From 87f9530272925f0d651f59337a35661faeb6f377 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 17:29:10 +0200 Subject: [PATCH 1/7] Fix report by Ahsan Aziz (can reset the password of another user that did not request password reset). --- htdocs/user/passwordforgotten.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index cb149f1e481..63f33b5f8ec 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -87,14 +87,14 @@ if (empty($reshook)) { // Validate new password if ($action == 'validatenewpassword' && $username && $passworduidhash) { $edituser = new User($db); - $result = $edituser->fetch('', $_GET["username"]); + $result = $edituser->fetch('', $username); if ($result < 0) { $message = '
'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'
'; } else { global $dolibarr_main_instance_unique_id; //print $edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id.' '.$passworduidhash; - if (dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) { + if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) { // Clear session unset($_SESSION['dol_login']); $_SESSION['dol_loginmesg'] = $langs->trans('NewPasswordValidated'); // Save message for the session page From f648185839689cf70fd3fcb254b2ce7313ba6c87 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 17:34:25 +0200 Subject: [PATCH 2/7] Fix phpcs --- htdocs/core/lib/security2.lib.php | 4 ++-- test/phpunit/SecurityTest.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index 523b8ccf2cb..4408e2ccd52 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -476,8 +476,8 @@ function getRandomPassword($generic = false, $replaceambiguouschars = null, $len } $generated_password = str_shuffle($randomCode); - } else // Old platform, non cryptographic random - { + } else { + // Old platform, non cryptographic random $max = strlen($lowercase) - 1; for ($x = 0; $x < $nbofchar; $x++) { $tmp = mt_rand(0, $max); diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index d75ec962020..63c52ac60c5 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -323,8 +323,8 @@ class SecurityTest extends PHPUnit\Framework\TestCase $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject lll'); $test="Text with ' encoded with the numeric html entity converted into text entity ' (like when submited by CKEditor)"; - $result=testSqlAndScriptInject($test, 0); - $this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject mmm'); + $result=testSqlAndScriptInject($test, 0); // result must be 0 + $this->assertEquals(0, $result, 'Error on testSqlAndScriptInject mmm'); } /** From 65adb16191c3d1751922267f374b19ed78247a58 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 17:55:17 +0200 Subject: [PATCH 3/7] Fix increase entrophy of default password generation. --- .../generate/modGeneratePassStandard.class.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php b/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php index e091b5069e9..a358f916429 100644 --- a/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php +++ b/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php @@ -99,7 +99,7 @@ class modGeneratePassStandard extends ModeleGenPassword $password = ""; // define possible characters - $possible = "0123456789bcdfghjkmnpqrstvwxyz"; + $possible = "0123456789qwertyuiopasdfghjklzxcvbnmASDFGHJKLZXCVBNMQWERTYUIOP"; // set up a counter $i = 0; @@ -107,10 +107,13 @@ class modGeneratePassStandard extends ModeleGenPassword // add random characters to $password until $length is reached while ($i < $this->length) { // pick a random character from the possible ones - $char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1); + if (function_exists('random_int')) { // Cryptographic random + $char = substr($possible, random_int(0, dol_strlen($possible) - 1), 1); + } else { + $char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1); + } - // we don't want this character if it's already in the password - if (!strstr($password, $char)) { + if (substr_count($password, $char) <= 6) { // we don't want this character if it's already 5 times in the password $password .