = $db->query($sql); if (!$resql) { diff --git a/htdocs/admin/menus/index.php b/htdocs/admin/menus/index.php index 1db1adf50cf..4d9c85a69f9 100644 --- a/htdocs/admin/menus/index.php +++ b/htdocs/admin/menus/index.php @@ -162,13 +162,13 @@ if ($action == 'up') { } $sql = "UPDATE ".MAIN_DB_PREFIX."menu as m"; - $sql .= " SET m.position = ".($current['order'] != $next['order'] ? $next['order'] : $current['order'] + 1); // Down the selected entry - $sql .= " WHERE m.rowid = ".$current['rowid']; + $sql .= " SET m.position = ".((int) ($current['order'] != $next['order'] ? $next['order'] : $current['order'] + 1)); // Down the selected entry + $sql .= " WHERE m.rowid = ".((int) $current['rowid']); dol_syslog("admin/menus/index.php ".$sql); $db->query($sql); $sql = "UPDATE ".MAIN_DB_PREFIX."menu as m"; // Up the next entry - $sql .= " SET m.position = ".$current['order']; - $sql .= " WHERE m.rowid = ".$next['rowid']; + $sql .= " SET m.position = ".((int) $current['order']); + $sql .= " WHERE m.rowid = ".((int) $next['rowid']); dol_syslog("admin/menus/index.php ".$sql); $db->query($sql); } elseif ($action == 'confirm_delete' && $confirm == 'yes') { diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index d6b8b2f9f66..315673f1582 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -168,7 +168,7 @@ if ($action == 'add') { // Delete line from delete picto if ($action == 'delete') { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."overwrite_trans WHERE rowid = ".$db->escape($id); + $sql = "DELETE FROM ".MAIN_DB_PREFIX."overwrite_trans WHERE rowid = ".((int) $id); $result = $db->query($sql); if ($result >= 0) { setEventMessages($langs->trans("RecordDeleted"), null, 'mesgs'); diff --git a/htdocs/api/class/api_setup.class.php b/htdocs/api/class/api_setup.class.php index 674cc53b69f..064fb6ad359 100644 --- a/htdocs/api/class/api_setup.class.php +++ b/htdocs/api/class/api_setup.class.php @@ -73,7 +73,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, libelle as label, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_input_method as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -136,7 +136,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, label, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_input_reason as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -539,7 +539,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, label"; $sql .= " FROM ".MAIN_DB_PREFIX."c_availability as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -648,7 +648,7 @@ class Setup extends DolibarrApi $sql = "SELECT id, code, type, libelle as label, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_actioncomm as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if ($type) { $sql .= " AND t.type LIKE '%".$this->db->escape($type)."%'"; } @@ -714,7 +714,7 @@ class Setup extends DolibarrApi $sql = "SELECT id, code, label, accountancy_code, active, module, position"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if ($module) { $sql .= " AND t.module LIKE '%".$this->db->escape($module)."%'"; } @@ -778,7 +778,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, element as type, libelle as label, source, module, position"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_contact as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if ($type) { $sql .= " AND type LIKE '%".$this->db->escape($type)."%'"; } @@ -843,7 +843,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, label, module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_civility as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if ($module) { $sql .= " AND t.module LIKE '%".$this->db->escape($module)."%'"; } @@ -911,7 +911,7 @@ class Setup extends DolibarrApi $sql .= " JOIN ".MAIN_DB_PREFIX."multicurrency as m ON m.code=t.code_iso"; $sql .= " JOIN ".MAIN_DB_PREFIX."multicurrency_rate as cr ON (m.rowid = cr.fk_multicurrency)"; } - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); if (!empty($multicurrency)) { $sql .= " AND m.entity IN (".getEntity('multicurrency').")"; if (!empty($multicurrency) && $multicurrency != 2) { @@ -1242,7 +1242,7 @@ class Setup extends DolibarrApi //TODO link with multicurrency module $sql = "SELECT t.rowid, t.code, t.label,t.short_label, t.active, t.scale, t.unit_type"; $sql .= " FROM ".MAIN_DB_PREFIX."c_units as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -1365,7 +1365,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, pos, label, use_default, description"; $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_category as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { @@ -1423,7 +1423,7 @@ class Setup extends DolibarrApi $sql = "SELECT rowid, code, pos, label, use_default, color, description"; $sql .= " FROM ".MAIN_DB_PREFIX."c_ticket_severity as t"; - $sql .= " WHERE t.active = ".$active; + $sql .= " WHERE t.active = ".((int) $active); // Add sql filters if ($sqlfilters) { if (!DolibarrApi::_checkFilters($sqlfilters)) { diff --git a/htdocs/asset/class/asset_type.class.php b/htdocs/asset/class/asset_type.class.php index 17943f4dfd4..99205d2b3f3 100644 --- a/htdocs/asset/class/asset_type.class.php +++ b/htdocs/asset/class/asset_type.class.php @@ -238,7 +238,7 @@ class AssetType extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."asset_type"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 10cc15a2dc9..1f467b507d1 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -869,7 +869,7 @@ class Categorie extends CommonObject public function containsObject($type, $object_id) { $sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); - $sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".$object_id; + $sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id); dol_syslog(get_class($this)."::containsObject", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index f907bd98f58..00c5c946326 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -149,7 +149,7 @@ if (empty($reshook)) { // or sent in error (statut=-1) $sql = "SELECT mc.rowid, mc.fk_mailing, mc.lastname, mc.firstname, mc.email, mc.other, mc.source_url, mc.source_id, mc.source_type, mc.tag"; $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles as mc"; - $sql .= " WHERE mc.statut < 1 AND mc.fk_mailing = ".$object->id; + $sql .= " WHERE mc.statut < 1 AND mc.fk_mailing = ".((int) $object->id); $sql .= " ORDER BY mc.statut DESC"; // first status 0, then status -1 dol_syslog("card.php: select targets", LOG_DEBUG); diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php index 063fb6c7f00..90132557f38 100644 --- a/htdocs/comm/mailing/class/advtargetemailing.class.php +++ b/htdocs/comm/mailing/class/advtargetemailing.class.php @@ -284,9 +284,9 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t"; if (!empty($id)) { - $sql .= " WHERE t.fk_element = ".$id." AND type_element='mailing'"; + $sql .= " WHERE t.fk_element = ".((int) $id)." AND type_element = 'mailing'"; } else { - $sql .= " WHERE t.fk_element = ".$this->fk_element." AND type_element='mailing'"; + $sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = 'mailing'"; } dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); @@ -347,9 +347,9 @@ class AdvanceTargetingMailing extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."advtargetemailing as t"; if (!empty($id)) { - $sql .= " WHERE t.fk_element = ".$id." AND type_element='$type_element'"; + $sql .= " WHERE t.fk_element = ".((int) $id)." AND type_element = '".$this->db->escape($type_element)."'"; } else { - $sql .= " WHERE t.fk_element = ".$this->fk_element." AND type_element='$type_element'"; + $sql .= " WHERE t.fk_element = ".((int) $this->fk_element)." AND type_element = '".$this->db->escape($type_element)."'"; } dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); diff --git a/htdocs/comm/mailing/class/mailing.class.php b/htdocs/comm/mailing/class/mailing.class.php index 251550bdded..aed8bd1431f 100644 --- a/htdocs/comm/mailing/class/mailing.class.php +++ b/htdocs/comm/mailing/class/mailing.class.php @@ -427,7 +427,7 @@ class Mailing extends CommonObject $sql .= " source_id ,"; $sql .= " source_type"; $sql .= " FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$fromid; + $sql .= " WHERE fk_mailing = ".((int) $fromid); $result = $this->db->query($sql); if ($result) { @@ -499,7 +499,7 @@ class Mailing extends CommonObject public function delete($rowid) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing"; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog("Mailing::delete", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 32206a0c251..f67cb2c60d4 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -2886,7 +2886,7 @@ class Propal extends CommonObject // Delete extrafields of lines and lines if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; - $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")"; + $sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; if (!$this->db->query($sqlef) || !$this->db->query($sql)) { $error++; diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 4585c2dffb2..a1cebf0db4b 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -423,7 +423,7 @@ if (empty($reshook)) { $originidforcontact=$srcobject->origin_id; } $sqlcontact = "SELECT code, fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'"; + $sqlcontact.= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'"; $resqlcontact = $db->query($sqlcontact); if ($resqlcontact) diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 607753d90fa..635e561eaef 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -1113,7 +1113,7 @@ class Commande extends CommonOrder } $sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; + $sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; $resqlcontact = $this->db->query($sqlcontact); if ($resqlcontact) { @@ -2331,7 +2331,7 @@ class Commande extends CommonOrder $sql = "SELECT fk_product, qty"; $sql .= " FROM ".MAIN_DB_PREFIX."commandedet"; - $sql .= " WHERE rowid = ".$lineid; + $sql .= " WHERE rowid = ".((int) $lineid); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 451f855a5fe..943fef0c32a 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -451,9 +451,9 @@ class Account extends CommonObject $sql = "SELECT fk_bank, url_id, url, label, type"; $sql .= " FROM ".MAIN_DB_PREFIX."bank_url"; if ($fk_bank > 0) { - $sql .= " WHERE fk_bank = ".$fk_bank; + $sql .= " WHERE fk_bank = ".((int) $fk_bank); } else { - $sql .= " WHERE url_id = ".$url_id." AND type = '".$this->db->escape($type)."'"; + $sql .= " WHERE url_id = ".((int) $url_id)." AND type = '".$this->db->escape($type)."'"; } $sql .= " ORDER BY type, label"; @@ -2435,7 +2435,7 @@ class AccountLine extends CommonObject $type = 'bank'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/compta/bank/class/api_bankaccounts.class.php b/htdocs/compta/bank/class/api_bankaccounts.class.php index be37ec23403..23c739064f8 100644 --- a/htdocs/compta/bank/class/api_bankaccounts.class.php +++ b/htdocs/compta/bank/class/api_bankaccounts.class.php @@ -425,7 +425,7 @@ class BankAccounts extends DolibarrApi } $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."bank "; - $sql .= " WHERE fk_account = ".$id; + $sql .= " WHERE fk_account = ".((int) $id); // Add sql filters if ($sqlfilters) { diff --git a/htdocs/compta/bank/class/paymentvarious.class.php b/htdocs/compta/bank/class/paymentvarious.class.php index 86a70a35311..d9d50d74421 100644 --- a/htdocs/compta/bank/class/paymentvarious.class.php +++ b/htdocs/compta/bank/class/paymentvarious.class.php @@ -783,7 +783,7 @@ class PaymentVarious extends CommonObject $type = 'bank'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$banklineid; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $banklineid); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/compta/bank/line.php b/htdocs/compta/bank/line.php index 292a61e8bc6..bfea7c74b60 100644 --- a/htdocs/compta/bank/line.php +++ b/htdocs/compta/bank/line.php @@ -107,7 +107,7 @@ if ($user->rights->banque->consolidate && $action == 'donext') { if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->banque->modifier) { $cat1 = GETPOST("cat1", 'int'); if (!empty($rowid) && !empty($cat1)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".$cat1; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".((int) $rowid)." AND fk_categ = ".((int) $cat1); if (!$db->query($sql)) { dol_print_error($db); } @@ -174,7 +174,7 @@ if ($user->rights->banque->modifier && $action == "update") { } } $sql .= " fk_account = ".$actarget->id; - $sql .= " WHERE rowid = ".$acline->id; + $sql .= " WHERE rowid = ".((int) $acline->id); $result = $db->query($sql); if (!$result) { @@ -183,14 +183,14 @@ if ($user->rights->banque->modifier && $action == "update") { if (!$error) { $arrayofcategs = GETPOST('custcats', 'array'); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".((int) $rowid); if (!$db->query($sql)) { $error++; dol_print_error($db); } if (count($arrayofcategs)) { foreach ($arrayofcategs as $val) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".$val.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".((int) $rowid).", ".((int) $val).")"; if (!$db->query($sql)) { $error++; dol_print_error($db); @@ -229,9 +229,9 @@ if ($user->rights->banque->consolidate && ($action == 'num_releve' || $action == if (empty($num_rel)) { $sql .= ", rappro = 0"; } else { - $sql .= ", rappro = ".$rappro; + $sql .= ", rappro = ".((int) $rappro); } - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog("line.php", LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index 010b4a08fde..c607f0f922c 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -232,7 +232,7 @@ if (empty($numref)) { // List of all standing receipts $sql = "SELECT DISTINCT(b.num_releve) as numr"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; - $sql .= " WHERE b.fk_account = ".$object->id; + $sql .= " WHERE b.fk_account = ".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); // Count total nb of records diff --git a/htdocs/compta/cashcontrol/cashcontrol_card.php b/htdocs/compta/cashcontrol/cashcontrol_card.php index ccaa0158af2..26949590334 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_card.php +++ b/htdocs/compta/cashcontrol/cashcontrol_card.php @@ -304,7 +304,7 @@ if ($action == "create" || $action == "start" || $action == 'close') { if ($bankid > 0) { $sql = "SELECT SUM(amount) as total FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE fk_account = ".$bankid; + $sql .= " WHERE fk_account = ".((int) $bankid); if ($syear && !$smonth) { $sql .= " AND dateo < '".$db->idate(dol_get_first_day($syear, 1))."'"; } elseif ($syear && $smonth && !$sday) { diff --git a/htdocs/compta/charges/index.php b/htdocs/compta/charges/index.php index d3604b0d7cc..f171546f6c1 100644 --- a/htdocs/compta/charges/index.php +++ b/htdocs/compta/charges/index.php @@ -405,7 +405,7 @@ while ($j < $numlt) { $sql = "SELECT pv.rowid, pv.amount, pv.label, pv.datev as dm, pv.datep as dp"; $sql .= " FROM ".MAIN_DB_PREFIX."localtax as pv"; - $sql .= " WHERE pv.entity = ".$conf->entity." AND localtaxtype = ".$j; + $sql .= " WHERE pv.entity = ".$conf->entity." AND localtaxtype = ".