FIX #yogosha8186
This commit is contained in:
Laurent Destailleur
parent
f8a97ef928
commit
ef56631c80
@ -168,7 +168,7 @@ class AccountingAccount extends CommonObject
|
||||
global $conf;
|
||||
|
||||
$this->db = $db;
|
||||
$this->next_prev_filter = "fk_pcg_version IN (SELECT pcg_version FROM ".MAIN_DB_PREFIX."accounting_system WHERE rowid=".((int) $conf->global->CHARTOFACCOUNTS).")"; // Used to add a filter in Form::showrefnav method
|
||||
$this->next_prev_filter = "fk_pcg_version IN (SELECT pcg_version FROM ".MAIN_DB_PREFIX."accounting_system WHERE rowid = ".((int) $conf->global->CHARTOFACCOUNTS).")"; // Used to add a filter in Form::showrefnav method
|
||||
}
|
||||
|
||||
/**
|
||||
@ -197,7 +197,7 @@ class AccountingAccount extends CommonObject
|
||||
$sql .= " AND a.entity = ".$conf->entity;
|
||||
}
|
||||
if (!empty($limittocurrentchart)) {
|
||||
$sql .= ' AND a.fk_pcg_version IN (SELECT pcg_version FROM '.MAIN_DB_PREFIX.'accounting_system WHERE rowid='.$this->db->escape($conf->global->CHARTOFACCOUNTS).')';
|
||||
$sql .= ' AND a.fk_pcg_version IN (SELECT pcg_version FROM '.MAIN_DB_PREFIX.'accounting_system WHERE rowid = '.((int) $conf->global->CHARTOFACCOUNTS).')';
|
||||
}
|
||||
if (!empty($limittoachartaccount)) {
|
||||
$sql .= " AND a.fk_pcg_version = '".$this->db->escape($limittoachartaccount)."'";
|
||||
|
||||
@ -74,7 +74,7 @@ class AdherentStats extends Stats
|
||||
if ($this->memberid) {
|
||||
$this->where .= " AND m.rowid = ".((int) $this->memberid);
|
||||
}
|
||||
//if ($this->userid > 0) $this->where.=' AND fk_user_author = '.$this->userid;
|
||||
//if ($this->userid > 0) $this->where .= " AND fk_user_author = ".((int) $this->userid);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -721,7 +721,7 @@ if (empty($user->rights->societe->client->voir) && !$socid) {
|
||||
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
|
||||
}
|
||||
if ($socid > 0) {
|
||||
$sql .= ' AND a.fk_soc = '.$socid;
|
||||
$sql .= " AND a.fk_soc = ".((int) $socid);
|
||||
}
|
||||
// We must filter on assignement table
|
||||
if ($filtert > 0 || $usergroup > 0) {
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
*/
|
||||
|
||||
/**
|
||||
* \file htdocs/societe/consumption.php
|
||||
* \file htdocs/contact/consumption.php
|
||||
* \ingroup societe
|
||||
* \brief Add a tab on thirpdarty view to list all products/services bought or sells by thirdparty
|
||||
*/
|
||||
@ -32,10 +32,10 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.class.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
|
||||
|
||||
// Security check
|
||||
$optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')
|
||||
|
||||
$id = GETPOST('id', 'int');
|
||||
|
||||
$result = restrictedArea($user, 'contact', $id, 'socpeople&societe');
|
||||
$object = new Contact($db);
|
||||
if ($id > 0) {
|
||||
$object->fetch($id);
|
||||
@ -86,6 +86,8 @@ $langs->loadLangs(array("companies", "bills", "orders", "suppliers", "propal", "
|
||||
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
|
||||
$hookmanager->initHooks(array('consumptioncontact'));
|
||||
|
||||
$result = restrictedArea($user, 'contact', $object->id, 'socpeople&societe');
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
@ -196,7 +198,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices
|
||||
$sql_select = 'SELECT f.rowid as doc_id, f.ref as doc_number, \'1\' as doc_type, f.datec as dateprint, f.fk_statut as status, tc.libelle as type_contact_label, ';
|
||||
$tables_from = MAIN_DB_PREFIX.'fichinterdet d';
|
||||
$tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'fichinter as f ON d.fk_fichinter=f.rowid';
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=f.rowid AND ec.fk_socpeople='.$object->id;
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=f.rowid AND ec.fk_socpeople = '.((int) $object->id);
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX."c_type_contact tc ON (ec.fk_c_type_contact=tc.rowid and tc.element='fichinter' and tc.source='external' and tc.active=1)";
|
||||
$where = ' WHERE f.entity IN ('.getEntity('ficheinter').')';
|
||||
$dateprint = 'f.datec';
|
||||
