trans("Users"), 'user', 'class="optiongrey paddingright"').$langs->trans("Users").' | '.img_picto($langs->trans("Contacts"), 'contact', 'class="optiongrey paddingright"').$langs->trans("Contacts"); ?>
'.$form->se
$out .= '
'.$form->selectyesno('mandatory', (GETPOSTISSET('mandatory') ? GETPOST('mandatory') : 0), 1).'
';
$out .= '
';
-$out .= '';
+$out .= '';
$out .= '
';
$out .= '';
diff --git a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php
index e5291cab775..7b669578a53 100644
--- a/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php
+++ b/htdocs/core/triggers/interface_20_modWorkflow_WorkflowManager.class.php
@@ -66,6 +66,8 @@ class InterfaceWorkflowManager extends DolibarrTriggers
return 0; // Module not active, we do nothing
}
+ $ret = 0;
+
// Proposals to order
if ($action == 'PROPAL_CLOSE_SIGNED') {
dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
@@ -132,7 +134,6 @@ class InterfaceWorkflowManager extends DolibarrTriggers
// classify billed order & billed propososal
if ($action == 'BILL_VALIDATE') {
dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
- $ret = 0;
// First classify billed the order to allow the proposal classify process
if (!empty($conf->commande->enabled) && !empty($conf->workflow->enabled) && !empty($conf->global->WORKFLOW_INVOICE_AMOUNT_CLASSIFY_BILLED_ORDER)) {
diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php
index 2ffce20a924..e069ea7a326 100644
--- a/htdocs/cron/class/cronjob.class.php
+++ b/htdocs/cron/class/cronjob.class.php
@@ -557,9 +557,9 @@ class Cronjob extends CommonObject
if (is_array($filter) && count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid') {
- $sql .= ' AND '.$key.' = '.((int) $value);
+ $sql .= " AND ".$key." = ".((int) $value);
} else {
- $sql .= ' AND '.$key.' LIKE \'%'.$this->db->escape($value).'%\'';
+ $sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
diff --git a/htdocs/cron/list.php b/htdocs/cron/list.php
index 4d829258b2b..aba6558f20d 100644
--- a/htdocs/cron/list.php
+++ b/htdocs/cron/list.php
@@ -278,12 +278,12 @@ if ($search_lastresult != '') {
//Manage filter
if (is_array($filter) && count($filter) > 0) {
foreach ($filter as $key => $value) {
- $sql .= ' AND '.$key.' LIKE \'%'.$db->escape($value).'%\'';
+ $sql .= " AND ".$key." LIKE '%".$db->escape($value)."%'";
}
}
$sqlwhere = array();
if (!empty($search_module_name)) {
- $sqlwhere[] = '(t.module_name='.$db->escape($search_module_name).')';
+ $sqlwhere[] = "(t.module_name = '".$db->escape($search_module_name)."')";
}
if (count($sqlwhere) > 0) {
$sql .= " WHERE ".implode(' AND ', $sqlwhere);
diff --git a/htdocs/datapolicy/admin/setupmail.php b/htdocs/datapolicy/admin/setupmail.php
index c25d4c2263d..2ec083b0fa8 100644
--- a/htdocs/datapolicy/admin/setupmail.php
+++ b/htdocs/datapolicy/admin/setupmail.php
@@ -151,7 +151,7 @@ $doleditor->Create();
print '
';
print '';
-print '
';
+print '
';
print '';
diff --git a/htdocs/dav/dav.class.php b/htdocs/dav/dav.class.php
index 6ff9e58b73a..a4c98eba8a7 100644
--- a/htdocs/dav/dav.class.php
+++ b/htdocs/dav/dav.class.php
@@ -82,8 +82,8 @@ class CdavLib
LEFT OUTER JOIN '.MAIN_DB_PREFIX.'user AS u ON (u.rowid=fk_element)
WHERE ar.element_type=\'user\' AND fk_actioncomm=a.id) AS other_users
FROM '.MAIN_DB_PREFIX.'actioncomm AS a';
- if (!$this->user->rights->societe->client->voir) {//FIXME si 'voir' on voit plus de chose ?
- $sql .= ' LEFT OUTER JOIN '.MAIN_DB_PREFIX.'societe_commerciaux AS sc ON (a.fk_soc = sc.fk_soc AND sc.fk_user='.$this->user->id.')
+ if (!$this->user->rights->societe->client->voir) { //FIXME si 'voir' on voit plus de chose ?
+ $sql .= ' LEFT OUTER JOIN '.MAIN_DB_PREFIX.'societe_commerciaux AS sc ON (a.fk_soc = sc.fk_soc AND sc.fk_user='.((int) $this->user->id).')
LEFT JOIN '.MAIN_DB_PREFIX.'societe AS s ON (s.rowid = sc.fk_soc)
LEFT JOIN '.MAIN_DB_PREFIX.'socpeople AS sp ON (sp.fk_soc = sc.fk_soc AND sp.rowid = a.fk_contact)
LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_cdav AS ac ON (a.id = ac.fk_object)';
@@ -95,7 +95,7 @@ class CdavLib
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_country as co ON co.rowid = sp.fk_pays
LEFT JOIN '.MAIN_DB_PREFIX.'c_country as cos ON cos.rowid = s.fk_pays
- WHERE a.id IN (SELECT ar.fk_actioncomm FROM '.MAIN_DB_PREFIX.'actioncomm_resources ar WHERE ar.element_type=\'user\' AND ar.fk_element='.intval($calid).')
+ WHERE a.id IN (SELECT ar.fk_actioncomm FROM '.MAIN_DB_PREFIX.'actioncomm_resources ar WHERE ar.element_type=\'user\' AND ar.fk_element='.((int) $calid).')
