Add some protection for SQL injection
This commit is contained in:
Laurent Destailleur
parent
6063b02bf4
commit
ca1715df96
@ -176,7 +176,7 @@ class AdherentType extends CommonObject
|
||||
$sql = "SELECT rowid";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang";
|
||||
$sql .= " WHERE fk_type=".$this->id;
|
||||
$sql .= " AND lang='".$key."'";
|
||||
$sql .= " AND lang = '".$this->db->escape($key)."'";
|
||||
|
||||
$result = $this->db->query($sql);
|
||||
|
||||
@ -202,7 +202,7 @@ class AdherentType extends CommonObject
|
||||
$sql = "SELECT rowid";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."adherent_type_lang";
|
||||
$sql .= " WHERE fk_type=".$this->id;
|
||||
$sql .= " AND lang='".$key."'";
|
||||
$sql .= " AND lang = '".$this->db->escape($key)."'";
|
||||
|
||||
$result = $this->db->query($sql);
|
||||
|
||||
@ -552,7 +552,7 @@ class AdherentType extends CommonObject
|
||||
$sql = "SELECT a.rowid";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."adherent as a";
|
||||
$sql .= " WHERE a.entity IN (".getEntity('member').")";
|
||||
$sql .= " AND a.fk_adherent_type = ".$this->id;
|
||||
$sql .= " AND a.fk_adherent_type = ".((int) $this->id);
|
||||
if (!empty($excludefilter)) {
|
||||
$sql .= ' AND ('.$excludefilter.')';
|
||||
}
|
||||
|
||||
@ -302,13 +302,13 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on (s.rowid = d.fk_soc)";
|
||||
$sql .= ", ".MAIN_DB_PREFIX."adherent_type as t";
|
||||
$sql .= " WHERE d.fk_adherent_type = t.rowid ";
|
||||
if ($catid > 0) {
|
||||
$sql .= " AND cm.fk_categorie = ".$db->escape($catid);
|
||||
$sql .= " AND cm.fk_categorie = ".((int) $catid);
|
||||
}
|
||||
if ($catid == -2) {
|
||||
$sql .= " AND cm.fk_categorie IS NULL";
|
||||
}
|
||||
if ($search_categ > 0) {
|
||||
$sql .= " AND cm.fk_categorie = ".$db->escape($search_categ);
|
||||
$sql .= " AND cm.fk_categorie = ".((int) $search_categ);
|
||||
}
|
||||
if ($search_categ == -2) {
|
||||
$sql .= " AND cm.fk_categorie IS NULL";
|
||||
|
||||
@ -191,7 +191,7 @@ if ($search_note) {
|
||||
$sql .= natural_search('c.note', $search_note);
|
||||
}
|
||||
if ($search_account > 0) {
|
||||
$sql .= " AND b.fk_account = ".urldecode($search_account);
|
||||
$sql .= " AND b.fk_account = ".((int) $search_account);
|
||||
}
|
||||
if ($search_amount) {
|
||||
$sql .= natural_search('c.subscription', $search_amount, 1);
|
||||
|
||||
@ -132,7 +132,7 @@ print '</tr>'."\n";
|
||||
$sql = "SELECT r.id, r.libelle as label, r.module, r.module_position, r.perms, r.subperms, r.bydefault";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r";
|
||||
$sql .= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous"
|
||||
$sql .= " AND r.entity = ".$entity;
|
||||
$sql .= " AND r.entity = ".((int) $entity);
|
||||
if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {
|
||||
$sql .= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is not enabled
|
||||
}
|
||||
|
||||
@ -332,7 +332,7 @@ class AssetType extends CommonObject
|
||||
/**
|
||||
* Return array of Asset objects for asset type this->id (or all if this->id not defined)
|
||||
*
|
||||
* @param string $excludefilter Filter to exclude
|
||||
* @param string $excludefilter Filter to exclude. This parameter must not be provided by input of users
|
||||
* @param int $mode 0=Return array of asset instance
|
||||
* 1=Return array of asset instance without extra data
|
||||
* 2=Return array of asset id only
|
||||
|
||||
@ -134,14 +134,14 @@ class Boms extends DolibarrApi
|
||||
$sql .= " AND t.fk_soc = sc.fk_soc";
|
||||
}
|
||||
if ($restrictonsocid && $socid) {
|
||||
$sql .= " AND t.fk_soc = ".$socid;
|
||||
$sql .= " AND t.fk_soc = ".((int) $socid);
|
||||
}
|
||||
if ($restrictonsocid && $search_sale > 0) {
|
||||
$sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
|
||||
}
|
||||
// Insert sale filter
|
||||
if ($restrictonsocid && $search_sale > 0) {
|
||||
$sql .= " AND sc.fk_user = ".$search_sale;
|
||||
$sql .= " AND sc.fk_user = ".((int) $search_sale);
|
||||
}
|
||||
if ($sqlfilters) {
|
||||
if (!DolibarrApi::_checkFilters($sqlfilters)) {
|
||||
|
||||
@ -1300,7 +1300,7 @@ class Categorie extends CommonObject
|
||||
$sql = "SELECT c.rowid";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."categorie as c ";
|
||||
$sql .= " WHERE c.entity IN (".getEntity('category').")";
|
||||
$sql .= " AND c.type = ".$type;
|
||||
$sql .= " AND c.type = ".((int) $type);
|
||||
$sql .= " AND c.fk_parent = ".$this->fk_parent;
|
||||
$sql .= " AND c.label = '".$this->db->escape($this->label)."'";
|
||||
|
||||
@ -1792,7 +1792,7 @@ class Categorie extends CommonObject
|
||||
$sql = "SELECT rowid";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang";
|
||||
$sql .= " WHERE fk_category=".$this->id;
|
||||