= $char; $i++; } From a14c68e996d39cf315a89a4b6ceedc70bfc0871b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 18:14:52 +0200 Subject: [PATCH 4/7] Fix Hide sensitive key on info page --- htdocs/admin/system/dolibarr.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php index 9af09164469..f1ba888d2ca 100644 --- a/htdocs/admin/system/dolibarr.php +++ b/htdocs/admin/system/dolibarr.php @@ -400,8 +400,10 @@ foreach ($configfileparameters as $key => $value) { if (in_array($newkey, array('dolibarr_main_db_pass', 'dolibarr_main_auth_ldap_admin_pass'))) { if (empty($dolibarr_main_prod)) { print ''; + print showValueWithClipboardCPButton(${$newkey}, 0, '********'); + } else { + print '**********'; } - print '**********'; } elseif ($newkey == 'dolibarr_main_url_root' && preg_match('/__auto__/', ${$newkey})) { print ${$newkey}.' => '.constant('DOL_MAIN_URL_ROOT'); } elseif ($newkey == 'dolibarr_main_document_root_alt') { @@ -420,9 +422,14 @@ foreach ($configfileparameters as $key => $value) { } } elseif ($newkey == 'dolibarr_main_instance_unique_id') { //print $conf->file->instance_unique_id; - global $dolibarr_main_cookie_cryptkey; - $valuetoshow = ${$newkey} ? ${$newkey} : $dolibarr_main_cookie_cryptkey; // Use $dolibarr_main_instance_unique_id first then $dolibarr_main_cookie_cryptkey - print $valuetoshow; + global $dolibarr_main_cookie_cryptkey, $dolibarr_main_instance_unique_id; + $valuetoshow = $dolibarr_main_instance_unique_id ? $dolibarr_main_instance_unique_id : $dolibarr_main_cookie_cryptkey; // Use $dolibarr_main_instance_unique_id first then $dolibarr_main_cookie_cryptkey + if (empty($dolibarr_main_prod)) { + print ''; + print showValueWithClipboardCPButton($valuetoshow, 0, '********'); + } else { + print '**********'; + } if (empty($valuetoshow)) { print img_warning("EditConfigFileToAddEntry", 'dolibarr_main_instance_unique_id'); } From 38d272e31ad77167cc4c9bbdb3280832d2e2446c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 18:16:52 +0200 Subject: [PATCH 5/7] Better position of fields --- htdocs/admin/system/dolibarr.php | 103 ++++++++++++++++--------------- 1 file changed, 52 insertions(+), 51 deletions(-) diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php index f1ba888d2ca..38c6cdc446a 100644 --- a/htdocs/admin/system/dolibarr.php +++ b/htdocs/admin/system/dolibarr.php @@ -309,57 +309,58 @@ print '
'; // Parameters in conf.php file (when a parameter start with ?, it is shown only if defined) $configfileparameters = array( - 'dolibarr_main_url_root' => $langs->trans("URLRoot"), - '?dolibarr_main_url_root_alt' => $langs->trans("URLRoot").' (alt)', - 'dolibarr_main_document_root'=> $langs->trans("DocumentRootServer"), - '?dolibarr_main_document_root_alt' => $langs->trans("DocumentRootServer").' (alt)', - 'dolibarr_main_data_root' => $langs->trans("DataRootServer"), - 'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"), - 'separator1' => '', - 'dolibarr_main_db_host' => $langs->trans("DatabaseServer"), - 'dolibarr_main_db_port' => $langs->trans("DatabasePort"), - 'dolibarr_main_db_name' => $langs->trans("DatabaseName"), - 'dolibarr_main_db_type' => $langs->trans("DriverType"), - 'dolibarr_main_db_user' => $langs->trans("DatabaseUser"), - 'dolibarr_main_db_pass' => $langs->trans("DatabasePassword"), - 'dolibarr_main_db_character_set' => $langs->trans("DBStoringCharset"), - 'dolibarr_main_db_collation' => $langs->trans("DBSortingCollation"), - '?dolibarr_main_db_prefix' => $langs->trans("Prefix"), - 'separator2' => '', - 'dolibarr_main_authentication' => $langs->trans("AuthenticationMode"), - '?multicompany_transverse_mode'=> $langs->trans("MultiCompanyMode"), - 