AND a.code IN (SELECT cac.code FROM '.MAIN_DB_PREFIX.'c_actioncomm cac WHERE cac.type<>\'systemauto\')
AND a.entity IN ('.getEntity('societe', 1).')';
if ($oid !== false) {
diff --git a/htdocs/delivery/card.php b/htdocs/delivery/card.php
index a845b7aff95..7d4a3b181e0 100644
--- a/htdocs/delivery/card.php
+++ b/htdocs/delivery/card.php
@@ -338,7 +338,7 @@ if ($action == 'create') { // Create. Seems to no be used
$morehtmlref .= '';
$morehtmlref .= '';
$morehtmlref .= $formproject->select_projects($expedition->socid, $expedition->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1);
- $morehtmlref .= '';
+ $morehtmlref .= '';
$morehtmlref .= '';
} else {
$morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$expedition->id, $expedition->socid, $expedition->fk_project, 'none', 0, 0, 0, 1);
@@ -436,7 +436,7 @@ if ($action == 'create') { // Create. Seems to no be used
print '';
print '';
print $form->selectDate($object->date_delivery ? $object->date_delivery : -1, 'liv_', 1, 1, '', "setdate_delivery", 1, 1);
- print '';
+ print '';
print '';
} else {
print $object->date_delivery ? dol_print_date($object->date_delivery, 'dayhour') : ' ';
@@ -630,7 +630,7 @@ if ($action == 'create') { // Create. Seems to no be used
print dol_get_fiche_end();
//if ($object->statut == 0) // only if draft
- // print '';
+ // print $form->buttonsSaveCancel("Save", '');
print '';
diff --git a/htdocs/delivery/class/delivery.class.php b/htdocs/delivery/class/delivery.class.php
index 019187fca28..de991d50f4e 100644
--- a/htdocs/delivery/class/delivery.class.php
+++ b/htdocs/delivery/class/delivery.class.php
@@ -189,7 +189,7 @@ class Delivery extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."delivery ";
$sql .= "SET ref = '".$this->db->escape($numref)."'";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog("Delivery::create", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -427,7 +427,7 @@ class Delivery extends CommonObject
$sql .= ", fk_statut = 1";
$sql .= ", date_valid = '".$this->db->idate($now)."'";
$sql .= ", fk_user_valid = ".$user->id;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND fk_statut = 0";
$resql = $this->db->query($sql);
@@ -651,7 +651,7 @@ class Delivery extends CommonObject
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."delivery";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
if ($this->db->query($sql)) {
$this->db->commit();
@@ -1001,7 +1001,7 @@ class Delivery extends CommonObject
if ($user->rights->expedition->creer) {
$sql = "UPDATE ".MAIN_DB_PREFIX."delivery";
$sql .= " SET date_delivery = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null');
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setDeliveryDate", LOG_DEBUG);
$resql = $this->db->query($sql);
diff --git a/htdocs/don/admin/donation.php b/htdocs/don/admin/donation.php
index f14fae538ab..d8b06285be4 100644
--- a/htdocs/don/admin/donation.php
+++ b/htdocs/don/admin/donation.php
@@ -341,7 +341,7 @@ if (!empty($conf->accounting->enabled)) {
print '';
}
print '';
-print '';
+print '';
print " |
\n";
print '';
@@ -353,7 +353,7 @@ print '
';
print $langs->trans("FreeTextOnDonations").' '.img_info($langs->trans("AddCRIfTooLong")).'
';
print '';
print ' | ';
-print '';
+print '';
print " |
\n";
print "\n";
diff --git a/htdocs/don/class/don.class.php b/htdocs/don/class/don.class.php
index 181b3fc0ca3..85a95905073 100644
--- a/htdocs/don/class/don.class.php
+++ b/htdocs/don/class/don.class.php
@@ -555,7 +555,7 @@ class Don extends CommonObject
// Delete donation
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."don_extrafields";
- $sql .= " WHERE fk_object=".$this->id;
+ $sql .= " WHERE fk_object = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
@@ -1116,7 +1116,7 @@ class Don extends CommonObject
return -1;
}
- $sql = 'SELECT SUM(amount) as sum_amount FROM '.MAIN_DB_PREFIX.'payment_donation WHERE fk_donation = '.$this->id;
+ $sql = 'SELECT SUM(amount) as sum_amount FROM '.MAIN_DB_PREFIX.'payment_donation WHERE fk_donation = '.((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
dol_print_error($this->db);
diff --git a/htdocs/don/index.php b/htdocs/don/index.php
index e7aaeb8a4bd..36323d332b7 100644
--- a/htdocs/don/index.php
+++ b/htdocs/don/index.php
@@ -106,7 +106,7 @@ if (!empty($conf->global->MAIN_SEARCH_FORM_ON_HOME_AREAS)) { // TODO Add a s
print '
';
print ' | | ';
if ($i == 0) {
- print ' | ';
+ print ' | ';
}
print '
';
$i++;
diff --git a/htdocs/ecm/class/ecmdirectory.class.php b/htdocs/ecm/class/ecmdirectory.class.php
index c2961794bbc..3c7af135922 100644
--- a/htdocs/ecm/class/ecmdirectory.class.php
+++ b/htdocs/ecm/class/ecmdirectory.class.php
@@ -305,7 +305,7 @@ class EcmDirectory extends CommonObject
} else {
$sql .= " cachenbofdoc = cachenbofdoc ".$value." 1";
}
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::changeNbOfFiles", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -764,7 +764,7 @@ class EcmDirectory extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."ecm_directories SET";
$sql .= " cachenbofdoc = '".count($filelist)."'";
if (empty($all)) { // By default
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
} else {
$sql .= " WHERE entity = ".$conf->entity;
}
diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php
index 035a7aee9c6..15cfba4c03e 100644
--- a/htdocs/ecm/class/ecmfiles.class.php
+++ b/htdocs/ecm/class/ecmfiles.class.php
@@ -303,17 +303,17 @@ class EcmFiles extends CommonObject
$sql .= " '".$this->db->escape($ref)."', ";
$sql .= ' '.(!isset($this->label) ? 'NULL' : "'".$this->db->escape($this->label)."'").',';
$sql .= ' '.(!isset($this->share) ? 'NULL' : "'".$this->db->escape($this->share)."'").',';
- $sql .= ' '.$this->entity.',';
+ $sql .= ' '.((int) $this->entity).',';
$sql .= ' '.(!isset($this->filename) ? 'NULL' : "'".$this->db->escape($this->filename)."'").',';
$sql .= ' '.(!isset($this->filepath) ? 'NULL' : "'".$this->db->escape($this->filepath)."'").',';
$sql .= ' '.(!isset($this->fullpath_orig) ? 'NULL' : "'".$this->db->escape($this->fullpath_orig)."'").',';
$sql .= ' '.(!isset($this->description) ? 'NULL' : "'".$this->db->escape($this->description)."'").',';
