lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source 
Conflicts:
	htdocs/core/class/html.form.class.php
This commit is contained in:
Laurent Destailleur 2021-08-23 19:44:02 +02:00
commit dc006b0ebb
171 changed files with 763 additions and 749 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/accountancy/class/bookkeeping.class.php
View File

@ -297,7 +297,7 @@ class BookKeeping extends CommonObject
$sql .= " AND fk_doc = ".((int) $this->fk_doc);
if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) {
// DO NOT USE THIS IN PRODUCTION. This will generate a lot of trouble into reports and will corrupt database (by generating duplicate entries.
$sql .= " AND fk_docdet = ".$this->fk_docdet; // This field can be 0 if record is for several lines
$sql .= " AND fk_docdet = ".((int) $this->fk_docdet); // This field can be 0 if record is for several lines
}
$sql .= " AND numero_compte = '".$this->db->escape($this->numero_compte)."'";
$sql .= " AND label_operation = '".$this->db->escape($this->label_operation)."'";

2
htdocs/adherents/class/adherentstats.class.php
View File

@ -70,7 +70,7 @@ class AdherentStats extends Stats
$this->where .= " m.statut != -1";
$this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")";
//if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
//if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
if ($this->memberid) {
$this->where .= " AND m.rowid = ".((int) $this->memberid);
}

4
htdocs/admin/dolistore/class/dolistore.class.php
View File

@ -84,7 +84,7 @@ class Dolistore
try {
$this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api);
dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV);
dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV'));
// $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data.
// Here we set the option array for the Webservice : we want categories resources
@ -134,7 +134,7 @@ class Dolistore
try {
$this->api = new PrestaShopWebservice($conf->global->MAIN_MODULE_DOLISTORE_API_SRV, $conf->global->MAIN_MODULE_DOLISTORE_API_KEY, $this->debug_api);
dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".$conf->global->MAIN_MODULE_DOLISTORE_API_SRV);
dol_syslog("Call API with MAIN_MODULE_DOLISTORE_API_SRV = ".getDolGlobalString('MAIN_MODULE_DOLISTORE_API_SRV'));
// $conf->global->MAIN_MODULE_DOLISTORE_API_KEY is for the login of basic auth. There is no password as it is public data.
// Here we set the option array for the Webservice : we want products resources

4
htdocs/admin/mails_templates.php
View File

@ -564,8 +564,8 @@ $sql = "SELECT rowid as rowid, module, label, type_template, lang, fk_user, priv
$sql .= " FROM ".MAIN_DB_PREFIX."c_email_templates";
$sql .= " WHERE entity IN (".getEntity('email_template').")";
if (!$user->admin) {
$sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".$user->id."))"; // Show only public and private to me
$sql .= " AND (active = 1 OR fk_user = ".$user->id.")"; // Show only active or owned by me
$sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".((int) $user->id)."))"; // Show only public and private to me
$sql .= " AND (active = 1 OR fk_user = ".((int) $user->id).")"; // Show only active or owned by me
}
if (empty($conf->global->MAIN_MULTILANGS)) {
$sql .= " AND (lang = '".$db->escape($langs->defaultlang)."' OR lang IS NULL OR lang = '')";

26
htdocs/categories/class/categorie.class.php
View File

@ -547,7 +547,7 @@ class Categorie extends CommonObject
$sql .= ", visible = ".(int) $this->visible;
$sql .= ", fk_parent = ".(int) $this->fk_parent;
$sql .= ", fk_user_modif = ".(int) $user->id;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -693,7 +693,7 @@ class Categorie extends CommonObject
if ($this->db->query($sql)) {
if (!empty($conf->global->CATEGORIE_RECURSIV_ADD)) {
$sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'categorie';
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::add_type", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -781,7 +781,7 @@ class Categorie extends CommonObject
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]);
$sql .= " WHERE fk_categorie = ".$this->id;
$sql .= " WHERE fk_categorie = ".((int) $this->id);
$sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $obj->id);
dol_syslog(get_class($this).'::del_type', LOG_DEBUG);
@ -833,11 +833,11 @@ class Categorie extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type])." as c";
$sql .= ", ".MAIN_DB_PREFIX.(empty($this->MAP_OBJ_TABLE[$type]) ? $type : $this->MAP_OBJ_TABLE[$type])." as o";
$sql .= " WHERE o.entity IN (".getEntity($obj->element).")";
$sql .= " AND c.fk_categorie = ".$this->id;
$sql .= " AND c.fk_categorie = ".((int) $this->id);
$sql .= " AND c.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = o.rowid";
// Protection for external users
if (($type == 'customer' || $type == 'supplier') && $user->socid > 0) {
$sql .= " AND o.rowid = ".$user->socid;
$sql .= " AND o.rowid = ".((int) $user->socid);
}
if ($limit > 0 || $offset > 0) {
$sql .= $this->db->plimit($limit + 1, $offset);
@ -877,7 +877,7 @@ class Categorie extends CommonObject
public function containsObject($type, $object_id)
{
$sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]);
$sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id);
$sql .= " WHERE fk_categorie = ".((int) $this->id)." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id);
dol_syslog(get_class($this)."::containsObject", LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {
@ -1508,7 +1508,7 @@ class Categorie extends CommonObject
$sql .= " WHERE ct.fk_categorie = c.rowid AND ct.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".(int) $id;
// This seems useless because the table already contains id of category of 1 unique type. So commented.
// So now it works also with external added categories.
//$sql .= " AND c.type = ".$this->MAP_ID[$type];
//$sql .= " AND c.type = ".((int) $this->MAP_ID[$type]);
$sql .= " AND c.entity IN (".getEntity('category').")";
$res = $this->db->query($sql);
@ -1803,7 +1803,7 @@ class Categorie extends CommonObject
foreach ($langs_available as $key => $value) {
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang";
$sql .= " WHERE fk_category=".$this->id;
$sql .= " WHERE fk_category=".((int) $this->id);
$sql .= " AND lang = '".$this->db->escape($key)."'";
$result = $this->db->query($sql);
@ -1813,10 +1813,10 @@ class Categorie extends CommonObject
$sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang";
$sql2 .= " SET label='".$this->db->escape($this->label)."',";
$sql2 .= " description='".$this->db->escape($this->description)."'";
$sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'";
$sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'";
} else {
$sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)";
$sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->label);
$sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->label);
$sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')";
}
dol_syslog(get_class($this).'::setMultiLangs', LOG_DEBUG);
@ -1829,10 +1829,10 @@ class Categorie extends CommonObject
$sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang";
$sql2 .= " SET label='".$this->db->escape($this->multilangs["$key"]["label"])."',";
$sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'";
$sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'";
$sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'";
} else {
$sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)";
$sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->multilangs["$key"]["label"]);
$sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->multilangs["$key"]["label"]);
$sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')";
}
@ -1871,7 +1871,7 @@ class Categorie extends CommonObject
$sql = "SELECT lang, label, description";
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang";
$sql .= " WHERE fk_category=".$this->id;
$sql .= " WHERE fk_category=".((int) $this->id);
$result = $this->db->query($sql);
if ($result) {

22
htdocs/comm/action/class/actioncomm.class.php
View File

@ -875,7 +875,7 @@ class ActionComm extends CommonObject
$sql = 'SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency';
$sql .= ' FROM '.MAIN_DB_PREFIX.'actioncomm_resources';
$sql .= ' WHERE fk_actioncomm = '.$this->id;
$sql .= ' WHERE fk_actioncomm = '.((int) $this->id);
$sql .= " AND element_type IN ('user', 'socpeople')";
$resql = $this->db->query($sql);
if ($resql) {
@ -919,7 +919,7 @@ class ActionComm extends CommonObject
// phpcs:enable
$sql = "SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency";
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_resources";
$sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".$this->id;
$sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".((int) $this->id);
$resql2 = $this->db->query($sql);
if ($resql2) {
@ -996,7 +996,7 @@ class ActionComm extends CommonObject
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_reminder";
$sql .= " WHERE fk_actioncomm = ".$this->id;
$sql .= " WHERE fk_actioncomm = ".((int) $this->id);
$res = $this->db->query($sql);
if (!$res) {
@ -1159,7 +1159,7 @@ class ActionComm extends CommonObject
// Now insert assignedusers
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'user'";
$sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'user'";
$resql = $this->db->query($sql);
$already_inserted = array();
@ -1184,7 +1184,7 @@ class ActionComm extends CommonObject
}
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".$this->id." AND element_type = 'socpeople'";
$sql = "DELETE FROM ".MAIN_DB_PREFIX."actioncomm_resources where fk_actioncomm = ".((int) $this->id)." AND element_type = 'socpeople'";
$resql = $this->db->query($sql);
if (!empty($this->socpeopleassigned)) {
@ -1320,7 +1320,7 @@ class ActionComm extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
}
if (!$user->rights->agenda->allactions->read) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".$user->id;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".((int) $user->id);
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
$sql .= " WHERE 1 = 1";
@ -1329,14 +1329,14 @@ class ActionComm extends CommonObject
}
$sql .= " AND a.entity IN (".getEntity('agenda').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($user->socid) {
$sql .= " AND a.fk_soc = ".$user->socid;
$sql .= " AND a.fk_soc = ".((int) $user->socid);
}
if (!$user->rights->agenda->allactions->read) {
$sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id;
$sql .= " OR ar.fk_element = ".$user->id; // Added by PV
$sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id);
$sql .= " OR ar.fk_element = ".((int) $user->id);
$sql .= ")";
}
@ -2226,7 +2226,7 @@ class ActionComm extends CommonObject
//Select all action comm reminders for event
$sql = "SELECT rowid as id, typeremind, dateremind, status, offsetvalue, offsetunit, fk_user";
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_reminder";
$sql .= " WHERE fk_actioncomm = ".$this->id;
$sql .= " WHERE fk_actioncomm = ".((int) $this->id);
if ($onlypast) {
$sql .= " AND dateremind <= '".$this->db->idate(dol_now())."'";
}

2
htdocs/comm/action/index.php
View File

@ -692,7 +692,7 @@ if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.$socid;

2
htdocs/comm/action/list.php
View File

@ -447,7 +447,7 @@ if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= " AND s.rowid = ".((int) $socid);

2
htdocs/comm/action/pertype.php
View File

@ -558,7 +558,7 @@ if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.((int) $socid);

2
htdocs/comm/action/peruser.php
View File

@ -579,7 +579,7 @@ if ($pid) {
$sql .= " AND a.fk_project = ".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.((int) $socid);

16
htdocs/comm/card.php
View File

@ -826,7 +826,7 @@ if ($object->id > 0) {
$sql .= ", p.datep as dp, p.fin_validite as date_limit";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."c_propalst as c";
$sql .= " WHERE p.fk_soc = s.rowid AND p.fk_statut = c.id";
$sql .= " AND s.rowid = ".$object->id;
$sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND p.entity IN (".getEntity('propal').")";
$sql .= " ORDER BY p.datep DESC";
@ -891,7 +891,7 @@ if ($object->id > 0) {
$sql .= ", c.facture as billed";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c";
$sql .= " WHERE c.fk_soc = s.rowid ";
$sql .= " AND s.rowid = ".$object->id;
$sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND c.entity IN (".getEntity('commande').')';
$sql .= " ORDER BY c.date_commande DESC";
@ -907,7 +907,7 @@ if ($object->id > 0) {
$sql2 .= ' FROM '.MAIN_DB_PREFIX.'societe as s';
$sql2 .= ', '.MAIN_DB_PREFIX.'commande as c';
$sql2 .= ' WHERE c.fk_soc = s.rowid';
$sql2 .= ' AND s.rowid = '.$object->id;
$sql2 .= ' AND s.rowid = '.((int) $object->id);
// Show orders with status validated, shipping started and delivered (well any order we can bill)
$sql2 .= " AND ((c.fk_statut IN (1,2)) OR (c.fk_statut = 3 AND c.facture = 0))";
@ -967,7 +967,7 @@ if ($object->id > 0) {
$sql .= ', s.nom';
$sql .= ', s.rowid as socid';
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."expedition as e";
$sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".$object->id;
$sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".((int) $object->id);
$sql .= " AND e.entity IN (".getEntity('expedition').")";
$sql .= ' GROUP BY e.rowid';
$sql .= ', e.ref';
@ -1032,7 +1032,7 @@ if ($object->id > 0) {
$sql = "SELECT s.nom, s.rowid, c.rowid as id, c.ref as ref, c.statut as contract_status, c.datec as dc, c.date_contrat as dcon, c.ref_customer as refcus, c.ref_supplier as refsup";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c";
$sql .= " WHERE c.fk_soc = s.rowid ";
$sql .= " AND s.rowid = ".$object->id;
$sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND c.entity IN (".getEntity('contract').")";
$sql .= " ORDER BY c.datec DESC";
@ -1106,7 +1106,7 @@ if ($object->id > 0) {
$sql = "SELECT s.nom, s.rowid, f.rowid as id, f.ref, f.fk_statut, f.duree as duration, f.datei as startdate";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as f";
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND s.rowid = ".$object->id;
$sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('intervention').")";
$sql .= " ORDER BY f.tms DESC";
@ -1171,7 +1171,7 @@ if ($object->id > 0) {
$sql .= ', f.suspended as suspended';
$sql .= ', s.nom, s.rowid as socid';
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_rec as f";
$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id;
$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= ' GROUP BY f.rowid, f.titre, f.total_ht, f.total_tva, f.total_ttc,';
$sql .= ' f.date_last_gen, f.datec, f.frequency, f.unit_frequency,';
@ -1263,7 +1263,7 @@ if ($object->id > 0) {
$sql .= ', SUM(pf.amount) as am';
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f";
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiement_facture as pf ON f.rowid=pf.fk_facture';
$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id;
$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= ' GROUP BY f.rowid, f.ref, f.type, f.total_ht, f.total_tva, f.total_ttc,';
$sql .= ' f.datef, f.datec, f.paye, f.fk_statut,';

