FIX #yogosha5746 - next step (work in progress)

2021-03-30 17:53:25 +02:00 · 2021-03-30 17:53:25 +02:00 · d2290a8e13
commit d2290a8e13
parent fae3cca494
13 changed files with 19 additions and 19 deletions
--- a/htdocs/accountancy/admin/account.php
+++ b/htdocs/accountancy/admin/account.php
@ -218,7 +218,7 @@ if ($db->type == 'pgsql') {
 } else {
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = aa.account_parent AND a2.entity = ".$conf->entity;
 }
-$sql .= " WHERE asy.rowid = ".$pcgver;
+$sql .= " WHERE asy.rowid = ".((int) $pcgver);
 //print $sql;
 if (strlen(trim($search_account))) {
 	$lengthpaddingaccount = 0;
--- a/htdocs/accountancy/bookkeeping/list.php
+++ b/htdocs/accountancy/bookkeeping/list.php
@ -520,7 +520,7 @@ if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->ex
 					$sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping";
 					$sql .= " SET date_export = '".$db->idate($now)."'";
 					$sql .= " , date_validated = '".$db->idate($now)."'";
-					$sql .= " WHERE rowid = ".$movement->id;
+					$sql .= " WHERE rowid = ".((int) $movement->id);

 					dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported sql=".$sql, LOG_DEBUG);
 					$result = $db->query($sql);
--- a/htdocs/accountancy/class/accountancycategory.class.php
+++ b/htdocs/accountancy/class/accountancycategory.class.php
@ -428,7 +428,7 @@ class AccountancyCategory // extends CommonObject
 		global $conf;
 		$sql = "SELECT t.rowid, t.account_number, t.label";
 		$sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t";
-		$sql .= " WHERE t.fk_accounting_category = ".$id;
+		$sql .= " WHERE t.fk_accounting_category = ".((int) $id);
 		$sql .= " AND t.entity = ".$conf->entity;

 		$this->lines_display = array();
--- a/htdocs/accountancy/closure/index.php
+++ b/htdocs/accountancy/closure/index.php
@ -91,9 +91,9 @@ if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting-

 				$sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping";
 				$sql .= " SET date_validated = '".$db->idate($now)."'";
-				$sql .= " WHERE rowid = ".$movement->id;
-				$sql .= " AND doc_date >= '" . dol_print_date($date_start, 'dayrfc') . "'";
-				$sql .= " AND doc_date <= '" . dol_print_date($date_end, 'dayrfc') . "'";
+				$sql .= " WHERE rowid = ".((int) $movement->id);
+				$sql .= " AND doc_date >= '" . $db->idate($date_start) . "'";
+				$sql .= " AND doc_date <= '" . $db->idate($date_end) . "'";

 				dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated sql=".$sql, LOG_DEBUG);
 				$result = $db->query($sql);
--- a/htdocs/accountancy/customer/index.php
+++ b/htdocs/accountancy/customer/index.php
@ -208,7 +208,7 @@ if ($action == 'validatehistory') {
 			if ($objp->aarowid_suggest > 0) {
 				$sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facturedet";
 				$sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest);
-				$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid;
+				$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid);

 				$resqlupdate = $db->query($sqlupdate);
 				if (!$resqlupdate) {
--- a/htdocs/accountancy/expensereport/list.php
+++ b/htdocs/accountancy/expensereport/list.php
@ -154,7 +154,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) {
 			} else {
 				$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det";
 				$sql .= " SET fk_code_ventilation = ".((int) $monCompte);
-				$sql .= " WHERE rowid = ".$monId;
+				$sql .= " WHERE rowid = ".((int) $monId);

 				$accountventilated = new AccountingAccount($db);
 				$accountventilated->fetch($monCompte, '', 1);
--- a/htdocs/accountancy/supplier/index.php
+++ b/htdocs/accountancy/supplier/index.php
@ -194,7 +194,7 @@ if ($action == 'validatehistory') {
 			if ($objp->aarowid_suggest > 0) {
 				$sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
 				$sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest);
-				$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid;
+				$sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid);

 				$resqlupdate = $db->query($sqlupdate);
 				if (!$resqlupdate) {
--- a/htdocs/accountancy/supplier/list.php
+++ b/htdocs/accountancy/supplier/list.php
@ -178,7 +178,7 @@ if ($massaction == 'ventil') {
 			} else {
 				$sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det";
 				$sql .= " SET fk_code_ventilation = ".((int) $monCompte);
-				$sql .= " WHERE rowid = ".$monId;
+				$sql .= " WHERE rowid = ".((int) $monId);