$sql .= ' '.(!isset($this->keywords) ? 'NULL' : "'".$this->db->escape($this->keywords)."'").',';
$sql .= ' '.(!isset($this->cover) ? 'NULL' : "'".$this->db->escape($this->cover)."'").',';
- $sql .= ' '.$maxposition.',';
+ $sql .= ' '.((int) $maxposition).',';
$sql .= ' '.(!isset($this->gen_or_uploaded) ? 'NULL' : "'".$this->db->escape($this->gen_or_uploaded)."'").',';
$sql .= ' '.(!isset($this->extraparams) ? 'NULL' : "'".$this->db->escape($this->extraparams)."'").',';
- $sql .= ' '."'".$this->db->idate($this->date_c)."'".',';
+ $sql .= " '".$this->db->idate($this->date_c)."',";
$sql .= ' '.(!isset($this->date_m) || dol_strlen($this->date_m) == 0 ? 'NULL' : "'".$this->db->idate($this->date_m)."'").',';
$sql .= ' '.(!isset($this->fk_user_c) ? $user->id : $this->fk_user_c).',';
$sql .= ' '.(!isset($this->fk_user_m) ? 'NULL' : $this->fk_user_m).',';
@@ -530,9 +530,9 @@ class EcmFiles extends CommonObject
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.src_object_id') {
- $sqlwhere[] = $key.' = '.((int) $value);
+ $sqlwhere[] = $key." = ".((int) $value);
} else {
- $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\'';
+ $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
@@ -548,7 +548,7 @@ class EcmFiles extends CommonObject
$sql .= $this->db->order($sortfield, $sortorder);
}
if (!empty($limit)) {
- $sql .= ' '.$this->db->plimit($limit, $offset);
+ $sql .= $this->db->plimit($limit, $offset);
}
$this->lines = array();
@@ -664,7 +664,7 @@ class EcmFiles extends CommonObject
// Update request
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element.' SET';
- $sql .= " ref = '".dol_hash($this->filepath.'/'.$this->filename, 3)."',";
+ $sql .= " ref = '".$this->db->escape(dol_hash($this->filepath."/".$this->filename, 3))."',";
$sql .= ' label = '.(isset($this->label) ? "'".$this->db->escape($this->label)."'" : "null").',';
$sql .= ' share = '.(!empty($this->share) ? "'".$this->db->escape($this->share)."'" : "null").',';
$sql .= ' entity = '.(isset($this->entity) ? $this->entity : $conf->entity).',';
diff --git a/htdocs/emailcollector/class/emailcollector.class.php b/htdocs/emailcollector/class/emailcollector.class.php
index 16df7774470..74d7cc309b9 100644
--- a/htdocs/emailcollector/class/emailcollector.class.php
+++ b/htdocs/emailcollector/class/emailcollector.class.php
@@ -30,6 +30,16 @@ require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
require_once DOL_DOCUMENT_ROOT.'/ticket/class/ticket.class.php';
require_once DOL_DOCUMENT_ROOT.'/recruitment/class/recruitmentcandidature.class.php';
+require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; // customer proposal
+require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php'; // customer order
+require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php'; // Shipment
+require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php'; // supplier invoice
+require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.commande.class.php'; // supplier order
+require_once DOL_DOCUMENT_ROOT.'/supplier_proposal/class/supplier_proposal.class.php'; // supplier proposal
+require_once DOL_DOCUMENT_ROOT."/reception/class/reception.class.php"; // reception
+//require_once DOL_DOCUMENT_ROOT.'/holiday/class/holiday.class.php'; // Holidays (leave request)
+//require_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php'; // expernse report
+
/**
* Class for EmailCollector
@@ -675,7 +685,7 @@ class EmailCollector extends CommonObject
$sql = 'SELECT rowid, type, rulevalue, status';
$sql .= ' FROM '.MAIN_DB_PREFIX.'emailcollector_emailcollectorfilter';
- $sql .= ' WHERE fk_emailcollector = '.$this->id;
+ $sql .= ' WHERE fk_emailcollector = '.((int) $this->id);
//$sql.= ' ORDER BY position';
$resql = $this->db->query($sql);
@@ -707,7 +717,7 @@ class EmailCollector extends CommonObject
$sql = 'SELECT rowid, type, actionparam, status';
$sql .= ' FROM '.MAIN_DB_PREFIX.'emailcollector_emailcollectoraction';
- $sql .= ' WHERE fk_emailcollector = '.$this->id;
+ $sql .= ' WHERE fk_emailcollector = '.((int) $this->id);
$sql .= ' ORDER BY position';
$resql = $this->db->query($sql);
@@ -1415,8 +1425,8 @@ class EmailCollector extends CommonObject
$reg = array();
if (!empty($headers['References'])) {
$arrayofreferences = preg_split('/(,|\s+)/', $headers['References']);
- //var_dump($headers['References']);
- //var_dump($arrayofreferences);
+ // var_dump($headers['References']);
+ // var_dump($arrayofreferences);
foreach ($arrayofreferences as $reference) {
//print "Process mail ".$iforemailloop." email_msgid ".$msgid.", date ".dol_print_date($date, 'dayhour').", subject ".$subject.", reference ".dol_escape_htmltag($reference)."
\n";
@@ -1432,9 +1442,30 @@ class EmailCollector extends CommonObject
if ($reg[1] == 'ctc') {
$objectemail = new Contact($this->db);
}
- if ($reg[1] == 'inv') {
+ if ($reg[1] == 'inv') { // customer invoices
$objectemail = new Facture($this->db);
}
+ if ($reg[1] == 'sinv') { // supplier invoices
+ $objectemail = new FactureFournisseur($this->db);
+ }
+ if ($reg[1] == 'pro') { // customer proposals
+ $objectemail = new Propal($this->db);
+ }
+ if ($reg[1] == 'ord') { // customer orders
+ $objectemail = new Commande($this->db);
+ }
+ if ($reg[1] == 'shi') { // shipments
+ $objectemail = new Expedition($this->db);
+ }
+ if ($reg[1] == 'spro') { // supplier proposal
+ $objectemail = new SupplierProposal($this->db);
+ }
+ if ($reg[1] == 'sord') { // supplier order
+ $objectemail = new CommandeFournisseur($this->db);
+ }
+ if ($reg[1] == 'rec') { // Reception
+ $objectemail = new Reception($this->db);
+ }
if ($reg[1] == 'proj') {
$objectemail = new Project($this->db);
}
@@ -1456,6 +1487,12 @@ class EmailCollector extends CommonObject
if ($reg[1] == 'mem') {
$objectemail = new Adherent($this->db);
}
+ /*if ($reg[1] == 'leav') {
+ $objectemail = new Holiday($db);
+ }
+ if ($reg[1] == 'exp') {
+ $objectemail = new ExpenseReport($db);
+ }*/
} elseif (preg_match('/<(.*@.*)>/', $reference, $reg)) {
// This is an external reference, we check if we have it in our database
if (!is_object($objectemail)) {
diff --git a/htdocs/eventorganization/class/conferenceorbooth.class.php b/htdocs/eventorganization/class/conferenceorbooth.class.php