((int) $j); if ($year > 0) { // Si period renseignee on l'utilise comme critere de date, sinon on prend date echeance, // ceci afin d'etre compatible avec les cas ou la periode n'etait pas obligatoire diff --git a/htdocs/compta/deplacement/class/deplacement.class.php b/htdocs/compta/deplacement/class/deplacement.class.php index 5562f797130..1972e3f686e 100644 --- a/htdocs/compta/deplacement/class/deplacement.class.php +++ b/htdocs/compta/deplacement/class/deplacement.class.php @@ -441,7 +441,7 @@ class Deplacement extends CommonObject $sql = "SELECT id, code, label"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees"; - $sql .= " WHERE active = ".$active; + $sql .= " WHERE active = ".((int) $active); dol_syslog(get_class($this)."::listOfTypes", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/deplacement/class/deplacementstats.class.php b/htdocs/compta/deplacement/class/deplacementstats.class.php index 64cee98c33b..cf712f49333 100644 --- a/htdocs/compta/deplacement/class/deplacementstats.class.php +++ b/htdocs/compta/deplacement/class/deplacementstats.class.php @@ -102,7 +102,7 @@ class DeplacementStats extends Stats { $sql = "SELECT MONTH(dated) as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(dated) = ".$year; + $sql .= " WHERE YEAR(dated) = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index bf30e2b011f..69f5baa8600 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -1743,7 +1743,7 @@ if (empty($reshook)) { $originidforcontact=$srcobject->origin_id; } $sqlcontact = "SELECT code, fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'"; + $sqlcontact.= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'"; $resqlcontact = $db->query($sqlcontact); if ($resqlcontact) diff --git a/htdocs/compta/facture/class/api_invoices.class.php b/htdocs/compta/facture/class/api_invoices.class.php index 9c224b057ab..87bcbe12b3e 100644 --- a/htdocs/compta/facture/class/api_invoices.class.php +++ b/htdocs/compta/facture/class/api_invoices.class.php @@ -1142,7 +1142,7 @@ class Invoices extends DolibarrApi $sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,"; $sql .= " re.description, re.fk_facture_source"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re"; - $sql .= " WHERE fk_facture = ".$this->invoice->id; + $sql .= " WHERE fk_facture = ".((int) $this->invoice->id); $resql = $this->db->query($sql); if (!empty($resql)) { while ($obj = $this->db->fetch_object($resql)) { diff --git a/htdocs/compta/facture/class/facture-rec.class.php b/htdocs/compta/facture/class/facture-rec.class.php index b93f48ff655..eea700527ec 100644 --- a/htdocs/compta/facture/class/facture-rec.class.php +++ b/htdocs/compta/facture/class/facture-rec.class.php @@ -762,12 +762,12 @@ class FactureRec extends CommonInvoice $main = MAIN_DB_PREFIX.'facturedet_rec'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_facture = $rowid)"; + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid); dol_syslog($sqlef); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet_rec WHERE fk_facture = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet_rec WHERE fk_facture = ".((int) $rowid); dol_syslog($sql); if ($this->db->query($sqlef) && $this->db->query($sql)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."facture_rec WHERE rowid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."facture_rec WHERE rowid = ".((int) $rowid); dol_syslog($sql); if ($this->db->query($sql)) { // Delete linked object @@ -1151,7 +1151,7 @@ class FactureRec extends CommonInvoice $sql .= ', multicurrency_total_ht = '.$multicurrency_total_ht; $sql .= ', multicurrency_total_tva = '.$multicurrency_total_tva; $sql .= ', multicurrency_total_ttc = '.$multicurrency_total_ttc; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::updateline", LOG_DEBUG); if ($this->db->query($sql)) { diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 3c0722684ca..ca4e445c880 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -751,7 +751,7 @@ class Facture extends CommonInvoice } $sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; + $sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; $resqlcontact = $this->db->query($sqlcontact); if ($resqlcontact) { diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index a3c5fb08133..0f595fdc984 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -382,7 +382,7 @@ if ($massaction == 'makepayment') { $rsql .= " , u.rowid as user_id, u.lastname, u.firstname, u.login"; $rsql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; $rsql .= " , ".MAIN_DB_PREFIX."user as u"; - $rsql .= " WHERE fk_facture = ".$objecttmp->id; + $rsql .= " WHERE fk_facture = ".((int) $objecttmp->id); $rsql .= " AND pfd.fk_user_demande = u.rowid"; $rsql .= " AND pfd.traite = 0"; $rsql .= " ORDER BY pfd.date_demande DESC"; diff --git a/htdocs/compta/localtax/list.php b/htdocs/compta/localtax/list.php index dd77938366a..6590e250832 100644 --- a/htdocs/compta/localtax/list.php +++ b/htdocs/compta/localtax/list.php @@ -54,7 +54,7 @@ print load_fiche_titre($langs->transcountry($ltt == 2 ? "LT2Payments" : "LT1Paym $sql = "SELECT rowid, amount, label, f.datev, f.datep"; $sql .= " FROM ".MAIN_DB_PREFIX."localtax as f "; -$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype = ".$db->escape($ltt); +$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype = ".((int) $ltt); $sql .= " ORDER BY datev DESC"; $result = $db->query($sql); diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index 6b47dacdd9d..9ac22d30e1f 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -193,7 +193,7 @@ if ($action == 'create') { $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."paiementcharge as p"; - $sql .= " WHERE p.fk_charge = ".$chid; + $sql .= " WHERE p.fk_charge = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/compta/paiement_vat.php b/htdocs/compta/paiement_vat.php index 64952def30d..323221f6f2b 100644 --- a/htdocs/compta/paiement_vat.php +++ b/htdocs/compta/paiement_vat.php @@ -189,7 +189,7 @@ if ($action == 'create') { $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_vat as p"; - $sql .= " WHERE p.fk_tva = ".$chid; + $sql .= " WHERE p.fk_tva = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 3ea11463415..92f9c320acd 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -1076,7 +1076,7 @@ class BonPrelevement extends CommonObject $sql .= " SET traite = 1"; $sql .= ", date_traite = '".$this->db->idate($now)."'"; $sql .= ", fk_prelevement_bons = ".$this->id; - $sql .= " WHERE rowid = ".$fac[1]; + $sql .= " WHERE rowid = ".((int) $fac[1]); $resql = $this->db->query($sql); if (!$resql) { @@ -1139,7 +1139,7 @@ class BonPrelevement extends CommonObject if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons"; $sql .= " SET amount = ".price2num($this->total); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -2107,7 +2107,7 @@ class BonPrelevement extends CommonObject $sql = "SELECT rowid, ref"; $sql .= " FROM"; $sql .= " ".MAIN_DB_PREFIX."prelevement_bons as pb"; - $sql .= " WHERE pb.rowid = ".$this->id; + $sql .= " WHERE pb.rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/compta/prelevement/fiche-stat.php b/htdocs/compta/prelevement/fiche-stat.php index 91ecccef242..3f51b5b554d 100644 --- a/htdocs/compta/prelevement/fiche-stat.php +++ b/htdocs/compta/prelevement/fiche-stat.php @@ -162,7 +162,7 @@ if ($prev_id > 0 || $ref) { $sql = "SELECT sum(pl.amount), pl.statut"; $sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes as pl"; - $sql .= " WHERE pl.fk_prelevement_bons = ".$object->id; + $sql .= " WHERE pl.fk_prelevement_bons = ".((int) $object->id); $sql .= " GROUP BY pl.statut"; $resql = $db->query($sql); diff --git a/htdocs/compta/recap-compta.php b/htdocs/compta/recap-compta.php index 9f9ee72cc6d..3abdf04ae1b 100644 --- a/htdocs/compta/recap-compta.php +++ b/htdocs/compta/recap-compta.php @@ -139,7 +139,7 @@ if ($id > 0) { $sql .= " f.paye as paye, f.fk_statut as statut, f.rowid as facid,"; $sql .= " u.login, u.rowid as userid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f,".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.fk_user_valid = u.rowid"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/compta/sociales/card.php b/htdocs/compta/sociales/card.php index b8562829066..2fba1288b75 100644 --- a/htdocs/compta/sociales/card.php +++ b/htdocs/compta/sociales/card.php @@ -613,7 +613,7 @@ if ($id > 0) { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepaiement = c.id"; $sql .= ", ".MAIN_DB_PREFIX."chargesociales as cs"; - $sql .= " WHERE p.fk_charge = ".$id; + $sql .= " WHERE p.fk_charge = ".((int) $id); $sql .= " AND p.fk_charge = cs.rowid"; $sql .= " AND cs.entity IN (".getEntity('tax').")"; $sql .= " ORDER BY dp DESC"; diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php index 3207e533521..434078959b9 100644 --- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php +++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php @@ -636,7 +636,7 @@ class PaymentSocialContribution extends CommonObject public function update_fk_bank($id_bank) { // phpcs:enable - $sql = "UPDATE ".MAIN_DB_PREFIX."paiementcharge SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."paiementcharge SET fk_bank = ".((int) $id_bank)." WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update_fk_bank", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index 2a116c6376b..a5169675f69 100755 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -618,7 +618,7 @@ if ($id) { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepaiement = c.id"; $sql .= ", ".MAIN_DB_PREFIX."tva as tva"; - $sql .= " WHERE p.fk_tva = ".$id; + $sql .= " WHERE p.fk_tva = ".((int) $id); $sql .= " AND p.fk_tva = tva.rowid"; $sql .= " AND tva.entity IN (".getEntity('tax').")"; $sql .= " ORDER BY dp DESC"; diff --git a/htdocs/contact/canvas/actions_contactcard_common.class.php b/htdocs/contact/canvas/actions_contactcard_common.class.php index 332b7dd36c6..0e80df07676 100644 --- a/htdocs/contact/canvas/actions_contactcard_common.class.php +++ b/htdocs/contact/canvas/actions_contactcard_common.class.php @@ -308,7 +308,7 @@ abstract class ActionsContactCardCommon // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { - $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id; + $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 6305a01c999..5befcba4537 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1652,7 +1652,7 @@ class Contact extends CommonObject // Desactive utilisateur $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople"; $sql .= " SET statut = ".((int) $this->statut); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $result = $this->db->query($sql); dol_syslog(get_class($this)."::setstatus", LOG_DEBUG); @@ -1882,7 +1882,7 @@ class Contact extends CommonObject $sql = "SELECT id, code, libelle as label, picto FROM ".MAIN_DB_PREFIX."c_stcommcontact"; if ($active >= 0) { - $sql .= " WHERE active = ".$active; + $sql .= " WHERE active = ".((int) $active); } $resql = $this->db->query($sql); $num = $this->db->num_rows($resql); diff --git a/htdocs/contact/consumption.php b/htdocs/contact/consumption.php index 1e0f5b06094..b87a73e8cc2 100644 --- a/htdocs/contact/consumption.php +++ b/htdocs/contact/consumption.php @@ -258,7 +258,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices // $documentstatic=new SupplierProposal($db); // $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, '; // $tables_from = MAIN_DB_PREFIX."supplier_proposal as c,".MAIN_DB_PREFIX."supplier_proposaldet as d"; - // $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + // $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); // $where.= " AND d.fk_supplier_proposal = c.rowid"; // $where.= " AND c.entity = ".$conf->entity; // $dateprint = 'c.date_valid'; diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 64d2b5e2c0a..33dd0e8e2f7 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -1057,7 +1057,7 @@ class Contrat extends CommonObject } $sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc"; - $sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; + $sqlcontact .= " WHERE element_id = ".((int) $originidforcontact)." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'"; $resqlcontact = $this->db->query($sqlcontact); if ($resqlcontact) { @@ -1759,7 +1759,7 @@ class Contrat extends CommonObject $sql .= ",date_cloture=null"; } $sql .= ", fk_unit=".($fk_unit ? "'".$this->db->escape($fk_unit)."'" : "null"); - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::updateline", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/boxes/box_accountancy_suspense_account.php b/htdocs/core/boxes/box_accountancy_suspense_account.php index 31eaa65bf72..70edf818dc0 100644 --- a/htdocs/core/boxes/box_accountancy_suspense_account.php +++ b/htdocs/core/boxes/box_accountancy_suspense_account.php @@ -83,7 +83,7 @@ class box_accountancy_suspense_account extends ModeleBoxes if (!empty($suspenseAccount) && $suspenseAccount > 0) { $sql = "SELECT COUNT(*) as nb_suspense_account"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as b"; - $sql .= " WHERE b.numero_compte = ".$suspenseAccount; + $sql .= " WHERE b.numero_compte = '".$this->db->escape($suspenseAccount)."'"; $sql .= " AND b.entity = ".$conf->entity; $result = $this->db->query($sql); diff --git a/htdocs/core/boxes/box_bookmarks.php b/htdocs/core/boxes/box_bookmarks.php index 9d6df6c7535..1a3a1183032 100644 --- a/htdocs/core/boxes/box_bookmarks.php +++ b/htdocs/core/boxes/box_bookmarks.php @@ -87,7 +87,7 @@ class box_bookmarks extends ModeleBoxes if ($user->rights->bookmark->lire) { $sql = "SELECT b.title, b.url, b.target, b.favicon"; $sql .= " FROM ".MAIN_DB_PREFIX."bookmark as b"; - $sql .= " WHERE fk_user = ".$user->id; + $sql .= " WHERE fk_user = ".((int) $user->id); $sql .= " AND b.entity = ".$conf->entity; $sql .= $this->db->order("position", "ASC"); $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/class/comment.class.php b/htdocs/core/class/comment.class.php index 78f168fd8f7..7184d7846b0 100644 --- a/htdocs/core/class/comment.class.php +++ b/htdocs/core/class/comment.class.php @@ -365,7 +365,7 @@ class Comment extends CommonObject $sql = "SELECT"; $sql .= " c.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as c"; - $sql .= " WHERE c.fk_element = ".$fk_element; + $sql .= " WHERE c.fk_element = ".((int) $fk_element); $sql .= " AND c.element_type = '".$this->db->escape($element_type)."'"; $sql .= " AND c.entity = ".$conf->entity; $sql .= " ORDER BY c.tms DESC"; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 967691c34be..e113cf2654a 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1148,7 +1148,7 @@ abstract class CommonObject if ($fk_socpeople) { $sql .= ", fk_socpeople = ".((int) $fk_socpeople); } - $sql .= " where rowid = ".$rowid; + $sql .= " where rowid = ".((int) $rowid); $resql = $this->db->query($sql); if ($resql) { return 0; @@ -1548,7 +1548,7 @@ abstract class CommonObject $sql .= " ".MAIN_DB_PREFIX."socpeople as c,"; } $sql .= " ".MAIN_DB_PREFIX."c_type_contact as tc"; - $sql .= " WHERE ec.element_id = ".$id; + $sql .= " WHERE ec.element_id = ".((int) $id); $sql .= " AND ec.fk_socpeople = c.rowid"; if ($source == 'internal') { $sql .= " AND c.entity IN (".getEntity('user').")"; @@ -1564,7 +1564,7 @@ abstract class CommonObject } $sql .= " AND tc.active = 1"; if ($status) { - $sql .= " AND ec.statut = ".$status; + $sql .= " AND ec.statut = ".((int) $status); } dol_syslog(get_class($this)."::getIdContact", LOG_DEBUG); @@ -1706,7 +1706,7 @@ abstract class CommonObject if (empty($this->barcode_type) || empty($this->barcode_type_code) || empty($this->barcode_type_label) || empty($this->barcode_type_coder)) { // If data not already loaded $sql = "SELECT rowid, code, libelle as label, coder"; $sql .= " FROM ".MAIN_DB_PREFIX."c_barcode_type"; - $sql .= " WHERE rowid = ".$idtype; + $sql .= " WHERE rowid = ".((int) $idtype); dol_syslog(get_class($this).'::fetch_barcode', LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1939,7 +1939,7 @@ abstract class CommonObject } } - $sql .= " WHERE ".$id_field." = ".$id; + $sql .= " WHERE ".$id_field." = ".((int) $id); dol_syslog(__METHOD__."", LOG_DEBUG); $resql = $this->db->query($sql); @@ -4263,7 +4263,7 @@ abstract class CommonObject //print $id.'-'.$table.'-'.$elementname.'