@ -208,7 +210,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices
|
||||
$tables_from = MAIN_DB_PREFIX.'facturedet d';
|
||||
$tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'facture as f ON d.fk_facture=f.rowid';
|
||||
$tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product p ON d.fk_product=p.rowid';
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=f.rowid AND ec.fk_socpeople='.$object->id;
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=f.rowid AND ec.fk_socpeople = '.((int) $object->id);
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX."c_type_contact tc ON (ec.fk_c_type_contact=tc.rowid and tc.element='facture' and tc.source='external' and tc.active=1)";
|
||||
$where = " WHERE f.entity IN (".getEntity('invoice').")";
|
||||
$dateprint = 'f.datef';
|
||||
@ -221,7 +223,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices
|
||||
$tables_from = MAIN_DB_PREFIX.'propaldet d';
|
||||
$tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'propal as c ON d.fk_propal=c.rowid';
|
||||
$tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product p ON d.fk_product=p.rowid';
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=c.rowid AND ec.fk_socpeople='.$object->id;
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=c.rowid AND ec.fk_socpeople = '.((int) $object->id);
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX."c_type_contact tc ON (ec.fk_c_type_contact=tc.rowid and tc.element='propal' and tc.source='external' and tc.active=1)";
|
||||
$where = ' WHERE c.entity IN ('.getEntity('propal').')';
|
||||
$datePrint = 'c.datep';
|
||||
@ -234,7 +236,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices
|
||||
$tables_from = MAIN_DB_PREFIX.'commandedet d';
|
||||
$tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'commande as c ON d.fk_commande=c.rowid';
|
||||
$tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product p ON d.fk_product=p.rowid';
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=c.rowid AND ec.fk_socpeople='.$object->id;
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=c.rowid AND ec.fk_socpeople = '.((int) $object->id);
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX."c_type_contact tc ON (ec.fk_c_type_contact=tc.rowid and tc.element='commande' and tc.source='external' and tc.active=1)";
|
||||
$where = ' WHERE c.entity IN ('.getEntity('order').')';
|
||||
$dateprint = 'c.date_commande';
|
||||
@ -247,7 +249,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices
|
||||
$tables_from = MAIN_DB_PREFIX.'facture_fourn_det d';
|
||||
$tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'facture_fourn as f ON d.fk_facture_fourn=f.rowid';
|
||||
$tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product p ON d.fk_product=p.rowid';
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=f.rowid AND ec.fk_socpeople='.$object->id;
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=f.rowid AND ec.fk_socpeople = '.((int) $object->id);
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX."c_type_contact tc ON (ec.fk_c_type_contact=tc.rowid and tc.element='invoice_supplier' and tc.source='external' and tc.active=1)";
|
||||
$where = ' WHERE f.entity IN ('.getEntity($documentstatic->element).')';
|
||||
$dateprint = 'f.datef';
|
||||
@ -272,7 +274,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices
|
||||
$tables_from = MAIN_DB_PREFIX.'commande_fournisseurdet d';
|
||||
$tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'commande_fournisseur as c ON d.fk_commande=c.rowid';
|
||||
$tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product p ON d.fk_product=p.rowid';
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=c.rowid AND ec.fk_socpeople='.$object->id;
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=c.rowid AND ec.fk_socpeople = '.((int) $object->id);
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX."c_type_contact tc ON (ec.fk_c_type_contact=tc.rowid and tc.element='order_supplier' and tc.source='external' and tc.active=1)";
|
||||
$where = ' WHERE c.entity IN ('.getEntity($documentstatic->element).')';
|
||||
$dateprint = 'c.date_valid';
|
||||