index bb84bbe37bd..9318e3f8465 100644
--- a/htdocs/eventorganization/class/conferenceorbooth.class.php
+++ b/htdocs/eventorganization/class/conferenceorbooth.class.php
@@ -293,15 +293,15 @@ class ConferenceOrBooth extends ActionComm
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.id' || $key == 't.fk_project' || $key == 't.fk_soc' || $key == 't.fk_action') {
- $sqlwhere[] = $key.'='.$value;
+ $sqlwhere[] = $key." = ".((int) $value);
} elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
- $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\'';
+ $sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} elseif (strpos($value, '%') === false) {
$sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')';
} else {
- $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\'';
+ $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
@@ -313,7 +313,7 @@ class ConferenceOrBooth extends ActionComm
$sql .= $this->db->order($sortfield, $sortorder);
}
if (!empty($limit)) {
- $sql .= ' '.$this->db->plimit($limit, $offset);
+ $sql .= $this->db->plimit($limit, $offset);
}
$resql = $this->db->query($sql);
diff --git a/htdocs/eventorganization/class/conferenceorboothattendee.class.php b/htdocs/eventorganization/class/conferenceorboothattendee.class.php
index b6c80feadd4..5169058d41c 100644
--- a/htdocs/eventorganization/class/conferenceorboothattendee.class.php
+++ b/htdocs/eventorganization/class/conferenceorboothattendee.class.php
@@ -422,7 +422,7 @@ class ConferenceOrBoothAttendee extends CommonObject
} elseif (strpos($value, '%') === false) {
$sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')';
} else {
- $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\'';
+ $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
@@ -434,7 +434,7 @@ class ConferenceOrBoothAttendee extends CommonObject
$sql .= $this->db->order($sortfield, $sortorder);
}
if (!empty($limit)) {
- $sql .= ' '.$this->db->plimit($limit, $offset);
+ $sql .= $this->db->plimit($limit, $offset);
}
$resql = $this->db->query($sql);
@@ -558,7 +558,7 @@ class ConferenceOrBoothAttendee extends CommonObject
if (!empty($this->fields['fk_user_valid'])) {
$sql .= ", fk_user_valid = ".$user->id;
}
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::validate()", LOG_DEBUG);
$resql = $this->db->query($sql);
diff --git a/htdocs/eventorganization/conferenceorbooth_list.php b/htdocs/eventorganization/conferenceorbooth_list.php
index 9430d2c52ad..679e0d2d735 100644
--- a/htdocs/eventorganization/conferenceorbooth_list.php
+++ b/htdocs/eventorganization/conferenceorbooth_list.php
@@ -449,7 +449,7 @@ $sql .= $object->getFieldList('t');
// Add fields from extrafields
if (!empty($extrafields->attributes[$object->table_element]['label'])) {
foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) {
- $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : '');
+ $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : '');
}
}
// Add fields from hooks
@@ -472,7 +472,7 @@ if ($object->ismultientitymanaged == 1) {
$sql .= " WHERE 1 = 1";
}
if ($projectid > 0) {
- $sql .= ' AND t.fk_project='.$project->id;
+ $sql .= " AND t.fk_project = ".((int) $project->id);
}
foreach ($search as $key => $val) {
if (array_key_exists($key, $object->fields)) {
diff --git a/htdocs/eventorganization/conferenceorboothattendee_list.php b/htdocs/eventorganization/conferenceorboothattendee_list.php
index 72d66b7fb87..9184d9ae771 100644
--- a/htdocs/eventorganization/conferenceorboothattendee_list.php
+++ b/htdocs/eventorganization/conferenceorboothattendee_list.php
@@ -225,7 +225,7 @@ $sql .= $object->getFieldList('t');
// Add fields from extrafields
if (!empty($extrafields->attributes[$object->table_element]['label'])) {
foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) {
- $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key.', ' : '');
+ $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key.', ' : '');
}
}
// Add fields from hooks
diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php
index 676a5cae22c..46e31740982 100644
--- a/htdocs/expedition/card.php
+++ b/htdocs/expedition/card.php
@@ -379,7 +379,11 @@ if (empty($reshook)) {
}
}
} else {
- setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("QtyToShip").'/'.$langs->transnoentitiesnoconv("Warehouse")), null, 'errors');
+ $labelfieldmissing = $langs->transnoentitiesnoconv("QtyToShip");
+ if (!empty($conf->stock->enabled)) {
+ $labelfieldmissing .= '/'.$langs->transnoentitiesnoconv("Warehouse");
+ }
+ setEventMessages($langs->trans("ErrorFieldRequired", $labelfieldmissing), null, 'errors');
$error++;
}
@@ -717,6 +721,16 @@ if (empty($reshook)) {
unset($_POST[$qty]);
}
}
+ } elseif (empty($conf->stock->enabled) && empty($conf->productbatch->enabled)) { // both product batch and stock are not activated.
+ $qty = "qtyl".$line_id;
+ $line->id = $line_id;
+ $line->qty = GETPOST($qty, 'int');
+ $line->entrepot_id = 0;
+ if ($line->update($user) < 0) {
+ setEventMessages($line->error, $line->errors, 'errors');
+ $error++;
+ }
+ unset($_POST[$qty]);
}
} else {
// Product no predefined
@@ -786,6 +800,10 @@ $help_url = 'EN:Module_Shipments|FR:Module_Expéditions|ES:Módulo_Expedic
llxHeader('', $langs->trans('Shipment'), 'Expedition', $help_url);
+if (empty($action)) {
+ $action = 'view';
+}
+
$form = new Form($db);
$formfile = new FormFile($db);
$formproduct = new FormProduct($db);
@@ -997,9 +1015,9 @@ if ($action == 'create') {
$numAsked = count($object->lines);
- print '';
+ print 'return false; });'."\n";
+ print 'jQuery("#autoreset").click(function() { console.log("Reset values to 0"); jQuery(".qtyl").val(0);'."\n";
+ print 'return false; });'."\n";
+ print '});'."\n";
+ print ''."\n";
print '
';
@@ -1172,7 +1191,7 @@ if ($action == 'create') {
$deliverableQty = GETPOST('qtyl'.$indiceAsked, 'int');
}
print '
';
- print '
';
+ print '
';
} else {
print $langs->trans("NA");
}
@@ -1679,7 +1698,7 @@ if ($action == 'create') {
$morehtmlref .= '
';
$morehtmlref .= '
';
$morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1);
- $morehtmlref .= '
';
+ $morehtmlref .= '
';
$morehtmlref .= '';
} else {
$morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1);
@@ -1750,7 +1769,7 @@ if ($action == 'create') {