'; // Check if third party can be deleted $sql = "SELECT COUNT(*) as nb from ".MAIN_DB_PREFIX.$table; - $sql .= " WHERE ".$this->fk_element." = ".$id; + $sql .= " WHERE ".$this->fk_element." = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -9267,7 +9267,7 @@ abstract class CommonObject } $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files"; - $sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id; + $sql .= " WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); diff --git a/htdocs/core/class/ctypent.class.php b/htdocs/core/class/ctypent.class.php index 01a6eb5e697..c8421c54b1f 100644 --- a/htdocs/core/class/ctypent.class.php +++ b/htdocs/core/class/ctypent.class.php @@ -163,7 +163,6 @@ class Ctypent // extends CommonObject */ public function fetch($id, $code = '', $label = '') { - global $langs; $sql = "SELECT"; $sql .= " t.id,"; $sql .= " t.code,"; @@ -173,7 +172,7 @@ class Ctypent // extends CommonObject $sql .= " t.module"; $sql .= " FROM ".MAIN_DB_PREFIX."c_typent as t"; if ($id) { - $sql .= " WHERE t.id = ".$id; + $sql .= " WHERE t.id = ".((int) $id); } elseif ($code) { $sql .= " WHERE t.code = '".$this->db->escape($code)."'"; } elseif ($label) { diff --git a/htdocs/core/class/ctyperesource.class.php b/htdocs/core/class/ctyperesource.class.php index 6ba04c044e9..b0a604e9e28 100644 --- a/htdocs/core/class/ctyperesource.class.php +++ b/htdocs/core/class/ctyperesource.class.php @@ -165,15 +165,12 @@ class Ctyperesource $sql = 'SELECT'; $sql .= ' t.rowid,'; - $sql .= " t.code,"; $sql .= " t.label,"; $sql .= " t.active"; - - $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; if ($id) { - $sql .= " WHERE t.id = ".$id; + $sql .= " WHERE t.id = ".((int) $id); } elseif ($code) { $sql .= " WHERE t.code = '".$this->db->escape($code)."'"; } elseif ($label) { diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index a1c2b1fbf8c..63ef3dc1153 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -337,11 +337,11 @@ class DiscountAbsolute // Delete but only if not used $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_remise_except "; if ($this->fk_facture_source) { - $sql .= " WHERE fk_facture_source = ".$this->fk_facture_source; // Delete all lines of same serie + $sql .= " WHERE fk_facture_source = ".((int) $this->fk_facture_source); // Delete all lines of same serie } elseif ($this->fk_invoice_supplier_source) { - $sql .= " WHERE fk_invoice_supplier_source = ".$this->fk_invoice_supplier_source; // Delete all lines of same serie + $sql .= " WHERE fk_invoice_supplier_source = ".((int) $this->fk_invoice_supplier_source); // Delete all lines of same serie } else { - $sql .= " WHERE rowid = ".$this->id; // Delete only line + $sql .= " WHERE rowid = ".((int) $this->id); // Delete only line } $sql .= " AND (fk_facture_line IS NULL"; // Not used as absolute simple discount $sql .= " AND fk_facture IS NULL)"; // Not used as credit note and not used as deposit diff --git a/htdocs/core/class/dolreceiptprinter.class.php b/htdocs/core/class/dolreceiptprinter.class.php index be13eb94849..6ac331167d3 100644 --- a/htdocs/core/class/dolreceiptprinter.class.php +++ b/htdocs/core/class/dolreceiptprinter.class.php @@ -784,7 +784,7 @@ class dolReceiptPrinter extends Printer $sql .= " cp.code"; $sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id"; - $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$object->id; + $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $object->id); $sql .= " ORDER BY p.datep"; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/class/fiscalyear.class.php b/htdocs/core/class/fiscalyear.class.php index 566407cffc4..7356e53dc0a 100644 --- a/htdocs/core/class/fiscalyear.class.php +++ b/htdocs/core/class/fiscalyear.class.php @@ -196,8 +196,8 @@ class Fiscalyear extends CommonObject $sql .= ", date_start = '".$this->db->idate($this->date_start)."'"; $sql .= ", date_end = ".($this->date_end ? "'".$this->db->idate($this->date_end)."'" : "null"); $sql .= ", statut = '".$this->db->escape($this->statut ? $this->statut : 0)."'"; - $sql .= ", fk_user_modif = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= ", fk_user_modif = ".((int) $user->id); + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $result = $this->db->query($sql); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 628c6a2ff04..ec92a99ff2a 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -3530,7 +3530,7 @@ class Form // looking for users $sql = "SELECT a.rowid, a.label"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_address as a"; - $sql .= " WHERE a.fk_soc = ".$socid; + $sql .= " WHERE a.fk_soc = ".((int) $socid); $sql .= " ORDER BY a.label ASC"; dol_syslog(get_class($this)."::select_address", LOG_DEBUG); diff --git a/htdocs/core/class/html.formexpensereport.class.php b/htdocs/core/class/html.formexpensereport.class.php index b25d4397f81..5ecc4e4669d 100644 --- a/htdocs/core/class/html.formexpensereport.class.php +++ b/htdocs/core/class/html.formexpensereport.class.php @@ -114,7 +114,7 @@ class FormExpenseReport $sql = "SELECT c.id, c.code, c.label as type FROM ".MAIN_DB_PREFIX."c_type_fees as c"; if ($active >= 0) { - $sql .= " WHERE c.active = ".$active; + $sql .= " WHERE c.active = ".((int) $active); } $sql .= " ORDER BY c.label ASC"; $resql = $this->db->query($sql); diff --git a/htdocs/core/class/link.class.php b/htdocs/core/class/link.class.php index 0f59859bd64..be81c1e2737 100644 --- a/htdocs/core/class/link.class.php +++ b/htdocs/core/class/link.class.php @@ -234,7 +234,7 @@ class Link extends CommonObject global $conf; $sql = "SELECT rowid, entity, datea, url, label, objecttype, objectid FROM ".MAIN_DB_PREFIX."links"; - $sql .= " WHERE objecttype = '".$this->db->escape($objecttype)."' AND objectid = ".$objectid; + $sql .= " WHERE objecttype = '".$this->db->escape($objecttype)."' AND objectid = ".((int) $objectid); if ($conf->entity != 0) { $sql .= " AND entity = ".$conf->entity; } @@ -284,7 +284,7 @@ class Link extends CommonObject global $conf; $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."links"; - $sql .= " WHERE objecttype = '".$db->escape($objecttype)."' AND objectid = ".$objectid; + $sql .= " WHERE objecttype = '".$db->escape($objecttype)."' AND objectid = ".((int) $objectid); if ($conf->entity != 0) { $sql .= " AND entity = ".$conf->entity; } @@ -314,7 +314,7 @@ class Link extends CommonObject } $sql = "SELECT rowid, entity, datea, url, label, objecttype, objectid FROM ".MAIN_DB_PREFIX."links"; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); if ($conf->entity != 0) { $sql .= " AND entity = ".$conf->entity; } diff --git a/htdocs/core/lib/bank.lib.php b/htdocs/core/lib/bank.lib.php index 6eac92e69bc..30a3d21de90 100644 --- a/htdocs/core/lib/bank.lib.php +++ b/htdocs/core/lib/bank.lib.php @@ -72,7 +72,7 @@ function bank_prepare_head(Account $object) // List of all standing receipts $sql = "SELECT COUNT(DISTINCT(b.num_releve)) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; - $sql .= " WHERE b.fk_account = ".$object->id; + $sql .= " WHERE b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { @@ -83,7 +83,7 @@ function bank_prepare_head(Account $object) $db->free($resql); } - $head[$h][0] = DOL_URL_ROOT."/compta/bank/releve.php?account=".$object->id; + $head[$h][0] = DOL_URL_ROOT."/compta/bank/releve.php?account=".((int) $object->id); $head[$h][1] = $langs->trans("AccountStatements"); if (($nbReceipts) > 0) { $head[$h][1] .= ''.($nbReceipts).''; diff --git a/htdocs/core/lib/invoice2.lib.php b/htdocs/core/lib/invoice2.lib.php index e6680293b64..c5e2aeb0a16 100644 --- a/htdocs/core/lib/invoice2.lib.php +++ b/htdocs/core/lib/invoice2.lib.php @@ -96,7 +96,7 @@ function rebuild_merge_pdf($db, $langs, $conf, $diroutputpdf, $newlangid, $filte } if (in_array('bank', $filter)) { $sqlwhere .= " AND p.fk_bank = b.rowid"; - $sqlwhere .= " AND b.fk_account = ".$paymentbankid; + $sqlwhere .= " AND b.fk_account = ".((int) $paymentbankid); } $sqlorder = " ORDER BY p.datep ASC"; } diff --git a/htdocs/core/lib/price.lib.php b/htdocs/core/lib/price.lib.php index 3a73f47a6a0..9be293a81ab 100644 --- a/htdocs/core/lib/price.lib.php +++ b/htdocs/core/lib/price.lib.php @@ -151,8 +151,8 @@ function calcul_price_total($qty, $pu, $remise_percent_ligne, $txtva, $uselocalt $sql = "SELECT taux, localtax1, localtax2, localtax1_type, localtax2_type"; $sql .= " FROM ".MAIN_DB_PREFIX."c_tva as cv"; - $sql .= " WHERE cv.taux = ".$txtva; - $sql .= " AND cv.fk_pays = ".$countryid; + $sql .= " WHERE cv.taux = ".((float) $txtva); + $sql .= " AND cv.fk_pays = ".((int) $countryid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/core/lib/website.lib.php b/htdocs/core/lib/website.lib.php index 170202717c8..bf3b9f3dd07 100644 --- a/htdocs/core/lib/website.lib.php +++ b/htdocs/core/lib/website.lib.php @@ -846,9 +846,9 @@ function getPagesFromSearchCriterias($type, $algo, $searchstring, $max = 25, $so if (is_array($otherfilters) && !empty($otherfilters['category'])) { $sql .= ', '.MAIN_DB_PREFIX.'categorie_website_page as cwp'; } - $sql .= " WHERE wp.fk_website = ".$website->id; + $sql .= " WHERE wp.fk_website = ".((int) $website->id); if ($status >= 0) { - $sql .= " AND wp.status = ".$status; + $sql .= " AND wp.status = ".((int) $status); } if ($langcode) { $sql .= " AND wp.lang ='".$db->escape($langcode)."'"; diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index 3d3009fd667..b92937cdada 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -1696,7 +1696,7 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it // Search if perm already present $sql = "SELECT count(*) as nb FROM ".MAIN_DB_PREFIX."rights_def"; - $sql .= " WHERE id = ".$r_id." AND entity = ".$entity; + $sql .= " WHERE id = ".((int) $r_id)." AND entity = ".((int) $entity); $resqlselect = $this->db->query($sql); if ($resqlselect) { diff --git a/htdocs/core/modules/mailings/modules_mailings.php b/htdocs/core/modules/mailings/modules_mailings.php index 96dc6de934f..7c0aa2b19b5 100644 --- a/htdocs/core/modules/mailings/modules_mailings.php +++ b/htdocs/core/modules/mailings/modules_mailings.php @@ -250,7 +250,7 @@ class MailingTargets // This can't be abstract as it is used for some method { // phpcs:enable $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles"; - $sql .= " WHERE fk_mailing = ".$mailing_id; + $sql .= " WHERE fk_mailing = ".((int) $mailing_id); if (!$this->db->query($sql)) { dol_syslog($this->db->error()); diff --git a/htdocs/core/modules/modApi.class.php b/htdocs/core/modules/modApi.class.php index 0c6ebeb6f37..0f77a67c33b 100644 --- a/htdocs/core/modules/modApi.class.php +++ b/htdocs/core/modules/modApi.class.php @@ -245,8 +245,8 @@ class modApi extends DolibarrModules { // Remove old constants with entity fields different of 0 $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = ".$this->db->encrypt('MAIN_MODULE_API', 1), - "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = ".$this->db->encrypt('API_PRODUCTION_MODE', 1) + "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = '".$this->db->escape($this->db->encrypt('MAIN_MODULE_API'))."'", + "DELETE FROM ".MAIN_DB_PREFIX."const WHERE name = '".$this->db->escape($this->db->encrypt('API_PRODUCTION_MODE'))."'" ); return $this->_remove($sql, $options); diff --git a/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php b/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php index c6579700c9d..1822a5b8c95 100644 --- a/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php +++ b/htdocs/core/modules/societe/doc/doc_generic_odt.modules.php @@ -291,7 +291,7 @@ class doc_generic_odt extends ModeleThirdPartyDoc $sql = "SELECT p.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as p"; - $sql .= " WHERE p.fk_soc = ".$object->id; + $sql .= " WHERE p.fk_soc = ".((int) $object->id); $result = $this->db->query($sql); $num = $this->db->num_rows($result); diff --git a/htdocs/core/modules/supplier_invoice/doc/pdf_canelle.modules.php b/htdocs/core/modules/supplier_invoice/doc/pdf_canelle.modules.php index e5fa94135ad..e37caab3ed1 100644 --- a/htdocs/core/modules/supplier_invoice/doc/pdf_canelle.modules.php +++ b/htdocs/core/modules/supplier_invoice/doc/pdf_canelle.modules.php @@ -1023,7 +1023,7 @@ class pdf_canelle extends ModelePDFSuppliersInvoices $sql .= " cp.code"; $sql .= " FROM ".MAIN_DB_PREFIX."paiementfourn_facturefourn as pf, ".MAIN_DB_PREFIX."paiementfourn as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id"; - $sql .= " WHERE pf.fk_paiementfourn = p.rowid and pf.fk_facturefourn = ".$object->id; + $sql .= " WHERE pf.fk_paiementfourn = p.rowid and pf.fk_facturefourn = ".((int) $object->id); $sql .= " ORDER BY p.datep"; $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php b/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php index 64d30eeeb93..0e571f26c98 100644 --- a/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php +++ b/htdocs/core/triggers/interface_80_modStripe_Stripe.class.php @@ -198,7 +198,7 @@ class InterfaceStripe extends DolibarrTriggers } $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account"; - $sql .= " WHERE site='stripe' AND fk_soc = ".$object->id; + $sql .= " WHERE site='stripe' AND fk_soc = ".((int) $object->id); $this->db->query($sql); } diff --git a/htdocs/core/website.inc.php b/htdocs/core/website.inc.php index 67ba6e64edc..30ffee00248 100644 --- a/htdocs/core/website.inc.php +++ b/htdocs/core/website.inc.php @@ -93,7 +93,7 @@ if ($_SERVER['PHP_SELF'] != DOL_URL_ROOT.'/website/index.php') { // If we browsi if (GETPOST('l', 'aZ09')) { $sql = "SELECT wp.rowid, wp.lang, wp.pageurl, wp.fk_page"; $sql .= " FROM ".MAIN_DB_PREFIX."website_page as wp"; - $sql .= " WHERE wp.fk_website = ".$website->id; + $sql .= " WHERE wp.fk_website = ".((int) $website->id); $sql .= " AND (wp.fk_page = ".$pageid." OR wp.rowid = ".$pageid; if (is_object($websitepage) && $websitepage->fk_page > 0) { $sql .= " OR wp.fk_page = ".$websitepage->fk_page." OR wp.rowid = ".$websitepage->fk_page; diff --git a/htdocs/delivery/class/delivery.class.php b/htdocs/delivery/class/delivery.class.php index 5b14b509de4..18887a99e28 100644 --- a/htdocs/delivery/class/delivery.class.php +++ b/htdocs/delivery/class/delivery.class.php @@ -614,7 +614,7 @@ class Delivery extends CommonObject { if ($this->statut == 0) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."commandedet"; - $sql .= " WHERE rowid = ".$lineid; + $sql .= " WHERE rowid = ".((int) $lineid); if ($this->db->query($sql)) { $this->update_price(); @@ -940,7 +940,7 @@ class Delivery extends CommonObject $sqlSourceLine .