From 84972e20ec53cb87942dd7ba635a0fdb9110919e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 11 Apr 2005 23:36:15 +0000 Subject: [PATCH] =?UTF-8?q?Fix:=20Plantage=20mise=20a=20jour=20si=20quot?= =?UTF-8?q?=20dans=20description=20ou=20libell=E9=20du=20produit?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/product.class.php | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/htdocs/product.class.php b/htdocs/product.class.php index 7c98c3ee936..a68b7bc1ad8 100644 --- a/htdocs/product.class.php +++ b/htdocs/product.class.php @@ -162,26 +162,22 @@ class Product $langs->load("main"); $langs->load("products"); + if (! $this->libelle) $this->libelle = 'LIBELLE MANQUANT'; $this->ref = ereg_replace("\"","",stripslashes($this->ref)); $this->ref = ereg_replace("'","",stripslashes($this->ref)); - - if (strlen(trim($this->libelle)) == 0) - { - $this->libelle = 'LIBELLE MANQUANT'; - } + + $this->ref = trim($this->ref); + $this->libelle = trim($this->libelle); + $this->description = trim($this->description); $sql = "UPDATE ".MAIN_DB_PREFIX."product "; - $sql .= " SET label = '" . trim($this->libelle) ."'"; - if (strlen(trim($this->ref))) - { - $sql .= ",ref = '" . trim($this->ref) ."'"; - } + $sql .= " SET label = '" . addslashes($this->libelle) ."'"; + if ($this->ref) $sql .= ",ref = '" . $this->ref ."'"; $sql .= ",tva_tx = " . $this->tva_tx ; $sql .= ",envente = " . $this->envente ; $sql .= ",seuil_stock_alerte = " . $this->seuil_stock_alerte ; - $sql .= ",description = '" . trim($this->description) ."'"; + $sql .= ",description = '" . addslashes($this->description) ."'"; $sql .= ",duration = '" . $this->duration_value . $this->duration_unit ."'"; - $sql .= " WHERE rowid = " . $id; if ( $this->db->query($sql) )