From 7c5b0be6a37323bd29046156d5d2cf112f784391 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 29 Jun 2020 13:48:00 +0200 Subject: [PATCH] FIX SQL syntax error when editing extrafields --- htdocs/core/db/mysqli.class.php | 4 +- htdocs/core/db/pgsql.class.php | 13 ++--- htdocs/core/lib/security.lib.php | 65 ++++++++--------------- htdocs/core/modules/modDebugBar.class.php | 2 +- htdocs/core/modules/modSyslog.class.php | 2 +- 5 files changed, 33 insertions(+), 53 deletions(-) diff --git a/htdocs/core/db/mysqli.class.php b/htdocs/core/db/mysqli.class.php index b98c6444148..4f634835461 100644 --- a/htdocs/core/db/mysqli.class.php +++ b/htdocs/core/db/mysqli.class.php @@ -791,7 +791,7 @@ class DoliDBMysqli extends DoliDB $sql .= $field_desc['type']; if (preg_match("/^[^\s]/i", $field_desc['value'])) { - if (!in_array($field_desc['type'], array('date', 'datetime'))) + if (!in_array($field_desc['type'], array('date', 'datetime')) && $field_desc['value']) { $sql .= "(".$field_desc['value'].")"; } @@ -837,7 +837,7 @@ class DoliDBMysqli extends DoliDB // phpcs:enable $sql = "ALTER TABLE ".$table; $sql .= " MODIFY COLUMN ".$field_name." ".$field_desc['type']; - if ($field_desc['type'] == 'double' || $field_desc['type'] == 'tinyint' || $field_desc['type'] == 'int' || $field_desc['type'] == 'varchar') { + if (in_array($field_desc['type'], array('double', 'tinyint', 'int', 'varchar')) && $field_desc['value']) { $sql .= "(".$field_desc['value'].")"; } if ($field_desc['null'] == 'not null' || $field_desc['null'] == 'NOT NULL') diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index 8eeaa7f335b..9ab2e1807bd 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -1114,11 +1114,12 @@ class DoliDBPgsql extends DoliDB // ex. : $field_desc = array('type'=>'int','value'=>'11','null'=>'not null','extra'=> 'auto_increment'); $sql = "ALTER TABLE ".$table." ADD ".$field_name." "; $sql .= $field_desc['type']; - if (preg_match("/^[^\s]/i", $field_desc['value'])) - if (!in_array($field_desc['type'], array('int', 'date', 'datetime'))) - { - $sql .= "(".$field_desc['value'].")"; - } + if (preg_match("/^[^\s]/i", $field_desc['value'])) { + if (!in_array($field_desc['type'], array('int', 'date', 'datetime')) && $field_desc['value']) + { + $sql .= "(".$field_desc['value'].")"; + } + } if (preg_match("/^[^\s]/i", $field_desc['attribute'])) $sql .= " ".$field_desc['attribute']; if (preg_match("/^[^\s]/i", $field_desc['null'])) @@ -1155,7 +1156,7 @@ class DoliDBPgsql extends DoliDB // phpcs:enable $sql = "ALTER TABLE ".$table; $sql .= " MODIFY COLUMN ".$field_name." ".$field_desc['type']; - if ($field_desc['type'] == 'double' || $field_desc['type'] == 'tinyint' || $field_desc['type'] == 'int' || $field_desc['type'] == 'varchar') { + if (in_array($field_desc['type'], array('double', 'tinyint', 'int', 'varchar')) && $field_desc['value']) { $sql .= "(".$field_desc['value'].")"; } diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 216c859171d..6557f3ce598 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -224,49 +224,37 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f // Check read permission from module $readok = 1; $nbko = 0; - foreach ($featuresarray as $feature) // first we check nb of test ko - { + foreach ($featuresarray as $feature) { // first we check nb of test ko $featureforlistofmodule = $feature; if ($featureforlistofmodule == 'produit') $featureforlistofmodule = 'product'; - if (!empty($user->socid) && !empty($conf->global->MAIN_MODULES_FOR_EXTERNAL) && !in_array($featureforlistofmodule, $listofmodules)) // If limits on modules for external users, module must be into list of modules for external users - { + if (!empty($user->socid) && !empty($conf->global->MAIN_MODULES_FOR_EXTERNAL) && !in_array($featureforlistofmodule, $listofmodules)) { // If limits on modules for external users, module must be into list of modules for external users $readok = 0; $nbko++; continue; } - if ($feature == 'societe') - { + if ($feature == 'societe') { if (!$user->rights->societe->lire && !$user->rights->fournisseur->lire) { $readok = 0; $nbko++; } - } elseif ($feature == 'contact') - { + } elseif ($feature == 'contact') { if (!$user->rights->societe->contact->lire) { $readok = 0; $nbko++; } - } elseif ($feature == 'produit|service') - { + } elseif ($feature == 'produit|service') { if (!$user->rights->produit->lire && !$user->rights->service->lire) { $readok = 0; $nbko++; } - } elseif ($feature == 'prelevement') - { + } elseif ($feature == 'prelevement') { if (!$user->rights->prelevement->bons->lire) { $readok = 0; $nbko++; } - } elseif ($feature == 'cheque') - { + } elseif ($feature == 'cheque') { if (!$user->rights->banque->cheque) { $readok = 0; $nbko++; } - } elseif ($feature == 'projet') - { + } elseif ($feature == 'projet') { if (!