= ", p.ref, p.label"; $sqlSourceLine .= " FROM ".MAIN_DB_PREFIX.$this->linkedObjectsIds[0]['type']."det as st"; $sqlSourceLine .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON st.fk_product = p.rowid"; - $sqlSourceLine .= " WHERE fk_".$this->linked_object[0]['type']." = ".$this->linked_object[0]['linkid']; + $sqlSourceLine .= " WHERE fk_".$this->linked_object[0]['type']." = ".((int) $this->linked_object[0]['linkid']); $resultSourceLine = $this->db->query($sqlSourceLine); if ($resultSourceLine) { diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php index 257eb309f25..1ec3ebe1cc5 100644 --- a/htdocs/don/class/don.class.php +++ b/htdocs/don/class/don.class.php @@ -759,9 +759,9 @@ class Don extends CommonObject { $sql = "UPDATE ".MAIN_DB_PREFIX."don SET fk_statut = 2"; if ($modepayment) { - $sql .= ", fk_payment=".$modepayment; + $sql .= ", fk_payment = ".((int) $modepayment); } - $sql .= " WHERE rowid = ".$id." AND fk_statut = 1"; + $sql .= " WHERE rowid = ".((int) $id)." AND fk_statut = 1"; $resql = $this->db->query($sql); if ($resql) { @@ -843,7 +843,7 @@ class Don extends CommonObject $sql = "SELECT sum(amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."don"; - $sql .= " WHERE fk_statut = ".$param; + $sql .= " WHERE fk_statut = ".((int) $param); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); diff --git a/htdocs/don/payment/payment.php b/htdocs/don/payment/payment.php index d571940cc9b..cf6328d15c4 100644 --- a/htdocs/don/payment/payment.php +++ b/htdocs/don/payment/payment.php @@ -144,7 +144,7 @@ llxHeader(); $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_donation as p"; -$sql .= " WHERE p.fk_donation = ".$chid; +$sql .= " WHERE p.fk_donation = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index d9b58667574..993ea72e7f3 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -663,7 +663,7 @@ class ExpenseReport extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."expensereport"; $sql .= " SET fk_statut = ".self::STATUS_CLOSED.", paid=1"; - $sql .= " WHERE rowid = ".$id." AND fk_statut = ".self::STATUS_APPROVED; + $sql .= " WHERE rowid = ".((int) $id)." AND fk_statut = ".self::STATUS_APPROVED; dol_syslog(get_class($this)."::set_paid sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php index 91418707d3a..ea9eeb377e7 100644 --- a/htdocs/public/emailing/mailing-read.php +++ b/htdocs/public/emailing/mailing-read.php @@ -134,7 +134,7 @@ if (!empty($tag)) { //Update status communication of contact prospect if ($obj->source_id > 0 && $obj->source_type == 'contact' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '((int) $obj->source_id).')'; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.((int) $obj->source_id).')'; $resql = $db->query($sql); } } From 0203eab0b0b51760933fda42a9f5c0dcd1cce23b Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Tue, 30 Mar 2021 18:28:07 +0200 Subject: [PATCH 24/37] Update box_accountancy_suspense_account.php https:// --- htdocs/core/boxes/box_accountancy_suspense_account.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/boxes/box_accountancy_suspense_account.php b/htdocs/core/boxes/box_accountancy_suspense_account.php index 70edf818dc0..aa648270b97 100644 --- a/htdocs/core/boxes/box_accountancy_suspense_account.php +++ b/htdocs/core/boxes/box_accountancy_suspense_account.php @@ -15,7 +15,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see . + * along with this program. If not, see . */ /** From 479421d923d0710934847d1708aadb44c0213f77 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Tue, 30 Mar 2021 18:30:07 +0200 Subject: [PATCH 25/37] Update box_supplier_orders_awaiting_reception.php https:// --- htdocs/core/boxes/box_supplier_orders_awaiting_reception.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php index 7325b9bed5f..1a8cec07155 100644 --- a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php +++ b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php @@ -15,7 +15,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program. If not, see . + * along with this program. If not, see . */ /** From 34077d5b8a600a7585a089202ed93cf485a91db5 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Tue, 30 Mar 2021 18:31:36 +0200 Subject: [PATCH 26/37] Update canvas.class.php --- htdocs/core/class/canvas.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/canvas.class.php b/htdocs/core/class/canvas.class.php index 4ae94d43136..a4414fa6edb 100644 --- a/htdocs/core/class/canvas.class.php +++ b/htdocs/core/class/canvas.class.php @@ -195,7 +195,7 @@ class Canvas // This functions should not be used anymore because canvas should contains only templates. - // http://wiki.dolibarr.org/index.php/Canvas_development + // https://wiki.dolibarr.org/index.php/Canvas_development /** * Return if a canvas contains an action controller @@ -216,7 +216,7 @@ class Canvas * @param string $action Action string * @param int $id Object id * @return mixed Return return code of doActions of canvas - * @see http://wiki.dolibarr.org/index.php/Canvas_development + * @see https://wiki.dolibarr.org/index.php/Canvas_development */ public function doActions(&$action = 'view', $id = 0) { From a9e720eec39699ad8247b3411644690b89bbfa70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 30 Mar 2021 18:33:52 +0200 Subject: [PATCH 27/37] Update mod_facture_mars.php --- htdocs/core/modules/facture/mod_facture_mars.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/core/modules/facture/mod_facture_mars.php b/htdocs/core/modules/facture/mod_facture_mars.php index cd36b4d322a..c7a69a82caa 100644 --- a/htdocs/core/modules/facture/mod_facture_mars.php +++ b/htdocs/core/modules/facture/mod_facture_mars.php @@ -55,6 +55,7 @@ class mod_facture_mars extends ModeleNumRefFactures */ public function __construct() { + global $conf; if (!empty($conf->global->INVOICE_NUMBERING_MARS_FORCE_PREFIX)) { $this->prefixinvoice = $conf->global->INVOICE_NUMBERING_MARS_FORCE_PREFIX; } From 4c874ddf15a8e6dd7e22e2b41a7d4d898e356325 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 30 Mar 2021 18:35:46 +0200 Subject: [PATCH 28/37] Update mod_facture_terre.php --- htdocs/core/modules/facture/mod_facture_terre.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/core/modules/facture/mod_facture_terre.php b/htdocs/core/modules/facture/mod_facture_terre.php index 2f142a1adc7..f3e38cf7db7 100644 --- a/htdocs/core/modules/facture/mod_facture_terre.php +++ b/htdocs/core/modules/facture/mod_facture_terre.php @@ -65,6 +65,7 @@ class mod_facture_terre extends ModeleNumRefFactures */ public function __construct() { + global $conf; if (!empty($conf->global->INVOICE_NUMBERING_TERRE_FORCE_PREFIX)) { $this->prefixinvoice = $conf->global->INVOICE_NUMBERING_TERRE_FORCE_PREFIX; } From 680850f168e2e58988975c801e8453380dae5f48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Tue, 30 Mar 2021 18:55:37 +0200 Subject: [PATCH 29/37] fix sql delete invoice --- htdocs/compta/facture/class/facture.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index ca4e445c880..74e2f380d91 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -2282,7 +2282,7 @@ class Facture extends CommonInvoice // Invoice line extrafileds $main = MAIN_DB_PREFIX.'facturedet'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid); + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid).")"; // Delete invoice line $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facturedet WHERE fk_facture = '.((int) $rowid); From be6bb3a7564fdc8feeca600b9e527bb5371097da Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 19:12:07 +0200 Subject: [PATCH 30/37] FIX #yogosha5746 - next step (work in progress) --- .../class/expensereport.class.php | 16 ++++----- .../class/expensereportstats.class.php | 2 +- htdocs/expensereport/payment/payment.php | 2 +- htdocs/fichinter/class/fichinterrec.class.php | 4 +-- .../fichinter/class/fichinterstats.class.php | 2 +- .../fourn/class/fournisseur.product.class.php | 6 ++-- htdocs/fourn/recap-fourn.php | 2 +- htdocs/holiday/class/holiday.class.php | 2 +- htdocs/install/upgrade2.php | 30 ++++++++-------- htdocs/loan/card.php | 2 +- htdocs/loan/class/loanschedule.class.php | 6 ++-- htdocs/loan/payment/payment.php | 2 +- htdocs/margin/agentMargins.php | 2 +- .../template/class/myobject.class.php | 4 +-- htdocs/product/class/product.class.php | 34 +++++++++---------- .../class/productcustomerprice.class.php | 2 +- .../class/productfournisseurprice.class.php | 2 +- .../class/propalmergepdfproduct.class.php | 2 +- .../class/price_expression.class.php | 2 +- .../class/price_global_variable.class.php | 2 +- .../price_global_variable_updater.class.php | 2 +- htdocs/product/fournisseurs.php | 4 +-- htdocs/product/list.php | 4 +-- htdocs/product/price.php | 22 ++++++------ .../stock/class/mouvementstock.class.php | 16 ++++----- .../product/stock/class/productlot.class.php | 2 +- htdocs/product/stock/replenish.php | 2 +- htdocs/projet/class/project.class.php | 16 ++++----- htdocs/projet/class/task.class.php | 6 ++-- htdocs/public/members/public_list.php | 2 +- htdocs/public/stripe/ipn.php | 2 +- htdocs/reception/class/reception.class.php | 2 +- htdocs/resource/element_resource.php | 6 ++-- htdocs/salaries/card.php | 2 +- htdocs/salaries/class/salariesstats.class.php | 4 +-- htdocs/salaries/paiement_salary.php | 4 +-- .../societe/class/api_thirdparties.class.php | 12 +++---- htdocs/societe/class/client.class.php | 2 +- .../class/companybankaccount.class.php | 10 +++--- .../class/companypaymentmode.class.php | 6 ++-- htdocs/societe/class/societe.class.php | 8 ++--- htdocs/societe/class/societeaccount.class.php | 2 +- htdocs/societe/consumption.php | 20 +++++------ htdocs/societe/paymentmodes.php | 10 +++--- htdocs/societe/societecontact.php | 2 +- htdocs/takepos/receipt.php | 2 +- htdocs/ticket/class/ticket.class.php | 2 +- htdocs/ticket/class/ticketstats.class.php | 2 +- htdocs/user/class/user.class.php | 2 +- htdocs/webservices/server_contact.php | 2 +- .../webservices/server_productorservice.php | 2 +- htdocs/website/class/website.class.php | 4 +-- 52 files changed, 155 insertions(+), 155 deletions(-) diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index 993ea72e7f3..8ec99aa1007 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -880,7 +880,7 @@ class ExpenseReport extends CommonObject if ($user->rights->expensereport->lire) { $sql = "SELECT de.fk_expensereport, de.date, de.comments, de.total_ht, de.total_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as de"; - $sql .= " WHERE de.fk_projet = ".$projectid; + $sql .= " WHERE de.fk_projet = ".((int) $projectid); dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); $result = $this->db->query($sql); @@ -1117,8 +1117,8 @@ class ExpenseReport extends CommonObject // Delete extrafields of lines and lines if (!$error && !empty($this->table_element_line)) { $tabletodelete = $this->table_element_line; - //$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")"; - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id; + //$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id); if (!$this->db->query($sql)) { $error++; $this->error = $this->db->lasterror(); @@ -1154,7 +1154,7 @@ class ExpenseReport extends CommonObject // Delete main record if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id); $res = $this->db->query($sql); if (!$res) { $error++; @@ -2124,7 +2124,7 @@ class ExpenseReport extends CommonObject // Select des infos sur le type fees $sql = "SELECT c.code as code_type_fees, c.label as libelle_type_fees"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees as c"; - $sql .= " WHERE c.id = ".$type_fees_id; + $sql .= " WHERE c.id = ".((int) $type_fees_id); $resql = $this->db->query($sql); if ($resql) { $objp_fees = $this->db->fetch_object($resql); @@ -2136,7 +2136,7 @@ class ExpenseReport extends CommonObject // Select des informations du projet $sql = "SELECT p.ref as ref_projet, p.title as title_projet"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as p"; - $sql .= " WHERE p.rowid = ".$projet_id; + $sql .= " WHERE p.rowid = ".((int) $projet_id); $resql = $this->db->query($sql); if ($resql) { $objp_projet = $this->db->fetch_object($resql); @@ -2331,7 +2331,7 @@ class ExpenseReport extends CommonObject $ret = array(); $sql = "SELECT id, code, label"; $sql .= " FROM ".MAIN_DB_PREFIX."c_type_fees"; - $sql .= " WHERE active = ".$active; + $sql .= " WHERE active = ".((int) $active); dol_syslog(get_class($this)."::listOfTypes", LOG_DEBUG); $result = $this->db->query($sql); if ($result) { @@ -2495,7 +2495,7 @@ class ExpenseReport extends CommonObject $type = 'expense_report'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/expensereport/class/expensereportstats.class.php b/htdocs/expensereport/class/expensereportstats.class.php index ec71f530f51..8f3574f2952 100644 --- a/htdocs/expensereport/class/expensereportstats.class.php +++ b/htdocs/expensereport/class/expensereportstats.class.php @@ -114,7 +114,7 @@ class ExpenseReportStats extends Stats { $sql = "SELECT MONTH(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).") as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(e.".$this->datetouse.") = ".$year; + $sql .= " WHERE YEAR(e.".$this->datetouse.") = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php index d50f6336669..b7057af86fc 100644 --- a/htdocs/expensereport/payment/payment.php +++ b/htdocs/expensereport/payment/payment.php @@ -206,7 +206,7 @@ if ($action == 'create' || empty($action)) { $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_expensereport as p, ".MAIN_DB_PREFIX."expensereport as e"; - $sql .= " WHERE p.fk_expensereport = e.rowid AND p.fk_expensereport = ".$id; + $sql .= " WHERE p.fk_expensereport = e.rowid AND p.fk_expensereport = ".((int) $id); $sql .= ' AND e.entity IN ('.getEntity('expensereport').')'; $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/fichinter/class/fichinterrec.class.php b/htdocs/fichinter/class/fichinterrec.class.php index 960a2734706..4fe35c32a2c 100644 --- a/htdocs/fichinter/class/fichinterrec.class.php +++ b/htdocs/fichinter/class/fichinterrec.class.php @@ -434,10 +434,10 @@ class FichinterRec extends Fichinter $error = 0; $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet_rec WHERE fk_fichinter = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinterdet_rec WHERE fk_fichinter = ".((int) $rowid); dol_syslog($sql); if ($this->db->query($sql)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinter_rec WHERE rowid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinter_rec WHERE rowid = ".((int) $rowid); dol_syslog($sql); if (!$this->db->query($sql)) { $this->error = $this->db->lasterror(); diff --git a/htdocs/fichinter/class/fichinterstats.class.php b/htdocs/fichinter/class/fichinterstats.class.php index 2daede1457a..297aeca7760 100644 --- a/htdocs/fichinter/class/fichinterstats.class.php +++ b/htdocs/fichinter/class/fichinterstats.class.php @@ -73,7 +73,7 @@ class FichinterStats extends Stats //$this->where.= " AND c.fk_statut > 0"; // Not draft and not cancelled } if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $this->where .