From d2290a8e13d3744a7fbc3198e5b82d2cae01731d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 17:53:25 +0200 Subject: [PATCH] FIX #yogosha5746 - next step (work in progress) --- htdocs/accountancy/admin/account.php | 2 +- htdocs/accountancy/bookkeeping/list.php | 2 +- htdocs/accountancy/class/accountancycategory.class.php | 2 +- htdocs/accountancy/closure/index.php | 6 +++--- htdocs/accountancy/customer/index.php | 2 +- htdocs/accountancy/expensereport/list.php | 2 +- htdocs/accountancy/supplier/index.php | 2 +- htdocs/accountancy/supplier/list.php | 2 +- .../canvas/actions_adherentcard_common.class.php | 2 +- htdocs/adherents/class/adherent.class.php | 10 +++++----- htdocs/adherents/class/adherent_type.class.php | 2 +- htdocs/adherents/class/adherentstats.class.php | 2 +- htdocs/public/emailing/mailing-read.php | 2 +- 13 files changed, 19 insertions(+), 19 deletions(-) diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index cf2bd2065a2..39bf2b07b29 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -218,7 +218,7 @@ if ($db->type == 'pgsql') { } else { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = aa.account_parent AND a2.entity = ".$conf->entity; } -$sql .= " WHERE asy.rowid = ".$pcgver; +$sql .= " WHERE asy.rowid = ".((int) $pcgver); //print $sql; if (strlen(trim($search_account))) { $lengthpaddingaccount = 0; diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index 8daefea76d2..b3f946e9245 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -520,7 +520,7 @@ if ($action == 'export_fileconfirm' && $user->rights->accounting->mouvements->ex $sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping"; $sql .= " SET date_export = '".$db->idate($now)."'"; $sql .= " , date_validated = '".$db->idate($now)."'"; - $sql .= " WHERE rowid = ".$movement->id; + $sql .= " WHERE rowid = ".((int) $movement->id); dol_syslog("/accountancy/bookeeping/list.php Function export_file Specify movements as exported sql=".$sql, LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/accountancy/class/accountancycategory.class.php b/htdocs/accountancy/class/accountancycategory.class.php index 9301c809125..3e171110c8b 100644 --- a/htdocs/accountancy/class/accountancycategory.class.php +++ b/htdocs/accountancy/class/accountancycategory.class.php @@ -428,7 +428,7 @@ class AccountancyCategory // extends CommonObject global $conf; $sql = "SELECT t.rowid, t.account_number, t.label"; $sql .= " FROM ".MAIN_DB_PREFIX."accounting_account as t"; - $sql .= " WHERE t.fk_accounting_category = ".$id; + $sql .= " WHERE t.fk_accounting_category = ".((int) $id); $sql .= " AND t.entity = ".$conf->entity; $this->lines_display = array(); diff --git a/htdocs/accountancy/closure/index.php b/htdocs/accountancy/closure/index.php index 3ba552cdfa4..390c288b606 100644 --- a/htdocs/accountancy/closure/index.php +++ b/htdocs/accountancy/closure/index.php @@ -91,9 +91,9 @@ if ($action == 'validate_movements_confirm' && !empty($user->rights->accounting- $sql = " UPDATE ".MAIN_DB_PREFIX."accounting_bookkeeping"; $sql .= " SET date_validated = '".$db->idate($now)."'"; - $sql .= " WHERE rowid = ".$movement->id; - $sql .= " AND doc_date >= '" . dol_print_date($date_start, 'dayrfc') . "'"; - $sql .= " AND doc_date <= '" . dol_print_date($date_end, 'dayrfc') . "'"; + $sql .= " WHERE rowid = ".((int) $movement->id); + $sql .= " AND doc_date >= '" . $db->idate($date_start) . "'"; + $sql .= " AND doc_date <= '" . $db->idate($date_end) . "'"; dol_syslog("/accountancy/closure/index.php :: Function validate_movement_confirm Specify movements as validated sql=".$sql, LOG_DEBUG); $result = $db->query($sql); diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php index 354652c653c..6a8289f9d39 100644 --- a/htdocs/accountancy/customer/index.php +++ b/htdocs/accountancy/customer/index.php @@ -208,7 +208,7 @@ if ($action == 'validatehistory') { if ($objp->aarowid_suggest > 0) { $sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facturedet"; $sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest); - $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid; + $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid); $resqlupdate = $db->query($sqlupdate); if (!$resqlupdate) { diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index c7a1dec2d94..98decf4d27a 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -154,7 +154,7 @@ if ($massaction == 'ventil' && $user->rights->accounting->bind->write) { } else { $sql = " UPDATE ".MAIN_DB_PREFIX."expensereport_det"; $sql .= " SET fk_code_ventilation = ".((int) $monCompte); - $sql .= " WHERE rowid = ".$monId; + $sql .= " WHERE rowid = ".((int) $monId); $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php index fc295fdafa4..392551708de 100644 --- a/htdocs/accountancy/supplier/index.php +++ b/htdocs/accountancy/supplier/index.php @@ -194,7 +194,7 @@ if ($action == 'validatehistory') { if ($objp->aarowid_suggest > 0) { $sqlupdate = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; $sqlupdate .