2
htdocs/comm/contact.php
View File

@ -90,7 +90,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc";
$sql .= " WHERE s.fk_stcomm = st.id";
$sql .= " AND p.entity IN (".getEntity('socpeople').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($type == "c") {
$sql .= " AND s.client IN (1, 3)";

20
htdocs/comm/index.php
View File

@ -130,7 +130,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = ".Propal::STATUS_DRAFT;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -227,7 +227,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
$sql .= " AND p.fk_statut = ".SupplierProposal::STATUS_DRAFT;
$sql .= " AND p.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -323,7 +323,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
$sql .= " AND c.fk_statut = ".Commande::STATUS_DRAFT;
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
@ -420,10 +420,10 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$sql .= " AND cf.fk_statut = ".CommandeFournisseur::STATUS_DRAFT;
$sql .= " AND cf.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND cf.fk_soc = ".$socid;
$sql .= " AND cf.fk_soc = ".((int) $socid);
}
$resql = $db->query($sql);
@ -561,7 +561,7 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) {
$sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")";
$sql .= " AND s.client IN (".Societe::CUSTOMER.", ".Societe::PROSPECT.", ".Societe::CUSTOMER_AND_PROSPECT.")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = $socid";
@ -657,7 +657,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S
$sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")";
$sql .= " AND s.fournisseur = ".Societe::SUPPLIER;
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -763,7 +763,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.fk_product = p.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -838,7 +838,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -954,7 +954,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_SHIPMENTONPROCESS.")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);

6
htdocs/comm/mailing/cibles.php
View File

@ -60,7 +60,7 @@ $search_lastname = GETPOST("search_lastname", 'alphanohtml');
$search_firstname = GETPOST("search_firstname", 'alphanohtml');
$search_email = GETPOST("search_email", 'alphanohtml');
$search_other = GETPOST("search_other", 'alphanohtml');
$search_dest_status = GETPOST('search_dest_status', 'alphanohtml');
$search_dest_status = GETPOST('search_dest_status', 'int');
// Search modules dirs
$modulesdir = dolGetModulesDirs('/mailings');
@ -473,7 +473,7 @@ if ($object->fetch($id) >= 0) {
$asearchcriteriahasbeenset++;
}
if ($search_dest_status != '' && $search_dest_status >= -1) {
$sql .= " AND mc.statut=".$db->escape($search_dest_status)." ";
$sql .= " AND mc.statut = ".((int) $search_dest_status);
$asearchcriteriahasbeenset++;
}
$sql .= $db->order($sortfield, $sortorder);
@ -539,6 +539,8 @@ if ($object->fetch($id) >= 0) {
}
$morehtmlcenter .= ' &nbsp; <a class="reposition" href="'.$_SERVER["PHP_SELF"].'?exportcsv=1&id='.$object->id.'">'.$langs->trans("Download").'</a>';
$massactionbutton = '';
print_barre_liste($langs->trans("MailSelectedRecipients"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $morehtmlcenter, $num, $nbtotalofrecords, 'generic', 0, '', '', $limit);
print '</form>';

44
htdocs/comm/propal/class/propal.class.php
View File

@ -1879,8 +1879,8 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET ref = '".$this->db->escape($num)."',";
$sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".$user->id;
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
$sql .= " fk_statut = ".self::STATUS_VALIDATED.", date_valid='".$this->db->idate($now)."', fk_user_valid=".((int) $user->id);
$sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(get_class($this)."::valid", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -1906,7 +1906,7 @@ class Propal extends CommonObject
if (preg_match('/^[\(]?PROV/i', $this->ref)) {
// Now we rename also files into index
$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'propale/".$this->db->escape($this->newref)."'";
$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".$conf->entity;
$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'propale/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity);
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -1974,7 +1974,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET datep = '".$this->db->idate($date)."'";
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2030,7 +2030,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET fin_validite = ".($date_fin_validite != '' ? "'".$this->db->idate($date_fin_validite)."'" : 'null');
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2101,7 +2101,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
$sql .= " SET date_livraison = ".($delivery_date != '' ? "'".$this->db->idate($delivery_date)."'" : 'null');
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2156,9 +2156,9 @@ class Propal extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
$sql .= " SET fk_availability = '".$id."'";
$sql .= " WHERE rowid = ".$this->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_availability = ".((int) $id);
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__.' availability('.$id.')', LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2221,7 +2221,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal ";
$sql .= " SET fk_input_reason = ".((int) $id);
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2346,7 +2346,7 @@ class Propal extends CommonObject
$this->db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."propal SET remise_percent = ".((float) $remise);
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2409,7 +2409,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET remise_absolue = ".((float) $remise);
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".self::STATUS_DRAFT;
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2530,7 +2530,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_statut = ".((int) $status).", note_private = '".$this->db->escape($newprivatenote)."', date_signature='".$this->db->idate($now)."', fk_user_signature=".$user->id;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@ -2707,7 +2707,7 @@ class Propal extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."propal";
$sql .= " SET fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
@ -2780,7 +2780,7 @@ class Propal extends CommonObject
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = c.id";
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -2789,7 +2789,7 @@ class Propal extends CommonObject
$sql .= " AND p.fk_statut = ".self::STATUS_DRAFT;
}
if ($notcurrentuser > 0) {
$sql .= " AND p.fk_user_author <> ".$user->id;
$sql .= " AND p.fk_user_author <> ".((int) $user->id);
}
$sql .= $this->db->order($sortfield, $sortorder);
$sql .= $this->db->plimit($limit, $offset);
@ -2934,7 +2934,7 @@ class Propal extends CommonObject
if (!$error && !empty($this->table_element_line)) {
$tabletodelete = $this->table_element_line;
$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")";
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id);
if (!$this->db->query($sqlef) || !$this->db->query($sql)) {
$error++;
$this->error = $this->db->lasterror();
@ -2970,7 +2970,7 @@ class Propal extends CommonObject
// Delete main record
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id);
$res = $this->db->query($sql);
if (!$res) {
$error++;
@ -3285,7 +3285,7 @@ class Propal extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."propal as p";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." p.entity IN (".getEntity('propal').")";
@ -3296,7 +3296,7 @@ class Propal extends CommonObject
$sql .= " AND p.fk_statut = ".self::STATUS_SIGNED;
}
if ($user->socid) {
$sql .= " AND p.fk_soc = ".$user->socid;
$sql .= " AND p.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@ -3462,7 +3462,7 @@ class Propal extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." p.entity IN (".getEntity('propal').")";
@ -4156,7 +4156,7 @@ class PropaleLigne extends CommonObjectLine
$error = 0;
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".$this->rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."propaldet WHERE rowid = ".((int) $this->rowid);
dol_syslog("PropaleLigne::delete", LOG_DEBUG);
if ($this->db->query($sql)) {
// Remove extrafields

4
htdocs/comm/propal/class/propalestats.class.php
View File

@ -94,10 +94,10 @@ class PropaleStats extends Stats
//$this->where.= " AND p.fk_soc = s.rowid AND p.entity = ".$conf->entity;
$this->where .= ($this->where ? ' AND ' : '')."p.entity IN (".getEntity('propal').")";
if (!$user->rights->societe->client->voir && !$this->socid) {
$this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($this->socid) {
$this->where .= " AND p.fk_soc = ".$this->socid;
$this->where .= " AND p.fk_soc = ".((int) $this->socid);
}
if ($this->userid > 0) {
$this->where .= ' AND fk_user_author = '.((int) $this->userid);

10
htdocs/comm/propal/index.php
View File

@ -85,7 +85,7 @@ if (!empty($conf->propal->enabled)) {
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut =".Propal::STATUS_DRAFT;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND p.fk_soc = ".((int) $socid);
@ -163,7 +163,7 @@ if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.tms DESC";
$sql .= $db->plimit($max, 0);
@ -236,7 +236,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) {
$sql .= " AND p.entity IN (".getEntity($propalstatic->element).")";
$sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -319,7 +319,7 @@ if (! empty($conf->propal->enabled))
$sql.= " AND c.entity = ".$conf->entity;
$sql.= " AND c.fk_statut = 1";
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
$sql.= " ORDER BY c.rowid DESC";
$resql=$db->query($sql);
@ -394,7 +394,7 @@ if (! empty($conf->propal->enabled))
$sql.= " AND c.entity = ".$conf->entity;
$sql.= " AND c.fk_statut = 2 ";
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
$sql.= " ORDER BY c.rowid DESC";
$resql=$db->query($sql);

2
htdocs/comm/propal/list.php
View File

@ -526,7 +526,7 @@ $sql .= $hookmanager->resPrint;
$sql .= ' WHERE p.fk_soc = s.rowid';
$sql .= ' AND p.entity IN ('.getEntity('propal').')';
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_town) {

30
htdocs/commande/class/commande.class.php
View File

@ -493,8 +493,8 @@ class Commande extends CommonOrder
$sql .= " SET ref = '".$this->db->escape($num)."',";
$sql .= " fk_statut = ".self::STATUS_VALIDATED.",";
$sql .= " date_valid='".$this->db->idate($now)."',";
$sql .= " fk_user_valid = ".$user->id;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " fk_user_valid = ".((int) $user->id);
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::valid", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -624,7 +624,7 @@ class Commande extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande";
$sql .= " SET fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
if ($this->db->query($sql)) {
if (!$error) {
@ -807,7 +807,7 @@ class Commande extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande";
$sql .= " SET fk_statut = ".self::STATUS_CANCELED;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND fk_statut = ".self::STATUS_VALIDATED;
dol_syslog(get_class($this)."::cancel", LOG_DEBUG);
@ -2543,7 +2543,7 @@ class Commande extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande";
$sql .= " SET date_commande = ".($date ? "'".$this->db->idate($date)."'" : 'null');
$sql .= " WHERE rowid = ".$this->id." AND fk_statut = ".((int) self::STATUS_DRAFT);
$sql .= " WHERE rowid = ".((int) $this->id)." AND fk_statut = ".((int) self::STATUS_DRAFT);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2615,7 +2615,7 @@ class Commande extends CommonOrder
$sql = "UPDATE ".MAIN_DB_PREFIX."commande";
$sql .= " SET date_livraison = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null');
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
@ -2688,7 +2688,7 @@ class Commande extends CommonOrder
$sql .= " WHERE c.entity IN (".getEntity('commande').")";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -2697,7 +2697,7 @@ class Commande extends CommonOrder
$sql .= " AND c.fk_statut = ".self::STATUS_DRAFT;
}
if (is_object($excluser)) {
$sql .= " AND c.fk_user_author <> ".$excluser->id;
$sql .= " AND c.fk_user_author <> ".((int) $excluser->id);
}
$sql .= $this->db->order($sortfield, $sortorder);
$sql .= $this->db->plimit($limit, $offset);
@ -3395,8 +3395,8 @@ class Commande extends CommonOrder
// Delete extrafields of lines and lines
if (!$error && !empty($this->table_element_line)) {
$tabletodelete = $this->table_element_line;
$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id.")";
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".$this->id;
$sqlef = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete."_extrafields WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id).")";
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id);
if (!$this->db->query($sqlef) || !$this->db->query($sql)) {
$error++;
$this->error = $this->db->lasterror();
@ -3432,7 +3432,7 @@ class Commande extends CommonOrder
// Delete main record
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX.$this->table_element." WHERE rowid = ".((int) $this->id);
$res = $this->db->query($sql);
if (!$res) {
$error++;
@ -3507,14 +3507,14 @@ class Commande extends CommonOrder
$sql .= " FROM ".MAIN_DB_PREFIX."commande as c";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." c.entity IN (".getEntity('commande').")";
//$sql.= " AND c.fk_statut IN (1,2,3) AND c.facture = 0";
$sql .= " AND ((c.fk_statut IN (".self::STATUS_VALIDATED.",".self::STATUS_SHIPMENTONPROCESS.")) OR (c.fk_statut = ".self::STATUS_CLOSED." AND c.facture = 0))"; // If status is 2 and facture=1, it must be selected
if ($user->socid) {
$sql .= " AND c.fk_soc = ".$user->socid;
$sql .= " AND c.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@ -3917,7 +3917,7 @@ class Commande extends CommonOrder
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." co.entity IN (".getEntity('commande').")";
@ -4649,7 +4649,7 @@ class OrderLine extends CommonOrderLine
$sql .= ",total_localtax1='".price2num($this->total_localtax1)."'";
$sql .= ",total_localtax2='".price2num($this->total_localtax2)."'";
$sql .= ",total_ttc='".price2num($this->total_ttc)."'";
$sql .= " WHERE rowid = ".$this->rowid;
$sql .= " WHERE rowid = ".((int) $this->rowid);
dol_syslog("OrderLine::update_total", LOG_DEBUG);