= ($this->where ? ' AND ' : '')."c.entity IN (".getEntity('fichinter').')'; diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php index 0fa34c28d81..c910cffe8d4 100644 --- a/htdocs/fourn/class/fournisseur.product.class.php +++ b/htdocs/fourn/class/fournisseur.product.class.php @@ -164,7 +164,7 @@ class ProductFournisseur extends Product $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_product = ".$this->id." AND fk_soc = ".$id_fourn; + $sql .= " WHERE fk_product = ".$this->id." AND fk_soc = ".((int) $id_fourn); dol_syslog(get_class($this)."::remove_fournisseur", LOG_DEBUG); $resql2 = $this->db->query($sql); @@ -208,7 +208,7 @@ class ProductFournisseur extends Product if (empty($error)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::remove_product_fournisseur_price", LOG_DEBUG); $resql = $this->db->query($sql); @@ -438,7 +438,7 @@ class ProductFournisseur extends Product // Delete price for this quantity $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_soc = ".$fourn->id." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".$qty." AND entity = ".$conf->entity; + $sql .= " WHERE fk_soc = ".$fourn->id." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".((float) $qty)." AND entity = ".$conf->entity; $resql = $this->db->query($sql); if ($resql) { // Add price for this quantity to supplier diff --git a/htdocs/fourn/recap-fourn.php b/htdocs/fourn/recap-fourn.php index 06ad90ec858..97a6b53f2e2 100644 --- a/htdocs/fourn/recap-fourn.php +++ b/htdocs/fourn/recap-fourn.php @@ -73,7 +73,7 @@ if ($socid > 0) { $sql .= " f.paye as paye, f.fk_statut as statut, f.rowid as facid,"; $sql .= " u.login, u.rowid as userid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_fourn as f,".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$societe->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $societe->id); $sql .= " AND f.entity IN (".getEntity("facture_fourn").")"; // Recognition of the entity attributed to this invoice for Multicompany $sql .= " AND f.fk_user_valid = u.rowid"; $sql .= " ORDER BY f.datef DESC"; diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 4b5c742b3f1..ffd394a35b3 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -2069,7 +2069,7 @@ class Holiday extends CommonObject $sql = "SELECT rowid, code, label, affect, delay, newByMonth"; $sql .= " FROM ".MAIN_DB_PREFIX."c_holiday_types"; - $sql .= " WHERE (fk_country IS NULL OR fk_country = ".$mysoc->country_id.')'; + $sql .= " WHERE (fk_country IS NULL OR fk_country = ".((int) $mysoc->country_id).')'; if ($active >= 0) { $sql .= " AND active = ".((int) $active); } diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index fb63847c3e6..26c791c2290 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -2161,7 +2161,7 @@ function migrate_detail_livraison($db, $langs, $conf) if ($resql2) { $sql = "SELECT total_ht"; $sql .= " FROM ".MAIN_DB_PREFIX."livraison"; - $sql .= " WHERE rowid = ".$obj->fk_livraison; + $sql .= " WHERE rowid = ".((int) $obj->fk_livraison); $resql3 = $db->query($sql); if ($resql3) { @@ -2864,7 +2864,7 @@ function migrate_project_task_time($db, $langs, $conf) foreach ($totaltime as $taskid => $total_duration) { $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task SET"; $sql .= " duration_effective = ".$total_duration; - $sql .= " WHERE rowid = ".$taskid; + $sql .= " WHERE rowid = ".((int) $taskid); $resql = $db->query($sql); if (!$resql) { @@ -3235,7 +3235,7 @@ function migrate_mode_reglement($db, $langs, $conf) $sqlSelect = "SELECT id"; $sqlSelect .= " FROM ".MAIN_DB_PREFIX."c_paiement"; - $sqlSelect .= " WHERE id = ".$old_id; + $sqlSelect .= " WHERE id = ".((int) $old_id); $sqlSelect .= " AND code = '".$db->escape($elements['code'][$key])."'"; $resql = $db->query($sqlSelect); @@ -3246,23 +3246,23 @@ function migrate_mode_reglement($db, $langs, $conf) $db->begin(); - $sqla = "UPDATE ".MAIN_DB_PREFIX."paiement SET "; - $sqla .= "fk_paiement = ".$elements['new_id'][$key]; - $sqla .= " WHERE fk_paiement = ".$old_id; - $sqla .= " AND fk_paiement IN (SELECT id FROM ".MAIN_DB_PREFIX."c_paiement WHERE id = ".$old_id." AND code = '".$db->escape($elements['code'][$key])."')"; + $sqla = "UPDATE ".MAIN_DB_PREFIX."paiement SET"; + $sqla .= " fk_paiement = ".$elements['new_id'][$key]; + $sqla .= " WHERE fk_paiement = ".((int) $old_id); + $sqla .= " AND fk_paiement IN (SELECT id FROM ".MAIN_DB_PREFIX."c_paiement WHERE id = ".((int) $old_id)." AND code = '".$db->escape($elements['code'][$key])."')"; $resqla = $db->query($sqla); - $sql = "UPDATE ".MAIN_DB_PREFIX."c_paiement SET "; - $sql .= "id = ".$elements['new_id'][$key]; - $sql .= " WHERE id = ".$old_id; + $sql = "UPDATE ".MAIN_DB_PREFIX."c_paiement SET"; + $sql .= " id = ".((int) $elements['new_id'][$key]); + $sql .= " WHERE id = ".((int) $old_id); $sql .= " AND code = '".$db->escape($elements['code'][$key])."'"; $resql = $db->query($sql); if ($resqla && $resql) { foreach ($elements['tables'] as $table) { $sql = "UPDATE ".MAIN_DB_PREFIX.$table." SET "; - $sql .= "fk_mode_reglement = ".$elements['new_id'][$key]; - $sql .= " WHERE fk_mode_reglement = ".$old_id; + $sql .= "fk_mode_reglement = "((int) $elements['new_id'][$key]); + $sql .= " WHERE fk_mode_reglement = ".((int) $old_id); $resql = $db->query($sql); if (!$resql) { @@ -3786,16 +3786,16 @@ function migrate_remise_except_entity($db, $langs, $conf) $sqlSelect2 = "SELECT f.entity"; $sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."facture as f"; - $sqlSelect2 .= " WHERE f.rowid = ".$fk_facture; + $sqlSelect2 .= " WHERE f.rowid = ".((int) $fk_facture); } elseif (!empty($obj->fk_facture_line)) { $sqlSelect2 = "SELECT f.entity"; $sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."facturedet as fd"; - $sqlSelect2 .= " WHERE fd.rowid = ".$obj->fk_facture_line; + $sqlSelect2 .= " WHERE fd.rowid = ".((int) $obj->fk_facture_line); $sqlSelect2 .= " AND fd.fk_facture = f.rowid"; } else { $sqlSelect2 = "SELECT s.entity"; $sqlSelect2 .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sqlSelect2 .= " WHERE s.rowid = ".$obj->fk_soc; + $sqlSelect2 .= " WHERE s.rowid = ".((int) $obj->fk_soc); } $resql2 = $db->query($sqlSelect2); diff --git a/htdocs/loan/card.php b/htdocs/loan/card.php index 9e9e1a0a992..c3c08b6cf2f 100644 --- a/htdocs/loan/card.php +++ b/htdocs/loan/card.php @@ -636,7 +636,7 @@ if ($id > 0) { $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepayment = c.id"; $sql .= ", ".MAIN_DB_PREFIX."loan as l"; - $sql .= " WHERE p.fk_loan = ".$id; + $sql .= " WHERE p.fk_loan = ".((int) $id); $sql .= " AND p.fk_loan = l.rowid"; $sql .= " AND l.entity IN ( ".getEntity('loan').")"; $sql .= " ORDER BY dp DESC"; diff --git a/htdocs/loan/class/loanschedule.class.php b/htdocs/loan/class/loanschedule.class.php index bc819f747ca..54d4607ab70 100644 --- a/htdocs/loan/class/loanschedule.class.php +++ b/htdocs/loan/class/loanschedule.class.php @@ -447,7 +447,7 @@ class LoanSchedule extends CommonObject $sql .= " t.fk_user_creat,"; $sql .= " t.fk_user_modif"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t"; - $sql .= " WHERE t.fk_loan = ".$loanid; + $sql .= " WHERE t.fk_loan = ".((int) $loanid); dol_syslog(get_class($this)."::fetchAll", LOG_DEBUG); $resql = $this->db->query($sql); @@ -535,7 +535,7 @@ class LoanSchedule extends CommonObject { $sql = "SELECT p.datep"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan as p "; - $sql .= " WHERE p.fk_loan = ".$loanid; + $sql .= " WHERE p.fk_loan = ".((int) $loanid); $sql .= " ORDER BY p.datep DESC "; $sql .= " LIMIT 1 "; @@ -563,7 +563,7 @@ class LoanSchedule extends CommonObject $sql = "SELECT p.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as p "; - $sql .= " WHERE p.fk_loan = ".$loanid; + $sql .= " WHERE p.fk_loan = ".((int) $loanid); if (!empty($datemax)) { $sql .= " AND p.datep > '".$this->db->idate($datemax)."'"; } diff --git a/htdocs/loan/payment/payment.php b/htdocs/loan/payment/payment.php index eec24d9b3e2..58783be181e 100644 --- a/htdocs/loan/payment/payment.php +++ b/htdocs/loan/payment/payment.php @@ -239,7 +239,7 @@ if ($action == 'create') { $sql = "SELECT SUM(amount_capital) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_loan"; - $sql .= " WHERE fk_loan = ".$chid; + $sql .= " WHERE fk_loan = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); diff --git a/htdocs/margin/agentMargins.php b/htdocs/margin/agentMargins.php index a27393c8bb2..1ac670c4a7f 100644 --- a/htdocs/margin/agentMargins.php +++ b/htdocs/margin/agentMargins.php @@ -290,7 +290,7 @@ if ($result) { // sql nb sellers $sql_seller = "SELECT COUNT(sc.rowid) as nb"; $sql_seller .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql_seller .= " WHERE sc.fk_soc = ".$objp->socid; + $sql_seller .= " WHERE sc.fk_soc = ".((int) $objp->socid); $sql_seller .= " LIMIT 1"; $resql_seller = $db->query($sql_seller); diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php index 6a17e500a69..df687f84e56 100644 --- a/htdocs/modulebuilder/template/class/myobject.class.php +++ b/htdocs/modulebuilder/template/class/myobject.class.php @@ -579,9 +579,9 @@ class MyObject extends CommonObject $sql .= ", date_validation = '".$this->db->idate($now)."'"; } if (!empty($this->fields['fk_user_valid'])) { - $sql .= ", fk_user_valid = ".$user->id; + $sql .= ", fk_user_valid = ".((int) $user->id); } - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index ad3b694f137..d9cadd304b2 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -1820,9 +1820,9 @@ class Product extends CommonObject $sql .= ", pfp.packaging"; } $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; - $sql .= " WHERE pfp.rowid = ".$prodfournprice; + $sql .= " WHERE pfp.rowid = ".((int) $prodfournprice); if ($qty > 0) { - $sql .= " AND pfp.quantity <= ".$qty; + $sql .= " AND pfp.quantity <= ".((float) $qty); } $sql .= " ORDER BY pfp.quantity DESC"; @@ -1874,15 +1874,15 @@ class Product extends CommonObject $sql .= " pfp.multicurrency_price, pfp.multicurrency_unitprice, pfp.multicurrency_tx, pfp.fk_multicurrency, pfp.multicurrency_code,"; $sql .= " pfp.packaging"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; - $sql .= " WHERE pfp.fk_product = ".$product_id; + $sql .= " WHERE pfp.fk_product = ".((int) $product_id); if ($fourn_ref != 'none') { $sql .= " AND pfp.ref_fourn = '".$this->db->escape($fourn_ref)."'"; } if ($fk_soc > 0) { - $sql .= " AND pfp.fk_soc = ".$fk_soc; + $sql .= " AND pfp.fk_soc = ".((int) $fk_soc); } if ($qty > 0) { - $sql .= " AND pfp.quantity <= ".$qty; + $sql .= " AND pfp.quantity <= ".((float) $qty); } $sql .= " ORDER BY pfp.quantity DESC"; $sql .= " LIMIT 1"; @@ -2360,7 +2360,7 @@ class Product extends CommonObject $sql = "SELECT price, price_ttc, price_min, price_min_ttc,"; $sql .= " price_base_type, tva_tx, default_vat_code, tosell, price_by_qty, rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price"; - $sql .= " WHERE fk_product = ".$this->id; + $sql .= " WHERE fk_product = ".((int) $this->id); $sql .= " ORDER BY date_price DESC, rowid DESC"; $sql .= " LIMIT 1"; $resql = $this->db->query($sql); @@ -2374,7 +2374,7 @@ class Product extends CommonObject if ($this->prices_by_qty[0] == 1) { $sql = "SELECT rowid,price, unitprice, quantity, remise_percent, remise, remise, price_base_type"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price = ".$this->prices_by_qty_id[0]; + $sql .= " WHERE fk_product_price = ".((int) $this->prices_by_qty_id[0]); $sql .= " ORDER BY quantity ASC"; $resultat = array(); $resql = $this->db->query($sql); @@ -3946,8 +3946,8 @@ class Product extends CommonObject } $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_association"; - $sql .= " WHERE fk_product_pere = ".$fk_parent; - $sql .= " AND fk_product_fils = ".$fk_child; + $sql .= " WHERE fk_product_pere = ".((int) $fk_parent); + $sql .= " AND fk_product_fils = ".((int) $fk_child); dol_syslog(get_class($this).'::del_sousproduit', LOG_DEBUG); if (!$this->db->query($sql)) { @@ -4040,14 +4040,14 @@ class Product extends CommonObject $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_soc = ".$id_fourn; + $sql .= " WHERE fk_soc = ".((int) $id_fourn); if ($ref_fourn) { $sql .= " AND ref_fourn = '".$this->db->escape($ref_fourn)."'"; } else { $sql .= " AND (ref_fourn = '' OR ref_fourn IS NULL)"; } - $sql .= " AND quantity = ".$quantity; - $sql .= " AND fk_product = ".$this->id; + $sql .= " AND quantity = ".((float) $quantity); + $sql .= " AND fk_product = ".((int) $this->id); $sql .= " AND entity IN (".getEntity('productsupplierprice').")"; $resql = $this->db->query($sql); @@ -4198,7 +4198,7 @@ class Product extends CommonObject $sql .= ", multicurrency_price"; $sql .= ", multicurrency_price_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price"; - $sql .= " WHERE fk_product = ".$fromId; + $sql .= " WHERE fk_product = ".((int) $fromId); $sql .= " ORDER BY date_price DESC"; if ($conf->global->PRODUIT_MULTIPRICES_LIMIT > 0) { $sql .= " LIMIT ".$conf->global->PRODUIT_MULTIPRICES_LIMIT; @@ -4230,7 +4230,7 @@ class Product extends CommonObject $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'product_association (fk_product_pere, fk_product_fils, qty)'; $sql .= " SELECT ".$toId.", fk_product_fils, qty FROM ".MAIN_DB_PREFIX."product_association"; - $sql .= " WHERE fk_product_pere = ".$fromId; + $sql .= " WHERE fk_product_pere = ".((int) $fromId); dol_syslog(get_class($this).'::clone_association', LOG_DEBUG); if (!$this->db->query($sql)) { @@ -4262,7 +4262,7 @@ class Product extends CommonObject . " datec, fk_product, fk_soc, ref_fourn, fk_user_author )" . " SELECT '".$this->db->idate($now)."', ".$toId.", fk_soc, ref_fourn, fk_user_author" . " FROM ".MAIN_DB_PREFIX."product_fournisseur" - . " WHERE fk_product = ".$fromId; + . " WHERE fk_product = ".((int) $fromId); if ( ! $this->db->query($sql ) ) { @@ -4273,9 +4273,9 @@ class Product extends CommonObject // les prix de fournisseurs. $sql = "INSERT ".MAIN_DB_PREFIX."product_fournisseur_price ("; $sql .= " datec, fk_product, fk_soc, price, quantity, fk_user)"; - $sql .= " SELECT '".$this->db->idate($now)."', ".$toId.", fk_soc, price, quantity, fk_user"; + $sql .= " SELECT '".$this->db->idate($now)."', ".((int) $toId).", fk_soc, price, quantity, fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price"; - $sql .= " WHERE fk_product = ".$fromId; + $sql .= " WHERE fk_product = ".((int) $fromId); dol_syslog(get_class($this).'::clone_fournisseurs', LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/productcustomerprice.class.php b/htdocs/product/class/productcustomerprice.class.php index 046aed05a10..9b0d29b4cdd 100644 --- a/htdocs/product/class/productcustomerprice.class.php +++ b/htdocs/product/class/productcustomerprice.class.php @@ -814,7 +814,7 @@ class Productcustomerprice extends CommonObject // Find all susidiaries $sql = "SELECT s.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - $sql .= " WHERE s.parent = ".$this->fk_soc; + $sql .= " WHERE s.parent = ".((int) $this->fk_soc); $sql .= " AND s.entity IN (".getEntity('societe').")"; dol_syslog(get_class($this)."::setPriceOnAffiliateThirdparty", LOG_DEBUG); diff --git a/htdocs/product/class/productfournisseurprice.class.php b/htdocs/product/class/productfournisseurprice.class.php index 13fa8433d07..709afcb6d20 100644 --- a/htdocs/product/class/productfournisseurprice.class.php +++ b/htdocs/product/class/productfournisseurprice.class.php @@ -438,7 +438,7 @@ class ProductFournisseurPrice extends CommonObject $sql .= " status = ".self::STATUS_VALIDATED; if (!empty($this->fields['date_validation'])) $sql .