@ -286,7 +288,7 @@ if ($type_element == 'fichinter') { // Customer : show products from invoices
|
||||
$tables_from = MAIN_DB_PREFIX.'contratdet d';
|
||||
$tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'contrat as c ON d.fk_contrat=c.rowid';
|
||||
$tables_from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product p ON d.fk_product=p.rowid';
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=c.rowid AND ec.fk_socpeople='.$object->id;
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX.'element_contact ec ON ec.element_id=c.rowid AND ec.fk_socpeople = '.((int) $object->id);
|
||||
$tables_from .= ' INNER JOIN '.MAIN_DB_PREFIX."c_type_contact tc ON (ec.fk_c_type_contact=tc.rowid and tc.element='contrat' and tc.source='external' and tc.active=1)";
|
||||
$where = ' WHERE c.entity IN ('.getEntity('contrat').')';
|
||||
$dateprint = 'c.date_valid';
|
||||
|
||||
@ -2090,7 +2090,7 @@ class Expedition extends CommonObject
|
||||
{
|
||||
// phpcs:enable
|
||||
$sql = 'UPDATE '.MAIN_DB_PREFIX.'c_shipment_mode SET active=1';
|
||||
$sql .= ' WHERE rowid='.$id;
|
||||
$sql .= " WHERE rowid = ".((int) $id);
|
||||
|
||||
$resql = $this->db->query($sql);
|
||||
}
|
||||
@ -2107,7 +2107,7 @@ class Expedition extends CommonObject
|
||||
{
|
||||
// phpcs:enable
|
||||
$sql = 'UPDATE '.MAIN_DB_PREFIX.'c_shipment_mode SET active=0';
|
||||
$sql .= ' WHERE rowid='.$id;
|
||||
$sql .= " WHERE rowid= ".((int) $id);
|
||||
|
||||
$resql = $this->db->query($sql);
|
||||
}
|
||||
|
||||
@ -295,7 +295,7 @@ if ($search_product_category > 0) {
|
||||
$sql .= " AND cp.fk_categorie = ".((int) $search_product_category);
|
||||
}
|
||||
if ($socid > 0) {
|
||||
$sql .= ' AND s.rowid = '.$socid;
|
||||
$sql .= " AND s.rowid = ".((int) $socid);
|
||||
}
|
||||
if (empty($user->rights->societe->client->voir) && !$socid) { // Internal user with no permission to see all
|
||||
$sql .= " AND e.fk_soc = sc.fk_soc";
|
||||
|
||||
@ -430,9 +430,9 @@ class Fichinter extends CommonObject
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."fichinter as f";
|
||||
if ($ref) {
|
||||
$sql .= " WHERE f.entity IN (".getEntity('intervention').")";
|
||||
$sql .= " AND f.ref='".$this->db->escape($ref)."'";
|
||||
$sql .= " AND f.ref = '".$this->db->escape($ref)."'";
|
||||
} else {
|
||||
$sql .= " WHERE f.rowid=".((int) $rowid);
|
||||
$sql .= " WHERE f.rowid = ".((int) $rowid);
|
||||
}
|
||||
|
||||
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
|
||||
|
||||
@ -279,9 +279,9 @@ class FichinterRec extends Fichinter
|
||||
$sql .= ', f.note_private, f.note_public, f.fk_user_author';
|
||||
$sql .= ' FROM '.MAIN_DB_PREFIX.'fichinter_rec as f';
|
||||
if ($rowid > 0) {
|
||||
$sql .= ' WHERE f.rowid='.$rowid;
|
||||
$sql .= " WHERE f.rowid = ".((int) $rowid);
|
||||
} elseif ($ref) {
|
||||
$sql .= " WHERE f.titre='".$this->db->escape($ref)."'";
|
||||
$sql .= " WHERE f.titre = '".$this->db->escape($ref)."'";
|
||||
}
|
||||
|
||||
dol_syslog(get_class($this)."::fetch rowid=".$rowid, LOG_DEBUG);
|
||||
|
||||
@ -166,7 +166,7 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) {
|
||||
$objMod = new $modName($db);
|
||||
$result = $objMod->init();
|
||||
if (!$result) {
|
||||
print 'ERROR in activating module file='.$file;
|
||||
print "ERROR: failed to init module file = ".$file;
|
||||
}
|
||||
|
||||
if ($db->connected) {
|
||||
@ -286,7 +286,7 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) {
|
||||
|
||||
$res = activateModule($modtoactivatenew, 1);
|
||||
if (!empty($res['errors'])) {
|
||||
print 'ERROR in activating module file='.$file;
|
||||
print 'ERROR: failed to activateModule() file='.$file;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -658,7 +658,7 @@ class Reception extends CommonObject
|
||||
if (preg_match('/^[\(]?PROV/i', $this->ref)) {
|
||||
// Now we rename also files into index
|
||||
$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'reception/".$this->db->escape($this->newref)."'";
|
||||
$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'reception/".$this->db->escape($this->ref)."' and entity = ".$conf->entity;
|
||||