6
htdocs/commande/class/commandestats.class.php
View File

@ -94,13 +94,13 @@ class CommandeStats extends Stats
$this->where .= ($this->where ? ' AND ' : '').'c.entity IN ('.getEntity('commande').')';
if (!$user->rights->societe->client->voir && !$this->socid) {
$this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($this->socid) {
$this->where .= " AND c.fk_soc = ".$this->socid;
$this->where .= " AND c.fk_soc = ".((int) $this->socid);
}
if ($this->userid > 0) {
$this->where .= ' AND c.fk_user_author = '.$this->userid;
$this->where .= ' AND c.fk_user_author = '.((int) $this->userid);
}
if ($typentid) {

2
htdocs/commande/customer.php
View File

@ -87,7 +87,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE s.fk_stcomm = st.id AND c.fk_soc = s.rowid";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (GETPOST("search_nom")) {
$sql .= natural_search("s.nom", GETPOST("search_nom"));

8
htdocs/commande/index.php
View File

@ -101,7 +101,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $db->query($sql);
@ -169,7 +169,7 @@ if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.tms DESC";
$sql .= $db->plimit($max, 0);
@ -253,7 +253,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.rowid DESC";
@ -342,7 +342,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.rowid DESC";

4
htdocs/commande/list.php
View File

@ -486,7 +486,7 @@ if ($socid > 0) {
$sql .= ' AND s.rowid = '.((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_ref) {
$sql .= natural_search('c.ref', $search_ref);
@ -570,7 +570,7 @@ if ($search_sale > 0) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale);
}
if ($search_user > 0) {
$sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".$search_user;
$sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".((int) $search_user);
}
if ($search_total_ht != '') {
$sql .= natural_search('c.total_ht', $search_total_ht, 1);

4
htdocs/compta/bank/class/account.class.php
View File

@ -1998,7 +1998,7 @@ class AccountLine extends CommonObject
// Protection to avoid any delete of accounted lines. Protection on by default
if (empty($conf->global->BANK_ALLOW_TRANSACTION_DELETION_EVEN_IF_IN_ACCOUNTING)) {
$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id;
$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);
@ -2385,7 +2385,7 @@ class AccountLine extends CommonObject
$result .= yn($this->rappro);
}
if ($option == 'showall' || $option == 'showconciliatedandaccounted') {
$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id;
$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

14
htdocs/compta/bank/releve.php
View File

@ -116,7 +116,7 @@ if ($_GET["rel"] == 'prev') {
$sql = "SELECT DISTINCT(b.num_releve) as num";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve < '".$db->escape($numref)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$sql .= " ORDER BY b.num_releve DESC";
dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG);
@ -134,7 +134,7 @@ if ($_GET["rel"] == 'prev') {
$sql = "SELECT DISTINCT(b.num_releve) as num";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve > '".$db->escape($numref)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$sql .= " ORDER BY b.num_releve ASC";
dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG);
@ -165,7 +165,7 @@ $sql .= " WHERE b.num_releve='".$db->escape($numref)."'";
if (empty($numref)) {
$sql .= " OR b.num_releve is null";
}
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$sql .= " AND b.fk_account = ba.rowid";
$sql .= $db->order("b.datev, b.datec", "ASC"); // We add date of creation to have correct order when everything is done the same day
@ -340,7 +340,7 @@ if (empty($numref)) {
$sql = "SELECT sum(b.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve < '".$db->escape($objp->numr)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
@ -353,7 +353,7 @@ if (empty($numref)) {
$sql = "SELECT sum(b.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve = '".$db->escape($objp->numr)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
@ -421,7 +421,7 @@ if (empty($numref)) {
$sql = "SELECT sum(b.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve < '".$db->escape($numref)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
@ -605,7 +605,7 @@ if (empty($numref)) {
$sql .= " FROM ".MAIN_DB_PREFIX."bank_categ as ct";
$sql .= ", ".MAIN_DB_PREFIX."bank_class as cl";
$sql .= " WHERE ct.rowid = cl.fk_categ";
$sql .= " AND ct.entity = ".$conf->entity;
$sql .= " AND ct.entity = ".((int) $conf->entity);
$sql .= " AND cl.lineid = ".((int) $objp->rowid);
$resc = $db->query($sql);

6
htdocs/compta/cashcontrol/report.php
View File

@ -115,9 +115,9 @@ elseif ($syear && $smonth && ! $sday) $sql.= " AND dateo BETWEEN '".$db->idate(d
elseif ($syear && $smonth && $sday) $sql.= " AND dateo BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $smonth, $sday, $syear))."' AND '".$db->idate(dol_mktime(23, 59, 59, $smonth, $sday, $syear))."'";
else dol_print_error('', 'Year not defined');
// Define filter on bank account
$sql.=" AND (b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CASH;
$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CB;
$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE;
$sql.=" AND (b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CASH);
$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CB);
$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE);
$sql.=")";
*/
$sql = "SELECT f.rowid as facid, f.ref, f.datef as do, pf.amount as amount, b.fk_account as bankid, cp.code";

2
htdocs/compta/clients.php
View File

@ -104,7 +104,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE s.fk_stcomm = st.id AND s.client in (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (dol_strlen($stcomm)) {
$sql .= " AND s.fk_stcomm=".((int) $stcomm);

2
htdocs/compta/deplacement/index.php
View File

@ -159,7 +159,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme
$sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')';
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND d.fk_soc = ".((int) $socid);

2
htdocs/compta/deplacement/list.php
View File

@ -105,7 +105,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme
$sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')';
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (sc.fk_user = ".$user->id." OR d.fk_soc IS NULL) ";
$sql .= " AND (sc.fk_user = ".((int) $user->id)." OR d.fk_soc IS NULL) ";
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);

16
htdocs/compta/facture/class/facture.class.php
View File

@ -2996,7 +2996,7 @@ class Facture extends CommonInvoice
$sql = "UPDATE ".MAIN_DB_PREFIX."facture";
$sql .= " SET fk_statut = ".self::STATUS_DRAFT;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
if ($result) {
@ -4042,7 +4042,7 @@ class Facture extends CommonInvoice
$sql .= " WHERE f.entity IN (".getEntity('invoice').")";
$sql .= " AND f.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -4051,7 +4051,7 @@ class Facture extends CommonInvoice
$sql .= " AND f.fk_statut = ".self::STATUS_DRAFT;
}
if (is_object($excluser)) {
$sql .= " AND f.fk_user_author <> ".$excluser->id;
$sql .= " AND f.fk_user_author <> ".((int) $excluser->id);
}
$sql .= $this->db->order($sortfield, $sortorder);
$sql .= $this->db->plimit($limit, $offset);
@ -4233,14 +4233,14 @@ class Facture extends CommonInvoice
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON f.fk_soc = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." f.paye=0";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND f.fk_statut = ".self::STATUS_VALIDATED;
if ($user->socid) {
$sql .= " AND f.fk_soc = ".$user->socid;
$sql .= " AND f.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@ -4480,7 +4480,7 @@ class Facture extends CommonInvoice
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." f.entity IN (".getEntity('invoice').")";
@ -5679,7 +5679,7 @@ class FactureLigne extends CommonInvoiceLine
return -1;
}
$sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".$this->rowid;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."facturedet WHERE rowid = ".((int) $this->rowid);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
if ($this->db->query($sql)) {
$this->db->commit();
@ -5719,7 +5719,7 @@ class FactureLigne extends CommonInvoiceLine
$sql .= ",total_localtax1=".price2num($this->total_localtax1)."";
$sql .= ",total_localtax2=".price2num($this->total_localtax2)."";
$sql .= ",total_ttc=".price2num($this->total_ttc)."";
$sql .= " WHERE rowid = ".$this->rowid;
$sql .= " WHERE rowid = ".((int) $this->rowid);
dol_syslog(get_class($this)."::update_total", LOG_DEBUG);

6
htdocs/compta/facture/class/facturestats.class.php
View File

@ -86,16 +86,16 @@ class FactureStats extends Stats
$this->where = " f.fk_statut >= 0";
$this->where .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$this->socid) {
$this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($mode == 'customer') {
$this->where .= " AND (f.fk_statut <> 3 OR f.close_code <> 'replaced')"; // Exclude replaced invoices as they are duplicated (we count closed invoices for other reasons)
}
if ($this->socid) {
$this->where .= " AND f.fk_soc = ".$this->socid;
$this->where .= " AND f.fk_soc = ".((int) $this->socid);
}
if ($this->userid > 0) {
$this->where .= ' AND f.fk_user_author = '.$this->userid;
$this->where .= ' AND f.fk_user_author = '.((int) $this->userid);
}
if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) {
$this->where .= " AND f.type IN (0,1,2,5)";

2
htdocs/compta/facture/list.php
View File

@ -607,7 +607,7 @@ $sql .= $hookmanager->resPrint;
$sql .= ' WHERE f.fk_soc = s.rowid';
$sql .= ' AND f.entity IN ('.getEntity('invoice').')';
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".((int) $search_product_category);

6
htdocs/compta/index.php
View File

@ -135,7 +135,7 @@ if (!empty($conf->facture->enabled) && !empty($user->rights->facture->lire)) {
$sql .= " WHERE s.rowid = f.fk_soc";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
@ -280,7 +280,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$sql .= " WHERE s.rowid = ff.fk_soc";
$sql .= " AND ff.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND ff.fk_soc = ".((int) $socid);
@ -592,7 +592,7 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);

14
htdocs/compta/paiement/cheque/class/remisecheque.class.php
View File

@ -290,7 +290,7 @@ class RemiseCheque extends CommonObject
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$resql = $this->db->query($sql);
@ -344,7 +344,7 @@ class RemiseCheque extends CommonObject
if ($this->errno == 0 && $numref) {
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET statut = 1, ref = '".$this->db->escape($numref)."'";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND statut = 0";
@ -585,7 +585,7 @@ class RemiseCheque extends CommonObject
$sql .= ", ".MAIN_DB_PREFIX."bordereau_cheque as bc";
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND b.fk_bordereau = bc.rowid";
$sql .= " AND bc.rowid = ".$this->id;
$sql .= " AND bc.rowid = ".((int) $this->id);
$sql .= " AND bc.entity = ".$conf->entity;
$sql .= " ORDER BY b.dateo ASC, b.rowid ASC";
@ -661,7 +661,7 @@ class RemiseCheque extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET amount = ".price2num($total);
$sql .= ", nbcheque = ".((int) $nb);
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$resql = $this->db->query($sql);
@ -851,7 +851,7 @@ class RemiseCheque extends CommonObject
if ($user->rights->banque->cheque) {
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET date_bordereau = ".($date ? "'".$this->db->idate($date)."'" : 'null');
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog("RemiseCheque::set_date", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -880,8 +880,8 @@ class RemiseCheque extends CommonObject
// phpcs:enable
if ($user->rights->banque->cheque) {
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET ref = '".$ref."'";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " SET ref = '".$this->db->escape($ref)."'";
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog("RemiseCheque::set_number", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/compta/paiement/class/paiement.class.php
View File

@ -800,7 +800,7 @@ class Paiement extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX.'bank';
$sql .= " SET dateo = '".$this->db->idate($date)."', datev = '".$this->db->idate($date)."'";
$sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".$this->id.")";
$sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".((int) $this->id).")";
$sql .= " AND rappro = 0";
$result = $this->db->query($sql);

2
htdocs/compta/paiement/list.php
View File

@ -209,7 +209,7 @@ if (GETPOST("orphelins", "alpha")) {
}
$sql .= " WHERE p.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
$sql .= " AND f.fk_soc = ".((int) $socid);

2
htdocs/compta/paymentbybanktransfer/index.php
View File

@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0";
$sql .= " AND pfd.ext_payment_id IS NULL";
$sql .= " AND pfd.fk_facture_fourn = f.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);

