From b5406c704aa366c0eda807bcf964dffd2269a2fe Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 6 Apr 2011 13:32:45 +0000 Subject: [PATCH] Fix: missing product triggers --- htdocs/product/class/product.class.php | 63 ++++++++++++++++---------- 1 file changed, 40 insertions(+), 23 deletions(-) diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 4b14070037b..4fb478f8636 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -215,7 +215,7 @@ class Product extends CommonObject if (empty($this->price)) $this->price = 0; if (empty($this->price_min)) $this->price_min = 0; if (empty($this->status)) $this->status = 0; - if (empty($this->status_buy)) $this->status_buy = 0; + if (empty($this->status_buy)) $this->status_buy = 0; if (empty($this->finished)) $this->finished = 0; if (empty($this->hidden)) $this->hidden = 0; @@ -290,7 +290,7 @@ class Product extends CommonObject $sql.= ", '".$this->ref."'"; $sql.= ", ".price2num($price_min_ht); $sql.= ", ".price2num($price_min_ttc); - $sql.= ", ".($this->libelle?"'".addslashes($this->libelle)."'":"null"); + $sql.= ", ".($this->libelle?"'".$this->db->escape($this->libelle)."'":"null"); $sql.= ", ".$user->id; $sql.= ", ".$this->type; $sql.= ", ".price2num($price_ht); @@ -366,6 +366,13 @@ class Product extends CommonObject if ($this->errno === 0) { + // Appel des triggers + include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php"); + $interface=new Interfaces($this->db); + $result=$interface->run_triggers('PRODUCT_CREATE',$this,$user,$langs,$conf); + if ($result < 0) { $error++; $this->errors=$interface->errors; } + // Fin appel triggers + $this->db->commit(); return $id; } @@ -448,7 +455,7 @@ class Product extends CommonObject $this->accountancy_code_sell= trim($this->accountancy_code_sell); $sql = "UPDATE ".MAIN_DB_PREFIX."product"; - $sql.= " SET label = '" . addslashes($this->libelle) ."'"; + $sql.= " SET label = '" . $this->db->escape($this->libelle) ."'"; $sql.= ",ref = '" . $this->ref ."'"; $sql.= ",tva_tx = " . $this->tva_tx; @@ -469,10 +476,10 @@ class Product extends CommonObject $sql.= ",volume = " . ($this->volume!='' ? "'".$this->volume."'" : 'null'); $sql.= ",volume_units = " . ($this->volume_units!='' ? "'".$this->volume_units."'" : 'null'); $sql.= ",seuil_stock_alerte = " . ((isset($this->seuil_stock_alerte) && $this->seuil_stock_alerte != '') ? "'".$this->seuil_stock_alerte."'" : "null"); - $sql.= ",description = '" . addslashes($this->description) ."'"; - $sql.= ",customcode = '" . addslashes($this->customcode) ."'"; + $sql.= ",description = '" . $this->db->escape($this->description) ."'"; + $sql.= ",customcode = '" . $this->db->escape($this->customcode) ."'"; $sql.= ",fk_country = " . ($this->country_id > 0 ? $this->country_id : 'null'); - $sql.= ",note = '" . addslashes($this->note) ."'"; + $sql.= ",note = '" . $this->db->escape($this->note) ."'"; $sql.= ",duration = '" . $this->duration_value . $this->duration_unit ."'"; $sql.= ",accountancy_code_buy = '" . $this->accountancy_code_buy."'"; $sql.= ",accountancy_code_sell= '" . $this->accountancy_code_sell."'"; @@ -482,6 +489,8 @@ class Product extends CommonObject $resql=$this->db->query($sql); if ($resql) { + $this->id = $id; + // Multilangs if($conf->global->MAIN_MULTILANGS) { @@ -491,6 +500,14 @@ class Product extends CommonObject return -2; } } + + // Appel des triggers + include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php"); + $interface=new Interfaces($this->db); + $result=$interface->run_triggers('PRODUCT_MODIFY',$this,$user,$langs,$conf); + if ($result < 0) { $error++; $this->errors=$interface->errors; } + // Fin appel triggers + return 1; } else @@ -627,17 +644,17 @@ class Product extends CommonObject if ($this->db->num_rows($result)) // si aucune ligne dans la base { $sql2 = "UPDATE ".MAIN_DB_PREFIX."product_lang"; - $sql2.