'separator'=> '', - '?dolibarr_main_auth_ldap_login_attribute' => 'dolibarr_main_auth_ldap_login_attribute', - '?dolibarr_main_auth_ldap_host' => 'dolibarr_main_auth_ldap_host', - '?dolibarr_main_auth_ldap_port' => 'dolibarr_main_auth_ldap_port', - '?dolibarr_main_auth_ldap_version' => 'dolibarr_main_auth_ldap_version', - '?dolibarr_main_auth_ldap_dn' => 'dolibarr_main_auth_ldap_dn', - '?dolibarr_main_auth_ldap_admin_login' => 'dolibarr_main_auth_ldap_admin_login', - '?dolibarr_main_auth_ldap_admin_pass' => 'dolibarr_main_auth_ldap_admin_pass', - '?dolibarr_main_auth_ldap_debug' => 'dolibarr_main_auth_ldap_debug', - 'separator3' => '', - '?dolibarr_lib_ADODB_PATH' => 'dolibarr_lib_ADODB_PATH', - '?dolibarr_lib_FPDF_PATH' => 'dolibarr_lib_FPDF_PATH', - '?dolibarr_lib_TCPDF_PATH' => 'dolibarr_lib_TCPDF_PATH', - '?dolibarr_lib_FPDI_PATH' => 'dolibarr_lib_FPDI_PATH', - '?dolibarr_lib_TCPDI_PATH' => 'dolibarr_lib_TCPDI_PATH', - '?dolibarr_lib_NUSOAP_PATH' => 'dolibarr_lib_NUSOAP_PATH', - '?dolibarr_lib_GEOIP_PATH' => 'dolibarr_lib_GEOIP_PATH', - '?dolibarr_lib_ODTPHP_PATH' => 'dolibarr_lib_ODTPHP_PATH', - '?dolibarr_lib_ODTPHP_PATHTOPCLZIP' => 'dolibarr_lib_ODTPHP_PATHTOPCLZIP', - '?dolibarr_js_CKEDITOR' => 'dolibarr_js_CKEDITOR', - '?dolibarr_js_JQUERY' => 'dolibarr_js_JQUERY', - '?dolibarr_js_JQUERY_UI' => 'dolibarr_js_JQUERY_UI', - '?dolibarr_font_DOL_DEFAULT_TTF' => 'dolibarr_font_DOL_DEFAULT_TTF', - '?dolibarr_font_DOL_DEFAULT_TTF_BOLD' => 'dolibarr_font_DOL_DEFAULT_TTF_BOLD', - 'separator4' => '', - 'dolibarr_main_prod' => 'Production mode (Hide all error messages)', - 'dolibarr_main_restrict_os_commands' => 'Restrict CLI commands for backups', - 'dolibarr_main_restrict_ip' => 'Restrict access to some IPs only', - '?dolibarr_mailing_limit_sendbyweb' => 'Limit nb of email sent by page', - '?dolibarr_mailing_limit_sendbycli' => 'Limit nb of email sent by cli', - '?dolibarr_strict_mode' => 'Strict mode is on/off', - '?dolibarr_nocsrfcheck' => 'Disable CSRF security checks' + 'dolibarr_main_prod' => 'Production mode (Hide all error messages)', + 'separator0' => '', + 'dolibarr_main_url_root' => $langs->trans("URLRoot"), + '?dolibarr_main_url_root_alt' => $langs->trans("URLRoot").' (alt)', + 'dolibarr_main_document_root'=> $langs->trans("DocumentRootServer"), + '?dolibarr_main_document_root_alt' => $langs->trans("DocumentRootServer").' (alt)', + 'dolibarr_main_data_root' => $langs->trans("DataRootServer"), + 'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"), + 'separator1' => '', + 'dolibarr_main_db_host' => $langs->trans("DatabaseServer"), + 'dolibarr_main_db_port' => $langs->trans("DatabasePort"), + 'dolibarr_main_db_name' => $langs->trans("DatabaseName"), + 'dolibarr_main_db_type' => $langs->trans("DriverType"), + 'dolibarr_main_db_user' => $langs->trans("DatabaseUser"), + 'dolibarr_main_db_pass' => $langs->trans("DatabasePassword"), + 'dolibarr_main_db_character_set' => $langs->trans("DBStoringCharset"), + 'dolibarr_main_db_collation' => $langs->trans("DBSortingCollation"), + '?dolibarr_main_db_prefix' => $langs->trans("DatabasePrefix"), + 'separator2' => '', + 'dolibarr_main_authentication' => $langs->trans("AuthenticationMode"), + '?multicompany_transverse_mode'=> $langs->trans("MultiCompanyMode"), + 'separator'=> '', + '?dolibarr_main_auth_ldap_login_attribute' => 'dolibarr_main_auth_ldap_login_attribute', + '?dolibarr_main_auth_ldap_host' => 'dolibarr_main_auth_ldap_host', + '?dolibarr_main_auth_ldap_port' => 'dolibarr_main_auth_ldap_port', + '?dolibarr_main_auth_ldap_version' => 'dolibarr_main_auth_ldap_version', + '?dolibarr_main_auth_ldap_dn' => 'dolibarr_main_auth_ldap_dn', + '?dolibarr_main_auth_ldap_admin_login' => 'dolibarr_main_auth_ldap_admin_login', + '?dolibarr_main_auth_ldap_admin_pass' => 'dolibarr_main_auth_ldap_admin_pass', + '?dolibarr_main_auth_ldap_debug' => 