$sql .= " AND lang='".$key."'";
|
||||
$sql .= " AND lang = '".$this->db->escape($key)."'";
|
||||
|
||||
$result = $this->db->query($sql);
|
||||
|
||||
|
||||
@ -1227,17 +1227,17 @@ class ActionComm extends CommonObject
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a";
|
||||
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
|
||||
if (!empty($socid)) {
|
||||
$sql .= " AND a.fk_soc = ".$socid;
|
||||
$sql .= " AND a.fk_soc = ".((int) $socid);
|
||||
}
|
||||
if (!empty($elementtype)) {
|
||||
if ($elementtype == 'project') {
|
||||
$sql .= ' AND a.fk_project = '.$fk_element;
|
||||
$sql .= ' AND a.fk_project = '.((int) $fk_element);
|
||||
} elseif ($elementtype == 'contact') {
|
||||
$sql .= ' AND a.id IN';
|
||||
$sql .= " (SELECT fk_actioncomm FROM ".MAIN_DB_PREFIX."actioncomm_resources WHERE";
|
||||
$sql .= " element_type = 'socpeople' AND fk_element = ".$fk_element.')';
|
||||
$sql .= " element_type = 'socpeople' AND fk_element = ".((int) $fk_element).')';
|
||||
} else {
|
||||
$sql .= " AND a.fk_element = ".(int) $fk_element." AND a.elementtype = '".$db->escape($elementtype)."'";
|
||||
$sql .= " AND a.fk_element = ".((int) $fk_element)." AND a.elementtype = '".$db->escape($elementtype)."'";
|
||||
}
|
||||
}
|
||||
if (!empty($filter)) {
|
||||
|
||||
@ -101,7 +101,7 @@ if ($type == "f") {
|
||||
$sql .= " AND s.fournisseur = 1";
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
|
||||
if (dol_strlen($stcomm)) {
|
||||
|
||||
@ -169,7 +169,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
|
||||
$resql = $db->query($sql);
|
||||
|
||||
@ -2734,7 +2734,7 @@ class Propal extends CommonObject
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
if ($draft) {
|
||||
$sql .= " AND p.fk_statut = ".self::STATUS_DRAFT;
|
||||
|
||||
@ -372,7 +372,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY p.rowid DESC";
|
||||
|
||||
|
||||
@ -191,7 +191,7 @@ class Orders extends DolibarrApi
|
||||
}
|
||||
// Insert sale filter
|
||||
if ($search_sale > 0) {
|
||||
$sql .= " AND sc.fk_user = ".$search_sale;
|
||||
$sql .= " AND sc.fk_user = ".((int) $search_sale);
|
||||
}
|
||||
// Add sql filters
|
||||
if ($sqlfilters) {
|
||||
|
||||
@ -209,7 +209,7 @@ if (!empty($conf->commande->enabled)) {
|
||||
$sql .= " AND c.entity IN (".getEntity('commande').")";
|
||||
$sql .= " AND c.fk_statut = 0";
|
||||
if ($socid) {
|
||||
$sql .= " AND c.fk_soc = ".$socid;
|
||||
$sql .= " AND c.fk_soc = ".((int) $socid);
|
||||
}
|
||||
if (!$user->rights->societe->client->voir && !$socid) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
|
||||
@ -79,12 +79,12 @@ $result = restrictedArea($user, 'banque', $object->id, 'bank_account', '', '');
|
||||
|
||||
// Define number of receipt to show (current, previous or next one ?)
|
||||
$found = false;
|
||||
if ($_GET["rel"] == 'prev') {
|
||||
if (GETPOST("rel") == 'prev') {
|
||||
// Recherche valeur pour num = numero releve precedent
|
||||
$sql = "SELECT DISTINCT(b.num_releve) as num";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
|
||||
$sql .= " WHERE b.num_releve < '".$db->escape($numref)."'";
|
||||
$sql .= " AND b.fk_account = ".$id;
|
||||
$sql .= " AND b.fk_account = ".((int) $id);
|
||||
$sql .= " ORDER BY b.num_releve DESC";
|
||||
|
||||
dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG);
|
||||
@ -97,12 +97,12 @@ if ($_GET["rel"] == 'prev') {
|
||||
$found = true;
|
||||
}
|
||||
}
|
||||
} elseif ($_GET["rel"] == 'next') {
|
||||
} elseif (GETPOST("rel") == 'next') {
|
||||
// Recherche valeur pour num = numero releve precedent
|
||||
$sql = "SELECT DISTINCT(b.num_releve) as num";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
|
||||
$sql .= " WHERE b.num_releve > '".$db->escape($numref)."'";
|
||||
$sql .= " AND b.fk_account = ".$id;
|
||||
$sql .= " AND b.fk_account = ".((int) $id);
|
||||
$sql .= " ORDER BY b.num_releve ASC";
|
||||
|
||||
dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG);
|
||||
|
||||
@ -581,7 +581,7 @@ if (is_array($extrafields->attributes[$object->table_element]['label']) && count
|
||||
$sql .= " WHERE b.fk_account = ba.rowid";
|
||||
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
|
||||
if ($search_account > 0) {
|
||||
$sql .= " AND b.fk_account = ".$search_account;
|
||||
$sql .= " AND b.fk_account = ".((int) $search_account);
|
||||
}
|
||||
// Search period criteria
|
||||
if (dol_strlen($search_dt_start) > 0) {
|
||||
@ -607,7 +607,7 @@ if ($search_num_releve) {
|
||||
$sql .= natural_search("b.num_releve", $search_num_releve);
|
||||
}
|
||||
if ($search_conciliated != '' && $search_conciliated != '-1') {
|
||||
$sql .= " AND b.rappro = ".urlencode($search_conciliated);
|
||||
$sql .= " AND b.rappro = ".((int) $search_conciliated);
|
||||