print '
';
print '
';
print $form->selectDate($object->date_delivery ? $object->date_delivery : -1, 'liv_', 1, 1, '', "setdate_livraison", 1, 0);
- print '
';
+ print '
';
print '';
} else {
print $object->date_delivery ? dol_print_date($object->date_delivery, 'dayhour') : ' ';
@@ -1886,7 +1905,7 @@ if ($action == 'create') {
if ($user->admin) {
print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1);
}
- print '
';
+ print '
';
print '';
} else {
if ($object->shipping_method_id > 0) {
@@ -2185,7 +2204,7 @@ if ($action == 'create') {
if ($action == 'editline' && $lines[$i]->id == $line_id) {
// edit mode
- print '
';
+ print ' | ';
@@ -2365,10 +2394,11 @@ if ($action == 'create') {
$line = $lines[$i];
$line->fetch_optionals();
+ // TODO Show all in same line by setting $display_type = 'line'
if ($action == 'editline' && $line->id == $line_id) {
- print $lines[$i]->showOptionals($extrafields, 'edit', array('colspan'=>$colspan), $indiceAsked);
+ print $lines[$i]->showOptionals($extrafields, 'edit', array('colspan'=>$colspan), $indiceAsked, '', 0, 'card');
} else {
- print $lines[$i]->showOptionals($extrafields, 'view', array('colspan'=>$colspan), $indiceAsked);
+ print $lines[$i]->showOptionals($extrafields, 'view', array('colspan'=>$colspan), $indiceAsked, '', 0, 'card');
}
}
}
diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php
index 85245b38e89..049ef7832b0 100644
--- a/htdocs/expedition/class/expedition.class.php
+++ b/htdocs/expedition/class/expedition.class.php
@@ -363,7 +363,7 @@ class Expedition extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."expedition";
$sql .= " SET ref = '(PROV".$this->id.")'";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::create", LOG_DEBUG);
if ($this->db->query($sql)) {
@@ -711,7 +711,7 @@ class Expedition extends CommonObject
$sql .= ", fk_statut = 1";
$sql .= ", date_valid = '".$this->db->idate($now)."'";
$sql .= ", fk_user_valid = ".$user->id;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::valid update expedition", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -1297,7 +1297,7 @@ class Expedition extends CommonObject
// No delete expedition
if (!$error) {
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."expedition";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
if ($this->db->query($sql)) {
if (!empty($this->origin) && $this->origin_id > 0) {
@@ -1489,7 +1489,7 @@ class Expedition extends CommonObject
if (!$error) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."expedition";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
if ($this->db->query($sql)) {
if (!empty($this->origin) && $this->origin_id > 0) {
@@ -1973,7 +1973,7 @@ class Expedition extends CommonObject
if ($user->rights->expedition->creer) {
$sql = "UPDATE ".MAIN_DB_PREFIX."expedition";
$sql .= " SET date_delivery = ".($delivery_date ? "'".$this->db->idate($delivery_date)."'" : 'null');
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setDeliveryDate", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -2162,7 +2162,7 @@ class Expedition extends CommonObject
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'expedition SET fk_statut='.self::STATUS_CLOSED;
- $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0';
+ $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0';
$resql = $this->db->query($sql);
if ($resql) {
@@ -2307,7 +2307,7 @@ class Expedition extends CommonObject
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'expedition SET fk_statut=2, billed=1'; // TODO Update only billed
- $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0';
+ $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0';
$resql = $this->db->query($sql);
if ($resql) {
@@ -2356,7 +2356,7 @@ class Expedition extends CommonObject
$oldbilled = $this->billed;
$sql = 'UPDATE '.MAIN_DB_PREFIX.'expedition SET fk_statut=1';
- $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > 0';
+ $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > 0';
$resql = $this->db->query($sql);
if ($resql) {
@@ -2805,7 +2805,7 @@ class ExpeditionLigne extends CommonObjectLine
// delete batch expedition line
if ($conf->productbatch->enabled) {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet_batch";
- $sql .= " WHERE fk_expeditiondet = ".$this->id;
+ $sql .= " WHERE fk_expeditiondet = ".((int) $this->id);
if (!$this->db->query($sql)) {
$this->errors[] = $this->db->lasterror()." - sql=$sql";
@@ -2814,7 +2814,7 @@ class ExpeditionLigne extends CommonObjectLine
}
$sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
if (!$error && $this->db->query($sql)) {
// Remove extrafields
@@ -2951,7 +2951,7 @@ class ExpeditionLigne extends CommonObjectLine
if (!$error && !empty($expedition_batch_id)) {
// delete lot expedition line
$sql = "DELETE FROM ".MAIN_DB_PREFIX."expeditiondet_batch";
- $sql .= " WHERE fk_expeditiondet = ".$this->id;
+ $sql .= " WHERE fk_expeditiondet = ".((int) $this->id);
$sql .= " AND rowid = ".((int) $expedition_batch_id);
if (!$this->db->query($sql)) {
diff --git a/htdocs/expedition/contact.php b/htdocs/expedition/contact.php
index 164935a1437..aea23298fcf 100644
--- a/htdocs/expedition/contact.php
+++ b/htdocs/expedition/contact.php
@@ -162,7 +162,7 @@ if ($id > 0 || !empty($ref)) {
$morehtmlref .= '';
$morehtmlref .= '';
$morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1);
- $morehtmlref .= '';
+ $morehtmlref .= '';
$morehtmlref .= '';
} else {
$morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1);
diff --git a/htdocs/expedition/document.php b/htdocs/expedition/document.php
index 200a4b67aac..43299dad066 100644
--- a/htdocs/expedition/document.php
+++ b/htdocs/expedition/document.php
@@ -134,7 +134,7 @@ if ($id > 0 || !empty($ref)) {
$morehtmlref .= '';
$morehtmlref .= '';
$morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1);
- $morehtmlref .= '';
+ $morehtmlref .= '';
$morehtmlref .= '';
} else {
$morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1);
diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php
index d28435092b2..2c0239d44e2 100644
--- a/htdocs/expedition/list.php
+++ b/htdocs/expedition/list.php
@@ -245,7 +245,7 @@ if ($search_categ_cus) {