 				$accountventilated = new AccountingAccount($db);
 				$accountventilated->fetch($monCompte, '', 1);
--- a/htdocs/adherents/canvas/actions_adherentcard_common.class.php
+++ b/htdocs/adherents/canvas/actions_adherentcard_common.class.php
@ -273,7 +273,7 @@ abstract class ActionsAdherentCardCommon

 		// We set country_id, and country_code label of the chosen country
 		if ($this->object->country_id) {
-			$sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id;
+			$sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id);
 			$resql = $this->db->query($sql);
 			if ($resql) {
 				$obj = $this->db->fetch_object($resql);
--- a/htdocs/adherents/class/adherent.class.php
+++ b/htdocs/adherents/class/adherent.class.php
@ -692,7 +692,7 @@ class Adherent extends CommonObject
 			$sql .= ", datevalid = '".$this->db->idate($this->datevalid)."'"; // Must be modified only when validating a member
 		}
 		$sql .= ", fk_user_mod = ".($user->id > 0 ? $user->id : 'null'); // Can be null because member can be create by a guest
-		$sql .= " WHERE rowid = ".$this->id;
+		$sql .= " WHERE rowid = ".((int) $this->id);

 		// If we change the type of membership, we set also label of new type
 		if (!empty($this->oldcopy) && $this->typeid != $this->oldcopy->typeid) {
@ -964,7 +964,7 @@ class Adherent extends CommonObject
 		}

 		// Remove category
-		$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".$rowid;
+		$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".((int) $rowid);
 		dol_syslog(get_class($this)."::delete", LOG_DEBUG);
 		$resql = $this->db->query($sql);
 		if (!$resql) {
@ -975,7 +975,7 @@ class Adherent extends CommonObject

 		// Remove subscription
 		if (!$error) {
-			$sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".$rowid;
+			$sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".((int) $rowid);
 			dol_syslog(get_class($this)."::delete", LOG_DEBUG);
 			$resql = $this->db->query($sql);
 			if (!$resql) {
@ -1007,7 +1007,7 @@ class Adherent extends CommonObject

 		// Remove adherent
 		if (!$error) {
-			$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".$rowid;
+			$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".((int) $rowid);
 			dol_syslog(get_class($this)."::delete", LOG_DEBUG);
 			$resql = $this->db->query($sql);
 			if (!$resql) {
@ -1154,7 +1154,7 @@ class Adherent extends CommonObject
 		// Set link to user
 		if ($userid > 0) {
 			$sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id);
-			$sql .= " WHERE rowid = ".$userid;
+			$sql .= " WHERE rowid = ".((int) $userid);
 			dol_syslog(get_class($this)."::setUserId", LOG_DEBUG);
 			$resql = $this->db->query($sql);
 			if (!$resql) {
--- a/htdocs/adherents/class/adherent_type.class.php
+++ b/htdocs/adherents/class/adherent_type.class.php
@ -425,7 +425,7 @@ class AdherentType extends CommonObject
 		$error = 0;

 		$sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent_type";
-		$sql .= " WHERE rowid = ".$this->id;
+		$sql .= " WHERE rowid = ".((int) $this->id);

 		$resql = $this->db->query($sql);
 		if ($resql) {
--- a/htdocs/adherents/class/adherentstats.class.php
+++ b/htdocs/adherents/class/adherentstats.class.php
@ -72,7 +72,7 @@ class AdherentStats extends Stats
 		$this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")";
 		//if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
 		if ($this->memberid) {
-			$this->where .= " AND m.rowid = ".$this->memberid;
+			$this->where .= " AND m.rowid = ".((int) $this->memberid);
 		}
 		//if ($this->userid > 0) $this->where.=' AND fk_user_author = '.$this->userid;
 	}
--- a/htdocs/public/emailing/mailing-read.php
+++ b/htdocs/public/emailing/mailing-read.php
@ -134,7 +134,7 @@ if (!empty($tag)) {

 	//Update status communication of contact prospect
 	if ($obj->source_id > 0 && $obj->source_type == 'contact' && $obj->entity) {
-		$sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '((int) $obj->source_id).')';
+		$sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.((int) $obj->source_id).')';
 		$resql = $db->query($sql);
 	}
 }