42
htdocs/compta/prelevement/class/bonprelevement.class.php
View File

@ -203,7 +203,7 @@ class BonPrelevement extends CommonObject
*/
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes";
$sql .= " WHERE fk_prelevement_bons = ".$this->id;
$sql .= " WHERE fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND fk_soc =".((int) $client_id);
$sql .= " AND code_banque = '".$this->db->escape($code_banque)."'";
$sql .= " AND code_guichet = '".$this->db->escape($code_guichet)."'";
@ -348,8 +348,8 @@ class BonPrelevement extends CommonObject
if ($this->db->begin()) {
$sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_bons";
$sql .= " SET statut = ".self::STATUS_TRANSFERED;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " AND entity = ".$conf->entity;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".((int) $conf->entity);
$result = $this->db->query($sql);
if (!$result) {
@ -374,7 +374,7 @@ class BonPrelevement extends CommonObject
if (!$error) {
$sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes";
$sql .= " SET statut = 2";
$sql .= " WHERE fk_prelevement_bons = ".$this->id;
$sql .= " WHERE fk_prelevement_bons = ".((int) $this->id);
if (!$this->db->query($sql)) {
dol_syslog(get_class($this)."::set_credite Erreur 1");
@ -429,7 +429,7 @@ class BonPrelevement extends CommonObject
$sql .= ", statut = ".self::STATUS_CREDITED;
$sql .= ", date_credit = '".$this->db->idate($date)."'";
$sql .= " WHERE rowid=".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND entity = ".((int) $conf->entity);
$sql .= " AND statut = ".self::STATUS_TRANSFERED;
$resql = $this->db->query($sql);
@ -528,7 +528,7 @@ class BonPrelevement extends CommonObject
if (!$error) {
$sql = " UPDATE ".MAIN_DB_PREFIX."prelevement_lignes";
$sql .= " SET statut = 2";
$sql .= " WHERE fk_prelevement_bons = ".$this->id;
$sql .= " WHERE fk_prelevement_bons = ".((int) $this->id);
if (!$this->db->query($sql)) {
dol_syslog(get_class($this)."::set_infocredit Update lines Error");
@ -582,8 +582,8 @@ class BonPrelevement extends CommonObject
$sql .= " , date_trans = '".$this->db->idate($date)."'";
$sql .= " , method_trans = ".((int) $method);
$sql .= " , statut = ".self::STATUS_TRANSFERED;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " AND entity = ".$conf->entity;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".((int) $conf->entity);
$sql .= " AND statut = 0";
if ($this->db->query($sql)) {
@ -646,8 +646,8 @@ class BonPrelevement extends CommonObject
$sql .= " , ".MAIN_DB_PREFIX."prelevement_facture as pf";
$sql .= " WHERE pf.fk_prelevement_lignes = pl.rowid";
$sql .= " AND pl.fk_prelevement_bons = p.rowid";
$sql .= " AND p.rowid = ".$this->id;
$sql .= " AND p.entity = ".$conf->entity;
$sql .= " AND p.rowid = ".((int) $this->id);
$sql .= " AND p.entity = ".((int) $conf->entity);
if ($amounts) {
if ($this->type == 'bank-transfer') {
$sql .= " GROUP BY fk_facture_fourn";
@ -989,7 +989,7 @@ class BonPrelevement extends CommonObject
$sql = "SELECT substring(ref from char_length(ref) - 1)";
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_bons";
$sql .= " WHERE ref LIKE '%".$this->db->escape($ref)."%'";
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND entity = ".((int) $conf->entity);
$sql .= " ORDER BY ref DESC LIMIT 1";
dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG);
@ -1076,7 +1076,7 @@ class BonPrelevement extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande";
$sql .= " SET traite = 1";
$sql .= ", date_traite = '".$this->db->idate($now)."'";
$sql .= ", fk_prelevement_bons = ".$this->id;
$sql .= ", fk_prelevement_bons = ".((int) $this->id);
$sql .= " WHERE rowid = ".((int) $fac[1]);
$resql = $this->db->query($sql);
@ -1141,7 +1141,7 @@ class BonPrelevement extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_bons";
$sql .= " SET amount = ".price2num($this->total);
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND entity = ".((int) $conf->entity);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1205,7 +1205,7 @@ class BonPrelevement extends CommonObject
}
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id.")";
$sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_facture WHERE fk_prelevement_lignes IN (SELECT rowid FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id).")";
$resql1 = $this->db->query($sql);
if (!$resql1) {
dol_print_error($this->db);
@ -1213,7 +1213,7 @@ class BonPrelevement extends CommonObject
}
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_lignes WHERE fk_prelevement_bons = ".((int) $this->id);
$resql2 = $this->db->query($sql);
if (!$resql2) {
dol_print_error($this->db);
@ -1221,7 +1221,7 @@ class BonPrelevement extends CommonObject
}
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."prelevement_bons WHERE rowid = ".((int) $this->id);
$resql3 = $this->db->query($sql);
if (!$resql3) {
dol_print_error($this->db);
@ -1229,7 +1229,7 @@ class BonPrelevement extends CommonObject
}
if (!$error) {
$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".$this->id;
$sql = "UPDATE ".MAIN_DB_PREFIX."prelevement_facture_demande SET fk_prelevement_bons = NULL, traite = 0 WHERE fk_prelevement_bons = ".((int) $this->id);
$resql4 = $this->db->query($sql);
if (!$resql4) {
dol_print_error($this->db);
@ -1491,7 +1491,7 @@ class BonPrelevement extends CommonObject
$sql .= " ".MAIN_DB_PREFIX."societe as soc,";
$sql .= " ".MAIN_DB_PREFIX."c_country as c,";
$sql .= " ".MAIN_DB_PREFIX."societe_rib as rib";
$sql .= " WHERE pl.fk_prelevement_bons = ".$this->id;
$sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND pl.rowid = pf.fk_prelevement_lignes";
$sql .= " AND pf.fk_facture = f.rowid";
$sql .= " AND f.fk_soc = soc.rowid";
@ -1607,7 +1607,7 @@ class BonPrelevement extends CommonObject
$sql .= " ".MAIN_DB_PREFIX."societe as soc,";
$sql .= " ".MAIN_DB_PREFIX."c_country as c,";
$sql .= " ".MAIN_DB_PREFIX."societe_rib as rib";
$sql .= " WHERE pl.fk_prelevement_bons = ".$this->id;
$sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND pl.rowid = pf.fk_prelevement_lignes";
$sql .= " AND pf.fk_facture_fourn = f.rowid";
$sql .= " AND f.fk_soc = soc.rowid";
@ -1697,7 +1697,7 @@ class BonPrelevement extends CommonObject
$sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,";
$sql .= " ".MAIN_DB_PREFIX."facture as f,";
$sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf";
$sql .= " WHERE pl.fk_prelevement_bons = ".$this->id;
$sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND pl.rowid = pf.fk_prelevement_lignes";
$sql .= " AND pf.fk_facture = f.rowid";
@ -1723,7 +1723,7 @@ class BonPrelevement extends CommonObject
$sql .= " ".MAIN_DB_PREFIX."prelevement_lignes as pl,";
$sql .= " ".MAIN_DB_PREFIX."facture_fourn as f,";
$sql .= " ".MAIN_DB_PREFIX."prelevement_facture as pf";
$sql .= " WHERE pl.fk_prelevement_bons = ".$this->id;
$sql .= " WHERE pl.fk_prelevement_bons = ".((int) $this->id);
$sql .= " AND pl.rowid = pf.fk_prelevement_lignes";
$sql .= " AND pf.fk_facture_fourn = f.rowid";

2
htdocs/compta/prelevement/demandes.php
View File

@ -138,7 +138,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE s.rowid = f.fk_soc";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);

2
htdocs/compta/prelevement/index.php
View File

@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0";
$sql .= " AND pfd.ext_payment_id IS NULL";
$sql .= " AND pfd.fk_facture = f.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);

4
htdocs/compta/resultat/clientfourn.php
View File

@ -614,9 +614,9 @@ if ($modecompta == 'BOOKKEEPING') {
}
}
$sql .= " AND f.entity = ".$conf->entity;
$sql .= " AND f.entity = ".((int) $conf->entity);
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " GROUP BY name, socid";
$sql .= $db->order($sortfield, $sortorder);

2
htdocs/compta/sociales/class/chargesociales.class.php
View File

@ -301,7 +301,7 @@ class ChargeSociales extends CommonObject
// Delete payments
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."paiementcharge WHERE fk_charge=".((int) $this->id);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {

2
htdocs/compta/sociales/class/paymentsocialcontribution.class.php
View File

@ -777,7 +777,7 @@ class PaymentSocialContribution extends CommonObject
$type = 'bank';
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->bank_line;
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->bank_line);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

26
htdocs/contact/class/contact.class.php
View File

@ -385,13 +385,13 @@ class Contact extends CommonObject
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= ' '.$clause.' sp.entity IN ('.getEntity($this->element).')';
$sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".$user->id."))";
$sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".((int) $user->id)."))";
if ($user->socid > 0) {
$sql .= " AND sp.fk_soc = ".$user->socid;
$sql .= " AND sp.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@ -1068,7 +1068,7 @@ class Contact extends CommonObject
// Search Dolibarr user linked to this contact
$sql = "SELECT u.rowid ";
$sql .= " FROM ".MAIN_DB_PREFIX."user as u";
$sql .= " WHERE u.fk_socpeople = ".$this->id;
$sql .= " WHERE u.fk_socpeople = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@ -1091,7 +1091,7 @@ class Contact extends CommonObject
if ($user) {
$sql = "SELECT fk_user";
$sql .= " FROM ".MAIN_DB_PREFIX."user_alert";
$sql .= " WHERE fk_user = ".$user->id." AND fk_contact = ".$this->db->escape($id);
$sql .= " WHERE fk_user = ".((int) $user->id)." AND fk_contact = ".((int) $id);
$resql = $this->db->query($sql);
if ($resql) {
@ -1162,7 +1162,7 @@ class Contact extends CommonObject
$sql = "SELECT tc.element, count(ec.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as tc";
$sql .= " WHERE ec.fk_c_type_contact = tc.rowid";
$sql .= " AND fk_socpeople = ".$this->id;
$sql .= " AND fk_socpeople = ".((int) $this->id);
$sql .= " AND tc.source = 'external'";
$sql .= " GROUP BY tc.element";
@ -1211,7 +1211,7 @@ class Contact extends CommonObject
$sql = "SELECT ec.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."element_contact ec,";
$sql .= " ".MAIN_DB_PREFIX."c_type_contact tc";
$sql .= " WHERE ec.fk_socpeople=".$this->id;
$sql .= " WHERE ec.fk_socpeople=".((int) $this->id);
$sql .= " AND ec.fk_c_type_contact=tc.rowid";
$sql .= " AND tc.source='external'";
dol_syslog(__METHOD__, LOG_DEBUG);
@ -1242,7 +1242,7 @@ class Contact extends CommonObject
if (!$error) {
// Remove Roles
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1254,7 +1254,7 @@ class Contact extends CommonObject
if (!$error) {
// Remove Roles
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1266,7 +1266,7 @@ class Contact extends CommonObject
if (!$error) {
// Remove category
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1727,7 +1727,7 @@ class Contact extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."societe_contacts as sc, ".MAIN_DB_PREFIX."c_type_contact as tc";
$sql .= " WHERE tc.rowid = sc.fk_c_type_contact";
$sql .= " AND tc.source = 'external' AND tc.active=1";
$sql .= " AND sc.fk_socpeople = ".$this->id;
$sql .= " AND sc.fk_socpeople = ".((int) $this->id);
$sql .= " AND sc.entity IN (".getEntity('societe').')';
$resql = $this->db->query($sql);
@ -2040,7 +2040,7 @@ class Contact extends CommonObject
$obj = $this->db->fetch_object($resql);
$noemail = $obj->nb;
if (empty($noemail)) {
$sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".$this->db->escape(getEntity('mailing', 0)).", '".$this->db->idate(dol_now())."')";
$sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".getEntity('mailing', 0).", '".$this->db->idate(dol_now())."')";
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -2054,7 +2054,7 @@ class Contact extends CommonObject
$this->errors[] = $this->error;
}
} else {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity = ".$this->db->escape(getEntity('mailing', 0));
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity IN (".getEntity('mailing', 0).")";
$resql = $this->db->query($sql);
if (!$resql) {
$error++;