= ", date_validation = '".$this->db->idate($now)."'"; if (!empty($this->fields['fk_user_valid'])) $sql .= ", fk_user_valid = ".$user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::validate()", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/product/class/propalmergepdfproduct.class.php b/htdocs/product/class/propalmergepdfproduct.class.php index f7cf48df5e0..a1d92cc492a 100644 --- a/htdocs/product/class/propalmergepdfproduct.class.php +++ b/htdocs/product/class/propalmergepdfproduct.class.php @@ -239,7 +239,7 @@ class Propalmergepdfproduct extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."propal_merge_pdf_product as t"; - $sql .= " WHERE t.fk_product = ".$product_id; + $sql .= " WHERE t.fk_product = ".((int) $product_id); if ($conf->global->MAIN_MULTILANGS && !empty($lang)) { $sql .= " AND t.lang = '".$this->db->escape($lang)."'"; } diff --git a/htdocs/product/dynamic_price/class/price_expression.class.php b/htdocs/product/dynamic_price/class/price_expression.class.php index 546c2050990..db0c427c334 100644 --- a/htdocs/product/dynamic_price/class/price_expression.class.php +++ b/htdocs/product/dynamic_price/class/price_expression.class.php @@ -327,7 +327,7 @@ class PriceExpression if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_global_variable.class.php b/htdocs/product/dynamic_price/class/price_global_variable.class.php index 29505ff8573..5286b932ca7 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable.class.php @@ -250,7 +250,7 @@ class PriceGlobalVariable if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php index f43d6bc731d..96e77d661ab 100644 --- a/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php +++ b/htdocs/product/dynamic_price/class/price_global_variable_updater.class.php @@ -275,7 +275,7 @@ class PriceGlobalVariableUpdater if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); dol_syslog(__METHOD__); $resql = $this->db->query($sql); diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index cde318cda81..6e3b487a429 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -793,7 +793,7 @@ END; $sql .= ", ".$key; } $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields"; - $sql .= " WHERE fk_object = ".$rowid; + $sql .= " WHERE fk_object = ".((int) $rowid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -1145,7 +1145,7 @@ END; $sql .= ", ".$key; } $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price_extrafields"; - $sql .= " WHERE fk_object = ".$productfourn->product_fourn_price_id; + $sql .= " WHERE fk_object = ".((int) $productfourn->product_fourn_price_id); $resql = $db->query($sql); if ($resql) { if ($db->num_rows($resql) != 1) { diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 7df96cbd97c..b6f5956bfd3 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -473,7 +473,7 @@ if ($searchCategoryProductOperator == 1) { if (intval($searchCategoryProduct) == -2) { $searchCategoryProductSqlList[] = "cp.fk_categorie IS NULL"; } elseif (intval($searchCategoryProduct) > 0) { - $searchCategoryProductSqlList[] = "p.rowid IN (SELECT fk_product FROM ".MAIN_DB_PREFIX."categorie_product WHERE fk_categorie = ".$searchCategoryProduct.")"; + $searchCategoryProductSqlList[] = "p.rowid IN (SELECT fk_product FROM ".MAIN_DB_PREFIX."categorie_product WHERE fk_categorie = ".((int) $searchCategoryProduct).")"; } } if (!empty($searchCategoryProductSqlList)) { @@ -1530,7 +1530,7 @@ if ($resql) { // then reuse the cache array if we need prices for other price levels $sqlp = "SELECT p.rowid, p.fk_product, p.price, p.price_ttc, p.price_level, p.date_price, p.price_base_type"; $sqlp .= " FROM ".MAIN_DB_PREFIX."product_price as p"; - $sqlp .= " WHERE fk_product = ".$obj->rowid; + $sqlp .= " WHERE fk_product = ".((int) $obj->rowid); $sqlp .= " ORDER BY p.date_price DESC, p.rowid DESC, p.price_level ASC"; $resultp = $db->query($sqlp); if ($resultp) { diff --git a/htdocs/product/price.php b/htdocs/product/price.php index ee86d43c09f..6647201b719 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -429,12 +429,12 @@ if (empty($reshook)) { // Ajout / mise à jour if ($rowid > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."product_price_by_qty SET"; - $sql .= " price='".$db->escape($price)."',"; - $sql .= " unitprice=".$unitPrice.","; - $sql .= " quantity=".$quantity.","; - $sql .= " remise_percent=".$remise_percent.","; - $sql .= " remise=".$remise; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " price=".((float) $price)."',"; + $sql .= " unitprice=".((float) $unitPrice).","; + $sql .= " quantity=".((float) $quantity).","; + $sql .= " remise_percent=".((float) $remise_percent).","; + $sql .= " remise=".((float) $remise); + $sql .= " WHERE rowid = ".((int) $rowid); $result = $db->query($sql); if (!$result) { @@ -442,7 +442,7 @@ if (empty($reshook)) { } } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_price_by_qty (fk_product_price,price,unitprice,quantity,remise_percent,remise) values ("; - $sql .= $priceid.','.$price.','.$unitPrice.','.$quantity.','.$remise_percent.','.$remise.')'; + $sql .= ((int) $priceid).','.((float) $price).','.((float) $unitPrice).','.((float) $quantity).','.((float) $remise_percent).','.((float) $remise).')'; $result = $db->query($sql); if (!$result) { @@ -460,7 +460,7 @@ if (empty($reshook)) { $rowid = GETPOST('rowid', 'int'); if (!empty($rowid)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE rowid = ".$rowid; + $sql .= " WHERE rowid = ".((int) $rowid); $result = $db->query($sql); } else { @@ -472,7 +472,7 @@ if (empty($reshook)) { $priceid = GETPOST('priceid', 'int'); if (!empty($rowid)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty"; - $sql .= " WHERE fk_product_price = ".$priceid; + $sql .= " WHERE fk_product_price = ".((int) $priceid); $result = $db->query($sql); } else { @@ -1413,11 +1413,11 @@ if ((empty($conf->global->PRODUIT_CUSTOMER_PRICES) || $action == 'showlog_defaul $sql .= " p.date_price as dp, p.fk_price_expression, u.rowid as user_id, u.login"; $sql .= " FROM ".MAIN_DB_PREFIX."product_price as p,"; $sql .= " ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE fk_product = ".$object->id; + $sql .= " WHERE fk_product = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('productprice').")"; $sql .= " AND p.fk_user_author = u.rowid"; if (!empty($socid) && !empty($conf->global->PRODUIT_MULTIPRICES)) { - $sql .= " AND p.price_level = ".$soc->price_level; + $sql .= " AND p.price_level = ".((int) $soc->price_level); } $sql .= " ORDER BY p.date_price DESC, p.rowid DESC, p.price_level ASC"; // $sql .= $db->plimit(); diff --git a/htdocs/product/stock/class/mouvementstock.class.php b/htdocs/product/stock/class/mouvementstock.class.php index 74803f63909..d8dad67bee2 100644 --- a/htdocs/product/stock/class/mouvementstock.class.php +++ b/htdocs/product/stock/class/mouvementstock.class.php @@ -488,7 +488,7 @@ class MouvementStock extends CommonObject if (!$error) { $sql = "SELECT rowid, reel FROM ".MAIN_DB_PREFIX."product_stock"; - $sql .= " WHERE fk_entrepot = ".$entrepot_id." AND fk_product = ".$fk_product; // This is a unique key + $sql .= " WHERE fk_entrepot = ".((int) $entrepot_id)." AND fk_product = ".((int) $fk_product); // This is a unique key dol_syslog(get_class($this)."::_create check if a record already exists in product_stock", LOG_DEBUG); $resql = $this->db->query($sql); @@ -544,12 +544,12 @@ class MouvementStock extends CommonObject { if ($alreadyarecord > 0) { - $sql = "UPDATE ".MAIN_DB_PREFIX."product_stock SET reel = reel + ".$qty; - $sql .= " WHERE fk_entrepot = ".$entrepot_id." AND fk_product = ".$fk_product; + $sql = "UPDATE ".MAIN_DB_PREFIX."product_stock SET reel = reel + ".((float) $qty); + $sql .= " WHERE fk_entrepot = ".((int) $entrepot_id)." AND fk_product = ".((int) $fk_product); } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."product_stock"; $sql .= " (reel, fk_entrepot, fk_product) VALUES "; - $sql .= " (".$qty.", ".$entrepot_id.", ".$fk_product.")"; + $sql .= " (".((float) $qty).", ".((int) $entrepot_id).", ".((int) $fk_product).")"; } dol_syslog(get_class($this)."::_create update stock value", LOG_DEBUG); @@ -602,7 +602,7 @@ class MouvementStock extends CommonObject $newpmp = price2num($newpmp, 'MU'); // $sql = "UPDATE ".MAIN_DB_PREFIX."product SET pmp = ".$newpmp.", stock = ".$this->db->ifsql("stock IS NULL", 0, "stock") . " + ".$qty; - // $sql.= " WHERE rowid = ".$fk_product; + // $sql.= " WHERE rowid = ".((int) $fk_product); // Update pmp + denormalized fields because we change content of produt_stock. Warning: Do not use "SET p.stock", does not works with pgsql $sql = "UPDATE ".MAIN_DB_PREFIX."product as p SET pmp = ".((float) $newpmp).","; $sql .= " stock=(SELECT SUM(ps.reel) FROM ".MAIN_DB_PREFIX."product_stock as ps WHERE ps.fk_product = p.rowid)"; @@ -763,7 +763,7 @@ class MouvementStock extends CommonObject $sql = "SELECT fk_product_pere, fk_product_fils, qty"; $sql .= " FROM ".MAIN_DB_PREFIX."product_association"; - $sql .= " WHERE fk_product_pere = ".$idProduct; + $sql .= " WHERE fk_product_pere = ".((int) $idProduct); $sql .= " AND incdec = 1"; dol_syslog(get_class($this)."::_createSubProduct for parent product ".$idProduct, LOG_DEBUG); @@ -875,7 +875,7 @@ class MouvementStock extends CommonObject $nbSP=0; $resql = "SELECT count(*) as nb FROM ".MAIN_DB_PREFIX."product_association"; - $resql.= " WHERE fk_product_pere = ".$id; + $resql.= " WHERE fk_product_pere = ".((int) $id); if ($this->db->query($resql)) { $obj=$this->db->fetch_object($resql); @@ -1284,7 +1284,7 @@ class MouvementStock extends CommonObject $sql = "SELECT sum(pb.qty) as cpt"; $sql .= " FROM ".MAIN_DB_PREFIX."product_batch as pb"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."product_stock as ps ON ps.rowid = pb.fk_product_stock"; - $sql .= " WHERE ps.fk_product = " . $fk_product; + $sql .= " WHERE ps.fk_product = " . ((int) $fk_product); $sql .= " AND pb.batch = '" . $this->db->escape($batch) . "'"; $result = $this->db->query($sql); diff --git a/htdocs/product/stock/class/productlot.class.php b/htdocs/product/stock/class/productlot.class.php index 9b6c0a38a1c..f05d6ebc168 100644 --- a/htdocs/product/stock/class/productlot.class.php +++ b/htdocs/product/stock/class/productlot.class.php @@ -275,7 +275,7 @@ class Productlot extends CommonObject $sql .= " t.import_key"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; if ($product_id > 0 && $batch != '') { - $sql .= " WHERE t.batch = '".$this->db->escape($batch)."' AND t.fk_product = ".$product_id; + $sql .= " WHERE t.batch = '".$this->db->escape($batch)."' AND t.fk_product = ".((int) $product_id); } else { $sql .= ' WHERE t.rowid = '.((int) $id); } diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index b282984cef5..393fbc73ae2 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -205,7 +205,7 @@ if ($action == 'order' && GETPOST('valid')) { $order = new CommandeFournisseur($db); // Check if an order for the supplier exists $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."commande_fournisseur"; - $sql .= " WHERE fk_soc = ".$suppliersid[$i]; + $sql .= " WHERE fk_soc = ".((int) $suppliersid[$i]); $sql .= " AND source = 42 AND fk_statut = 0"; $sql .= " AND entity IN (".getEntity('commande_fournisseur').")"; $sql .= " ORDER BY date_creation DESC"; diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 792d2fd00de..8253980c034 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -463,7 +463,7 @@ class Project extends CommonObject $sql .= ", accept_booth_suggestions = ".($this->accept_booth_suggestions ? 1 : 0); $sql .= ", price_registration = ".(strcmp($this->price_registration, '') ? price2num($this->price_registration) : "null"); $sql .= ", price_booth = ".(strcmp($this->price_booth, '') ? price2num($this->price_booth) : "null"); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); $resql = $this->db->query($sql); @@ -783,7 +783,7 @@ class Project extends CommonObject // Remove linked categories. if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_project"; - $sql .= " WHERE fk_project = ".$this->id; + $sql .= " WHERE fk_project = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { @@ -808,7 +808,7 @@ class Project extends CommonObject foreach ($elements as $table) { if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$table; - $sql .= " WHERE fk_project = ".$this->id; + $sql .= " WHERE fk_project = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { @@ -900,17 +900,17 @@ class Project extends CommonObject if ($type == 'agenda') { $sql = "SELECT COUNT(id) as nb FROM ".MAIN_DB_PREFIX."actioncomm WHERE fk_project = ".$this->id." AND entity IN (".getEntity('agenda').")"; } elseif ($type == 'expensereport') { - $sql = "SELECT COUNT(ed.rowid) as nb FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet = ".$this->id; + $sql = "SELECT COUNT(ed.rowid) as nb FROM ".MAIN_DB_PREFIX."expensereport as e, ".MAIN_DB_PREFIX."expensereport_det as ed WHERE e.rowid = ed.fk_expensereport AND e.entity IN (".getEntity('expensereport').") AND ed.fk_projet = ".((int) $this->id); } elseif ($type == 'project_task') { $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt WHERE pt.fk_projet = ".$this->id; } elseif ($type == 'project_task_time') { // Case we want to duplicate line foreach user - $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."projet_task_time as ptt WHERE pt.rowid = ptt.fk_task AND pt.fk_projet = ".$this->id; + $sql = "SELECT DISTINCT COUNT(pt.rowid) as nb FROM ".MAIN_DB_PREFIX."projet_task as pt, ".MAIN_DB_PREFIX."projet_task_time as ptt WHERE pt.rowid = ptt.fk_task AND pt.fk_projet = ".((int) $this->id); } elseif ($type == 'stock_mouvement') { - $sql = 'SELECT COUNT(ms.rowid) as nb FROM '.MAIN_DB_PREFIX."stock_mouvement as ms, ".MAIN_DB_PREFIX."entrepot as e WHERE e.rowid = ms.fk_entrepot AND e.entity IN (".getEntity('stock').") AND ms.origintype = 'project' AND ms.fk_origin = ".$this->id." AND ms.type_mouvement = 1"; + $sql = 'SELECT COUNT(ms.rowid) as nb FROM '.MAIN_DB_PREFIX."stock_mouvement as ms, ".MAIN_DB_PREFIX."entrepot as e WHERE e.rowid = ms.fk_entrepot AND e.entity IN (".getEntity('stock').") AND ms.origintype = 'project' AND ms.fk_origin = ".((int) $this->id)." AND ms.type_mouvement = 1"; } elseif ($type == 'loan') { - $sql = 'SELECT COUNT(l.rowid) as nb FROM '.MAIN_DB_PREFIX."loan as l WHERE l.entity IN (".getEntity('loan').") AND l.fk_projet = ".$this->id; + $sql = 'SELECT COUNT(l.rowid) as nb FROM '.MAIN_DB_PREFIX."loan as l WHERE l.entity IN (".getEntity('loan').") AND l.fk_projet = ".((int) $this->id); } else { - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$tablename." WHERE ".$projectkey." = ".$this->id." AND entity IN (".getEntity($type).")"; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX.$tablename." WHERE ".$projectkey." = ".((int) $this->id)." AND entity IN (".getEntity($type).")"; } $result = $this->db->query($sql); diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 7916f79fdeb..fe8b2eeb8e3 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -1317,9 +1317,9 @@ class Task extends CommonObject $sql .= " SUM(t.task_duration) as nbseconds,"; $sql .= " SUM(t.task_duration / 3600 * ".$this->db->ifsql("t.thm IS NULL", 0, "t.thm").") as amount, SUM(".$this->db->ifsql("t.thm IS NULL", 1, 0).") as nblinesnull"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t"; - $sql .