lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX #4243 sql injection

Browse Source
This commit is contained in:
Laurent Destailleur 2015-12-19 18:03:08 +01:00
parent 0df45f10c1
commit 9334cf8fd1
3 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
htdocs/core/class/html.form.class.php
View File

@ -1399,13 +1399,13 @@ class Form
foreach ($scrit as $crit)
{
if ($i > 0) $sql.=" AND ";
$sql.="(p.ref LIKE '".$prefix.$crit."%' OR p.label LIKE '".$prefix.$crit."%'";
if (! empty($conf->global->MAIN_MULTILANGS)) $sql.=" OR pl.label LIKE '".$prefix.$crit."%'";
$sql.="(p.ref LIKE '".$db->escape($prefix.$crit)."%' OR p.label LIKE '".$db->escape($prefix.$crit)."%'";
if (! empty($conf->global->MAIN_MULTILANGS)) $sql.=" OR pl.label LIKE '".$db->escape($prefix.$crit)."%'";
$sql.=")";
$i++;
}
if (count($scrit) > 1) $sql.=")";
if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '".$prefix.$filterkey."%'";
if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '".$db->escape($prefix.$filterkey)."%'";
$sql.=')';
}
$sql.= $db->order("p.ref");
@ -1750,7 +1750,7 @@ class Form
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON pfp.fk_soc = s.rowid";
$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
$sql.= " AND p.tobuy = 1";
if (strval($filtertype) != '') $sql.=" AND p.fk_product_type=".$filtertype;
if (strval($filtertype) != '') $sql.=" AND p.fk_product_type=".$this->db->escape($filtertype);
if (! empty($filtre)) $sql.=" ".$filtre;
// Add criteria on ref/label
if ($filterkey != '')
@ -1764,11 +1764,11 @@ class Form
foreach ($scrit as $crit)
{
if ($i > 0) $sql.=" AND ";
$sql.="(pfp.ref_fourn LIKE '".$prefix.$crit."%' OR p.ref LIKE '".$prefix.$crit."%' OR p.label LIKE '".$prefix.$crit."%')";
$sql.="(pfp.ref_fourn LIKE '".$this->db->escape($prefix.$crit)."%' OR p.ref LIKE '".$this->db->escape($prefix.$crit)."%' OR p.label LIKE '".$this->db->escape($prefix.$crit)."%')";
$i++;
}
if (count($scrit) > 1) $sql.=")";
if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '".$prefix.$filterkey."%'";
if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '".$this->db->escape($prefix.$filterkey)."%'";
$sql.=')';
}
$sql.= " ORDER BY pfp.ref_fourn DESC, pfp.quantity ASC";

2
htdocs/product/ajax/products.php
View File

@ -169,7 +169,7 @@ if (! empty($action) && $action == 'fetch' && ! empty($id)) {
$match = preg_grep('/(' . $htmlname . '[0-9]+)/', array_keys($_GET));
sort($match);
$idprod = (! empty($match [0]) ? $match [0] : '');
$idprod = (! empty($match[0]) ? $match[0] : '');
if (! GETPOST($htmlname) && ! GETPOST($idprod))
return;

2
htdocs/product/class/product.class.php
View File

@ -2863,7 +2863,7 @@ class Product extends CommonObject
{
global $langs;
$langs->load('products');
if ($conf->productbatch->enabled) $langs->load("productbatch");
if (! empty($conf->productbatch->enabled)) $langs->load("productbatch");
if ($type == 2)
{