6
htdocs/contact/list.php
View File

@ -389,7 +389,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
}
$sql .= ' WHERE p.entity IN ('.getEntity('socpeople').')';
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND (sc.fk_user = ".$user->id." OR p.fk_soc IS NULL)";
$sql .= " AND (sc.fk_user = ".((int) $user->id)." OR p.fk_soc IS NULL)";
}
if (!empty($userid)) { // propre au commercial
$sql .= " AND p.fk_user_creat=".((int) $userid);
@ -403,13 +403,13 @@ if ($search_stcomm != '' && $search_stcomm != -2) {
// Filter to exclude not owned private contacts
if ($search_priv != '0' && $search_priv != '1') {
$sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".$user->id."))";
$sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".((int) $user->id)."))";
} else {
if ($search_priv == '0') {
$sql .= " AND p.priv='0'";
}
if ($search_priv == '1') {
$sql .= " AND (p.priv='1' AND p.fk_user_creat=".$user->id.")";
$sql .= " AND (p.priv='1' AND p.fk_user_creat=".((int) $user->id).")";
}
}

26
htdocs/contrat/class/contrat.class.php
View File

@ -792,7 +792,7 @@ class Contrat extends CommonObject
$sql .= " d.fk_unit,";
$sql .= " d.product_type as type";
$sql .= " FROM ".MAIN_DB_PREFIX."contratdet as d LEFT JOIN ".MAIN_DB_PREFIX."product as p ON d.fk_product = p.rowid";
$sql .= " WHERE d.fk_contrat = ".$this->id;
$sql .= " WHERE d.fk_contrat = ".((int) $this->id);
$sql .= " ORDER by d.rowid ASC";
dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG);
@ -1150,11 +1150,11 @@ class Contrat extends CommonObject
/*
$sql = "DELETE cdl";
$sql.= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd";
$sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id;
$sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id);
*/
$sql = "SELECT cdl.rowid as cdlrowid ";
$sql .= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd";
$sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id;
$sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id);
dol_syslog(get_class($this)."::delete contratdet_log", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -1188,7 +1188,7 @@ class Contrat extends CommonObject
// Delete contratdet extrafields
$main = MAIN_DB_PREFIX.'contratdet';
$ef = $main."_extrafields";
$sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".$this->id.")";
$sql = "DELETE FROM $ef WHERE fk_object IN (SELECT rowid FROM $main WHERE fk_contrat = ".((int) $this->id).")";
dol_syslog(get_class($this)."::delete contratdet_extrafields", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -1201,7 +1201,7 @@ class Contrat extends CommonObject
if (!$error) {
// Delete contratdet
$sql = "DELETE FROM ".MAIN_DB_PREFIX."contratdet";
$sql .= " WHERE fk_contrat=".$this->id;
$sql .= " WHERE fk_contrat=".((int) $this->id);
dol_syslog(get_class($this)."::delete contratdet", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -1213,7 +1213,7 @@ class Contrat extends CommonObject
// Delete llx_ecm_files
if (!$error) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();
@ -2105,7 +2105,7 @@ class Contrat extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."contratdet as cd";
$sql .= " WHERE fk_contrat =".$this->id;
if ($status >= 0) {
$sql .= " AND statut = ".$status;
$sql .= " AND statut = ".((int) $status);
}
dol_syslog(get_class($this)."::array_detail()", LOG_DEBUG);
@ -2205,12 +2205,12 @@ class Contrat extends CommonObject
//$sql.= " AND cd.date_fin_validite < '".$this->db->idate($datetouse)."'";
}
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.entity = ".$conf->entity;
$sql .= " AND c.entity = ".((int) $conf->entity);
if ($user->socid) {
$sql .= " AND c.fk_soc = ".$user->socid;
$sql .= " AND c.fk_soc = ".((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $this->db->query($sql);
@ -2279,7 +2279,7 @@ class Contrat extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." c.entity = ".$conf->entity;
@ -3120,7 +3120,7 @@ class ContratLigne extends CommonObjectLine
if ($this->date_ouverture_prevue != $this->oldcopy->date_ouverture_prevue) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET';
$sql .= " date_ouverture_prevue = ".($this->date_ouverture_prevue != '' ? "'".$this->db->idate($this->date_ouverture_prevue)."'" : "null");
$sql .= " WHERE fk_contrat = ".$this->fk_contrat;
$sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat);
$resql = $this->db->query($sql);
if (!$resql) {
@ -3131,7 +3131,7 @@ class ContratLigne extends CommonObjectLine
if ($this->date_fin_validite != $this->oldcopy->date_fin_validite) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.'contratdet SET';
$sql .= " date_fin_validite = ".($this->date_fin_validite != '' ? "'".$this->db->idate($this->date_fin_validite)."'" : "null");
$sql .= " WHERE fk_contrat = ".$this->fk_contrat;
$sql .= " WHERE fk_contrat = ".((int) $this->fk_contrat);
$resql = $this->db->query($sql);
if (!$resql) {

14
htdocs/contrat/index.php
View File

@ -102,7 +102,7 @@ if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY cd.statut";
$resql = $db->query($sql);
@ -139,7 +139,7 @@ if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY cd.statut";
$resql = $db->query($sql);
@ -247,7 +247,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire) {
$sql .= " AND c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND c.statut = 0";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
@ -320,7 +320,7 @@ $sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND c.statut > 0";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -395,7 +395,7 @@ $sql .= " WHERE c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -477,7 +477,7 @@ $sql .= " AND cd.statut = 0";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -559,7 +559,7 @@ $sql .= " AND cd.date_fin_validite < '".$db->idate($now)."'";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);

2
htdocs/contrat/list.php
View File

@ -271,7 +271,7 @@ if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= dolSqlDateFilter('c.date_contrat', $day, $month, $year);
if ($search_name) {

2
htdocs/contrat/services_list.php
View File

@ -262,7 +262,7 @@ if ($search_product_category > 0) {
}
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($mode == "0") {
$sql .= " AND cd.statut = 0";

6
htdocs/core/boxes/box_actions.php
View File

@ -100,13 +100,13 @@ class box_actions extends ModeleBoxes
$sql .= " AND a.entity IN (".getEntity('actioncomm').")";
$sql .= " AND a.percent >= 0 AND a.percent < 100";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!$user->rights->agenda->allactions->read) {
$sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id.")";
$sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id).")";
}
$sql .= " ORDER BY a.datec DESC";
$sql .= $this->db->plimit($max, 0);

12
htdocs/core/boxes/box_activity.php
View File

@ -120,10 +120,10 @@ class box_activity extends ModeleBoxes
$sql .= " WHERE p.entity IN (".getEntity('propal').")";
$sql .= " AND p.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " AND p.datep >= '".$this->db->idate($tmpdate)."'";
$sql .= " AND p.date_cloture IS NULL"; // just unclosed
@ -210,10 +210,10 @@ class box_activity extends ModeleBoxes
$sql .= " WHERE c.entity IN (".getEntity('commande').")";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " AND c.date_commande >= '".$this->db->idate($tmpdate)."'";
$sql .= " GROUP BY c.fk_statut";
@ -297,10 +297,10 @@ class box_activity extends ModeleBoxes
$sql .= ")";
$sql .= " WHERE f.entity IN (".getEntity('invoice').')';
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.datef >= '".$this->db->idate($tmpdate)."' AND f.paye=1";

4
htdocs/core/boxes/box_clients.php
View File

@ -98,10 +98,10 @@ class box_clients extends ModeleBoxes
$sql .= " WHERE s.client IN (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY s.tms DESC";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_commandes.php
View File

@ -110,10 +110,10 @@ class box_commandes extends ModeleBoxes
$sql .= " AND c.fk_statut = 1";
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_commande DESC, c.ref DESC ";

4
htdocs/core/boxes/box_contacts.php
View File

@ -98,10 +98,10 @@ class box_contacts extends ModeleBoxes
}
$sql .= " WHERE sp.entity IN (".getEntity('socpeople').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND sp.fk_soc = ".$user->socid;
$sql .= " AND sp.fk_soc = ".((int) $user->socid);
}
$sql .= " ORDER BY sp.tms DESC";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_contracts.php
View File

@ -92,10 +92,10 @@ class box_contracts extends ModeleBoxes
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (! empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_contrat DESC, c.ref DESC ";

2
htdocs/core/boxes/box_customers_outstanding_bill_reached.php
View File

@ -99,7 +99,7 @@ class box_customers_outstanding_bill_reached extends ModeleBoxes
$sql .= " WHERE s.client IN (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = $user->socid";

4
htdocs/core/boxes/box_factures.php
View File

@ -107,10 +107,10 @@ class box_factures extends ModeleBoxes
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY f.datef DESC, f.ref DESC ";

4
htdocs/core/boxes/box_factures_fourn.php
View File

@ -106,10 +106,10 @@ class box_factures_fourn extends ModeleBoxes
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND f.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY f.datef DESC, f.ref DESC ";

4
htdocs/core/boxes/box_factures_fourn_imp.php
View File

@ -102,10 +102,10 @@ class box_factures_fourn_imp extends ModeleBoxes
$sql .= " AND f.paye = 0";
$sql .= " AND fk_statut = 1";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY datelimite DESC, f.ref_supplier DESC ";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_factures_imp.php
View File

@ -110,10 +110,10 @@ class box_factures_imp extends ModeleBoxes
$sql .= " AND f.paye = 0";
$sql .= " AND fk_statut = 1";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " GROUP BY s.rowid, s.nom, s.name_alias, s.code_client, s.code_compta, s.client, s.logo, s.email, s.entity, s.tva_intra, s.siren, s.siret, s.ape, s.idprof4, s.idprof5, s.idprof6,";
$sql .= " f.ref, f.date_lim_reglement,";

4
htdocs/core/boxes/box_ficheinter.php
View File

@ -96,10 +96,10 @@ class box_ficheinter extends ModeleBoxes
$sql .= " WHERE f.fk_soc = s.rowid ";
$sql .= " AND f.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY f.tms DESC";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_fournisseurs.php
View File

@ -93,10 +93,10 @@ class box_fournisseurs extends ModeleBoxes
$sql .= " WHERE s.fournisseur = 1";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY s.tms DESC ";
$sql .= $this->db->plimit($max, 0);

8
htdocs/core/boxes/box_last_modified_ticket.php
View File

@ -94,14 +94,14 @@ class box_last_modified_ticket extends ModeleBoxes
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc";
$sql .= " WHERE t.entity = ".$conf->entity;
$sql .= " WHERE t.entity IN (".getEntity('ticket').')';
// $sql.= " AND e.rowid = er.fk_event";
//if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
//if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
if ($user->socid) {
$sql .= " AND t.fk_soc= ".$user->socid;
$sql .= " AND t.fk_soc = ".((int) $user->socid);
}
$sql .= " ORDER BY t.tms DESC, t.rowid DESC ";
$sql .= " ORDER BY t.tms DESC, t.rowid DESC";
$sql .= $this->db->plimit($max, 0);
$resql = $this->db->query($sql);

7
htdocs/core/boxes/box_last_ticket.php
View File

@ -93,12 +93,11 @@ class box_last_ticket extends ModeleBoxes
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_category as category ON category.code=t.category_code";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc";
$sql .= " WHERE t.entity = ".$conf->entity;
$sql .= " WHERE t.entity IN (".getEntity('ticket').")";
// $sql.= " AND e.rowid = er.fk_event";
//if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
//if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " WHERE s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
if ($user->socid) {
$sql .= " AND t.fk_soc= ".$user->socid;
$sql .= " AND t.fk_soc= ".((int) $user->socid);
}
//$sql.= " AND t.fk_statut > 9";

5
htdocs/core/boxes/box_project.php
View File

@ -136,8 +136,9 @@ class box_project extends ModeleBoxes
$sql = "SELECT count(*) as nb, sum(progress) as totprogress";
$sql .= " FROM ".MAIN_DB_PREFIX."projet as p LEFT JOIN ".MAIN_DB_PREFIX."projet_task as pt on pt.fk_projet = p.rowid";
$sql .= " WHERE p.entity IN (".getEntity('project').')';
$sql .= " AND p.rowid = ".$objp->rowid;
$sql .= " WHERE p.entity IN (".getEntity('project').')';
$sql .= " AND p.rowid = ".((int) $objp->rowid);
$resultTask = $this->db->query($sql);
if ($resultTask) {
$objTask = $this->db->fetch_object($resultTask);

4
htdocs/core/boxes/box_propales.php
View File

@ -96,10 +96,10 @@ class box_propales extends ModeleBoxes
$sql .= " WHERE p.fk_soc = s.rowid";
$sql .= " AND p.entity IN (".getEntity('propal').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY p.datep DESC, p.ref DESC ";

4
htdocs/core/boxes/box_prospect.php
View File

@ -99,10 +99,10 @@ class box_prospect extends ModeleBoxes
$sql .= " WHERE s.client IN (2, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY s.tms DESC";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_services_contracts.php
View File

@ -96,12 +96,12 @@ class box_services_contracts extends ModeleBoxes
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contrat";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= ")";
$sql .= " WHERE c.entity = ".$conf->entity;
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= $this->db->order("c.tms", "DESC");
$sql .= $this->db->plimit($max, 0);