}
|
||||
if ($search_thirdparty_user) {
|
||||
$sql.= " AND (b.rowid IN ";
|
||||
|
||||
@ -264,10 +264,6 @@ if ($search_accountancy_subledger > 0) {
|
||||
if ($typeid > 0) {
|
||||
$sql .= " AND v.fk_typepayment=".$typeid;
|
||||
}
|
||||
if ($filtre) {
|
||||
$filtre = str_replace(":", "=", $filtre);
|
||||
$sql .= " AND ".$filtre;
|
||||
}
|
||||
if ($search_all) {
|
||||
$sql .= natural_search(array_keys($fieldstosearchall), $search_all);
|
||||
}
|
||||
|
||||
@ -162,7 +162,7 @@ if (!$user->rights->societe->client->voir && !$user->socid) {
|
||||
$sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND d.fk_soc = ".$socid;
|
||||
$sql .= " AND d.fk_soc = ".((int) $socid);
|
||||
}
|
||||
$sql .= $db->order("d.tms", "DESC");
|
||||
$sql .= $db->plimit($max, 0);
|
||||
|
||||
@ -108,11 +108,11 @@ if (!$user->rights->societe->client->voir && !$socid) {
|
||||
$sql .= " AND (sc.fk_user = ".$user->id." OR d.fk_soc IS NULL) ";
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
|
||||
if ($search_ref) {
|
||||
$sql .= " AND d.rowid=".$search_ref;
|
||||
$sql .= " AND d.rowid = ".((int) $search_ref);
|
||||
}
|
||||
if ($search_name) {
|
||||
$sql .= natural_search('u.lastname', $search_name);
|
||||
|
||||
@ -4033,7 +4033,7 @@ class Facture extends CommonInvoice
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
if ($draft) {
|
||||
$sql .= " AND f.fk_statut = ".self::STATUS_DRAFT;
|
||||
|
||||
@ -232,7 +232,7 @@ function getDraftTable($maxCount = 500, $socid = 0)
|
||||
$sql .= " AND f.entity IN (".getEntity('facture').")";
|
||||
$sql .= " AND f.fk_statut = ".Facture::STATUS_DRAFT;
|
||||
if ($socid) {
|
||||
$sql .= " AND f.fk_soc = ".$socid;
|
||||
$sql .= " AND f.fk_soc = ".((int) $socid);
|
||||
}
|
||||
if (!$user->rights->societe->client->voir && !$socid) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
@ -329,7 +329,7 @@ function getLatestEditTable($maxCount = 5, $socid = 0)
|
||||
$sql .= " WHERE f.fk_soc = s.rowid";
|
||||
$sql .= " AND f.entity IN (".getEntity('facture').")";
|
||||
if ($socid) {
|
||||
$sql .= " AND f.fk_soc = ".$socid;
|
||||
$sql .= " AND f.fk_soc = ".((int) $socid);
|
||||
}
|
||||
if (!$user->rights->societe->client->voir && !$socid) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
@ -432,7 +432,7 @@ function getOpenTable($maxCount = 500, $socid = 0)
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY f.rowid DESC";
|
||||
$sql .= $db->plimit($maxCount, 0);
|
||||
|
||||
@ -513,14 +513,7 @@ if ($userid) {
|
||||
if ($userid == -1) {
|
||||
$sql .= ' AND f.fk_user_author IS NULL';
|
||||
} else {
|
||||
$sql .= ' AND f.fk_user_author = '.$userid;
|
||||
}
|
||||
}
|
||||
if ($filtre) {
|
||||
$aFilter = explode(',', $filtre);
|
||||
foreach ($aFilter as $filter) {
|
||||
$filt = explode(':', $filter);
|
||||
$sql .= ' AND '.$db->escape(trim($filt[0])).' = '.$db->escape(trim($filt[1]));
|
||||
$sql .= ' AND f.fk_user_author = '.((int) $userid);
|
||||
}
|
||||
}
|
||||
if ($search_ref) {
|
||||
|
||||
@ -171,9 +171,9 @@ class Paiement extends CommonObject
|
||||
if ($id > 0) {
|
||||
$sql .= ' AND p.rowid = '.((int) $id);
|
||||
} elseif ($ref) {
|
||||
$sql .= " AND p.ref = '".$ref."'";
|
||||
$sql .= " AND p.ref = '".$this->db->escape($ref)."'";
|
||||
} elseif ($fk_bank) {
|
||||
$sql .= ' AND p.fk_bank = '.$fk_bank;
|
||||
$sql .= ' AND p.fk_bank = '.((int) $fk_bank);
|
||||
}
|
||||
|
||||
$resql = $this->db->query($sql);
|
||||
|
||||
@ -200,13 +200,13 @@ if (GETPOST("orphelins", "alpha")) {
|
||||
$sql .= " AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid > 0) {
|
||||
$sql .= " AND f.fk_soc = ".$socid;
|
||||
$sql .= " AND f.fk_soc = ".((int) $socid);
|
||||
}
|
||||
if ($userid) {
|
||||
if ($userid == -1) {
|
||||
$sql .= " AND f.fk_user_author IS NULL";
|
||||
} else {
|
||||
$sql .= " AND f.fk_user_author = ".$userid;
|
||||
$sql .= " AND f.fk_user_author = ".((int) $userid);
|
||||
}
|
||||
}
|
||||
|
||||
@ -216,7 +216,7 @@ if (GETPOST("orphelins", "alpha")) {
|
||||
$sql .= natural_search('p.ref', $search_ref);
|
||||
}
|
||||
if ($search_account > 0) {
|
||||
$sql .= " AND b.fk_account=".$search_account;
|
||||
$sql .= " AND b.fk_account=".((int) $search_account);
|
||||
}
|
||||
if ($search_paymenttype != '') {
|
||||
$sql .= " AND c.code='".$db->escape($search_paymenttype)."'";
|
||||
|
||||
@ -115,7 +115,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND f.fk_soc = ".$socid;
|
||||
$sql .= " AND f.fk_soc = ".((int) $socid);
|
||||
}
|
||||
|
||||
$resql = $db->query($sql);
|
||||
|
||||
@ -351,12 +351,12 @@ if ($id > 0 || $ref) {
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes as pl";
|
||||
$sql .= ", ".MAIN_DB_PREFIX."prelevement_bons as pb";
|
||||
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