// Add fields from extrafields
if (!empty($extrafields->attributes[$object->table_element]['label'])) {
foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) {
- $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : '');
+ $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : '');
}
}
// Add fields from hooks
diff --git a/htdocs/expedition/note.php b/htdocs/expedition/note.php
index d9282481603..5ebc54193da 100644
--- a/htdocs/expedition/note.php
+++ b/htdocs/expedition/note.php
@@ -123,7 +123,7 @@ if ($id > 0 || !empty($ref)) {
$morehtmlref .= '';
$morehtmlref .= '';
$morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1);
- $morehtmlref .= '';
+ $morehtmlref .= '';
$morehtmlref .= '';
} else {
$morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1);
diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php
index 42b8630bd3c..8510e6f3609 100644
--- a/htdocs/expedition/shipment.php
+++ b/htdocs/expedition/shipment.php
@@ -379,7 +379,7 @@ if ($id > 0 || !empty($ref)) {
print '';
print '';
print $form->selectDate($object->delivery_date ? $object->delivery_date : -1, 'liv_', 1, 1, '', "setdate_livraison", 1, 0);
- print '';
+ print '';
print '';
} else {
print dol_print_date($object->delivery_date, 'dayhour');
diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php
index b3601c00deb..a67b447ca9c 100644
--- a/htdocs/expensereport/class/expensereport.class.php
+++ b/htdocs/expensereport/class/expensereport.class.php
@@ -495,9 +495,9 @@ class ExpenseReport extends CommonObject
$sql .= " , note_public = ".(!empty($this->note_public) ? "'".$this->db->escape($this->note_public)."'" : "''");
$sql .= " , note_private = ".(!empty($this->note_private) ? "'".$this->db->escape($this->note_private)."'" : "''");
$sql .= " , detail_refuse = ".(!empty($this->detail_refuse) ? "'".$this->db->escape($this->detail_refuse)."'" : "''");
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
- dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG);
+ dol_syslog(get_class($this)."::update", LOG_DEBUG);
$result = $this->db->query($sql);
if ($result) {
if (!$notrigger) {
@@ -552,7 +552,7 @@ class ExpenseReport extends CommonObject
}
//$sql.= $restrict;
- dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);
+ dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);
@@ -665,7 +665,7 @@ class ExpenseReport extends CommonObject
$sql .= " SET fk_statut = ".self::STATUS_CLOSED.", paid=1";
$sql .= " WHERE rowid = ".((int) $id)." AND fk_statut = ".self::STATUS_APPROVED;
- dol_syslog(get_class($this)."::set_paid sql=".$sql, LOG_DEBUG);
+ dol_syslog(get_class($this)."::set_paid", LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {
if ($this->db->affected_rows($resql)) {
@@ -882,7 +882,7 @@ class ExpenseReport extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."expensereport_det as de";
$sql .= " WHERE de.fk_projet = ".((int) $projectid);
- dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);
+ dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
$result = $this->db->query($sql);
if ($result) {
$num = $this->db->num_rows($result);
@@ -973,7 +973,7 @@ class ExpenseReport extends CommonObject
{
$sql = 'SELECT tt.total_ht, tt.total_ttc, tt.total_tva';
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as tt';
- $sql .= ' WHERE tt.'.$this->fk_element.' = '.((int) $id);
+ $sql .= " WHERE tt.".$this->fk_element.' = '.((int) $id);
$total_ht = 0; $total_tva = 0; $total_ttc = 0;
@@ -981,18 +981,18 @@ class ExpenseReport extends CommonObject
if ($result) {
$num = $this->db->num_rows($result);
$i = 0;
- while ($i < $num) :
+ while ($i < $num) {
$objp = $this->db->fetch_object($result);
$total_ht += $objp->total_ht;
$total_tva += $objp->total_tva;
$i++;
- endwhile;
+ }
$total_ttc = $total_ht + $total_tva;
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element." SET";
- $sql .= " total_ht = ".price2num($total_ht, 'MT');
- $sql .= " , total_ttc = ".price2num($total_ttc, 'MT');
- $sql .= " , total_tva = ".price2num($total_tva, 'MT');
+ $sql .= " total_ht = ".((float) price2num($total_ht, 'MT'));
+ $sql .= " , total_ttc = ".((float) price2num($total_ttc, 'MT'));
+ $sql .= " , total_tva = ".((float) price2num($total_tva, 'MT'));
$sql .= " WHERE rowid = ".((int) $id);
$result = $this->db->query($sql);
if ($result) :
@@ -1024,14 +1024,14 @@ class ExpenseReport extends CommonObject
$this->lines = array();
$sql = ' SELECT de.rowid, de.comments, de.qty, de.value_unit, de.date, de.rang,';
- $sql .= ' de.'.$this->fk_element.', de.fk_c_type_fees, de.fk_c_exp_tax_cat, de.fk_projet as fk_project, de.tva_tx, de.fk_ecm_files,';
+ $sql .= " de.".$this->fk_element.", de.fk_c_type_fees, de.fk_c_exp_tax_cat, de.fk_projet as fk_project, de.tva_tx, de.fk_ecm_files,";
$sql .= ' de.total_ht, de.total_tva, de.total_ttc,';
$sql .= ' ctf.code as code_type_fees, ctf.label as libelle_type_fees,';
$sql .= ' p.ref as ref_projet, p.title as title_projet';
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as de';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_type_fees as ctf ON de.fk_c_type_fees = ctf.id';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'projet as p ON de.fk_projet = p.rowid';
- $sql .= ' WHERE de.'.$this->fk_element.' = '.$this->id;
+ $sql .= " WHERE de.".$this->fk_element." = ".((int) $this->id);
if (!empty($conf->global->EXPENSEREPORT_LINES_SORTED_BY_ROWID)) {
$sql .= ' ORDER BY de.rang ASC, de.rowid ASC';
} else {
@@ -1252,7 +1252,7 @@ class ExpenseReport extends CommonObject
$sql .= " fk_statut = ".self::STATUS_VALIDATED.",";
$sql .= " date_valid='".$this->db->idate($this->date_valid)."',";
$sql .= " fk_user_valid = ".$user->id;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@@ -1340,7 +1340,7 @@ class ExpenseReport extends CommonObject
// Sélection de la date de début de la NDF
$sql = 'SELECT date_debut';
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element;
- $sql .= ' WHERE rowid = '.$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
@@ -1351,9 +1351,9 @@ class ExpenseReport extends CommonObject
if ($this->status != self::STATUS_VALIDATED) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= " SET fk_statut = ".self::STATUS_VALIDATED;