'dolibarr_main_auth_ldap_debug', + 'separator3' => '', + '?dolibarr_lib_ADODB_PATH' => 'dolibarr_lib_ADODB_PATH', + '?dolibarr_lib_FPDF_PATH' => 'dolibarr_lib_FPDF_PATH', + '?dolibarr_lib_TCPDF_PATH' => 'dolibarr_lib_TCPDF_PATH', + '?dolibarr_lib_FPDI_PATH' => 'dolibarr_lib_FPDI_PATH', + '?dolibarr_lib_TCPDI_PATH' => 'dolibarr_lib_TCPDI_PATH', + '?dolibarr_lib_NUSOAP_PATH' => 'dolibarr_lib_NUSOAP_PATH', + '?dolibarr_lib_GEOIP_PATH' => 'dolibarr_lib_GEOIP_PATH', + '?dolibarr_lib_ODTPHP_PATH' => 'dolibarr_lib_ODTPHP_PATH', + '?dolibarr_lib_ODTPHP_PATHTOPCLZIP' => 'dolibarr_lib_ODTPHP_PATHTOPCLZIP', + '?dolibarr_js_CKEDITOR' => 'dolibarr_js_CKEDITOR', + '?dolibarr_js_JQUERY' => 'dolibarr_js_JQUERY', + '?dolibarr_js_JQUERY_UI' => 'dolibarr_js_JQUERY_UI', + '?dolibarr_font_DOL_DEFAULT_TTF' => 'dolibarr_font_DOL_DEFAULT_TTF', + '?dolibarr_font_DOL_DEFAULT_TTF_BOLD' => 'dolibarr_font_DOL_DEFAULT_TTF_BOLD', + 'separator4' => '', + 'dolibarr_main_restrict_os_commands' => 'Restrict CLI commands for backups', + 'dolibarr_main_restrict_ip' => 'Restrict access to some IPs only', + '?dolibarr_mailing_limit_sendbyweb' => 'Limit nb of email sent by page', + '?dolibarr_mailing_limit_sendbycli' => 'Limit nb of email sent by cli', + '?dolibarr_strict_mode' => 'Strict mode is on/off', + '?dolibarr_nocsrfcheck' => 'Disable CSRF security checks' ); print '
'; From 3ac72fe73c70cd35788f8be7141021a2294403b4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 18:19:02 +0200 Subject: [PATCH 6/7] Fix --- htdocs/admin/system/dolibarr.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php index 38c6cdc446a..0271488b65a 100644 --- a/htdocs/admin/system/dolibarr.php +++ b/htdocs/admin/system/dolibarr.php @@ -310,13 +310,13 @@ print '
'; // Parameters in conf.php file (when a parameter start with ?, it is shown only if defined) $configfileparameters = array( 'dolibarr_main_prod' => 'Production mode (Hide all error messages)', + 'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"), 'separator0' => '', 'dolibarr_main_url_root' => $langs->trans("URLRoot"), '?dolibarr_main_url_root_alt' => $langs->trans("URLRoot").' (alt)', 'dolibarr_main_document_root'=> $langs->trans("DocumentRootServer"), '?dolibarr_main_document_root_alt' => $langs->trans("DocumentRootServer").' (alt)', 'dolibarr_main_data_root' => $langs->trans("DataRootServer"), - 'dolibarr_main_instance_unique_id' => $langs->trans("InstanceUniqueID"), 'separator1' => '', 'dolibarr_main_db_host' => $langs->trans("DatabaseServer"), 'dolibarr_main_db_port' => $langs->trans("DatabasePort"), From abb1ad6bf0469eccd2b58beb20bdabc18fc36e22 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Jul 2021 18:46:27 +0200 Subject: [PATCH 7/7] Fix sql injection --- htdocs/compta/bank/class/account.class.php | 4 ++-- htdocs/compta/sociales/class/cchargesociales.class.php | 8 ++++---- htdocs/societe/card.php | 2 +- htdocs/societe/class/societe.class.php | 8 ++++---- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 46d1bb93684..8619ff25dae 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -829,8 +829,8 @@ class Account extends CommonObject $sql .= ",min_desired = ".($this->min_desired != '' ? price2num($this->min_desired) : "null"); $sql .= ",comment = '".$this->db->escape($this->comment)."'"; - $sql .= ",state_id = ".($this->state_id > 0 ? $this->state_id : "null"); - $sql .= ",fk_pays = ".($this->country_id > 0 ? $this->country_id : "null"); + $sql .= ",state_id = ".($this->state_id > 0 ? ((int) $this->state_id) : "null"); + $sql .= ",fk_pays = ".($this->country_id > 0 ? ((int) $this->country_id) : "null"); $sql .= ",ics = '".$this->db->escape($this->ics)."'"; $sql .= ",ics_transfer = '".