Merge pull request #9202 from atm-florian/7.0

fix bad use of test_sql_and_script_inject return int not value tested

htdocs/core/class/html.form.class.php

@@ -1070,7 +1070,11 @@ class Form
 		$outarray=array();
 
 		// Clean $filter that may contains sql conditions so sql code
-		if (function_exists('test_sql_and_script_inject')) $filter = test_sql_and_script_inject($filter, 3);
+		if (function_exists('test_sql_and_script_inject')) {
+			if (test_sql_and_script_inject($filter, 3)>0) {
+				$filter ='';
+			}
+		}
 
 		// On recherche les societes
 		$sql = "SELECT s.rowid, s.nom as name, s.name_alias, s.client, s.fournisseur, s.code_client, s.code_fournisseur";

htdocs/holiday/card.php

@@ -452,10 +452,15 @@ if ($action == 'confirm_valid')
             $newSolde = $soldeActuel - ($nbopenedday * $object->getConfCP('nbHolidayDeducted'));
 
             // On ajoute la modification dans le LOG
-            $object->addLogCP($user->id, $object->fk_user, $langs->transnoentitiesnoconv("Holidays"), $newSolde, $object->fk_type);
+            $result=$object->addLogCP($user->id, $object->fk_user, $langs->transnoentitiesnoconv("Holidays"), $newSolde, $object->fk_type);
-
+            if ($result<0) {
+            	setEventMessages(null, $object->errors,'errors');
+            }
             // Mise à jour du solde
-            $object->updateSoldeCP($object->fk_user, $newSolde, $object->fk_type);
+            $result=$object->updateSoldeCP($object->fk_user, $newSolde, $object->fk_type);
+            if ($result<0) {
+            	setEventMessages(null, $object->errors,'errors');
+            }
 
             // To
             $destinataire = new User($db);