From cbdd1949dfd462810eb0ff2657c5f9da687fd6ef Mon Sep 17 00:00:00 2001 From: delcroix Patrick Date: Mon, 13 Aug 2018 20:39:20 +0200 Subject: [PATCH] Fix #9205 quote in Label/number on supplier payment # Fix #9205 #9205 the num_paiement wasn't escaped, not sure it's an real issue but it was reported here https://www.dolibarr.fr/forum/8-mise-a-jour/62340-message-erreur-suite-mise-a-jour#99408 --- htdocs/fourn/class/paiementfourn.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/fourn/class/paiementfourn.class.php b/htdocs/fourn/class/paiementfourn.class.php index 49a24acf72b..494196e9c2d 100644 --- a/htdocs/fourn/class/paiementfourn.class.php +++ b/htdocs/fourn/class/paiementfourn.class.php @@ -193,7 +193,7 @@ class PaiementFourn extends Paiement $sql = 'INSERT INTO '.MAIN_DB_PREFIX.'paiementfourn ('; $sql.= 'ref, entity, datec, datep, amount, multicurrency_amount, fk_paiement, num_paiement, note, fk_user_author, fk_bank)'; $sql.= " VALUES ('".$this->db->escape($ref)."', ".$conf->entity.", '".$this->db->idate($now)."',"; - $sql.= " '".$this->db->idate($this->datepaye)."', '".$total."', '".$mtotal."', ".$this->paiementid.", '".$this->num_paiement."', '".$this->db->escape($this->note)."', ".$user->id.", 0)"; + $sql.= " '".$this->db->idate($this->datepaye)."', '".$total."', '".$mtotal."', ".$this->paiementid.", '".$this->db->escape($this->num_paiement)."', '".$this->db->escape($this->note)."', ".$user->id.", 0)"; $resql = $this->db->query($sql); if ($resql)