From dc1226b116a868c781658ef40fe46e6a3f540631 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 25 Oct 2021 18:40:19 +0200 Subject: [PATCH] Fix #yogosha7508 --- htdocs/core/class/commonobject.class.php | 2 +- .../fourn/class/fournisseur.commande.dispatch.class.php | 5 +---- test/phpunit/CodingPhpTest.php | 8 ++++---- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index c68cc9c7d84..91446f38070 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1851,7 +1851,7 @@ abstract class CommonObject $result = false; $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX.$table; - $sql .= " WHERE ".$field." = '".$key."'"; + $sql .= " WHERE ".$field." = '".$this->db->escape($key)."'"; if (!empty($element)) { $sql .= " AND entity IN (".getEntity($element).")"; } else { diff --git a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php index a73be8ac43b..7037cd94262 100644 --- a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php +++ b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php @@ -286,7 +286,7 @@ class CommandeFournisseurDispatch extends CommonObjectLine $sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t"; if ($ref) { - $sql .= " WHERE t.ref = '".$ref."'"; + $sql .= " WHERE t.ref = '".$this->db->escape($ref)."'"; } else { $sql .= " WHERE t.rowid = ".((int) $id); } @@ -374,7 +374,6 @@ class CommandeFournisseurDispatch extends CommonObjectLine // Update request $sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET"; - $sql .= " fk_commande=".(isset($this->fk_commande) ? $this->fk_commande : "null").","; $sql .= " fk_product=".(isset($this->fk_product) ? $this->fk_product : "null").","; $sql .= " fk_commandefourndet=".(isset($this->fk_commandefourndet) ? $this->fk_commandefourndet : "null").","; @@ -388,8 +387,6 @@ class CommandeFournisseurDispatch extends CommonObjectLine $sql .= " batch=".(isset($this->batch) ? "'".$this->db->escape($this->batch)."'" : "null").","; $sql .= " eatby=".(dol_strlen($this->eatby) != 0 ? "'".$this->db->idate($this->eatby)."'" : 'null').","; $sql .= " sellby=".(dol_strlen($this->sellby) != 0 ? "'".$this->db->idate($this->sellby)."'" : 'null').""; - - $sql .= " WHERE rowid=".((int) $this->id); $this->db->begin(); diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index c68f1162790..c0bf927e382 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -360,13 +360,13 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; $this->assertTrue($ok, 'Found non escaped string in building of a sql request (case 1) in '.$file['relativename'].' - Bad.'); - // Check string sql|set...'".$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. + // Check string sql|set|WHERE|...'".$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. $ok=true; $matches=array(); - preg_match_all('/(sql|SET|WHERE|INSERT|VALUES).+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('/(sql|SET|WHERE|INSERT|VALUES).+\s*\'"\s*\.\s*\$(........)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { - if (! in_array($val[2], array('this->db-', 'this->esc', 'db->escap', 'dbs->esca', 'mydb->esc', 'dbsession', 'db->idate', 'escapedli', 'excludeGr', 'includeGr'))) { - $ok=false; + if (! in_array($val[2], array('this->db', 'this->es', 'db->esca', 'dbs->esc', 'mydb->es', 'dbsessio', 'db->idat', 'escapedl', 'excludeG', 'includeG'))) { + $ok=false; // This will generate error break; } //if ($reg[0] != 'db') $ok=false;