From 826ed679217e8da3fe5ea9deb48eae00b5b89c5d Mon Sep 17 00:00:00 2001 From: VESSILLER Date: Fri, 13 Mar 2020 09:01:22 +0100 Subject: [PATCH] FIX travis errors sql escape --- htdocs/core/modules/takepos/mod_takepos_ref_simple.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/core/modules/takepos/mod_takepos_ref_simple.php b/htdocs/core/modules/takepos/mod_takepos_ref_simple.php index f63acb7f7e4..4275e202f6e 100644 --- a/htdocs/core/modules/takepos/mod_takepos_ref_simple.php +++ b/htdocs/core/modules/takepos/mod_takepos_ref_simple.php @@ -92,7 +92,7 @@ class mod_takepos_ref_simple extends ModeleNumRefTakepos $posindice = 8; $sql = "SELECT MAX(CAST(SUBSTRING(ref FROM " . $posindice . ") AS SIGNED)) as max"; $sql .= " FROM " . MAIN_DB_PREFIX . "facture"; - $sql .= " WHERE ref LIKE '" . $this->prefix . "____-%'"; + $sql .= " WHERE ref LIKE '" . $db->escape($this->prefix) . "____-%'"; $sql .= " AND entity = " . $conf->entity; $resql = $db->query($sql); @@ -131,7 +131,7 @@ class mod_takepos_ref_simple extends ModeleNumRefTakepos $posindice = strlen($this->prefix . $pos_source . '-____-') + 1; $sql = "SELECT MAX(CAST(SUBSTRING(ref FROM " . $posindice . ") AS SIGNED)) as max"; // This is standard SQL $sql .= " FROM " . MAIN_DB_PREFIX . "facture"; - $sql .= " WHERE ref LIKE '" . $this->prefix . $pos_source . "-____-%'"; + $sql .= " WHERE ref LIKE '" . $db->escape($this->prefix . $pos_source) . "-____-%'"; $sql .= " AND entity IN (".getEntity('invoicenumber', 1, $invoice).")"; $resql = $db->query($sql); @@ -152,7 +152,7 @@ class mod_takepos_ref_simple extends ModeleNumRefTakepos $ref = ''; $sql = "SELECT ref as ref"; $sql .= " FROM ". MAIN_DB_PREFIX . "facture"; - $sql .= " WHERE ref LIKE '" . $this->prefix . $pos_source . "-____-" . $num . "'"; + $sql .= " WHERE ref LIKE '" . $db->escape($this->prefix . $pos_source) . "-____-" . $num . "'"; $sql .= " AND entity IN (".getEntity('invoicenumber', 1, $invoice).")"; $sql .= " ORDER BY ref DESC";