|
||||
$sql .= " WHERE pl.fk_prelevement_bons = ".$id;
|
||||
$sql .= " WHERE pl.fk_prelevement_bons = ".((int) $id);
|
||||
$sql .= " AND pl.fk_prelevement_bons = pb.rowid";
|
||||
$sql .= " AND pb.entity = ".$conf->entity;
|
||||
$sql .= " AND pl.fk_soc = s.rowid";
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= $db->order($sortfield, $sortorder);
|
||||
|
||||
|
||||
@ -319,7 +319,7 @@ if ($type == 'bank-transfer') {
|
||||
$sql .= " AND pfd.fk_facture = f.rowid";
|
||||
}
|
||||
if ($socid > 0) {
|
||||
$sql .= " AND f.fk_soc = ".$socid;
|
||||
$sql .= " AND f.fk_soc = ".((int) $socid);
|
||||
}
|
||||
|
||||
$nbtotalofrecords = '';
|
||||
|
||||
@ -141,14 +141,14 @@ if (!$user->rights->societe->client->voir && !$socid) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND f.fk_soc = ".$socid;
|
||||
$sql .= " AND f.fk_soc = ".((int) $socid);
|
||||
}
|
||||
if (!$status) {
|
||||
$sql .= " AND pfd.traite = 0";
|
||||
}
|
||||
$sql .= " AND pfd.ext_payment_id IS NULL";
|
||||
if ($status) {
|
||||
$sql .= " AND pfd.traite = ".$status;
|
||||
$sql .= " AND pfd.traite = ".((int) $status);
|
||||
}
|
||||
$sql .= " AND f.total_ttc > 0";
|
||||
if (empty($conf->global->WITHDRAWAL_ALLOW_ANY_INVOICE_STATUS)) {
|
||||
|
||||
@ -195,10 +195,10 @@ if ($object->type != 'bank-transfer') {
|
||||
$sql .= " AND f.entity IN (".getEntity('supplier_invoice').")";
|
||||
}
|
||||
if ($object->id > 0) {
|
||||
$sql .= " AND p.rowid=".$object->id;
|
||||
$sql .= " AND p.rowid = ".((int) $object->id);
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= $db->order($sortfield, $sortorder);
|
||||
|
||||
|
||||
@ -177,7 +177,7 @@ $sql .= " AND pl.fk_soc = s.rowid";
|
||||
$sql .= " AND pl.statut = 3 ";
|
||||
$sql .= " AND pr.fk_prelevement_lignes = pl.rowid";
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY pl.amount DESC";
|
||||
|
||||
|
||||
@ -115,7 +115,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND f.fk_soc = ".$socid;
|
||||
$sql .= " AND f.fk_soc = ".((int) $socid);
|
||||
}
|
||||
|
||||
$resql = $db->query($sql);
|
||||
|
||||
@ -262,9 +262,9 @@ if ($id) {
|
||||
$sql .= " AND f.fk_soc = s.rowid";
|
||||
$sql .= " AND pf.fk_facture = f.rowid";
|
||||
$sql .= " AND f.entity IN (".getEntity('invoice').")";
|
||||
$sql .= " AND pl.rowid=".$id;
|
||||
$sql .= " AND pl.rowid = ".((int) $id);
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY $sortfield $sortorder ";
|
||||
$sql .= $db->plimit($conf->liste_limit + 1, $offset);
|
||||
|
||||
@ -347,7 +347,7 @@ if (!empty($conf->facture->enabled) && ($modecompta == 'CREANCES-DETTES' || $mod
|
||||
|
||||
$sql .= " AND f.entity = ".$conf->entity;
|
||||
if ($socid) {
|
||||
$sql .= " AND f.fk_soc = ".$socid;
|
||||
$sql .= " AND f.fk_soc = ".((int) $socid);
|
||||
}
|
||||
$sql .= " GROUP BY dm";
|
||||
|
||||
|
||||
@ -281,7 +281,7 @@ if ($modecompta == 'CREANCES-DETTES') {
|
||||
if (! empty($date_start) && ! empty($date_end))
|
||||
$sql.= " AND t.doc_date >= '".$db->idate($date_start)."' AND t.doc_date <= '".$db->idate($date_end)."'";
|
||||
if (! empty($month)) {
|
||||
$sql .= " AND MONTH(t.doc_date) = " . $month;
|
||||
$sql .= " AND MONTH(t.doc_date) = " . ((int) $month);
|
||||
}
|
||||
$resql = $db->query($sql);
|
||||
if ($resql)
|
||||
|
||||
@ -209,10 +209,6 @@ if ($year > 0) {
|
||||
$sql .= "OR (cs.periode IS NULL AND date_format(cs.date_ech, '%Y') = '".$db->escape($year)."')";
|
||||
$sql .= ")";
|
||||
}
|
||||
if ($filtre) {
|
||||
$filtre = str_replace(":", "=", $filtre);
|
||||
$sql .= " AND ".$filtre;
|
||||
}
|
||||
if ($search_typeid) {
|
||||
$sql .= " AND cs.fk_type=".$db->escape($search_typeid);
|
||||
}
|
||||
|
||||
@ -4129,7 +4129,7 @@ class Form
|
||||
*
|
||||
* @param string $selected Id shipping mode pre-selected
|
||||
* @param string $htmlname Name of select zone
|
||||
* @param string $filtre To filter list
|
||||
* @param string $filtre To filter list. This parameter must not come from input of users
|
||||
* @param int $useempty 1=Add an empty value in list, 2=Add an empty value in list only if there is more than 2 entries.
|
||||
* @param string $moreattrib To add more attribute on select
|
||||
* @param int $noinfoadmin 0=Add admin info, 1=Disable admin info
|
||||
@ -4324,7 +4324,7 @@ class Form
|
||||
* @param string $selected Id account pre-selected
|
||||
* @param string $htmlname Name of select zone
|
||||
* @param int $status Status of searched accounts (0=open, 1=closed, 2=both)
|
||||
* @param string $filtre To filter list
|
||||
* @param string $filtre To filter list. This parameter must not come from input of users
|
||||
* @param int $useempty 1=Add an empty value in list, 2=Add an empty value in list only if there is more than 2 entries.