- $sql .= ' WHERE rowid = '.$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
- dol_syslog(get_class($this)."::set_save_from_refuse sql=".$sql, LOG_DEBUG);
+ dol_syslog(get_class($this)."::set_save_from_refuse", LOG_DEBUG);
if ($this->db->query($sql)) {
return 1;
@@ -1386,7 +1386,7 @@ class ExpenseReport extends CommonObject
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= " SET ref = '".$this->db->escape($this->ref)."', fk_statut = ".self::STATUS_APPROVED.", fk_user_approve = ".((int) $fuser->id).",";
$sql .= " date_approve='".$this->db->idate($this->date_approve)."'";
- $sql .= ' WHERE rowid = '.$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
if ($this->db->query($sql)) {
if (!$notrigger) {
// Call trigger
@@ -1438,7 +1438,7 @@ class ExpenseReport extends CommonObject
$sql .= " date_refuse='".$this->db->idate($now)."',";
$sql .= " detail_refuse='".$this->db->escape($details)."',";
$sql .= " fk_user_approve = NULL";
- $sql .= ' WHERE rowid = '.$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
if ($this->db->query($sql)) {
$this->fk_statut = 99; // deprecated
$this->status = 99;
@@ -1507,9 +1507,9 @@ class ExpenseReport extends CommonObject
$sql = 'UPDATE '.MAIN_DB_PREFIX.$this->table_element;
$sql .= " SET paid = 0, fk_statut = ".self::STATUS_APPROVED;
- $sql .= ' WHERE rowid = '.$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
- dol_syslog(get_class($this)."::set_unpaid sql=".$sql, LOG_DEBUG);
+ dol_syslog(get_class($this)."::set_unpaid", LOG_DEBUG);
if ($this->db->query($sql)) {
if (!$notrigger) {
@@ -1561,9 +1561,9 @@ class ExpenseReport extends CommonObject
$sql .= " SET fk_statut = ".self::STATUS_CANCELED.", fk_user_cancel = ".((int) $fuser->id);
$sql .= ", date_cancel='".$this->db->idate($this->date_cancel)."'";
$sql .= " ,detail_cancel='".$this->db->escape($detail)."'";
- $sql .= ' WHERE rowid = '.$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
- dol_syslog(get_class($this)."::set_cancel sql=".$sql, LOG_DEBUG);
+ dol_syslog(get_class($this)."::set_cancel", LOG_DEBUG);
if ($this->db->query($sql)) {
if (!$notrigger) {
@@ -1746,7 +1746,7 @@ class ExpenseReport extends CommonObject
$sql .= " total_ht = ".$this->total_ht;
$sql .= " , total_ttc = ".$this->total_ttc;
$sql .= " , total_tva = ".$this->total_tva;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
if ($result) :
@@ -1776,7 +1776,7 @@ class ExpenseReport extends CommonObject
$sql .= " total_ht = ".$this->total_ht;
$sql .= " , total_ttc = ".$this->total_ttc;
$sql .= " , total_tva = ".$this->total_tva;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
if ($result) :
@@ -2025,12 +2025,12 @@ class ExpenseReport extends CommonObject
public function offsetAlreadyGiven()
{
$sql = 'SELECT e.rowid FROM '.MAIN_DB_PREFIX.'expensereport e';
- $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'expensereport_det d ON (e.rowid = d.fk_expensereport)';
- $sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'c_type_fees f ON (d.fk_c_type_fees = f.id AND f.code = "EX_KME")';
- $sql .= ' WHERE e.fk_user_author = '.(int) $this->fk_user_author;
- $sql .= ' AND YEAR(d.date) = "'.dol_print_date($this->line->date, '%Y').'" AND MONTH(d.date) = "'.dol_print_date($this->line->date, '%m').'"';
+ $sql .= " INNER JOIN ".MAIN_DB_PREFIX."expensereport_det d ON (e.rowid = d.fk_expensereport)";
+ $sql .= " INNER JOIN ".MAIN_DB_PREFIX."c_type_fees f ON (d.fk_c_type_fees = f.id AND f.code = 'EX_KME')";
+ $sql .= " WHERE e.fk_user_author = ".(int) $this->fk_user_author;
+ $sql .= " AND YEAR(d.date) = '".dol_print_date($this->line->date, '%Y')."' AND MONTH(d.date) = '".dol_print_date($this->line->date, '%m')."'";
if (!empty($this->line->id)) {
- $sql .= ' AND d.rowid <> '.$this->line->id;
+ $sql .= ' AND d.rowid <> '.((int) $this->line->id);
}
dol_syslog(get_class($this)."::offsetAlreadyGiven sql=".$sql);
@@ -2525,7 +2525,7 @@ class ExpenseReport extends CommonObject
$sql = 'SELECT sum(amount) as amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.$table;
- $sql .= ' WHERE '.$field.' = '.$this->id;
+ $sql .= " WHERE ".$field." = ".((int) $this->id);
dol_syslog(get_class($this)."::getSumPayments", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -2759,15 +2759,15 @@ class ExpenseReportLine
$sql .= ' INNER JOIN '.MAIN_DB_PREFIX.'expensereport e ON (d.fk_expensereport = e.rowid)';
$sql .= ' WHERE e.fk_user_author = '.((int) $fk_user);
if (!empty($this->id)) {
- $sql .= ' AND d.rowid <> '.$this->id;
+ $sql .= ' AND d.rowid <> '.((int) $this->id);
}
$sql .= ' AND d.fk_c_type_fees = '.((int) $rule->fk_c_type_fees);
if ($mode == 'day' || $mode == 'EX_DAY') {
$sql .= " AND d.date = '".dol_print_date($this->date, '%Y-%m-%d')."'";
} elseif ($mode == 'mon' || $mode == 'EX_MON') {
- $sql .= ' AND DATE_FORMAT(d.date, \'%Y-%m\') = \''.dol_print_date($this->date, '%Y-%m').'\''; // @todo DATE_FORMAT is forbidden
+ $sql .= " AND DATE_FORMAT(d.date, '%Y-%m') = '".dol_print_date($this->date, '%Y-%m')."'"; // @todo DATE_FORMAT is forbidden
} elseif ($mode == 'year' || $mode == 'EX_YEA') {
- $sql .= ' AND DATE_FORMAT(d.date, \'%Y\') = \''.dol_print_date($this->date, '%Y').'\''; // @todo DATE_FORMAT is forbidden
+ $sql .= " AND DATE_FORMAT(d.date, '%Y') = '".dol_print_date($this->date, '%Y')."'"; // @todo DATE_FORMAT is forbidden
}
dol_syslog('ExpenseReportLine::getExpAmount');
diff --git a/htdocs/expensereport/class/expensereport_rule.class.php b/htdocs/expensereport/class/expensereport_rule.class.php
index 03ecab10f6a..6299dd7c5bd 100644
--- a/htdocs/expensereport/class/expensereport_rule.class.php
+++ b/htdocs/expensereport/class/expensereport_rule.class.php
@@ -157,7 +157,7 @@ class ExpenseReportRule extends CoreObject
$sql .= ' FROM '.MAIN_DB_PREFIX.'expensereport_rules er';
$sql .= ' WHERE er.entity IN (0,'.getEntity('').')';
if (!empty($fk_c_type_fees)) {
- $sql .= ' AND er.fk_c_type_fees IN (-1, '.$fk_c_type_fees.')';
+ $sql .= ' AND er.fk_c_type_fees IN (-1, '.((int) $fk_c_type_fees).')';
}
if (!empty($date)) {
$sql .= " AND er.dates <= '".dol_print_date($date, '%Y-%m-%d')."'";
@@ -170,7 +170,7 @@ class ExpenseReportRule extends CoreObject
}
$sql .= ' ORDER BY er.is_for_all, er.fk_usergroup, er.fk_user';