$user->rights->projet->lire && !$user->rights->projet->all->lire) { $readok = 0; $nbko++; } - } elseif (!empty($feature2)) // This is for permissions on 2 levels - { + } elseif (!empty($feature2)) { // This is for permissions on 2 levels $tmpreadok = 1; - foreach ($feature2 as $subfeature) - { + foreach ($feature2 as $subfeature) { if ($subfeature == 'user' && $user->id == $objectid) continue; // A user can always read its own card if (!empty($subfeature) && empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) { $tmpreadok = 0; } elseif (empty($subfeature) && empty($user->rights->$feature->lire) && empty($user->rights->$feature->read)) { $tmpreadok = 0; } else { $tmpreadok = 1; break; } // Break is to bypass second test if the first is ok } - if (!$tmpreadok) // We found a test on feature that is ko - { + if (!$tmpreadok) { // We found a test on feature that is ko $readok = 0; // All tests are ko (we manage here the and, the or will be managed later using $nbko). $nbko++; } - } elseif (!empty($feature) && ($feature != 'user' && $feature != 'usergroup')) // This is permissions on 1 level - { + } elseif (!empty($feature) && ($feature != 'user' && $feature != 'usergroup')) { // This is permissions on 1 level if (empty($user->rights->$feature->lire) && empty($user->rights->$feature->read) && empty($user->rights->$feature->run)) { $readok = 0; $nbko++; } @@ -288,31 +276,23 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f { foreach ($featuresarray as $feature) { - if ($feature == 'contact') - { + if ($feature == 'contact') { if (!$user->rights->societe->contact->creer) { $createok = 0; $nbko++; } - } elseif ($feature == 'produit|service') - { + } elseif ($feature == 'produit|service') { if (!$user->rights->produit->creer && !$user->rights->service->creer) { $createok = 0; $nbko++; } - } elseif ($feature == 'prelevement') - { + } elseif ($feature == 'prelevement') { if (!$user->rights->prelevement->bons->creer) { $createok = 0; $nbko++; } - } elseif ($feature == 'commande_fournisseur') - { + } elseif ($feature == 'commande_fournisseur') { if (!$user->rights->fournisseur->commande->creer) { $createok = 0; $nbko++; } - } elseif ($feature == 'banque') - { + } elseif ($feature == 'banque') { if (!$user->rights->banque->modifier) { $createok = 0; $nbko++; } - } elseif ($feature == 'cheque') - { + } elseif ($feature == 'cheque') { if (!$user->rights->banque->cheque) { $createok = 0; $nbko++; } } elseif ($feature == 'import') { if (!$user->rights->import->run) { $createok = 0; $nbko++; } } - elseif (!empty($feature2)) // This is for permissions on one level - { - foreach ($feature2 as $subfeature) - { + elseif (!empty($feature2)) { // This is for permissions on one level + foreach ($feature2 as $subfeature) { if ($subfeature == 'user' && $user->id == $objectid && $user->rights->user->self->creer) continue; // User can edit its own card if ($subfeature == 'user' && $user->id == $objectid && $user->rights->user->self->password) continue; // User can edit its own password @@ -327,9 +307,8 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f break; } } - } elseif (!empty($feature)) // This is for permissions on 2 levels ('creer' or 'write') - { - //print '
feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write; + } elseif (!empty($feature)) { // This is for permissions on 2 levels ('creer' or 'write') + //print '
feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write; exit; if (empty($user->rights->$feature->creer) && empty($user->rights->$feature->write) && empty($user->rights->$feature->create)) { diff --git a/htdocs/core/modules/modDebugBar.class.php b/htdocs/core/modules/modDebugBar.class.php index bf2bc640c44..f89f3659285 100644 --- a/htdocs/core/modules/modDebugBar.class.php +++ b/htdocs/core/modules/modDebugBar.class.php @@ -54,7 +54,7 @@ class modDebugBar extends DolibarrModules // Possible values for version are: 'development', 'experimental', 'dolibarr' or version $this->version = 'dolibarr'; $this->const_name = 'MAIN_MODULE_'.strtoupper($this->name); - $this->picto = 'technic'; + $this->picto = 'bug'; $this->module_parts = array('moduleforexternal' => 0); diff --git a/htdocs/core/modules/modSyslog.class.php b/htdocs/core/modules/modSyslog.class.php index 91e90d6540f..01079310e4b 100644 --- a/htdocs/core/modules/modSyslog.class.php +++ b/htdocs/core/modules/modSyslog.class.php @@ -58,7 +58,7 @@ class modSyslog extends DolibarrModules // Key used in llx_const table to save module status enabled/disabled (where MYMODULE is value of property name of module in uppercase) $this->const_name = 'MAIN_MODULE_'.strtoupper($this->name); // Name of image file used for this module. - $this->picto = 'technic'; + $this->picto = 'bug'; // Data directories to create when module is enabled $this->dirs = array();