2
htdocs/core/boxes/box_services_expired.php
View File

@ -96,7 +96,7 @@ class box_services_expired extends ModeleBoxes
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY c.rowid, c.ref, c.statut, c.date_contrat, c.ref_customer, c.ref_supplier, s.nom, s.rowid";
$sql .= ", s.email, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur";

4
htdocs/core/boxes/box_shipments.php
View File

@ -109,10 +109,10 @@ class box_shipments extends ModeleBoxes
$sql .= " AND e.fk_statut = 1";
}
if ($user->socid > 0) {
$sql.= " AND s.rowid = ".$user->socid;
$sql.= " AND s.rowid = ".((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
} else {
$sql .= " ORDER BY e.date_delivery, e.ref DESC ";
}

4
htdocs/core/boxes/box_supplier_orders.php
View File

@ -98,10 +98,10 @@ class box_supplier_orders extends ModeleBoxes
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('supplier_order').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_commande DESC, c.ref DESC ";

4
htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
View File

@ -99,10 +99,10 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes
$sql .= " AND c.entity IN (".getEntity('supplier_order').")";
$sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_commande DESC, c.ref DESC";

2
htdocs/core/boxes/box_validated_projects.php
View File

@ -118,7 +118,7 @@ class box_validated_projects extends ModeleBoxes
if ($projectsListId) {
$sql .= ' AND p.rowid IN ('.$this->db->sanitize($projectsListId).')'; // Only project we ara allowed
}
$sql .= " AND t.rowid NOT IN (SELECT fk_task FROM ".MAIN_DB_PREFIX."projet_task_time WHERE fk_user =".$user->id.")";
$sql .= " AND t.rowid NOT IN (SELECT fk_task FROM ".MAIN_DB_PREFIX."projet_task_time WHERE fk_user = ".((int) $user->id).")";
$sql .= " GROUP BY p.rowid, p.ref, p.fk_soc, p.dateo";
$sql .= " ORDER BY p.dateo ASC";

2
htdocs/core/class/commoninvoice.class.php
View File

@ -462,7 +462,7 @@ abstract class CommonInvoice extends CommonObject
$type = 'supplier_invoice';
}
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id;
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

44
htdocs/core/class/commonobject.class.php
View File

@ -1843,7 +1843,7 @@ abstract class CommonObject
if (!empty($element)) {
$sql .= " AND entity IN (".getEntity($element).")";
} else {
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND entity = ".((int) $conf->entity);
}
dol_syslog(get_class($this).'::fetchObjectFrom', LOG_DEBUG);
@ -1992,7 +1992,7 @@ abstract class CommonObject
/**
* Load properties id_previous and id_next by comparing $fieldid with $this->ref
*
* @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')"
* @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')". Do not allow user input data here.
* @param string $fieldid Name of field to use for the select MAX and MIN
* @param int $nodbprefix Do not include DB prefix to forge table name
* @return int <0 if KO, >0 if OK
@ -2041,10 +2041,10 @@ abstract class CommonObject
}
$sql .= " WHERE te.".$fieldid." < '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists)
if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)';
$sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)';
}
if (!empty($filter)) {
if (!preg_match('/^\s*AND/i', $filter)) {
@ -2111,10 +2111,10 @@ abstract class CommonObject
}
$sql .= " WHERE te.".$fieldid." > '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists)
if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)';
$sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)';
}
if (!empty($filter)) {
if (!preg_match('/^\s*AND/i', $filter)) {
@ -3899,14 +3899,14 @@ abstract class CommonObject
$sql = "UPDATE " . MAIN_DB_PREFIX . "element_element SET ";
if ($updatesource) {
$sql .= "fk_source = " . $sourceid;
$sql .= "fk_source = " . ((int) $sourceid);
$sql .= ", sourcetype = '" . $this->db->escape($sourcetype) . "'";
$sql .= " WHERE fk_target = " . $this->id;
$sql .= " WHERE fk_target = " . ((int) $this->id);
$sql .= " AND targettype = '" . $this->db->escape($this->element) . "'";
} elseif ($updatetarget) {
$sql .= "fk_target = " . $targetid;
$sql .= "fk_target = " . ((int) $targetid);
$sql .= ", targettype = '" . $this->db->escape($targettype) . "'";
$sql .= " WHERE fk_source = " . $this->id;
$sql .= " WHERE fk_source = " . ((int) $this->id);
$sql .= " AND sourcetype = '" . $this->db->escape($this->element) . "'";
}
@ -3992,15 +3992,15 @@ abstract class CommonObject
$sql .= " rowid = " . ((int) $rowid);
} else {
if ($deletesource) {
$sql .= " fk_source = " . $sourceid . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'";
$sql .= " AND fk_target = " . $this->id . " AND targettype = '" . $this->db->escape($this->element) . "'";
$sql .= " fk_source = " . ((int) $sourceid) . " AND sourcetype = '" . $this->db->escape($sourcetype) . "'";
$sql .= " AND fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "'";
} elseif ($deletetarget) {
$sql .= " fk_target = " . $targetid . " AND targettype = '" . $this->db->escape($targettype) . "'";
$sql .= " AND fk_source = " . $this->id . " AND sourcetype = '" . $this->db->escape($this->element) . "'";
$sql .= " fk_target = " . ((int) $targetid) . " AND targettype = '" . $this->db->escape($targettype) . "'";
$sql .= " AND fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "'";
} else {
$sql .= " (fk_source = " . $this->id . " AND sourcetype = '" . $this->db->escape($this->element) . "')";
$sql .= " (fk_source = " . ((int) $this->id) . " AND sourcetype = '" . $this->db->escape($this->element) . "')";
$sql .= " OR";
$sql .= " (fk_target = " . $this->id . " AND targettype = '" . $this->db->escape($this->element) . "')";
$sql .= " (fk_target = " . ((int) $this->id) . " AND targettype = '" . $this->db->escape($this->element) . "')";
}
}
@ -5506,7 +5506,7 @@ abstract class CommonObject
$sql = "SELECT rowid, property, lang , value";
$sql .= " FROM ".MAIN_DB_PREFIX."object_lang";
$sql .= " WHERE type_object = '".$this->db->escape($element)."'";
$sql .= " AND fk_object = ".$this->id;
$sql .= " AND fk_object = ".((int) $this->id);
//dol_syslog(get_class($this)."::fetch_optionals get extrafields data for ".$this->table_element, LOG_DEBUG); // Too verbose
$resql = $this->db->query($sql);
@ -5783,7 +5783,7 @@ abstract class CommonObject
dol_syslog(get_class($this)."::deleteExtraFields delete", LOG_DEBUG);
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id;
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id);
$resql = $this->db->query($sql_del);
if (!$resql) {
@ -5983,7 +5983,7 @@ abstract class CommonObject
dol_syslog(get_class($this)."::insertExtraFields delete then insert", LOG_DEBUG);
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".$this->id;
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX.$table_element."_extrafields WHERE fk_object = ".((int) $this->id);
$this->db->query($sql_del);
$sql = "INSERT INTO ".MAIN_DB_PREFIX.$table_element."_extrafields (fk_object";
@ -9509,7 +9509,7 @@ abstract class CommonObject
// Delete ecm_files extrafields
$sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_files_extrafields WHERE fk_object IN (";
$sql .= " SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE filename LIKE '".$this->db->escape($this->ref)."%'";
$sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".$conf->entity; // No need of getEntity here
$sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity); // No need of getEntity here
$sql .= ")";
if (!$this->db->query($sql)) {
@ -9521,7 +9521,7 @@ abstract class CommonObject
// Delete ecm_files
$sql = "DELETE FROM ".MAIN_DB_PREFIX."ecm_files";
$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%'";
$sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".$conf->entity; // No need of getEntity here
$sql .= " AND filepath = '".$this->db->escape($element)."/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity); // No need of getEntity here
if (!$this->db->query($sql)) {
$this->error = $this->db->lasterror();
@ -9533,7 +9533,7 @@ abstract class CommonObject
// Delete in database with mode 1
if ($mode == 1) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files_extrafields";
$sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id.")";
$sql .= " WHERE fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id).")";
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();

16
htdocs/core/class/discount.class.php
View File

@ -144,7 +144,7 @@ class DiscountAbsolute
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_fourn as fsup ON sr.fk_invoice_supplier_source = fsup.rowid";
$sql .= " WHERE sr.entity IN (".getEntity('invoice').")";
if ($rowid) {
$sql .= " AND sr.rowid=".((int) $rowid);
$sql .= " AND sr.rowid = ".((int) $rowid);
}
if ($fk_facture_source) {
$sql .= " AND sr.fk_facture_source = ".((int) $fk_facture_source);
@ -315,7 +315,7 @@ class DiscountAbsolute
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except";
$sql .= " WHERE (fk_invoice_supplier_line IS NOT NULL"; // Not used as absolute simple discount
$sql .= " OR fk_invoice_supplier IS NOT NULL)"; // Not used as credit note and not used as deposit
$sql .= " AND fk_invoice_supplier_source = ".$this->fk_invoice_supplier_source;
$sql .= " AND fk_invoice_supplier_source = ".((int) $this->fk_invoice_supplier_source);
//$sql.=" AND rowid != ".$this->id;
dol_syslog(get_class($this)."::delete Check if we can remove discount", LOG_DEBUG);
@ -355,7 +355,7 @@ class DiscountAbsolute
if ($this->fk_facture_source) {
$sql = "UPDATE ".MAIN_DB_PREFIX."facture";
$sql .= " set paye=0, fk_statut=1";
$sql .= " WHERE (type = 2 or type = 3) AND rowid=".$this->fk_facture_source;
$sql .= " WHERE (type = 2 or type = 3) AND rowid = ".((int) $this->fk_facture_source);
dol_syslog(get_class($this)."::delete Update credit note or deposit invoice statut", LOG_DEBUG);
$result = $this->db->query($sql);
@ -370,7 +370,7 @@ class DiscountAbsolute
} elseif ($this->fk_invoice_supplier_source) {
$sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn";
$sql .= " set paye=0, fk_statut=1";
$sql .= " WHERE (type = 2 or type = 3) AND rowid=".$this->fk_invoice_supplier_source;
$sql .= " WHERE (type = 2 or type = 3) AND rowid = ".((int) $this->fk_invoice_supplier_source);
dol_syslog(get_class($this)."::delete Update credit note or deposit invoice statut", LOG_DEBUG);
$result = $this->db->query($sql);
@ -488,7 +488,7 @@ class DiscountAbsolute
*
* @param Societe $company Object third party for filter
* @param User $user Filtre sur un user auteur des remises
* @param string $filter Filtre autre
* @param string $filter Filter other. Warning: Do not use a user input value here.
* @param int $maxvalue Filter on max value for discount
* @param int $discount_type 0 => customer discount, 1 => supplier discount
* @param int $multicurrency Return multicurrency_amount instead of amount
@ -503,17 +503,17 @@ class DiscountAbsolute
$sql = "SELECT SUM(rc.amount_ttc) as amount, SUM(rc.multicurrency_amount_ttc) as multicurrency_amount";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc";
$sql .= " WHERE rc.entity = ".$conf->entity;
$sql .= " AND rc.discount_type=".intval($discount_type);
$sql .= " AND rc.discount_type=".((int) $discount_type);
if (!empty($discount_type)) {
$sql .= " AND (rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_line IS NULL)"; // Available from supplier
} else {
$sql .= " AND (rc.fk_facture IS NULL AND rc.fk_facture_line IS NULL)"; // Available to customer
}
if (is_object($company)) {
$sql .= " AND rc.fk_soc = ".$company->id;
$sql .= " AND rc.fk_soc = ".((int) $company->id);
}
if (is_object($user)) {
$sql .= " AND rc.fk_user = ".$user->id;
$sql .= " AND rc.fk_user = ".((int) $user->id);
}
if ($filter) {
$sql .= ' AND ('.$filter.')';

