lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #3309

Browse Source
This commit is contained in:
Laurent Destailleur 2015-08-20 16:05:29 +02:00
parent 1b409538a8
commit da8e71b2c5
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/societe/class/societe.class.php
View File

@ -672,7 +672,7 @@ class Societe extends CommonObject
$this->localtax2_value=trim($this->localtax2_value);
$this->capital=price2num(trim($this->capital),'MT');
if (empty($this->capital)) $this->capital = 0;
if (empty($this->capital) || ! is_numeric($this->capital)) $this->capital = 0;
$this->effectif_id=trim($this->effectif_id);
$this->forme_juridique_code=trim($this->forme_juridique_code);

2
htdocs/user/card.php
View File

@ -709,7 +709,7 @@ if (($action == 'create') || ($action == 'adduserldap'))
print '<form action="'.$_SERVER['PHP_SELF'].'" method="POST" name="createuser">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
if (! empty($ldap_sid)) print '<input type="hidden" name="ldap_sid" value="'.$ldap_sid.'">';
if (! empty($ldap_sid)) print '<input type="hidden" name="ldap_sid" value="'.dol_escape_htmltag($ldap_sid).'">';
print '<input type="hidden" name="entity" value="'.$conf->entity.'">';
print '<table class="border" width="100%">';

4
htdocs/user/class/user.class.php
View File

@ -182,7 +182,7 @@ class User extends CommonObject
if ($sid) // permet une recherche du user par son SID ActiveDirectory ou Samba
{
$sql.= " AND (u.ldap_sid = '".$sid."' OR u.login = '".$this->db->escape($login)."') LIMIT 1";
$sql.= " AND (u.ldap_sid = '".$this->db->escape($sid)."' OR u.login = '".$this->db->escape($login)."') LIMIT 1";
}
else if ($login)
{
@ -845,7 +845,7 @@ class User extends CommonObject
else
{
$sql = "INSERT INTO ".MAIN_DB_PREFIX."user (datec,login,ldap_sid,entity)";
$sql.= " VALUES('".$this->db->idate($this->datec)."','".$this->db->escape($this->login)."','".$this->ldap_sid."',".$this->db->escape($this->entity).")";
$sql.= " VALUES('".$this->db->idate($this->datec)."','".$this->db->escape($this->login)."','".$this->db->escape($this->ldap_sid)."',".$this->db->escape($this->entity).")";
$result=$this->db->query($sql);
dol_syslog(get_class($this)."::create", LOG_DEBUG);