= " SET fk_code_ventilation = ".((int) $objp->aarowid_suggest); - $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".$objp->rowid; + $sqlupdate .= " WHERE fk_code_ventilation <= 0 AND product_type <= 2 AND rowid = ".((int) $objp->rowid); $resqlupdate = $db->query($sqlupdate); if (!$resqlupdate) { diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index c322ebef9a2..847e330e8e4 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -178,7 +178,7 @@ if ($massaction == 'ventil') { } else { $sql = " UPDATE ".MAIN_DB_PREFIX."facture_fourn_det"; $sql .= " SET fk_code_ventilation = ".((int) $monCompte); - $sql .= " WHERE rowid = ".$monId; + $sql .= " WHERE rowid = ".((int) $monId); $accountventilated = new AccountingAccount($db); $accountventilated->fetch($monCompte, '', 1); diff --git a/htdocs/adherents/canvas/actions_adherentcard_common.class.php b/htdocs/adherents/canvas/actions_adherentcard_common.class.php index 3c6e72cc783..2c0e1d992cc 100644 --- a/htdocs/adherents/canvas/actions_adherentcard_common.class.php +++ b/htdocs/adherents/canvas/actions_adherentcard_common.class.php @@ -273,7 +273,7 @@ abstract class ActionsAdherentCardCommon // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { - $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".$this->object->country_id; + $sql = "SELECT code, label FROM ".MAIN_DB_PREFIX."c_country WHERE rowid = ".((int) $this->object->country_id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index eca8668e308..79fef823883 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -692,7 +692,7 @@ class Adherent extends CommonObject $sql .= ", datevalid = '".$this->db->idate($this->datevalid)."'"; // Must be modified only when validating a member } $sql .= ", fk_user_mod = ".($user->id > 0 ? $user->id : 'null'); // Can be null because member can be create by a guest - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); // If we change the type of membership, we set also label of new type if (!empty($this->oldcopy) && $this->typeid != $this->oldcopy->typeid) { @@ -964,7 +964,7 @@ class Adherent extends CommonObject } // Remove category - $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_member WHERE fk_member = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -975,7 +975,7 @@ class Adherent extends CommonObject // Remove subscription if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."subscription WHERE fk_adherent = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1007,7 +1007,7 @@ class Adherent extends CommonObject // Remove adherent if (!$error) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".$rowid; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent WHERE rowid = ".((int) $rowid); dol_syslog(get_class($this)."::delete", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1154,7 +1154,7 @@ class Adherent extends CommonObject // Set link to user if ($userid > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."user SET fk_member = ".((int) $this->id); - $sql .= " WHERE rowid = ".$userid; + $sql .= " WHERE rowid = ".((int) $userid); dol_syslog(get_class($this)."::setUserId", LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index 460cefdeed3..b2f181e59be 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -425,7 +425,7 @@ class AdherentType extends CommonObject $error = 0; $sql = "DELETE FROM ".MAIN_DB_PREFIX."adherent_type"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/adherents/class/adherentstats.class.php b/htdocs/adherents/class/adherentstats.class.php index 62d0e03e27e..1f3dbd32cb6 100644 --- a/htdocs/adherents/class/adherentstats.class.php +++ b/htdocs/adherents/class/adherentstats.class.php @@ -72,7 +72,7 @@ class AdherentStats extends Stats $this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")"; //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id; if ($this->memberid) { - $this->where .= " AND m.rowid = ".$this->memberid; + $this->where .= " AND m.rowid = ".((int) $this->memberid); } //if ($this->userid > 0) $this->where.=' AND fk_user_author = '.$this->userid; } diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php index 91418707d3a..ea9eeb377e7 100644 --- a/htdocs/public/emailing/mailing-read.php +++ b/htdocs/public/emailing/mailing-read.php @@ -134,7 +134,7 @@ if (!empty($tag)) { //Update status communication of contact prospect if ($obj->source_id > 0 && $obj->source_type == 'contact' && $obj->entity) { - $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '((int) $obj->source_id).')'; + $sql = "UPDATE ".MAIN_DB_PREFIX.'societe SET fk_stcomm = 3 WHERE fk_stcomm <> -1 AND entity = '.$obj->entity.' AND rowid IN (SELECT sc.fk_soc FROM '.MAIN_DB_PREFIX.'socpeople AS sc WHERE sc.rowid = '.((int) $obj->source_id).')'; $resql = $db->query($sql); } }