= " SET label='".addslashes($this->libelle)."',"; - $sql2.= " description='".addslashes($this->description)."',"; - $sql2.= " note='".addslashes($this->note)."'"; + $sql2.= " SET label='".$this->db->escape($this->libelle)."',"; + $sql2.= " description='".$this->db->escape($this->description)."',"; + $sql2.= " note='".$this->db->escape($this->note)."'"; $sql2.= " WHERE fk_product=".$this->id." AND lang='".$key."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."product_lang (fk_product, lang, label, description, note)"; - $sql2.= " VALUES(".$this->id.",'".$key."','". addslashes($this->libelle); - $sql2.= "','".addslashes($this->description); - $sql2.= "','".addslashes($this->note)."')"; + $sql2.= " VALUES(".$this->id.",'".$key."','". $this->db->escape($this->libelle); + $sql2.= "','".$this->db->escape($this->description); + $sql2.= "','".$this->db->escape($this->note)."')"; } if (!$this->db->query($sql2)) return -1; } @@ -646,17 +663,17 @@ class Product extends CommonObject if ($this->db->num_rows($result)) // si aucune ligne dans la base { $sql2 = "UPDATE ".MAIN_DB_PREFIX."product_lang"; - $sql2.= " SET label='".addslashes($this->multilangs["$key"]["libelle"])."',"; - $sql2.= " description='".addslashes($this->multilangs["$key"]["description"])."',"; - $sql2.= " note='".addslashes($this->multilangs["$key"]["note"])."'"; + $sql2.= " SET label='".$this->db->escape($this->multilangs["$key"]["libelle"])."',"; + $sql2.= " description='".$this->db->escape($this->multilangs["$key"]["description"])."',"; + $sql2.= " note='".$this->db->escape($this->multilangs["$key"]["note"])."'"; $sql2.= " WHERE fk_product=".$this->id." AND lang='".$key."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."product_lang (fk_product, lang, label, description, note)"; - $sql2.= " VALUES(".$this->id.",'".$key."','". addslashes($this->multilangs["$key"]["libelle"]); - $sql2.= "','".addslashes($this->multilangs["$key"]["description"]); - $sql2.= "','".addslashes($this->multilangs["$key"]["note"])."')"; + $sql2.= " VALUES(".$this->id.",'".$key."','". $this->db->escape($this->multilangs["$key"]["libelle"]); + $sql2.= "','".$this->db->escape($this->multilangs["$key"]["description"]); + $sql2.= "','".$this->db->escape($this->multilangs["$key"]["note"])."')"; } // on ne sauvegarde pas des champs vides @@ -990,7 +1007,7 @@ class Product extends CommonObject $sql.= " import_key"; $sql.= " FROM ".MAIN_DB_PREFIX."product"; if ($id) $sql.= " WHERE rowid = '".$id."'"; - if ($ref) $sql.= " WHERE ref = '".addslashes($ref)."'"; + if ($ref) $sql.= " WHERE ref = '".$this->db->escape($ref)."'"; dol_syslog("Product::fetch sql=".$sql); $result = $this->db->query($sql); @@ -2097,7 +2114,7 @@ class Product extends CommonObject $prods = array (); while ($record = $this->db->fetch_array ($res)) { - $prods[addslashes($record['label'])] = array(0=>$record['id']); + $prods[$this->db->escape($record['label'])] = array(0=>$record['id']); } return $prods; } @@ -2127,12 +2144,12 @@ class Product extends CommonObject $prods = array(); while ($rec = $this->db->fetch_array($res)) { - //$prods[addslashes($rec['label'])]= array(0=>$rec['id'],1=>$rec['qty'],2=>$rec['fk_product_type']); - $prods[addslashes($rec['label'])]= array(0=>$rec['id'],1=>$rec['qty']); + //$prods[$this->db->escape($rec['label'])]= array(0=>$rec['id'],1=>$rec['qty'],2=>$rec['fk_product_type']); + $prods[$this->db->escape($rec['label'])]= array(0=>$rec['id'],1=>$rec['qty']); $listofchilds=$this->getChildsArbo($rec['id']); foreach($listofchilds as $keyChild => $valueChild) { - $prods[addslashes($rec['label'])][$keyChild] = $valueChild; + $prods[$this->db->escape($rec['label'])][$keyChild] = $valueChild; } } //var_dump($prods);