From f0f6f71161e6db08622c836e0cee7f91d425926b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 15 Mar 2018 01:55:47 +0100 Subject: [PATCH] Fix Sqli --- htdocs/accountancy/class/bookkeeping.class.php | 6 +++--- htdocs/core/class/html.formcompany.class.php | 4 ++-- htdocs/core/class/translate.class.php | 4 ++-- htdocs/societe/class/societe.class.php | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 16f40139a38..d95f3b5b6b7 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -1101,7 +1101,7 @@ class BookKeeping extends CommonObject $this->db->begin(); $sql = "UPDATE " . MAIN_DB_PREFIX . $this->table_element . $mode . " as ab"; - $sql .= ' SET ab.' . $field . '=' . (is_numeric($value)?$value:"'".$value."'"); + $sql .= ' SET ab.' . $field . '=' . (is_numeric($value)?$value:"'".$this->db->escape($value)."'"); $sql .= ' WHERE ab.piece_num=' . $piece_num ; $resql = $this->db->query($sql); @@ -1184,7 +1184,7 @@ class BookKeeping extends CommonObject // first check if line not yet in bookkeeping $sql = "DELETE"; $sql .= " FROM " . MAIN_DB_PREFIX . $this->table_element; - $sql .= " WHERE import_key = '" . $importkey . "'"; + $sql .= " WHERE import_key = '" . $this->db->escape($importkey) . "'"; $resql = $this->db->query($sql); @@ -1222,7 +1222,7 @@ class BookKeeping extends CommonObject $sql.= " FROM " . MAIN_DB_PREFIX . $this->table_element.$mode; $sql.= " WHERE 1 = 1"; if (! empty($delyear)) $sql.= " AND YEAR(doc_date) = " . $delyear; // FIXME Must use between - if (! empty($journal)) $sql.= " AND code_journal = '".$journal."'"; + if (! empty($journal)) $sql.= " AND code_journal = '".$this->db->escape($journal)."'"; $sql .= " AND entity IN (" . getEntity('accountancy') . ")"; $resql = $this->db->query($sql); diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php index d9bd4325e24..27da8e4de39 100644 --- a/htdocs/core/class/html.formcompany.class.php +++ b/htdocs/core/class/html.formcompany.class.php @@ -222,8 +222,8 @@ class FormCompany $sql .= " ".MAIN_DB_PREFIX ."c_departements as d, ".MAIN_DB_PREFIX."c_regions as r,".MAIN_DB_PREFIX."c_country as c"; $sql .= " WHERE d.fk_region=r.code_region and r.fk_pays=c.rowid"; $sql .= " AND d.active = 1 AND r.active = 1 AND c.active = 1"; - if ($country_codeid && is_numeric($country_codeid)) $sql .= " AND c.rowid = '".$country_codeid."'"; - if ($country_codeid && ! is_numeric($country_codeid)) $sql .= " AND c.code = '".$country_codeid."'"; + if ($country_codeid && is_numeric($country_codeid)) $sql .= " AND c.rowid = '".$this->db->escape($country_codeid)."'"; + if ($country_codeid && ! is_numeric($country_codeid)) $sql .= " AND c.code = '".$this->db->escape($country_codeid)."'"; $sql .= " ORDER BY c.code, d.code_departement"; dol_syslog(get_class($this)."::select_departement", LOG_DEBUG); diff --git a/htdocs/core/class/translate.class.php b/htdocs/core/class/translate.class.php index 69fe031459d..733a26ce401 100644 --- a/htdocs/core/class/translate.class.php +++ b/htdocs/core/class/translate.class.php @@ -895,7 +895,7 @@ class Translate $sql = "SELECT ".$fieldlabel." as label"; $sql.= " FROM ".MAIN_DB_PREFIX.$tablename; - $sql.= " WHERE ".$fieldkey." = '".($keyforselect?$keyforselect:$key)."'"; + $sql.= " WHERE ".$fieldkey." = '".$this->db->escape($keyforselect?$keyforselect:$key)."'"; if ($filteronentity) $sql.= " AND entity IN (" . getEntity($tablename). ')'; dol_syslog(get_class($this).'::getLabelFromKey', LOG_DEBUG); $resql = $db->query($sql); @@ -977,7 +977,7 @@ class Translate $sql = "SELECT code_iso, label, unicode"; $sql.= " FROM ".MAIN_DB_PREFIX."c_currencies"; $sql.= " WHERE active = 1"; - if (! empty($currency_code)) $sql.=" AND code_iso = '".$currency_code."'"; + if (! empty($currency_code)) $sql.=" AND code_iso = '".$this->db->escape($currency_code)."'"; //$sql.= " ORDER BY code_iso ASC"; // Not required, a sort is done later dol_syslog(get_class($this).'::loadCacheCurrencies', LOG_DEBUG); diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 71377f7c8fb..be5de50fd23 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1002,7 +1002,7 @@ class Societe extends CommonObject $sql .= ", fk_user_modif = ".($user->id > 0 ? $user->id:"null"); $sql .= ", fk_multicurrency = ".(int) $this->fk_multicurrency; $sql .= ", multicurrency_code = '".$this->db->escape($this->multicurrency_code)."'"; - $sql .= " WHERE rowid = '" . $id ."'"; + $sql .= " WHERE rowid = " . (int) $id; $resql=$this->db->query($sql); if ($resql)