$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'reception/".$this->db->escape($this->ref)."' AND entity = ".((int) $conf->entity);
|
||||
$resql = $this->db->query($sql);
|
||||
if (!$resql) {
|
||||
$error++; $this->error = $this->db->lasterror();
|
||||
@ -869,9 +869,8 @@ class Reception extends CommonObject
|
||||
$sql .= " weight=".(($this->trueWeight != '') ? $this->trueWeight : "null").",";
|
||||
$sql .= " note_private=".(isset($this->note_private) ? "'".$this->db->escape($this->note_private)."'" : "null").",";
|
||||
$sql .= " note_public=".(isset($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "null").",";
|
||||
$sql .= " model_pdf=".(isset($this->modelpdf) ? "'".$this->db->escape($this->modelpdf)."'" : "null").",";
|
||||
$sql .= " entity=".$conf->entity;
|
||||
|
||||
$sql .= " model_pdf=".(isset($this->model_pdf) ? "'".$this->db->escape($this->model_pdf)."'" : "null").",";
|
||||
$sql .= " entity = ".((int) $conf->entity);
|
||||
$sql .= " WHERE rowid=".((int) $this->id);
|
||||
|
||||
$this->db->begin();
|
||||
@ -1400,7 +1399,7 @@ class Reception extends CommonObject
|
||||
{
|
||||
// phpcs:enable
|
||||
$sql = 'UPDATE '.MAIN_DB_PREFIX.'c_shipment_mode SET active=1';
|
||||
$sql .= ' WHERE rowid='.$id;
|
||||
$sql .= " WHERE rowid = ".((int) $id);
|
||||
|
||||
$resql = $this->db->query($sql);
|
||||
}
|
||||
@ -1417,7 +1416,7 @@ class Reception extends CommonObject
|
||||
{
|
||||
// phpcs:enable
|
||||
$sql = 'UPDATE '.MAIN_DB_PREFIX.'c_shipment_mode SET active=0';
|
||||
$sql .= ' WHERE rowid='.$id;
|
||||
$sql .= " WHERE rowid = ".((int) $id);
|
||||
|
||||
$resql = $this->db->query($sql);
|
||||
}
|
||||
|
||||
@ -69,7 +69,7 @@ class SalariesStats extends Stats
|
||||
if (is_array($this->userid) && count($this->userid) > 0) {
|
||||
$this->where .= ' AND fk_user IN ('.$this->db->sanitize(join(',', $this->userid)).')';
|
||||
} elseif ($this->userid > 0) {
|
||||
$this->where .= ' AND fk_user = '.$this->userid;
|
||||
$this->where .= " AND fk_user = ".((int) $this->userid);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -62,14 +62,14 @@ class TicketStats extends Stats
|
||||
$this->field = 'timing';
|
||||
|
||||
$this->where = " fk_statut > 0";
|
||||
$this->where .= " AND entity = ".$conf->entity;
|
||||
$this->where .= " AND entity = ".((int) $conf->entity);
|
||||
if ($this->socid > 0) {
|
||||
$this->where .= " AND fk_soc = ".((int) $this->socid);
|
||||
}
|
||||
if (is_array($this->userid) && count($this->userid) > 0) {
|
||||
$this->where .= ' AND fk_user_create IN ('.$this->db->sanitize(join(',', $this->userid)).')';
|
||||
} elseif ($this->userid > 0) {
|
||||
$this->where .= ' AND fk_user_create = '.$this->userid;
|
||||
$this->where .= " AND fk_user_create = ".((int) $this->userid);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -278,15 +278,15 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
|
||||
// with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string, or an (int) if int, when forging sql request.
|
||||
$ok=true;
|
||||
$matches=array();
|
||||
preg_match_all('/(DELETE|OR|AND|WHERE|INSERT)\s.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER);
|
||||
preg_match_all('/(DELETE|OR|AND|WHERE|INSERT)\s.*([^\s][^\s][^\s])\s*=\s*(\'|")\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER);
|
||||
foreach ($matches as $key => $val) {
|
||||
if ($val[2] == 'ity' && $val[3] == 'con') { // exclude entity = ".$conf->entity
|
||||
if ($val[2] == 'ity' && $val[4] == 'con') { // exclude entity = ".$conf->entity
|
||||
continue;
|
||||
}
|
||||
if ($val[2] == 'ame' && $val[3] == 'db-' && preg_match('/WHERE name/', $val[0])) { // exclude name = ".$db->encrypt(
|
||||
if ($val[2] == 'ame' && $val[4] == 'db-' && preg_match('/WHERE name/', $val[0])) { // exclude name = ".$db->encrypt(
|
||||
continue;
|
||||
}
|
||||
if ($val[2] == 'ame' && $val[3] == 'thi' && preg_match('/WHERE name/', $val[0])) { // exclude name = ".$this->db->encrypt(
|
||||
if ($val[2] == 'ame' && $val[4] == 'thi' && preg_match('/WHERE name/', $val[0])) { // exclude name = ".$this->db->encrypt(
|
||||
continue;
|
||||
}
|
||||
var_dump($matches);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user