|
||||
* @param string $moreattrib To add more attribute on select
|
||||
* @param int $showcurrency Show currency in label
|
||||
@ -4410,7 +4410,7 @@ class Form
|
||||
* @param string $selected Id establishment pre-selected
|
||||
* @param string $htmlname Name of select zone
|
||||
* @param int $status Status of searched establishment (0=open, 1=closed, 2=both)
|
||||
* @param string $filtre To filter list
|
||||
* @param string $filtre To filter list. This parameter must not come from input of users
|
||||
* @param int $useempty 1=Add an empty value in list, 2=Add an empty value in list only if there is more than 2 entries.
|
||||
* @param string $moreattrib To add more attribute on select
|
||||
* @return int <0 if error, Num of establishment found if OK (0, 1, 2, ...)
|
||||
|
||||
@ -3543,7 +3543,7 @@ class Product extends CommonObject
|
||||
$sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid > 0) {
|
||||
$sql .= " AND p.fk_soc = ".$socid;
|
||||
$sql .= " AND p.fk_soc = ".((int) $socid);
|
||||
}
|
||||
$sql .= $morefilter;
|
||||
$sql .= " GROUP BY date_format(p.date_valid,'%Y%m')";
|
||||
|
||||
@ -475,13 +475,13 @@ if ($fourn_id > 0) {
|
||||
$sql .= " AND pfp.fk_soc = ".((int) $fourn_id);
|
||||
}
|
||||
if ($search_country) {
|
||||
$sql .= " AND p.fk_country = ".$search_country;
|
||||
$sql .= " AND p.fk_country = ".((int) $search_country);
|
||||
}
|
||||
if ($search_state) {
|
||||
$sql .= " AND p.fk_state = ".$search_state;
|
||||
$sql .= " AND p.fk_state = ".((int) $search_state);
|
||||
}
|
||||
if ($search_finished >= 0 && $search_finished !== '') {
|
||||
$sql .= " AND p.finished = ".$search_finished;
|
||||
$sql .= " AND p.finished = ".((int) $search_finished);
|
||||
}
|
||||
if ($search_accountancy_code_sell) {
|
||||
$sql .= natural_search('p.accountancy_code_sell', $search_accountancy_code_sell);
|
||||
|
||||
@ -140,7 +140,7 @@ $sql .= ", ".MAIN_DB_PREFIX."product as p";
|
||||
$sql .= ' WHERE p.entity IN ('.getEntity('product').')';
|
||||
$sql .= " AND p.rowid = pd.fk_product";
|
||||
if ($type !== '') {
|
||||
$sql .= " AND fk_product_type = ".$type;
|
||||
$sql .= " AND fk_product_type = ".((int) $type);
|
||||
}
|
||||
$sql .= " GROUP BY p.rowid, p.label, p.ref, p.fk_product_type";
|
||||
|
||||
|
||||
@ -177,19 +177,19 @@ if ($snom) {
|
||||
$sql .= natural_search('p.label', $snom);
|
||||
}
|
||||
if (!empty($tosell)) {
|
||||
$sql .= " AND p.tosell = ".$tosell;
|
||||
$sql .= " AND p.tosell = ".((int) $tosell);
|
||||
}
|
||||
if (!empty($tobuy)) {
|
||||
$sql .= " AND p.tobuy = ".$tobuy;
|
||||
$sql .= " AND p.tobuy = ".((int) $tobuy);
|
||||
}
|
||||
if (!empty($canvas)) {
|
||||
$sql .= " AND p.canvas = '".$db->escape($canvas)."'";
|
||||
}
|
||||
if ($catid) {
|
||||
$sql .= " AND cp.fk_categorie = ".$catid;
|
||||
if ($catid > 0) {
|
||||
$sql .= " AND cp.fk_categorie = ".((int) $catid);
|
||||
}
|
||||
if ($fourn_id > 0) {
|
||||
$sql .= " AND p.rowid = pf.fk_product AND pf.fk_soc = ".$fourn_id;
|
||||
$sql .= " AND p.rowid = pf.fk_product AND pf.fk_soc = ".((int) $fourn_id);
|
||||
}
|
||||
// Insert categ filter
|
||||
if ($search_categ) {
|
||||
|
||||
@ -165,19 +165,19 @@ if ($snom) {
|
||||
$sql .= natural_search("p.label", $snom);
|
||||
}
|
||||
if (!empty($tosell)) {
|
||||
$sql .= " AND p.tosell = ".$tosell;
|
||||
$sql .= " AND p.tosell = ".((int) $tosell);
|
||||
}
|
||||
if (!empty($tobuy)) {
|
||||
$sql .= " AND p.tobuy = ".$tobuy;
|
||||
$sql .= " AND p.tobuy = ".((int) $tobuy);
|
||||
}
|
||||
if (!empty($canvas)) {
|
||||
$sql .= " AND p.canvas = '".$db->escape($canvas)."'";
|
||||
}
|
||||
if ($catid) {
|
||||
$sql .= " AND cp.fk_categorie = ".$catid;
|
||||
if ($catid > 0) {
|
||||
$sql .= " AND cp.fk_categorie = ".((int) $catid);
|
||||
}
|
||||
if ($fourn_id > 0) {
|
||||
$sql .= " AND p.rowid = pf.fk_product AND pf.fk_soc = ".$fourn_id;
|
||||
$sql .= " AND p.rowid = pf.fk_product AND pf.fk_soc = ".((int) $fourn_id);
|
||||
}
|
||||
// Insert categ filter
|
||||
if ($search_categ) {
|
||||
|
||||
@ -162,7 +162,7 @@ if ($id > 0 || !empty($ref)) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND c.fk_soc = ".$socid;
|
||||
$sql .= " AND c.fk_soc = ".((int) $socid);
|
||||
}
|
||||
$sql .= $db->order($sortfield, $sortorder);
|
||||
|
||||
|
||||
@ -162,7 +162,7 @@ if ($id > 0 || !empty($ref)) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND c.fk_soc = ".$socid;
|
||||
$sql .= " AND c.fk_soc = ".((int) $socid);
|
