lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix escape fields

Browse Source
This commit is contained in:
Laurent Destailleur 2020-06-14 21:22:44 +02:00
parent c22a9781d8
commit abb8cd260f
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
htdocs/compta/facture/class/facture.class.php
View File

@ -3987,10 +3987,10 @@ class Facture extends CommonInvoice
* @param User $fuser User asking the direct debit transfer * @param User $fuser User asking the direct debit transfer
* @param float $amount Amount we request direct debit for * @param float $amount Amount we request direct debit for
* @param string $type 'direct-debit' or 'bank-transfer' * @param string $type 'direct-debit' or 'bank-transfer'
* @param string $source_type Source ('facture' or 'supplier_invoice') * @param string $sourcetype Source ('facture' or 'supplier_invoice')
* @return int <0 if KO, >0 if OK * @return int <0 if KO, >0 if OK
*/ */
public function demande_prelevement($fuser, $amount = 0, $type = 'direct-debit', $source_type = 'facture') public function demande_prelevement($fuser, $amount = 0, $type = 'direct-debit', $sourcetype = 'facture')
{ {
// phpcs:enable // phpcs:enable
@ -4041,16 +4041,16 @@ class Facture extends CommonInvoice
} else { } else {
$sql .= 'fk_facture, '; $sql .= 'fk_facture, ';
} }
$sql .= ' amount, date_demande, fk_user_demande, code_banque, code_guichet, number, cle_rib, source_type)'; $sql .= ' amount, date_demande, fk_user_demande, code_banque, code_guichet, number, cle_rib, sourcetype)';
$sql .= ' VALUES ('.$this->id; $sql .= ' VALUES ('.$this->id;
$sql .= ",'".price2num($amount)."'"; $sql .= ",'".price2num($amount)."'";
$sql .= ",'".$this->db->idate($now)."'"; $sql .= ",'".$this->db->idate($now)."'";
$sql .= ",".$fuser->id; $sql .= ",".$fuser->id;
$sql .= ",'".$bac->code_banque."'"; $sql .= ",'".$this->db->escape($bac->code_banque)."'";
$sql .= ",'".$bac->code_guichet."'"; $sql .= ",'".$this->db->escape($bac->code_guichet)."'";
$sql .= ",'".$bac->number."'"; $sql .= ",'".$this->db->escape($bac->number)."'";
$sql .= ",'".$bac->cle_rib."'"; $sql .= ",'".$this->db->escape($bac->cle_rib)."'";
$sql .= ",'".$source_type."'"; $sql .= ",'".$this->db->escape($sourcetype)."'";
$sql .= ")"; $sql .= ")";
dol_syslog(get_class($this)."::demande_prelevement", LOG_DEBUG); dol_syslog(get_class($this)."::demande_prelevement", LOG_DEBUG);