22
htdocs/core/class/html.form.class.php
View File

@ -1347,13 +1347,13 @@ class Form
}
$sql .= " WHERE s.entity IN (".getEntity('societe').")";
if (!empty($user->socid)) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if ($filter) {
$sql .= " AND (".$filter.")";
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (!empty($conf->global->COMPANY_HIDE_INACTIVE_IN_COMBOBOX)) {
$sql .= " AND s.status <> 0";
@ -1664,7 +1664,7 @@ class Form
}
$sql .= " WHERE sp.entity IN (".getEntity('socpeople').")";
if ($socid > 0 || $socid == -1) {
$sql .= " AND sp.fk_soc=".$socid;
$sql .= " AND sp.fk_soc = ".((int) $socid);
}
if (!empty($conf->global->CONTACT_HIDE_INACTIVE_IN_COMBOBOX)) {
$sql .= " AND sp.statut <> 0";
@ -2446,13 +2446,13 @@ class Form
if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY) || !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) {
$sql .= ", (SELECT pp.rowid FROM ".MAIN_DB_PREFIX."product_price as pp WHERE pp.fk_product = p.rowid";
if ($price_level >= 1 && !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) {
$sql .= " AND price_level=".$price_level;
$sql .= " AND price_level = ".((int) $price_level);
}
$sql .= " ORDER BY date_price";
$sql .= " DESC LIMIT 1) as price_rowid";
$sql .= ", (SELECT pp.price_by_qty FROM ".MAIN_DB_PREFIX."product_price as pp WHERE pp.fk_product = p.rowid"; // price_by_qty is 1 if some prices by qty exists in subtable
if ($price_level >= 1 && !empty($conf->global->PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES)) {
$sql .= " AND price_level=".$price_level;
$sql .= " AND price_level = ".((int) $price_level);
}
$sql .= " ORDER BY date_price";
$sql .= " DESC LIMIT 1) as price_by_qty";
@ -2472,7 +2472,7 @@ class Form
//Price by customer
if (!empty($conf->global->PRODUIT_CUSTOMER_PRICES) && !empty($socid)) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".$socid." AND pcp.fk_product=p.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_customer_price as pcp ON pcp.fk_soc=".((int) $socid)." AND pcp.fk_product=p.rowid";
}
// Units
if (!empty($conf->global->PRODUCT_USE_UNITS)) {
@ -3462,7 +3462,7 @@ class Form
$sql .= " WHERE pfp.entity IN (".getEntity('productsupplierprice').")";
$sql .= " AND p.tobuy = 1";
$sql .= " AND s.fournisseur = 1";
$sql .= " AND p.rowid = ".$productid;
$sql .= " AND p.rowid = ".((int) $productid);
$sql .= " ORDER BY s.nom, pfp.ref_fourn DESC";
dol_syslog(get_class($this)."::select_product_fourn_price", LOG_DEBUG);
@ -7013,14 +7013,14 @@ class Form
}
if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) {
if ($objecttmp->element == 'societe') {
$sql .= " AND t.rowid = ".$user->socid;
$sql .= " AND t.rowid = ".((int) $user->socid);
} else {
$sql .= " AND t.fk_soc = ".$user->socid;
$sql .= " AND t.fk_soc = ".((int) $user->socid);
}
}
if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') {
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
}
}
@ -9049,7 +9049,7 @@ class Form
$sql .= " AND f.fk_projet = p.rowid AND f.fk_statut=0"; //Brouillons seulement
//if ($projectsListId) $sql.= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")";
//if ($socid == 0) $sql.= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)";
//if ($socid > 0) $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)";
//if ($socid > 0) $sql.= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)";
$sql .= " ORDER BY p.ref, f.ref ASC";
$resql = $this->db->query($sql);

2
htdocs/core/class/html.formcontract.class.php
View File

@ -80,7 +80,7 @@ class FormContract
if ($socid > 0) {
// CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY is 'all' or a list of ids separated by coma.
if (empty($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY)) {
$sql .= " AND (c.fk_soc=".$socid." OR c.fk_soc IS NULL)";
$sql .= " AND (c.fk_soc=".((int) $socid)." OR c.fk_soc IS NULL)";
} elseif ($conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY != 'all') {
$sql .= " AND (c.fk_soc IN (".$this->db->sanitize($socid.", ".$conf->global->CONTRACT_ALLOW_TO_LINK_FROM_OTHER_COMPANY).") ";
$sql .= " OR c.fk_soc IS NULL)";

6
htdocs/core/class/html.formmail.class.php
View File

@ -1276,7 +1276,7 @@ class FormMail extends Form
$sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql .= " WHERE (type_template='".$db->escape($type_template)."' OR type_template='all')";
$sql .= " AND entity IN (".getEntity('c_email_templates').")";
$sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // Get all public or private owned
$sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // Get all public or private owned
if ($active >= 0) {
$sql .= " AND active = ".((int) $active);
}
@ -1399,7 +1399,7 @@ class FormMail extends Form
$sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql .= " WHERE type_template='".$this->db->escape($type_template)."'";
$sql .= " AND entity IN (".getEntity('c_email_templates').")";
$sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".$user->id.")";
$sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".((int) $user->id).")";
if (is_object($outputlangs)) {
$sql .= " AND (lang = '".$this->db->escape($outputlangs->defaultlang)."' OR lang IS NULL OR lang = '')";
}
@ -1435,7 +1435,7 @@ class FormMail extends Form
$sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql .= " WHERE type_template IN ('".$this->db->escape($type_template)."', 'all')";
$sql .= " AND entity IN (".getEntity('c_email_templates').")";
$sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // See all public templates or templates I own.
$sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // See all public templates or templates I own.
if ($active >= 0) {
$sql .= " AND active = ".((int) $active);
}

6
htdocs/core/class/html.formother.class.php
View File

@ -497,10 +497,10 @@ class FormOther
}
if (empty($user->rights->user->user->lire)) {
$sql_usr .= " AND u.rowid = ".$user->id;
$sql_usr .= " AND u.rowid = ".((int) $user->id);
}
if (!empty($user->socid)) {
$sql_usr .= " AND u.fk_soc = ".$user->socid;
$sql_usr .= " AND u.fk_soc = ".((int) $user->socid);
}
//Add hook to filter on user (for exemple on usergroup define in custom modules)
@ -524,7 +524,7 @@ class FormOther
$sql_usr .= " WHERE u2.entity IN (".getEntity('user').")";
}
$sql_usr .= " AND u2.rowid = sc.fk_user AND sc.fk_soc=".$user->socid;
$sql_usr .= " AND u2.rowid = sc.fk_user AND sc.fk_soc = ".((int) $user->socid);
//Add hook to filter on user (for exemple on usergroup define in custom modules)
if (!empty($reshook)) {

2
htdocs/core/class/html.formprojet.class.php
View File

@ -350,7 +350,7 @@ class FormProjets
$sql .= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)";
}
if ($socid > 0) {
$sql .= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)";
$sql .= " AND (p.fk_soc=".((int) $socid)." OR p.fk_soc IS NULL)";
}
$sql .= " ORDER BY p.ref, t.ref ASC";

2
htdocs/core/class/notify.class.php
View File

@ -398,7 +398,7 @@ class Notify
$sql .= " WHERE n.fk_user = c.rowid AND a.rowid = n.fk_action";
$sql .= " AND c.statut = 1";
if (is_numeric($notifcode)) {
$sql .= " AND n.fk_action = ".$notifcode; // Old usage
$sql .= " AND n.fk_action = ".((int) $notifcode); // Old usage
} else {
$sql .= " AND a.code = '".$this->db->escape($notifcode)."'"; // New usage
}

4
htdocs/core/lib/agenda.lib.php
View File

@ -168,7 +168,7 @@ function show_array_actions_to_do($max = 5)
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
$sql .= " AND ((a.percent >= 0 AND a.percent < 100) OR (a.percent = -1 AND a.datep2 > '".$db->idate($now)."'))";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -284,7 +284,7 @@ function show_array_last_actions_done($max = 5)
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
$sql .= " AND (a.percent >= 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);

20
htdocs/core/lib/company.lib.php
View File

@ -1085,7 +1085,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '')
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople_extrafields as ef on (t.rowid = ef.fk_object)";
$sql .= " WHERE t.fk_soc = ".$object->id;
if ($search_status != '' && $search_status != '-1') {
$sql .= " AND t.statut = ".$db->escape($search_status);
$sql .= " AND t.statut = ".((int) $search_status);
}
if ($search_name) {
$sql .= natural_search(array('t.lastname', 't.firstname'), $search_name);
@ -1489,46 +1489,46 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
if ($force_filter_contact === false) {
if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur')) && $filterobj->id) {
$sql .= " AND a.fk_soc = ".$filterobj->id;
$sql .= " AND a.fk_soc = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Dolresource') {
/* Nothing */
} elseif (is_object($filterobj) && get_class($filterobj) == 'Project' && $filterobj->id) {
$sql .= " AND a.fk_project = ".$filterobj->id;
$sql .= " AND a.fk_project = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') {
$sql .= " AND a.fk_element = m.rowid AND a.elementtype = 'member'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'order_supplier'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Product') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'product'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Ticket') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'ticket'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'BOM') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'bom'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Contrat') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'contract'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && is_array($filterobj->fields) && is_array($filterobj->fields['rowid']) && is_array($filterobj->fields['ref']) && $filterobj->table_element && $filterobj->element) {
// Generic case
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? '@'.$module : '')."'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
}
}

16
htdocs/core/lib/invoice.lib.php
View File

@ -242,7 +242,7 @@ function getCustomerInvoicePieChart($socid = 0)
$sql .= ' AND f.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY f.fk_statut";
@ -362,7 +362,7 @@ function getPurchaseInvoicePieChart($socid = 0)
$sql .= ' AND f.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY f.fk_statut";
@ -600,7 +600,7 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0)
$sql .= " WHERE s.rowid = f.fk_soc AND f.fk_statut = ".Facture::STATUS_DRAFT;
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -743,7 +743,7 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0)
$sql .= " WHERE s.rowid = f.fk_soc AND f.fk_statut = ".FactureFournisseur::STATUS_DRAFT;
$sql .= " AND f.entity IN (".getEntity('invoice').')';
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
@ -867,7 +867,7 @@ function getCustomerInvoiceLatestEditTable($maxCount = 5, $socid = 0)
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY f.tms DESC";
$sql .= $db->plimit($maxCount, 0);
@ -969,7 +969,7 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0)
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY f.tms DESC";
$sql .= $db->plimit($maxCount, 0);
@ -1079,7 +1079,7 @@ function getCustomerInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0)
$sql .= " WHERE s.rowid = f.fk_soc AND f.paye = 0 AND f.fk_statut = ".Facture::STATUS_VALIDATED;
$sql .= " AND f.entity IN (".getEntity('invoice').')';
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
@ -1267,7 +1267,7 @@ function getPurchaseInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0)
$sql .= " AND ff.paye = 0";
$sql .= " AND ff.fk_statut = ".FactureFournisseur::STATUS_VALIDATED;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND ff.fk_soc = ".((int) $socid);

2
htdocs/core/lib/order.lib.php
View File

@ -208,7 +208,7 @@ function getCustomerOrderPieChart($socid = 0)
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY c.fk_statut";

6
htdocs/core/lib/project.lib.php
View File

@ -100,7 +100,7 @@ function project_prepare_head(Project $project)
//$sql .= " WHERE t.fk_user = u.rowid AND t.fk_task = pt.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."projet_task_time as t, ".MAIN_DB_PREFIX."projet_task as pt";
$sql .= " WHERE t.fk_task = pt.rowid";
$sql .= " AND pt.fk_projet =".$project->id;
$sql .= " AND pt.fk_projet =".((int) $project->id);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
@ -113,7 +113,7 @@ function project_prepare_head(Project $project)
}
}
$head[$h][0] = DOL_URL_ROOT.'/projet/tasks/time.php?withproject=1&projectid='.$project->id;
$head[$h][0] = DOL_URL_ROOT.'/projet/tasks/time.php?withproject=1&projectid='.urlencode($project->id);
$head[$h][1] = $langs->trans("TimeSpent");
if ($nbTimeSpent > 0) {
$head[$h][1] .= '<span class="badge marginleftonlyshort">...</span>';
@ -2445,7 +2445,7 @@ function print_projecttasks_array($db, $form, $socid, $projectsListId, $mytasks
if ($mytasks) {
$sql .= " AND p.rowid = t.fk_projet";
$sql .= " AND ec.element_id = t.rowid";
$sql .= " AND ec.fk_socpeople = ".$user->id;
$sql .= " AND ec.fk_socpeople = ".((int) $user->id);
$sql .= " AND ec.fk_c_type_contact = ctc.rowid"; // Replace the 2 lines with ec.fk_c_type_contact in $arrayidtypeofcontact
$sql .= " AND ctc.element = 'project_task'";
}

2
htdocs/core/lib/propal.lib.php
View File

@ -187,7 +187,7 @@ function getCustomerProposalPieChart($socid = 0)
$sql .= ' AND p.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND p.fk_statut IN (".$db->sanitize(implode(" ,", $listofstatus)).")";
$sql .= " GROUP BY p.fk_statut";