||||
}
|
||||
$sql .= $db->order($sortfield, $sortorder);
|
||||
|
||||
|
||||
@ -148,7 +148,7 @@ if ($id > 0 || !empty($ref)) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " GROUP BY c.rowid, c.ref, c.ref_customer, c.ref_supplier, c.date_contrat, c.statut, s.nom, s.rowid, s.code_client";
|
||||
$sql .= $db->order($sortfield, $sortorder);
|
||||
|
||||
@ -179,7 +179,7 @@ if ($id > 0 || !empty($ref)) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND f.fk_soc = ".$socid;
|
||||
$sql .= " AND f.fk_soc = ".((int) $socid);
|
||||
}
|
||||
$sql .= $db->order($sortfield, $sortorder);
|
||||
|
||||
|
||||
@ -162,7 +162,7 @@ if ($id > 0 || !empty($ref)) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND f.fk_soc = ".$socid;
|
||||
$sql .= " AND f.fk_soc = ".((int) $socid);
|
||||
}
|
||||
$sql .= " ORDER BY $sortfield $sortorder ";
|
||||
|
||||
|
||||
@ -140,7 +140,7 @@ if ($id > 0 || !empty($ref)) {
|
||||
$sql .= " AND c.entity IN (".getEntity('mo').")";
|
||||
$sql .= " AND cd.fk_product =".$product->id;
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= " GROUP BY c.rowid, c.ref, c.date_valid, c.status";
|
||||
//$sql .= ", s.nom, s.rowid, s.code_client";
|
||||
|
||||
@ -163,7 +163,7 @@ if ($id > 0 || !empty($ref)) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND p.fk_soc = ".$socid;
|
||||
$sql .= " AND p.fk_soc = ".((int) $socid);
|
||||
}
|
||||
$sql .= $db->order($sortfield, $sortorder);
|
||||
|
||||
|
||||
@ -163,7 +163,7 @@ if ($id > 0 || !empty($ref)) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND p.fk_soc = ".$socid;
|
||||
$sql .= " AND p.fk_soc = ".((int) $socid);
|
||||
}
|
||||
$sql .= $db->order($sortfield, $sortorder);
|
||||
|
||||
|
||||
@ -547,7 +547,7 @@ class Entrepot extends CommonObject
|
||||
$sql = "SELECT rowid, ref as label";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."entrepot";
|
||||
$sql .= " WHERE entity IN (".getEntity('stock').")";
|
||||
$sql .= " AND statut = ".$status;
|
||||
$sql .= " AND statut = ".((int) $status);
|
||||
|
||||
$result = $this->db->query($sql);
|
||||
$i = 0;
|
||||
|
||||
@ -456,7 +456,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON m.fk_user_author = u.rowid";
|
||||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON m.batch = pl.batch AND m.fk_product = pl.fk_product";
|
||||
$sql .= " WHERE m.fk_product = p.rowid";
|
||||
if ($msid > 0) {
|
||||
$sql .= " AND m.rowid = ".$msid;
|
||||
$sql .= " AND m.rowid = ".((int) $msid);
|
||||
}
|
||||
$sql .= " AND m.fk_entrepot = e.rowid";
|
||||
$sql .= " AND e.entity IN (".getEntity('stock').")";
|
||||
@ -464,7 +464,7 @@ if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) {
|
||||
$sql .= " AND p.fk_product_type = 0";
|
||||
}
|
||||
if ($id > 0) {
|
||||
$sql .= " AND e.rowid ='".$id."'";
|
||||
$sql .= " AND e.rowid = ".((int) $id);
|
||||
}
|
||||
$sql .= dolSqlDateFilter('m.datem', 0, $month, $year);
|
||||
if ($idproduct > 0) {
|
||||
|
||||
@ -503,7 +503,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON m.fk_user_author = u.rowid";
|
||||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl ON m.batch = pl.batch AND m.fk_product = pl.fk_product";
|
||||
$sql .= " WHERE m.fk_product = p.rowid";
|
||||
if ($msid > 0) {
|
||||
$sql .= " AND m.rowid = ".$msid;
|
||||
$sql .= " AND m.rowid = ".((int) $msid);
|
||||
}
|
||||
$sql .= " AND m.fk_entrepot = e.rowid";
|
||||
$sql .= " AND e.entity IN (".getEntity('stock').")";
|
||||
@ -511,7 +511,7 @@ if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) {
|
||||
$sql .= " AND p.fk_product_type = 0";
|
||||
}
|
||||
if ($id > 0) {
|
||||
$sql .= " AND e.rowid ='".$id."'";
|
||||
$sql .= " AND e.rowid = ".((int) $id);
|
||||
}
|
||||
if (!empty($search_date_start)) {
|
||||
$sql .= " AND m.datem >= '" . $db->idate($search_date_start) . "'";
|
||||
|
||||
@ -1266,10 +1266,10 @@ class Task extends CommonObject
|
||||
$sql .= $morewherefilter;
|
||||
}
|
||||
if ($id > 0) {
|
||||
$sql .= " AND t.fk_task = ".$id;
|
||||
$sql .= " AND t.fk_task = ".((int) $id);
|
||||
}
|
||||
if ($userid > 0) {
|
||||
$sql .= " AND t.fk_user = ".$userid;
|
||||
$sql .= " AND t.fk_user = ".((int) $userid);
|
||||
}
|
||||
|
||||
dol_syslog(get_class($this)."::getSummaryOfTimeSpent", LOG_DEBUG);
|
||||
|
||||
@ -426,7 +426,7 @@ if ($search_public != '') {
|
||||
// For external user, no check is done on company permission because readability is managed by public status of project and assignement.