$this->db->escape($this->ics_transfer)."'"; diff --git a/htdocs/compta/sociales/class/cchargesociales.class.php b/htdocs/compta/sociales/class/cchargesociales.class.php index 8cfadd84f4f..ee9a270b283 100644 --- a/htdocs/compta/sociales/class/cchargesociales.class.php +++ b/htdocs/compta/sociales/class/cchargesociales.class.php @@ -260,13 +260,13 @@ class Cchargesociales // Update request $sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET'; $sql .= ' libelle = '.(isset($this->libelle) ? "'".$this->db->escape($this->libelle)."'" : "null").','; - $sql .= ' deductible = '.(isset($this->deductible) ? $this->deductible : "null").','; - $sql .= ' active = '.(isset($this->active) ? $this->active : "null").','; + $sql .= ' deductible = '.(isset($this->deductible) ? ((int) $this->deductible) : "null").','; + $sql .= ' active = '.(isset($this->active) ? ((int) $this->active) : "null").','; $sql .= ' code = '.(isset($this->code) ? "'".$this->db->escape($this->code)."'" : "null").','; - $sql .= ' fk_pays = '.(isset($this->fk_pays) ? $this->fk_pays : "null").','; + $sql .= ' fk_pays = '.((isset($this->fk_pays) && $this->fk_pays > 0) ? ((int) $this->fk_pays) : "null").','; $sql .= ' module = '.(isset($this->module) ? "'".$this->db->escape($this->module)."'" : "null").','; $sql .= ' accountancy_code = '.(isset($this->accountancy_code) ? "'".$this->db->escape($this->accountancy_code)."'" : "null"); - $sql .= ' WHERE id='.$this->id; + $sql .= ' WHERE id='.((int) $this->id); $this->db->begin(); diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index e7e8c10d20c..ba4023dbba9 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -554,7 +554,7 @@ if (empty($reshook)) { } // We set country_id, country_code and country for the selected country - $object->country_id = GETPOST('country_id') != '' ?GETPOST('country_id') : $mysoc->country_id; + $object->country_id = GETPOST('country_id', 'int') != '' ? GETPOST('country_id', 'int') : $mysoc->country_id; if ($object->country_id) { $tmparray = getCountry($object->country_id, 'all'); $object->country_code = $tmparray['code']; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index a213cca5577..eff2ba39c21 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -894,7 +894,7 @@ class Societe extends CommonObject $sql .= ", ".(!empty($user->id) ? ((int) $user->id) : "null"); $sql .= ", ".(!empty($this->typent_id) ? ((int) $this->typent_id) : "null"); $sql .= ", ".(!empty($this->canvas) ? "'".$this->db->escape($this->canvas)."'" : "null"); - $sql .= ", ".$this->status; + $sql .= ", ".((int) $this->status); $sql .= ", ".(!empty($this->ref_ext) ? "'".$this->db->escape($this->ref_ext)."'" : "null"); $sql .= ", 0"; $sql .= ", ".(int) $this->fk_incoterms; @@ -1369,13 +1369,13 @@ class Societe extends CommonObject $sql .= ",zip = ".(!empty($this->zip) ? "'".$this->db->escape($this->zip)."'" : "null"); $sql .= ",town = ".(!empty($this->town) ? "'".$this->db->escape($this->town)."'" : "null"); - $sql .= ",fk_departement = '".(!empty($this->state_id) ? $this->state_id : '0')."'"; - $sql .= ",fk_pays = '".(!empty($this->country_id) ? $this->country_id : '0')."'"; + $sql .= ",fk_departement = ".((!empty($this->state_id) && $this->state_id > 0) ? ((int) $this->state_id) : 'null'); + $sql .= ",fk_pays = ".((!empty($this->country_id) && $this->country_id > 0) ? ((int) $this->country_id) : 'null'); $sql .= ",phone = ".(!empty($this->phone) ? "'".$this->db->escape($this->phone)."'" : "null"); $sql .= ",fax = ".(!empty($this->fax) ? "'".$this->db->escape($this->fax)."'" : "null"); $sql .= ",email = ".(!empty($this->email) ? "'".$this->db->escape($this->email)."'" : "null"); - $sql .= ", socialnetworks = '".$this->db->escape(json_encode($this->socialnetworks))."'"; + $sql .= ",socialnetworks = '".$this->db->escape(json_encode($this->socialnetworks))."'"; $sql .= ",url = ".(!empty($this->url) ? "'".$this->db->escape($this->url)."'" : "null"); $sql .= ",parent = ".($this->parent > 0 ? $this->parent : "null");