= " WHERE t.fk_task = ".$id; + $sql .= " WHERE t.fk_task = ".((int) $id); if (is_object($fuser) && $fuser->id > 0) { - $sql .= " AND fk_user = ".$fuser->id; + $sql .= " AND fk_user = ".((int) $fuser->id); } if ($dates > 0) { $datefieldname = "task_datehour"; @@ -1553,7 +1553,7 @@ class Task extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."projet_task"; $sql .= " SET duration_effective = (SELECT SUM(task_duration) FROM ".MAIN_DB_PREFIX."projet_task_time as ptt where ptt.fk_task = ".((int) $this->id).")"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::updateTimeSpent", LOG_DEBUG); if (!$this->db->query($sql)) { diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php index a19c1212761..80e092f2951 100644 --- a/htdocs/public/members/public_list.php +++ b/htdocs/public/members/public_list.php @@ -131,7 +131,7 @@ llxHeaderVierge($langs->trans("ListOfValidatedPublicMembers"), $morehead); $sql = "SELECT rowid, firstname, lastname, societe, zip, town, email, birth, photo"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent"; -$sql .= " WHERE entity = ".$entity; +$sql .= " WHERE entity = ".((int) $entity); $sql .= " AND statut = 1"; $sql .= " AND public = 1"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/public/stripe/ipn.php b/htdocs/public/stripe/ipn.php index d39f48f2dfe..f44bc0b1c99 100644 --- a/htdocs/public/stripe/ipn.php +++ b/htdocs/public/stripe/ipn.php @@ -373,7 +373,7 @@ if ($event->type == 'payout.created') { } } elseif ($event->type == 'payment_method.detached') { $db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_rib WHERE number = '".$db->escape($event->data->object->id)."' and status = ".$servicestatus; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_rib WHERE number = '".$db->escape($event->data->object->id)."' and status = ".((int) $servicestatus); $db->query($sql); $db->commit(); } elseif ($event->type == 'charge.succeeded') { diff --git a/htdocs/reception/class/reception.class.php b/htdocs/reception/class/reception.class.php index a8a55c7faf2..b2f31505c44 100644 --- a/htdocs/reception/class/reception.class.php +++ b/htdocs/reception/class/reception.class.php @@ -1410,7 +1410,7 @@ class Reception extends CommonObject if (!empty($this->shipping_method_id)) { $sql = "SELECT em.code, em.tracking"; $sql .= " FROM ".MAIN_DB_PREFIX."c_shipment_mode as em"; - $sql .= " WHERE em.rowid = ".$this->shipping_method_id; + $sql .= " WHERE em.rowid = ".((int) $this->shipping_method_id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/resource/element_resource.php b/htdocs/resource/element_resource.php index c16018a30c1..24be7dfbb5a 100644 --- a/htdocs/resource/element_resource.php +++ b/htdocs/resource/element_resource.php @@ -118,7 +118,7 @@ if (empty($reshook)) { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = '".$db->escape($resource_type)."'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($objstat->element)."'"; - $sql .= " WHERE er.resource_id = ".$resource_id; + $sql .= " WHERE er.resource_id = ".((int) $resource_id); $sql .= " AND er.busy = 1"; $sql .= " AND ("; @@ -193,8 +193,8 @@ if (empty($reshook)) { $sql .= " FROM ".MAIN_DB_PREFIX."element_resources as er"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."resource as r ON r.rowid = er.resource_id AND er.resource_type = '".$db->escape($object->resource_type)."'"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."actioncomm as ac ON ac.id = er.element_id AND er.element_type = '".$db->escape($object->element_type)."'"; - $sql .= " WHERE er.resource_id = ".$object->resource_id; - $sql .= " AND ac.id != ".$object->element_id; + $sql .= " WHERE er.resource_id = ".((int) $object->resource_id); + $sql .= " AND ac.id <> ".((int) $object->element_id); $sql .= " AND er.busy = 1"; $sql .= " AND ("; diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index e1225f15258..afd152fb785 100755 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -780,7 +780,7 @@ if ($id) { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as c ON p.fk_typepayment = c.id"; $sql .= ", ".MAIN_DB_PREFIX."salary as salaire"; - $sql .= " WHERE p.fk_salary = ".$id; + $sql .= " WHERE p.fk_salary = ".((int) $id); $sql .= " AND p.fk_salary = salaire.rowid"; $sql .= " AND salaire.entity IN (".getEntity('tax').")"; $sql .= " ORDER BY dp DESC"; diff --git a/htdocs/salaries/class/salariesstats.class.php b/htdocs/salaries/class/salariesstats.class.php index f8a7d618fb0..b3e6c20a0ca 100644 --- a/htdocs/salaries/class/salariesstats.class.php +++ b/htdocs/salaries/class/salariesstats.class.php @@ -64,7 +64,7 @@ class SalariesStats extends Stats $this->where = " entity = ".$conf->entity; if ($this->socid > 0) { - $this->where .= " AND fk_soc = ".$this->socid; + $this->where .= " AND fk_soc = ".((int) $this->socid); } if (is_array($this->userid) && count($this->userid) > 0) { $this->where .= ' AND fk_user IN ('.$this->db->sanitize(join(',', $this->userid)).')'; @@ -101,7 +101,7 @@ class SalariesStats extends Stats { $sql = "SELECT MONTH(datep) as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(datep) = ".$year; + $sql .= " WHERE YEAR(datep) = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/salaries/paiement_salary.php b/htdocs/salaries/paiement_salary.php index eb9fe8bfd17..6c282eac94d 100644 --- a/htdocs/salaries/paiement_salary.php +++ b/htdocs/salaries/paiement_salary.php @@ -188,12 +188,12 @@ if ($action == 'create') { $sql = "SELECT sum(p.amount) as total"; $sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p"; - $sql .= " WHERE p.fk_salary = ".$chid; + $sql .= " WHERE p.fk_salary = ".((int) $chid); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); $sumpaid = $obj->total; - $db->free(); + $db->free($resql); } /*print ''; print '';*/ diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php index ddc9fa41fdb..6fd5160d8a6 100644 --- a/htdocs/societe/class/api_thirdparties.class.php +++ b/htdocs/societe/class/api_thirdparties.class.php @@ -1017,7 +1017,7 @@ class Thirdparties extends DolibarrApi $sql = "SELECT f.ref, f.type as factype, re.fk_facture_source, re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc, re.description, re.fk_facture, re.fk_facture_line"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re, ".MAIN_DB_PREFIX."facture as f"; - $sql .= " WHERE f.rowid = re.fk_facture_source AND re.fk_soc = ".$id; + $sql .= " WHERE f.rowid = re.fk_facture_source AND re.fk_soc = ".((int) $id); if ($filter == "available") { $sql .= " AND re.fk_facture IS NULL AND re.fk_facture_line IS NULL"; } @@ -1155,7 +1155,7 @@ class Thirdparties extends DolibarrApi $sql .= " owner_address, default_rib, label, datec, tms as datem, rum, frstrecur"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_rib"; if ($id) { - $sql .= " WHERE fk_soc = ".$id." "; + $sql .= " WHERE fk_soc = ".((int) $id); } @@ -1505,7 +1505,7 @@ class Thirdparties extends DolibarrApi throw new RestException(422, 'Unprocessable Entity: You must pass the site attribute in your request data !'); } - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."'"; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."'"; $result = $this->db->query($sql); if ($result && $this->db->num_rows($result) == 0) { @@ -1585,7 +1585,7 @@ class Thirdparties extends DolibarrApi // We found an existing SocieteAccount entity, we are replacing it } else { if (isset($request_data['site']) && $request_data['site'] !== $site) { - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."' "; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."' "; $result = $this->db->query($sql); if ($result && $this->db->num_rows($result) !== 0) { @@ -1649,7 +1649,7 @@ class Thirdparties extends DolibarrApi } else { // If the user tries to edit the site member, we check first if if (isset($request_data['site']) && $request_data['site'] !== $site) { - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."' "; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id)." AND site = '".$this->db->escape($request_data['site'])."' "; $result = $this->db->query($sql); if ($result && $this->db->num_rows($result) !== 0) { @@ -1733,7 +1733,7 @@ class Thirdparties extends DolibarrApi */ $sql = "SELECT rowid, fk_soc, key_account, site, date_creation, tms"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id; + $sql .= " FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".((int) $id); $result = $this->db->query($sql); diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php index 6b09d88ac71..eefb71b6772 100644 --- a/htdocs/societe/class/client.class.php +++ b/htdocs/societe/class/client.class.php @@ -104,7 +104,7 @@ class Client extends Societe $sql = "SELECT id, code, libelle as label, picto FROM ".MAIN_DB_PREFIX."c_stcomm"; if ($active >= 0) { - $sql .= " WHERE active = ".$active; + $sql .= " WHERE active = ".((int) $active); } $resql = $this->db->query($sql); $num = $this->db->num_rows($resql); diff --git a/htdocs/societe/class/companybankaccount.class.php b/htdocs/societe/class/companybankaccount.class.php index c611ccab462..3e410019b22 100644 --- a/htdocs/societe/class/companybankaccount.class.php +++ b/htdocs/societe/class/companybankaccount.class.php @@ -217,12 +217,12 @@ class CompanyBankAccount extends Account $sql .= " WHERE rowid = ".((int) $id); } if ($socid) { - $sql .= " WHERE fk_soc = ".$socid; + $sql .= " WHERE fk_soc = ".((int) $socid); if ($default > -1) { - $sql .= " AND default_rib = ".$this->db->escape($default); + $sql .= " AND default_rib = ".((int) $default); } if ($type) { - $sql .= " AND type ='".$this->db->escape($type)."'"; + $sql .= " AND type = '".$this->db->escape($type)."'"; } } @@ -351,12 +351,12 @@ class CompanyBankAccount extends Account $this->db->begin(); $sql2 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 0"; - $sql2 .= " WHERE type = 'ban' AND fk_soc = ".$obj->fk_soc; + $sql2 .= " WHERE type = 'ban' AND fk_soc = ".((int) $obj->fk_soc); dol_syslog(get_class($this).'::setAsDefault', LOG_DEBUG); $result2 = $this->db->query($sql2); $sql3 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 1"; - $sql3 .= " WHERE rowid = ".$obj->id; + $sql3 .= " WHERE rowid = ".((int) $obj->id); dol_syslog(get_class($this).'::setAsDefault', LOG_DEBUG); $result3 = $this->db->query($sql3); diff --git a/htdocs/societe/class/companypaymentmode.class.php b/htdocs/societe/class/companypaymentmode.class.php index db19840fd8e..1f11e6a29c3 100644 --- a/htdocs/societe/class/companypaymentmode.class.php +++ b/htdocs/societe/class/companypaymentmode.class.php @@ -318,7 +318,7 @@ class CompanyPaymentMode extends CommonObject public function fetch($id, $ref = null, $socid = 0, $type = '', $morewhere = '') { if ($socid) { - $morewhere .= " AND fk_soc = ".$this->db->escape($socid)." AND default_rib = 1"; + $morewhere .= " AND fk_soc = ".((int) $socid)." AND default_rib = 1"; } if ($type) { $morewhere .= " AND type = '".$this->db->escape($type)."'"; @@ -464,7 +464,7 @@ class CompanyPaymentMode extends CommonObject $this->db->begin(); $sql2 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 0, tms = tms"; - $sql2 .= " WHERE default_rib <> 0 AND fk_soc = ".$obj->fk_soc; + $sql2 .= " WHERE default_rib <> 0 AND fk_soc = ".((int) $obj->fk_soc); if ($type) { $sql2 .= " AND type = '".$this->db->escape($type)."'"; } @@ -472,7 +472,7 @@ class CompanyPaymentMode extends CommonObject $result2 = $this->db->query($sql2); $sql3 = "UPDATE ".MAIN_DB_PREFIX."societe_rib SET default_rib = 1"; - $sql3 .= " WHERE rowid = ".$obj->id; + $sql3 .= " WHERE rowid = ".((int) $obj->id); if ($type) { $sql3 .= " AND type = '".$this->db->escape($type)."'"; } diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 99453db7ac4..6874c4b3b2d 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1907,7 +1907,7 @@ class Societe extends CommonObject } } else { $sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete; - $sql .= " WHERE fk_soc = ".$id; + $sql .= " WHERE fk_soc = ".((int) $id); if (!$this->db->query($sql)) { $error++; $this->errors[] = $this->db->lasterror(); @@ -1930,7 +1930,7 @@ class Societe extends CommonObject if (!$error) { $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; $sql .= " SET parent = NULL"; - $sql .= " WHERE parent = ".$id; + $sql .= " WHERE parent = ".((int) $id); if (!$this->db->query($sql)) { $error++; $this->errors[] = $this->db->lasterror(); @@ -2326,7 +2326,7 @@ class Societe extends CommonObject if (!$error) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux"; - $sql .= " WHERE fk_soc = ".$this->id." AND fk_user =".$commid; + $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid); $resql = $this->db->query($sql); if (!$resql) { @@ -2389,7 +2389,7 @@ class Societe extends CommonObject if ($this->id > 0 && $commid > 0) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_commerciaux "; - $sql .= " WHERE fk_soc = ".$this->id." AND fk_user =".$commid; + $sql .= " WHERE fk_soc = ".$this->id." AND fk_user = ".((int) $commid); if (!$this->db->query($sql)) { dol_syslog(get_class($this)."::del_commercial Erreur"); diff --git a/htdocs/societe/class/societeaccount.class.php b/htdocs/societe/class/societeaccount.class.php index 5be05d99a56..8fbbbbcee6e 100644 --- a/htdocs/societe/class/societeaccount.class.php +++ b/htdocs/societe/class/societeaccount.class.php @@ -284,7 +284,7 @@ class SocieteAccount extends CommonObject { $sql = "SELECT sa.key_account as key_account, sa.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_account as sa"; - $sql .= " WHERE sa.fk_soc = ".$id; + $sql .= " WHERE sa.fk_soc = ".((int) $id); $sql .= " AND sa.entity IN (".getEntity('societe').")"; $sql .= " AND sa.site = '".$this->db->escape($site)."' AND sa.status = ".((int) $status); $sql .= " AND sa.key_account IS NOT NULL AND sa.key_account <> ''"; diff --git a/htdocs/societe/consumption.php b/htdocs/societe/consumption.php index a7ef895041e..3190ad5e64e 100644 --- a/htdocs/societe/consumption.php +++ b/htdocs/societe/consumption.php @@ -146,7 +146,7 @@ if ($object->client) { print ' ('.$langs->trans("WrongCustomerCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -183,7 +183,7 @@ if ($object->fournisseur) { print ' ('.$langs->trans("WrongSupplierCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."commande_fournisseur where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."commande_fournisseur where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -229,7 +229,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices $documentstatic = new Fichinter($db); $sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, \'1\' as doc_type, f.datec as dateprint, f.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."fichinter as f LEFT JOIN ".MAIN_DB_PREFIX."fichinterdet as d ON d.fk_fichinter = f.rowid"; // Must use left join to work also with option that disable usage of lines. - $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND f.entity = ".$conf->entity; $dateprint = 'f.datec'; $doc_number = 'f.ref'; @@ -239,7 +239,7 @@ if ($type_element == 'invoice') { // Customer : show products from invoices $documentstatic = new Facture($db); $sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, f.type as doc_type, f.datef as dateprint, f.fk_statut as status, f.paye as paid, '; $tables_from = MAIN_DB_PREFIX."facture as f,".MAIN_DB_PREFIX."facturedet as d"; - $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_facture = f.rowid"; $where .