lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix escape

Browse Source
This commit is contained in:
Laurent Destailleur 2022-12-30 01:40:09 +01:00
parent f99fa791b2
commit dd4810aef6
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/accountancy/bookkeeping/list.php
View File

@ -346,7 +346,7 @@ if (empty($reshook)) {
$listofaccountsforgroup2 = array();
if (is_array($listofaccountsforgroup)) {
foreach ($listofaccountsforgroup as $tmpval) {
$listofaccountsforgroup2[] = $tmpval['id'];
$listofaccountsforgroup2[] = "'".$db->escape($tmpval['id'])."'";
}
}
$filter['t.search_accounting_code_in'] = join(',', $listofaccountsforgroup2);
@ -698,7 +698,7 @@ if (count($filter) > 0) {
$sqlwhere[] = natural_search("t.code_journal", $value, 3, 1);
}
} elseif ($key == 't.search_accounting_code_in' && !empty($value)) {
$sqlwhere[] = 't.numero_compte IN ('.$value.')';
$sqlwhere[] = 't.numero_compte IN ('.$db->sanitize($value, 1).')';
} else {
$sqlwhere[] = natural_search($key, $value, 0, 1);
}

2
htdocs/accountancy/bookkeeping/listbyaccount.php
View File

@ -291,7 +291,7 @@ if (empty($reshook)) {
$listofaccountsforgroup2 = array();
if (is_array($listofaccountsforgroup)) {
foreach ($listofaccountsforgroup as $tmpval) {
$listofaccountsforgroup2[] = $tmpval['id'];
$listofaccountsforgroup2[] = "'".$db->escape($tmpval['id'])."'";
}
}
$filter['t.search_accounting_code_in'] = join(',', $listofaccountsforgroup2);

2
htdocs/accountancy/class/bookkeeping.class.php
View File

@ -903,7 +903,7 @@ class BookKeeping extends CommonObject
$sqlwhere[] = natural_search("t.code_journal", $value, 3, 1);
}
} elseif ($key == 't.search_accounting_code_in' && !empty($value)) {
$sqlwhere[] = 't.numero_compte IN ('.$value.')';
$sqlwhere[] = 't.numero_compte IN ('.$this->db->sanitize($value, 1).')';
} else {
$sqlwhere[] = natural_search($key, $value, 0, 1);
}