12
htdocs/core/lib/security.lib.php
View File

@ -668,7 +668,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta
$sql .= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= ", ".MAIN_DB_PREFIX."societe as s)";
$sql .= " WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).")";
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
$sql .= " AND sc.fk_soc = s.rowid";
$sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")";
} elseif (!empty($conf->multicompany->enabled)) {
@ -684,7 +684,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
$sql .= " AND dbt.fk_soc = ".$user->socid;
$sql .= " AND dbt.fk_soc = ".((int) $user->socid);
} elseif (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
// If internal user: Check permission for internal users that are restricted on their objects
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
@ -754,7 +754,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta
$sql = "SELECT COUNT(dbt.".$dbt_keyfield.") as nb";
$sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql .= " WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).")";
$sql .= " AND dbt.".$dbt_keyfield." = ".$user->socid;
$sql .= " AND dbt.".$dbt_keyfield." = ".((int) $user->socid);
} elseif (!empty($conf->societe->enabled) && !$user->rights->societe->client->voir) {
// If internal user: Check permission for internal users that are restricted on their objects
if ($feature != 'ticket') {
@ -767,15 +767,15 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta
$sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
$sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
$sql .= " AND sc.fk_soc = dbt.".$dbt_keyfield;
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
} else {
// On ticket, the thirdparty is not mandatory, so we need a special test to accept record with no thirdparties.
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield." AND sc.fk_user = ".$user->id;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield." AND sc.fk_user = ".((int) $user->id);
$sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
$sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
$sql .= " AND (sc.fk_user = ".$user->id." OR sc.fk_user IS NULL)";
$sql .= " AND (sc.fk_user = ".((int) $user->id)." OR sc.fk_user IS NULL)";
}
} elseif (!empty($conf->multicompany->enabled)) {
// If multicompany and internal users with all permissions, check user is in correct entity

18
htdocs/core/lib/ticket.lib.php
View File

@ -351,7 +351,7 @@ function show_ticket_messaging($conf, $langs, $db, $filterobj, $objcon = '', $no
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."element_resources as er";
$sql .= " ON er.resource_type = 'dolresource'";
$sql .= " AND er.element_id = a.id";
$sql .= " AND er.resource_id = ".$filterobj->id;
$sql .= " AND er.resource_id = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') {
$sql .= ", ".MAIN_DB_PREFIX."adherent as m";
} elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') {
@ -369,38 +369,38 @@ function show_ticket_messaging($conf, $langs, $db, $filterobj, $objcon = '', $no
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
if ($force_filter_contact === false) {
if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur')) && $filterobj->id) {
$sql .= " AND a.fk_soc = ".$filterobj->id;
$sql .= " AND a.fk_soc = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Project' && $filterobj->id) {
$sql .= " AND a.fk_project = ".$filterobj->id;
$sql .= " AND a.fk_project = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') {
$sql .= " AND a.fk_element = m.rowid AND a.elementtype = 'member'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'order_supplier'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Product') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'product'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Ticket') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'ticket'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'BOM') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'bom'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Contrat') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'contract'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
}
}

4
htdocs/core/modules/facture/doc/pdf_crabe.modules.php
View File

@ -854,7 +854,7 @@ class pdf_crabe extends ModelePDFFactures
$sql .= " re.description, re.fk_facture_source,";
$sql .= " f.type, f.datef";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re, ".MAIN_DB_PREFIX."facture as f";
$sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".$object->id;
$sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".((int) $object->id);
$resql = $this->db->query($sql);
if ($resql) {
$num = $this->db->num_rows($resql);
@ -914,7 +914,7 @@ class pdf_crabe extends ModelePDFFactures
$sql .= " cp.code";
$sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id";
$sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$object->id;
$sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $object->id);
//$sql.= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = 1";
$sql .= " ORDER BY p.datep";

4
htdocs/core/modules/facture/doc/pdf_sponge.modules.php
View File

@ -1015,7 +1015,7 @@ class pdf_sponge extends ModelePDFFactures
$sql .= " re.description, re.fk_facture_source,";
$sql .= " f.type, f.datef";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re, ".MAIN_DB_PREFIX."facture as f";
$sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".$object->id;
$sql .= " WHERE re.fk_facture_source = f.rowid AND re.fk_facture = ".((int) $object->id);
$resql = $this->db->query($sql);
if ($resql) {
$num = $this->db->num_rows($resql);
@ -1061,7 +1061,7 @@ class pdf_sponge extends ModelePDFFactures
$sql .= " cp.code";
$sql .= " FROM ".MAIN_DB_PREFIX."paiement_facture as pf, ".MAIN_DB_PREFIX."paiement as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as cp ON p.fk_paiement = cp.id";
$sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".$object->id;
$sql .= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = ".((int) $object->id);
//$sql.= " WHERE pf.fk_paiement = p.rowid AND pf.fk_facture = 1";
$sql .= " ORDER BY p.datep";

2
htdocs/core/modules/mailings/contacts1.modules.php
View File

@ -395,7 +395,7 @@ class mailing_contacts1 extends MailingTargets
$sql .= " AND (SELECT count(*) FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = sp.email) = 0";
// Exclude unsubscribed email adresses
$sql .= " AND sp.statut = 1";
$sql .= " AND sp.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
$sql .= " AND sp.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")";
// Filter on category
if ($filter_category <> 'all') {
$sql .= " AND cs.fk_categorie = c.rowid AND cs.fk_socpeople = sp.rowid";

2
htdocs/core/modules/mailings/fraise.modules.php
View File

@ -252,7 +252,7 @@ class mailing_fraise extends MailingTargets
}
$sql .= " , ".MAIN_DB_PREFIX."adherent_type as ta";
$sql .= " WHERE a.entity IN (".getEntity('member').") AND a.email <> ''"; // Note that null != '' is false
$sql .= " AND a.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$this->db->escape($mailing_id).")";
$sql .= " AND a.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".((int) $mailing_id).")";
// Filter on status
if (GETPOST("filter") == '-1') {
$sql .= " AND a.statut=-1";

2
htdocs/core/modules/printing/printgcp.modules.php
View File

@ -334,7 +334,7 @@ class printing_printgcp extends PrintingDriver
$fileprint .= '/'.$file;
$mimetype = dol_mimetype($fileprint);
// select printer uri for module order, propal,...
$sql = "SELECT rowid, printer_id, copy FROM ".MAIN_DB_PREFIX."printing WHERE module='".$this->db->escape($module)."' AND driver='printgcp' AND userid=".$user->id;
$sql = "SELECT rowid, printer_id, copy FROM ".MAIN_DB_PREFIX."printing WHERE module='".$this->db->escape($module)."' AND driver='printgcp' AND userid=".((int) $user->id);
$result = $this->db->query($sql);
if ($result) {
$obj = $this->db->fetch_object($result);

2
htdocs/core/modules/printing/printipp.modules.php
View File

@ -148,7 +148,7 @@ class printing_printipp extends PrintingDriver
}
// select printer uri for module order, propal,...
$sql = "SELECT rowid,printer_id,copy FROM ".MAIN_DB_PREFIX."printing WHERE module = '".$this->db->escape($module)."' AND driver = 'printipp' AND userid = ".$user->id;
$sql = "SELECT rowid,printer_id,copy FROM ".MAIN_DB_PREFIX."printing WHERE module = '".$this->db->escape($module)."' AND driver = 'printipp' AND userid = ".((int) $user->id);
$result = $this->db->query($sql);
if ($result) {
$obj = $this->db->fetch_object($result);

8
htdocs/core/modules/rapport/pdf_paiement.class.php
View File

@ -206,7 +206,7 @@ class pdf_paiement
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (!empty($socid)) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -241,13 +241,13 @@ class pdf_paiement
if (!empty($conf->banque->enabled)) {
$sql .= " AND p.fk_bank = b.rowid AND b.fk_account = ba.rowid ";
}
$sql .= " AND f.entity = ".$conf->entity;
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (!empty($socid)) {
$sql .= " AND s.rowid = ".$socid;
$sql .= " AND s.rowid = ".((int) $socid);
}
// If global param PAYMENTS_FOURN_REPORT_GROUP_BY_MOD is set, payement fourn are ordered by paiement_code
if (!empty($conf->global->PAYMENTS_FOURN_REPORT_GROUP_BY_MOD)) {

2
htdocs/core/website.inc.php
View File

@ -96,7 +96,7 @@ if ($_SERVER['PHP_SELF'] != DOL_URL_ROOT.'/website/index.php') { // If we browsi
$sql .= " WHERE wp.fk_website = ".((int) $website->id);
$sql .= " AND (wp.fk_page = ".((int) $pageid)." OR wp.rowid = ".((int) $pageid);
if (is_object($websitepage) && $websitepage->fk_page > 0) {
$sql .= " OR wp.fk_page = ".$websitepage->fk_page." OR wp.rowid = ".$websitepage->fk_page;
$sql .= " OR wp.fk_page = ".((int) $websitepage->fk_page)." OR wp.rowid = ".((int) $websitepage->fk_page);
}
$sql .= ")";
$sql .= " AND wp.lang = '".$db->escape(GETPOST('l', 'aZ09'))."'";

18
htdocs/delivery/class/delivery.class.php
View File

@ -273,10 +273,10 @@ class Delivery extends CommonObject
$sql = "INSERT INTO ".MAIN_DB_PREFIX."deliverydet (fk_delivery, fk_origin_line,";
$sql .= " fk_product, description, qty)";
$sql .= " VALUES (".$this->id.",".$origin_id.",";
$sql .= " ".($idprod > 0 ? $idprod : "null").",";
$sql .= " VALUES (".$this->id.",".((int) $origin_id).",";
$sql .= " ".($idprod > 0 ? ((int) $idprod) : "null").",";
$sql .= " ".($description ? "'".$this->db->escape($description)."'" : "null").",";
$sql .= $qty.")";
$sql .= (price2num($qty, 'MS')).")";
dol_syslog(get_class($this)."::create_line", LOG_DEBUG);
if (!$this->db->query($sql)) {
@ -412,7 +412,7 @@ class Delivery extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."delivery";
$sql .= " WHERE ref = '".$this->db->escape($numref)."'";
$sql .= " AND fk_statut <> 0";
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND entity = ".((int) $conf->entity);
$resql = $this->db->query($sql);
if ($resql) {
@ -453,7 +453,7 @@ class Delivery extends CommonObject
if (preg_match('/^[\(]?PROV/i', $this->ref)) {
// Now we rename also files into index
$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'expedition/receipt/".$this->db->escape($this->newref)."'";
$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/receipt/".$this->db->escape($this->ref)."' and entity = ".$conf->entity;
$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'expedition/receipt/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity);
$resql = $this->db->query($sql);
if (!$resql) {
$error++; $this->error = $this->db->lasterror();
@ -641,7 +641,7 @@ class Delivery extends CommonObject
$error = 0;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."deliverydet";
$sql .= " WHERE fk_delivery = ".$this->id;
$sql .= " WHERE fk_delivery = ".((int) $this->id);
if ($this->db->query($sql)) {
// Delete linked object
$res = $this->deleteObjectLinked();
@ -761,7 +761,7 @@ class Delivery extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."commandedet as cd, ".MAIN_DB_PREFIX."deliverydet as ld";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p on p.rowid = ld.fk_product";
$sql .= " WHERE ld.fk_origin_line = cd.rowid";
$sql .= " AND ld.fk_delivery = ".$this->id;
$sql .= " AND ld.fk_delivery = ".((int) $this->id);
dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -958,8 +958,8 @@ class Delivery extends CommonObject
$sql .= " WHERE ld.fk_delivery = l.rowid";
$sql .= " AND ld.fk_origin_line = cd.rowid";
$sql .= " AND cd.fk_".$this->linked_object[0]['type']." = c.rowid";
$sql .= " AND cd.fk_".$this->linked_object[0]['type']." = ".$this->linked_object[0]['linkid'];
$sql .= " AND ld.fk_origin_line = ".$objSourceLine->rowid;
$sql .= " AND cd.fk_".$this->linked_object[0]['type']." = ".((int) $this->linked_object[0]['linkid']);
$sql .= " AND ld.fk_origin_line = ".((int) $objSourceLine->rowid);
$sql .= " GROUP BY ld.fk_origin_line";
$result = $this->db->query($sql);

6
htdocs/eventorganization/eventorganizationindex.php
View File

@ -83,8 +83,8 @@ if (! empty($conf->eventorganization->enabled) && $user->rights->eventorganizati
$sql.= " WHERE c.fk_soc = s.rowid";
$sql.= " AND c.fk_statut = 0";
$sql.= " AND c.entity IN (".getEntity('commande').")";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if ($socid) $sql.= " AND c.fk_soc = ".$socid;
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
$resql = $db->query($sql);
if ($resql)
@ -158,7 +158,7 @@ if (! empty($conf->eventorganization->enabled) && $user->rights->eventorganizati
$sql.= " FROM ".MAIN_DB_PREFIX."eventorganization_myobject as s";
//if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE s.entity IN (".getEntity($myobjectstatic->element).")";
//if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
//if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
//if ($socid) $sql.= " AND s.rowid = $socid";
$sql .= " ORDER BY s.tms DESC";
$sql .= $db->plimit($max, 0);

Some files were not shown because too many files have changed in this diff Show More