|
||||
//if ($socid > 0) $sql.= " AND s.rowid = ".$socid;
|
||||
if ($search_sale > 0) {
|
||||
$sql .= " AND sc.fk_user = ".$search_sale;
|
||||
$sql .= " AND sc.fk_user = ".((int) $search_sale);
|
||||
}
|
||||
// No check is done on company permission because readability is managed by public status of project and assignement.
|
||||
//if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
|
||||
|
||||
@ -275,10 +275,6 @@ if ($search_account > 0) {
|
||||
if ($search_status != '' && $search_status >= 0) {
|
||||
$sql .= " AND s.paye = ".$db->escape($search_status);
|
||||
}
|
||||
if ($filtre) {
|
||||
$filtre = str_replace(":", "=", $filtre);
|
||||
$sql .= " AND ".$filtre;
|
||||
}
|
||||
if ($search_type_id) {
|
||||
$sql .= " AND s.fk_typepayment=".$search_type_id;
|
||||
}
|
||||
|
||||
@ -1364,10 +1364,10 @@ class Thirdparties extends DolibarrApi
|
||||
$sql = "SELECT rowid";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_rib";
|
||||
if ($id) {
|
||||
$sql .= " WHERE fk_soc = ".$id." ";
|
||||
$sql .= " WHERE fk_soc = ".((int) $id);
|
||||
}
|
||||
if ($companybankid) {
|
||||
$sql .= " AND rowid = ".$companybankid."";
|
||||
$sql .= " AND rowid = ".((int) $companybankid);
|
||||
}
|
||||
|
||||
$i = 0;
|
||||
@ -1433,9 +1433,9 @@ class Thirdparties extends DolibarrApi
|
||||
* We select all the records that match the socid
|
||||
*/
|
||||
$sql = "SELECT rowid, fk_soc, key_account, site, date_creation, tms FROM ".MAIN_DB_PREFIX."societe_account";
|
||||
$sql .= " WHERE fk_soc = $id";
|
||||
$sql .= " WHERE fk_soc = ".((int) $id);
|
||||
if ($site) {
|
||||
$sql .= " AND site ='$site'";
|
||||
$sql .= " AND site ='".$this->db-escape($site)."'";
|
||||
}
|
||||
|
||||
$result = $this->db->query($sql);
|
||||
|
||||
@ -101,8 +101,8 @@ $sql .= ' WHERE s.entity IN ('.getEntity('societe').')';
|
||||
if (!$user->rights->societe->client->voir && !$socid) {
|
||||
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) {
|
||||
$sql .= " AND s.rowid = ".$socid;
|
||||
if ($socid > 0) {
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
if (!$user->rights->fournisseur->lire) {
|
||||
$sql .= " AND (s.fournisseur <> 1 OR s.client <> 0)"; // client=0, fournisseur=0 must be visible
|
||||
|
||||
@ -283,7 +283,7 @@ if ($objectwebsiteaccount->ismultientitymanaged == 1) {
|
||||
} else {
|
||||
$sql .= " WHERE 1 = 1";
|
||||
}
|
||||
$sql .= " AND fk_soc = ".$object->id;
|
||||
$sql .= " AND fk_soc = ".((int) $object->id);
|
||||
foreach ($search as $key => $val) {
|
||||
$mode_search = (($objectwebsiteaccount->isInt($objectwebsiteaccount->fields[$key]) || $objectwebsiteaccount->isFloat($objectwebsiteaccount->fields[$key])) ? 1 : 0);
|
||||
if ($search[$key] != '') {
|
||||
|
||||
@ -100,7 +100,7 @@ class Stripe extends CommonObject
|
||||
$sql .= " WHERE service = '".$this->db->escape($mode)."'";
|
||||
$sql .= " AND entity = ".((int) $entity);
|
||||
if ($fk_soc > 0) {
|
||||
$sql .= " AND fk_soc = ".$fk_soc;
|
||||
$sql .= " AND fk_soc = ".((int) $fk_soc);
|
||||
} else {
|
||||
$sql .= " AND fk_soc IS NULL";
|
||||
}
|
||||
|
||||
@ -1209,9 +1209,9 @@ class SupplierProposal extends CommonObject
|
||||
$sql .= " WHERE p.fk_statut = c.id";
|
||||
$sql .= " AND p.entity IN (".getEntity('supplier_proposal').")";
|
||||
if ($ref) {
|
||||
$sql .= " AND p.ref='".$ref."'";
|
||||
$sql .= " AND p.ref = '".$this->db->escape($ref)."'";
|
||||
} else {
|
||||
$sql .= " AND p.rowid=".$rowid;
|
||||
$sql .= " AND p.rowid = ".((int) $rowid);
|
||||
}
|
||||
|
||||
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
|
||||
|
||||
@ -1419,7 +1419,7 @@ if ($placeid > 0) {
|
||||
$sql .= " ".MAIN_DB_PREFIX."product_stock as ps";
|
||||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = ps.fk_product";
|
||||
$sql .= " WHERE ps.reel != 0";
|
||||
$sql .= " AND ps.fk_entrepot = ".$conf->global->$constantforkey;
|
||||
$sql .= " AND ps.fk_entrepot = ".((int) $conf->global->$constantforkey);
|
||||
$sql .= " AND e.entity IN (".getEntity('stock').")";
|
||||
$sql .= " AND ps.fk_product = ".$line->fk_product;
|
||||
$resql = $db->query($sql);
|
||||
|
||||
@ -346,7 +346,7 @@ if (is_array($extrafields->attributes[$object->table_element]['label']) && count
|
||||
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON (t.fk_soc = s.rowid)";
|
||||
$sql .= " WHERE t.entity IN (".getEntity($object->element).")";
|
||||
if ($socid > 0) {
|
||||
$sql .= " AND t.fk_soc = ".$socid;
|
||||
$sql .= " AND t.fk_soc = ".((int) $socid);
|
||||
}
|
||||
|
||||
foreach ($search as $key => $val) {
|
||||
|
||||
@ -93,7 +93,7 @@ class Users extends DolibarrApi
|
||||
// Select products of given category
