From 98e389bdcedb1c68115040232549f072919e772d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 14 Apr 2023 13:18:10 +0200 Subject: [PATCH 1/2] Fix css --- htdocs/user/list.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/htdocs/user/list.php b/htdocs/user/list.php index 4bec595bf48..28e84a677b7 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -1164,13 +1164,14 @@ while ($i < $imaxinloop) { // Multicompany enabled if (isModEnabled('multicompany') && is_object($mc) && empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { if (!empty($arrayfields['u.entity']['checked'])) { - print ''; if (!$obj->entity) { - print $langs->trans("AllEntities"); + $labeltouse = $langs->trans("AllEntities"); } else { $mc->getInfo($obj->entity); - print $mc->label; + $labeltouse = $mc->label; } + print ''; + print $labeltouse; print ''; if (!$i) { $totalarray['nbfield']++; From f425bd46540747de95e57119b8b39f095d3c3cff Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 15 Apr 2023 01:24:50 +0200 Subject: [PATCH 2/2] Fix sqlforlike when searching with like and _ string --- htdocs/core/db/mysqli.class.php | 2 +- htdocs/core/db/pgsql.class.php | 2 +- htdocs/core/db/sqlite3.class.php | 2 +- test/phpunit/CodingSqlTest.php | 38 ++++++++++++++++++++++++++++++++ 4 files changed, 41 insertions(+), 3 deletions(-) diff --git a/htdocs/core/db/mysqli.class.php b/htdocs/core/db/mysqli.class.php index 0eef42b7424..a05dbf46e4b 100644 --- a/htdocs/core/db/mysqli.class.php +++ b/htdocs/core/db/mysqli.class.php @@ -494,7 +494,7 @@ class DoliDBMysqli extends DoliDB */ public function escapeforlike($stringtoencode) { - return str_replace(array('_', '\\', '%'), array('\_', '\\\\', '\%'), (string) $stringtoencode); + return str_replace(array('\\', '_', '%'), array('\\\\', '\_', '\%'), (string) $stringtoencode); } /** diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index 28ac15a43ff..f4df72ceb26 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -741,7 +741,7 @@ class DoliDBPgsql extends DoliDB */ public function escapeforlike($stringtoencode) { - return str_replace(array('_', '\\', '%'), array('\_', '\\\\', '\%'), (string) $stringtoencode); + return str_replace(array('\\', '_', '%'), array('\\\\', '\_', '\%'), (string) $stringtoencode); } /** diff --git a/htdocs/core/db/sqlite3.class.php b/htdocs/core/db/sqlite3.class.php index e31eeffe457..71872b0898b 100644 --- a/htdocs/core/db/sqlite3.class.php +++ b/htdocs/core/db/sqlite3.class.php @@ -669,7 +669,7 @@ class DoliDBSqlite3 extends DoliDB */ public function escapeforlike($stringtoencode) { - return str_replace(array('_', '\\', '%'), array('\_', '\\\\', '\%'), (string) $stringtoencode); + return str_replace(array('\\', '_', '%'), array('\\\\', '\_', '\%'), (string) $stringtoencode); } /** diff --git a/test/phpunit/CodingSqlTest.php b/test/phpunit/CodingSqlTest.php index 00c7a5aebae..504203eeabf 100644 --- a/test/phpunit/CodingSqlTest.php +++ b/test/phpunit/CodingSqlTest.php @@ -157,6 +157,44 @@ class CodingSqlTest extends PHPUnit\Framework\TestCase print __METHOD__."\n"; } + /** + * testEscape + * + * @return string + */ + public function testEscape() + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $a = 'abc"\'def'; + print $a; + $result = $db->escape($a); // $result must be abc\"\'def + $this->assertEquals('abc\"\\\'def', $result); + } + + /** + * testEscapeForLike + * + * @return string + */ + public function testEscapeForLike() + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $a = 'abc"\'def_ghi%klm\\nop'; + //print $a; + $result = $db->escapeforlike($a); // $result must be abc"'def\_ghi\%klm\\nop + $this->assertEquals('abc"\'def\_ghi\%klm\\\\nop', $result); + } + /** * testSql *