= " AND f.entity IN (".getEntity('invoice').")"; $dateprint = 'f.datef'; @@ -251,7 +251,7 @@ if ($type_element == 'propal') { $documentstatic = new Propal($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.datep as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."propal as c,".MAIN_DB_PREFIX."propaldet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_propal = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $datePrint = 'c.datep'; @@ -263,7 +263,7 @@ if ($type_element == 'order') { $documentstatic = new Commande($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_commande as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."commande as c,".MAIN_DB_PREFIX."commandedet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_commande = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_commande'; @@ -275,7 +275,7 @@ if ($type_element == 'supplier_invoice') { // Supplier : Show products from inv $documentstatic = new FactureFournisseur($db); $sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, \'1\' as doc_type, f.datef as dateprint, f.fk_statut as status, f.paye as paid, '; $tables_from = MAIN_DB_PREFIX."facture_fourn as f,".MAIN_DB_PREFIX."facture_fourn_det as d"; - $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_facture_fourn = f.rowid"; $where .= " AND f.entity = ".$conf->entity; $dateprint = 'f.datef'; @@ -287,7 +287,7 @@ if ($type_element == 'supplier_proposal') { $documentstatic = new SupplierProposal($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."supplier_proposal as c,".MAIN_DB_PREFIX."supplier_proposaldet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_supplier_proposal = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_valid'; @@ -299,7 +299,7 @@ if ($type_element == 'supplier_order') { // Supplier : Show products from order $documentstatic = new CommandeFournisseur($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_valid as dateprint, c.fk_statut as status, '; $tables_from = MAIN_DB_PREFIX."commande_fournisseur as c,".MAIN_DB_PREFIX."commande_fournisseurdet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_commande = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_valid'; @@ -312,7 +312,7 @@ if ($type_element == 'contract') { // Order $documentstaticline = new ContratLigne($db); $sql_select = 'SELECT c.rowid as doc_id, c.ref as doc_number, \'1\' as doc_type, c.date_contrat as dateprint, d.statut as status, '; $tables_from = MAIN_DB_PREFIX."contrat as c,".MAIN_DB_PREFIX."contratdet as d"; - $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".$socid; + $where = " WHERE c.fk_soc = s.rowid AND s.rowid = ".((int) $socid); $where .= " AND d.fk_contrat = c.rowid"; $where .= " AND c.entity = ".$conf->entity; $dateprint = 'c.date_valid'; diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php index 8c321b1386d..dc8d95ef42f 100644 --- a/htdocs/societe/paymentmodes.php +++ b/htdocs/societe/paymentmodes.php @@ -517,10 +517,10 @@ if (empty($reshook)) { $db->begin(); if (empty($newcu)) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; } else { $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX."societe_account"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! } $resql = $db->query($sql); @@ -542,7 +542,7 @@ if (empty($reshook)) { } else { $sql = 'UPDATE '.MAIN_DB_PREFIX."societe_account"; $sql .= " SET key_account = '".$db->escape(GETPOST('key_account', 'alpha'))."', site_account = '".$db->escape($site_account)."'"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".$servicestatus." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! $resql = $db->query($sql); } } @@ -761,7 +761,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print ' ('.$langs->trans("WrongCustomerCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); @@ -823,7 +823,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard' print ' ('.$langs->trans("WrongSupplierCode").')'; } print ''; - $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".$socid; + $sql = "SELECT count(*) as nb from ".MAIN_DB_PREFIX."facture where fk_soc = ".((int) $socid); $resql = $db->query($sql); if (!$resql) { dol_print_error($db); diff --git a/htdocs/societe/societecontact.php b/htdocs/societe/societecontact.php index c37f61e4fe2..2a6dd2176df 100644 --- a/htdocs/societe/societecontact.php +++ b/htdocs/societe/societecontact.php @@ -227,7 +227,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " t.libelle as type, t.subscription"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent as d"; $sql .= ", ".MAIN_DB_PREFIX."adherent_type as t"; - $sql .= " WHERE d.fk_soc = ".$id; + $sql .= " WHERE d.fk_soc = ".((int) $id); $sql .= " AND d.fk_adherent_type = t.rowid"; dol_syslog("get list sql=".$sql); diff --git a/htdocs/takepos/receipt.php b/htdocs/takepos/receipt.php index dd895eb4265..e9d721a44e3 100644 --- a/htdocs/takepos/receipt.php +++ b/htdocs/takepos/receipt.php @@ -260,7 +260,7 @@ if ($conf->global->TAKEPOS_PRINT_PAYMENT_METHOD) { $sql .= " cp.code"; $sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id"; - $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$facid; + $sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $facid); $sql .= " ORDER BY p.datep"; $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 57d0066323d..1d77e323c10 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -568,7 +568,7 @@ class Ticket extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; if ($id) { - $sql .= " WHERE t.rowid = ".$this->db->escape($id); + $sql .= " WHERE t.rowid = ".((int) $id); } else { $sql .= " WHERE t.entity IN (".getEntity($this->element, 1).")"; if (!empty($ref)) { diff --git a/htdocs/ticket/class/ticketstats.class.php b/htdocs/ticket/class/ticketstats.class.php index 51449c6b233..2bcd0fe89fc 100644 --- a/htdocs/ticket/class/ticketstats.class.php +++ b/htdocs/ticket/class/ticketstats.class.php @@ -98,7 +98,7 @@ class TicketStats extends Stats { $sql = "SELECT MONTH(datec) as dm, count(*)"; $sql .= " FROM ".$this->from; - $sql .= " WHERE YEAR(datec) = ".$year; + $sql .= " WHERE YEAR(datec) = ".((int) $year); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index f01198f1ca8..b3303492417 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -871,7 +871,7 @@ class User extends CommonObject $nid = $obj->id; $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights"; - $sql .= " WHERE fk_user = ".$this->id." AND fk_id=".$nid; + $sql .= " WHERE fk_user = ".$this->id." AND fk_id = ".((int) $nid); $sql .= " AND entity = ".$entity; if (!$this->db->query($sql)) { $error++; diff --git a/htdocs/webservices/server_contact.php b/htdocs/webservices/server_contact.php index 9f57a445cc3..a28371443d5 100644 --- a/htdocs/webservices/server_contact.php +++ b/htdocs/webservices/server_contact.php @@ -503,7 +503,7 @@ function getContactsForThirdParty($authentication, $idthirdparty) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as d ON c.fk_departement = d.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON c.rowid = u.fk_socpeople"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid"; - $sql .= " WHERE c.fk_soc = ".$idthirdparty; + $sql .= " WHERE c.fk_soc = ".((int) $idthirdparty); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/webservices/server_productorservice.php b/htdocs/webservices/server_productorservice.php index 259f3ec67fe..95b7246d021 100644 --- a/htdocs/webservices/server_productorservice.php +++ b/htdocs/webservices/server_productorservice.php @@ -1006,7 +1006,7 @@ function getProductsForCategory($authentication, $id, $lang = '') $table = "product"; $field = "product"; $sql = "SELECT fk_".$field." FROM ".MAIN_DB_PREFIX."categorie_".$table; - $sql .= " WHERE fk_categorie = ".$id; + $sql .= " WHERE fk_categorie = ".((int) $id); $sql .= " ORDER BY fk_".$field." ASC"; diff --git a/htdocs/website/class/website.class.php b/htdocs/website/class/website.class.php index 171918238b8..80d31f0024d 100644 --- a/htdocs/website/class/website.class.php +++ b/htdocs/website/class/website.class.php @@ -1414,10 +1414,10 @@ class Website extends CommonObject $sql = "SELECT wp.rowid, wp.lang, wp.pageurl, wp.fk_page"; $sql .= " FROM ".MAIN_DB_PREFIX."website_page as wp"; - $sql .= " WHERE wp.fk_website = ".$website->id; + $sql .= " WHERE wp.fk_website = ".((int) $website->id); $sql .= " AND (wp.fk_page = ".((int) $pageid)." OR wp.rowid = ".((int) $pageid); if ($tmppage->fk_page > 0) { - $sql .= " OR wp.fk_page = ".$tmppage->fk_page." OR wp.rowid = ".$tmppage->fk_page; + $sql .= " OR wp.fk_page = ".((int) $tmppage->fk_page)." OR wp.rowid = ".((int) $tmppage->fk_page); } $sql .= ")"; From fb7cfe6c508a26a2b9023f6251758a18fff09fa3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 19:15:20 +0200 Subject: [PATCH 31/37] Fix sql error --- htdocs/compta/facture/class/facture.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index ca4e445c880..74e2f380d91 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -2282,7 +2282,7 @@ class Facture extends CommonInvoice // Invoice line extrafileds $main = MAIN_DB_PREFIX.'facturedet'; $ef = $main."_extrafields"; - $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid); + $sqlef = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM ".$main." WHERE fk_facture = ".((int) $rowid).")"; // Delete invoice line $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facturedet WHERE fk_facture = '.((int) $rowid); From ab58ba80c9137610588bb2bb04f74e1ac986f6bb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 19:17:12 +0200 Subject: [PATCH 32/37] Update llx_10_c_regions.sql --- htdocs/install/mysql/data/llx_10_c_regions.sql | 3 --- 1 file changed, 3 deletions(-) diff --git a/htdocs/install/mysql/data/llx_10_c_regions.sql b/htdocs/install/mysql/data/llx_10_c_regions.sql index 37394db47e0..b054ca383ef 100644 --- a/htdocs/install/mysql/data/llx_10_c_regions.sql +++ b/htdocs/install/mysql/data/llx_10_c_regions.sql @@ -12,9 +12,6 @@ -- Copyright (C) 2019~ Lao Tian <281388879@qq.com> -- Copyright (C) 2020-2021 Udo Tamm -- --- --- LICENSE ---------------------------------------------------------------------- --- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by -- the Free Software Foundation; either version 3 of the License, or From d6b5e24d9635532eb9aaf13d5d005b12fc7c6836 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 19:20:02 +0200 Subject: [PATCH 33/37] Update payments.php --- htdocs/salaries/payments.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/salaries/payments.php b/htdocs/salaries/payments.php index b3a398c8c45..0ec83a55595 100644 --- a/htdocs/salaries/payments.php +++ b/htdocs/salaries/payments.php @@ -485,7 +485,9 @@ while ($i < ($limit ? min($num, $limit) : $num)) { $accountstatic->accountancy_journal = $accountingjournal->getNomUrl(0, 1, 1, '', 1); } $accountstatic->label = $obj->blabel; - if ($accountstatic->id > 0) print $accountstatic->getNomUrl(1); + if ($accountstatic->id > 0) { + print $accountstatic->getNomUrl(1); + } } else print ' '; print ''; if (!$i) $totalarray['nbfield']++; From fd410adcf3819b908b5517f852dda0eac4c6d654 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 19:22:02 +0200 Subject: [PATCH 34/37] Update llx_20_c_departements.sql --- htdocs/install/mysql/data/llx_20_c_departements.sql | 3 --- 1 file changed, 3 deletions(-) diff --git a/htdocs/install/mysql/data/llx_20_c_departements.sql b/htdocs/install/mysql/data/llx_20_c_departements.sql index 1a6e7970cde..2ac7a30a99b 100644 --- a/htdocs/install/mysql/data/llx_20_c_departements.sql +++ b/htdocs/install/mysql/data/llx_20_c_departements.sql @@ -11,9 +11,6 @@ -- Copyright (C) 2015 Ferran Marcet -- Copyright (C) 2020-2021 Udo Tamm -- --- --- LICENSE ---------------------------------------------------------------------- --- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by -- the Free Software Foundation; either version 3 of the License, or From e763bb548332b5e4ff4e1b66c7ccb562d9d1cafc Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 19:22:51 +0200 Subject: [PATCH 35/37] Update type_translation.php --- htdocs/adherents/type_translation.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/htdocs/adherents/type_translation.php b/htdocs/adherents/type_translation.php index 7111f9c905c..84fe883e41f 100644 --- a/htdocs/adherents/type_translation.php +++ b/htdocs/adherents/type_translation.php @@ -4,9 +4,6 @@ * Copyright (C) 2010-2012 Destailleur Laurent * Copyright (C) 2014 Henry Florian * - * - * LICENSE - * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or From 6ba725eb5e0df190d62b4f4d9b6a7434bd8a3246 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 21:04:12 +0200 Subject: [PATCH 36/37] Fix sql error --- htdocs/install/upgrade2.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index 26c791c2290..32959af80cc 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -3247,7 +3247,7 @@ function migrate_mode_reglement($db, $langs, $conf) $db->begin(); $sqla = "UPDATE ".MAIN_DB_PREFIX."paiement SET"; - $sqla .= " fk_paiement = ".$elements['new_id'][$key]; + $sqla .= " fk_paiement = ".((int) $elements['new_id'][$key]); $sqla .= " WHERE fk_paiement = ".((int) $old_id); $sqla .= " AND fk_paiement IN (SELECT id FROM ".MAIN_DB_PREFIX."c_paiement WHERE id = ".((int) $old_id)." AND code = '".$db->escape($elements['code'][$key])."')"; $resqla = $db->query($sqla); @@ -3261,7 +3261,7 @@ function migrate_mode_reglement($db, $langs, $conf) if ($resqla && $resql) { foreach ($elements['tables'] as $table) { $sql = "UPDATE ".MAIN_DB_PREFIX.$table." SET "; - $sql .= "fk_mode_reglement = "((int) $elements['new_id'][$key]); + $sql .= "fk_mode_reglement = ".((int) $elements['new_id'][$key]); $sql .= " WHERE fk_mode_reglement = ".((int) $old_id); $resql = $db->query($sql); From 06e92bb262a651b38bf37b328b633d9f65c2762f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 22:03:14 +0200 Subject: [PATCH 37/37] Fix compatibility php5.6+ --- test/phpunit/InventoryTest.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/phpunit/InventoryTest.php b/test/phpunit/InventoryTest.php index 1d125a0311c..ad2b19aebd3 100644 --- a/test/phpunit/InventoryTest.php +++ b/test/phpunit/InventoryTest.php @@ -79,7 +79,7 @@ class InventoryTest extends PHPUnit\Framework\TestCase * * @return void */ - public static function setUpBeforeClass():void + public static function setUpBeforeClass() { global $conf,$user,$langs,$db; @@ -93,7 +93,7 @@ class InventoryTest extends PHPUnit\Framework\TestCase * * @return void */ - public static function tearDownAfterClass():void + public static function tearDownAfterClass() { global $conf,$user,$langs,$db; $db->rollback(); @@ -106,7 +106,7 @@ class InventoryTest extends PHPUnit\Framework\TestCase * * @return void */ - protected function setUp():void + protected function setUp() { global $conf,$user,$langs,$db; $conf=$this->savconf; @@ -122,7 +122,7 @@ class InventoryTest extends PHPUnit\Framework\TestCase * * @return void */ - protected function tearDown():void + protected function tearDown() { print __METHOD__."\n"; }
'.$langs->trans("AlreadyPaid").''.price($sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).'
'.$langs->trans("RemainderToPay").''.price($total-$sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).'