lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #12609 from frederic34/patch-20

Browse Source 
Update product.class.php
This commit is contained in:
Laurent Destailleur 2019-12-03 13:18:29 +01:00 committed by GitHub
commit a00d011f10
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
htdocs/product/class/product.class.php
View File

@ -1297,7 +1297,7 @@ class Product extends CommonObject
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."product_lang";
$sql .= " WHERE fk_product=".$this->id;
$sql .= " AND lang='".$key."'";
$sql .= " AND lang='".$this->db->escape($key)."'";
$result = $this->db->query($sql);
@ -1319,7 +1319,8 @@ class Product extends CommonObject
$sql2 .= ")";
$sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->label)."',";
$sql2 .= " '".$this->db->escape($this->description)."'";
if (!empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) { $sql2 .= ", '".$this->db->escape($this->other)."'";
if (!empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) {
$sql2 .= ", '".$this->db->escape($this->other)."'";
}
$sql2 .= ")";
}
@ -1333,7 +1334,7 @@ class Product extends CommonObject
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."product_lang";
$sql .= " WHERE fk_product=".$this->id;
$sql .= " AND lang='".$key."'";
$sql .= " AND lang='".$this->db->escape($key)."'";
$result = $this->db->query($sql);
@ -1343,7 +1344,8 @@ class Product extends CommonObject
$sql2 .= " SET ";
$sql2 .= " label='".$this->db->escape($this->multilangs["$key"]["label"])."',";
$sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'";
if (!empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) { $sql2 .= ", note='".$this->db->escape($this->multilangs["$key"]["other"])."'";
if (!empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) {
$sql2 .= ", note='".$this->db->escape($this->multilangs["$key"]["other"])."'";
}
$sql2 .= " WHERE fk_product=".$this->id." AND lang='".$this->db->escape($key)."'";
}
@ -1355,7 +1357,8 @@ class Product extends CommonObject
$sql2 .= ")";
$sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->multilangs["$key"]["label"])."',";
$sql2 .= " '".$this->db->escape($this->multilangs["$key"]["description"])."'";
if (!empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) { $sql2 .= ", '".$this->db->escape($this->multilangs["$key"]["other"])."'";
if (!empty($conf->global->PRODUCT_USE_OTHER_FIELD_IN_TRANSLATION)) {
$sql2 .= ", '".$this->db->escape($this->multilangs["$key"]["other"])."'";
}
$sql2 .= ")";
}