|
||||
if ($category > 0) {
|
||||
$sql .= " AND c.fk_categorie = ".$this->db->escape($category);
|
||||
$sql .= " AND c.fk_user = t.rowid ";
|
||||
$sql .= " AND c.fk_user = t.rowid";
|
||||
}
|
||||
|
||||
// Add sql filters
|
||||
|
||||
@ -2229,7 +2229,7 @@ class User extends CommonObject
|
||||
/**
|
||||
* Add user into a group
|
||||
*
|
||||
* @param int $group Id of group
|
||||
* @param int $group Id of group
|
||||
* @param int $entity Entity
|
||||
* @param int $notrigger Disable triggers
|
||||
* @return int <0 if KO, >0 if OK
|
||||
@ -2245,7 +2245,7 @@ class User extends CommonObject
|
||||
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user";
|
||||
$sql .= " WHERE fk_user = ".$this->id;
|
||||
$sql .= " AND fk_usergroup = ".$group;
|
||||
$sql .= " AND fk_usergroup = ".((int) $group);
|
||||
$sql .= " AND entity = ".$entity;
|
||||
|
||||
$result = $this->db->query($sql);
|
||||
@ -2286,7 +2286,7 @@ class User extends CommonObject
|
||||
/**
|
||||
* Remove a user from a group
|
||||
*
|
||||
* @param int $group Id of group
|
||||
* @param int $group Id of group
|
||||
* @param int $entity Entity
|
||||
* @param int $notrigger Disable triggers
|
||||
* @return int <0 if KO, >0 if OK
|
||||
@ -2302,7 +2302,7 @@ class User extends CommonObject
|
||||
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user";
|
||||
$sql .= " WHERE fk_user = ".$this->id;
|
||||
$sql .= " AND fk_usergroup = ".$group;
|
||||
$sql .= " AND fk_usergroup = ".((int) $group);
|
||||
$sql .= " AND entity = ".$entity;
|
||||
|
||||
$result = $this->db->query($sql);
|
||||
@ -3065,7 +3065,7 @@ class User extends CommonObject
|
||||
* fullpath = chemin complet compose des id: "_grandparentid_parentid_id"
|
||||
*
|
||||
* @param int $deleteafterid Removed all users including the leaf $deleteafterid (and all its child) in user tree.
|
||||
* @param string $filter SQL filter on users
|
||||
* @param string $filter SQL filter on users. This parameter must not come from user intput.
|
||||
* @return array Array of users $this->users. Note: $this->parentof is also set.
|
||||
*/
|
||||
public function get_full_tree($deleteafterid = 0, $filter = '')
|
||||
|
||||
@ -128,7 +128,7 @@ if ($reshook > 0) {
|
||||
$sql .= " WHERE u.entity IN (".getEntity('user').")";
|
||||
}
|
||||
if (!empty($socid)) {
|
||||
$sql .= " AND u.fk_soc = ".$socid;
|
||||
$sql .= " AND u.fk_soc = ".((int) $socid);
|
||||
}
|
||||
$sql .= $db->order("u.datec", "DESC");
|
||||
$sql .= $db->plimit($max);
|
||||
|
||||
@ -353,7 +353,7 @@ if ($reshook > 0) {
|
||||
$sql .= " WHERE u.entity IN (".getEntity('user').")";
|
||||
}
|
||||
if ($socid > 0) {
|
||||
$sql .= " AND u.fk_soc = ".$socid;
|
||||
$sql .= " AND u.fk_soc = ".((int) $socid);
|
||||
}
|
||||
//if ($search_user != '') $sql.=natural_search(array('u.login', 'u.lastname', 'u.firstname'), $search_user);
|
||||
if ($search_supervisor > 0) {
|
||||
|
||||
@ -194,7 +194,7 @@ $permsuser = array();
|
||||
$sql = "SELECT DISTINCT ur.fk_id";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."user_rights as ur";
|
||||
$sql .= " WHERE ur.entity = ".$entity;
|
||||
$sql .= " AND ur.fk_user = ".$object->id;
|
||||
$sql .= " AND ur.fk_user = ".((int) $object->id);
|
||||
|
||||
dol_syslog("get user perms", LOG_DEBUG);
|
||||
$result = $db->query($sql);
|
||||
|
||||
@ -1415,7 +1415,7 @@ class Website extends CommonObject
|
||||
$sql = "SELECT wp.rowid, wp.lang, wp.pageurl, wp.fk_page";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."website_page as wp";
|
||||
$sql .= " WHERE wp.fk_website = ".$website->id;
|
||||
$sql .= " AND (wp.fk_page = ".$pageid." OR wp.rowid = ".$pageid;
|
||||
$sql .= " AND (wp.fk_page = ".((int) $pageid)." OR wp.rowid = ".((int) $pageid);
|
||||
if ($tmppage->fk_page > 0) {
|
||||
$sql .= " OR wp.fk_page = ".$tmppage->fk_page." OR wp.rowid = ".$tmppage->fk_page;
|
||||
}
|
||||
|
||||
@ -180,7 +180,7 @@ class ZapierApi extends DolibarrApi
|
||||
$sql .= " AND t.fk_soc = sc.fk_soc";
|
||||
}
|
||||
if ($restrictonsocid && $socid) {
|
||||
$sql .= " AND t.fk_soc = ".$socid;
|
||||
$sql .= " AND t.fk_soc = ".((int) $socid);
|
||||
}
|
||||
if ($restrictonsocid && $search_sale > 0) {
|
||||
// Join for the needed table to filter by sale
|
||||
@ -188,7 +188,7 @@ class ZapierApi extends DolibarrApi
|
||||
}
|
||||
// Insert sale filter
|
||||
if ($restrictonsocid && $search_sale > 0) {
|
||||
$sql .= " AND sc.fk_user = ".$search_sale;
|
||||
$sql .= " AND sc.fk_user = ".((int) $search_sale);
|
||||
}
|
||||
if ($sqlfilters) {
|
||||
if (!DolibarrApi::_checkFilters($sqlfilters)) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user