From b2c2c552141d76b4d82ea67cc179dc81ac070ea0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 24 Apr 2021 21:00:26 +0200 Subject: [PATCH] Fix #yogosha5877 --- htdocs/product/class/api_products.class.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/htdocs/product/class/api_products.class.php b/htdocs/product/class/api_products.class.php index 6b26421d0f8..9b06b30765d 100644 --- a/htdocs/product/class/api_products.class.php +++ b/htdocs/product/class/api_products.class.php @@ -721,6 +721,11 @@ class Products extends DolibarrApi throw new RestException(404, 'Supplier not found'); } + // Clean data + $ref_fourn = checkVal($ref_fourn, 'alphanohtml'); + $desc_fourn = checkVal($desc_fourn, 'restricthtml'); + $barcode = checkVal($barcode, 'alphanohtml'); + $result = $this->productsupplier->update_buyprice($qty, $buyprice, DolibarrApiAccess::$user, $price_base_type, $fourn, $availability, $ref_fourn, $tva_tx, $charges, $remise_percent, $remise, $newnpr, $delivery_time_days, $supplier_reputation, $localtaxes_array, $newdefaultvatcode, $multicurrency_buyprice, $multicurrency_price_base_type, $multicurrency_tx, $multicurrency_code, $desc_fourn, $barcode, $fk_barcode_type); if ($result <= 0) {