- dol_syslog("ExpenseReportRule::getAllRule sql=".$sql);
+ dol_syslog("ExpenseReportRule::getAllRule");
$resql = $db->query($sql);
if ($resql) {
diff --git a/htdocs/expensereport/class/expensereportstats.class.php b/htdocs/expensereport/class/expensereportstats.class.php
index 13e7a44bc7f..e36b1c1e49e 100644
--- a/htdocs/expensereport/class/expensereportstats.class.php
+++ b/htdocs/expensereport/class/expensereportstats.class.php
@@ -94,7 +94,7 @@ class ExpenseReportStats extends Stats
*/
public function getNbByYear()
{
- $sql = "SELECT YEAR(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).") as dm, count(*)";
+ $sql = "SELECT YEAR(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).") as dm, count(*)";
$sql .= " FROM ".$this->from;
$sql .= " GROUP BY dm DESC";
$sql .= " WHERE ".$this->where;
@@ -112,7 +112,7 @@ class ExpenseReportStats extends Stats
*/
public function getNbByMonth($year, $format = 0)
{
- $sql = "SELECT MONTH(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).") as dm, count(*)";
+ $sql = "SELECT MONTH(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).") as dm, count(*)";
$sql .= " FROM ".$this->from;
$sql .= " WHERE YEAR(e.".$this->datetouse.") = ".((int) $year);
$sql .= " AND ".$this->where;
@@ -134,9 +134,9 @@ class ExpenseReportStats extends Stats
*/
public function getAmountByMonth($year, $format = 0)
{
- $sql = "SELECT date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%m') as dm, sum(".$this->field.")";
+ $sql = "SELECT date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%m') as dm, sum(".$this->field.")";
$sql .= " FROM ".$this->from;
- $sql .= " WHERE date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%Y') = '".$this->db->escape($year)."'";
+ $sql .= " WHERE date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%Y') = '".$this->db->escape($year)."'";
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
@@ -154,9 +154,9 @@ class ExpenseReportStats extends Stats
*/
public function getAverageByMonth($year)
{
- $sql = "SELECT date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%m') as dm, avg(".$this->field.")";
+ $sql = "SELECT date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%m') as dm, avg(".$this->field.")";
$sql .= " FROM ".$this->from;
- $sql .= " WHERE date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%Y') = '".$this->db->escape($year)."'";
+ $sql .= " WHERE date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%Y') = '".$this->db->escape($year)."'";
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
@@ -171,7 +171,7 @@ class ExpenseReportStats extends Stats
*/
public function getAllByYear()
{
- $sql = "SELECT date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%Y') as year, count(*) as nb, sum(".$this->field.") as total, avg(".$this->field.") as avg";
+ $sql = "SELECT date_format(".$this->db->ifsql("e.".$this->datetouse." IS NULL", "e.date_create", "e.".$this->datetouse).",'%Y') as year, count(*) as nb, sum(".$this->field.") as total, avg(".$this->field.") as avg";
$sql .= " FROM ".$this->from;
$sql .= " WHERE ".$this->where;
$sql .= " GROUP BY year";
diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php
index 610713d6f48..760c25e4db8 100644
--- a/htdocs/expensereport/list.php
+++ b/htdocs/expensereport/list.php
@@ -277,7 +277,7 @@ $sql .= " u.rowid as id_user, u.firstname, u.lastname, u.login, u.email, u.statu
// Add fields from extrafields
if (!empty($extrafields->attributes[$object->table_element]['label'])) {
foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) {
- $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : '');
+ $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : '');
}
}
// Add fields from hooks
diff --git a/htdocs/exports/class/export.class.php b/htdocs/exports/class/export.class.php
index 483935c7fdf..50acd166237 100644
--- a/htdocs/exports/class/export.class.php
+++ b/htdocs/exports/class/export.class.php
@@ -455,14 +455,14 @@ class Export
} else {
$keyList = 'rowid';
}
- $sql = 'SELECT '.$keyList.' as rowid, '.$InfoFieldList[2].' as label'.(empty($InfoFieldList[3]) ? '' : ', '.$InfoFieldList[3].' as code');
+ $sql = "SELECT ".$keyList." as rowid, ".$InfoFieldList[2]." as label".(empty($InfoFieldList[3]) ? "" : ", ".$InfoFieldList[3]." as code");
if ($InfoFieldList[1] == 'c_stcomm') {
- $sql = 'SELECT id as id, '.$keyList.' as rowid, '.$InfoFieldList[2].' as label'.(empty($InfoFieldList[3]) ? '' : ', '.$InfoFieldList[3].' as code');
+ $sql = "SELECT id as id, ".$keyList." as rowid, ".$InfoFieldList[2]." as label".(empty($InfoFieldList[3]) ? "" : ", ".$InfoFieldList[3].' as code');
}
if ($InfoFieldList[1] == 'c_country') {
- $sql = 'SELECT '.$keyList.' as rowid, '.$InfoFieldList[2].' as label, code as code';
+ $sql = "SELECT ".$keyList." as rowid, ".$InfoFieldList[2]." as label, code as code";
}
- $sql .= ' FROM '.MAIN_DB_PREFIX.$InfoFieldList[1];
+ $sql .= " FROM ".MAIN_DB_PREFIX.$InfoFieldList[1];
if (!empty($InfoFieldList[4])) {
$sql .= ' WHERE entity IN ('.getEntity($InfoFieldList[4]).')';
}
diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php
index cc5c3c5e619..72a3fdd654b 100644
--- a/htdocs/fichinter/card-rec.php
+++ b/htdocs/fichinter/card-rec.php
@@ -601,7 +601,7 @@ if ($action == 'create') {
print ' ';
print $form->selectarray('unit_frequency', array('d'=>$langs->trans('Day'), 'm'=>$langs->trans('Month'), 'y'=>$langs->trans('Year')), ($object->unit_frequency ? $object->unit_frequency : 'm'));
print '';
- print ' | ';
+ print ' | ';
print ' ';
} else {
if ($object->frequency > 0) {
diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php
index 1b647af00a6..9f94b94ffc5 100644
--- a/htdocs/fichinter/card.php
+++ b/htdocs/fichinter/card.php
@@ -1279,7 +1279,7 @@ if ($action == 'create') {
$sql = 'SELECT ft.rowid, ft.description, ft.fk_fichinter, ft.duree, ft.rang,';
$sql .= ' ft.date as date_intervention';
$sql .= ' FROM '.MAIN_DB_PREFIX.'fichinterdet as ft';
- $sql .= ' WHERE ft.fk_fichinter = '.$object->id;
+ $sql .= ' WHERE ft.fk_fichinter = '.((int) $object->id);
if (!empty($conf->global->FICHINTER_HIDE_EMPTY_DURATION)) {
$sql .= ' AND ft.duree <> 0';
}
@@ -1491,7 +1491,7 @@ if ($action == 'create') {
}
print ' | ';
- print '
| ';
+ print '
| ';
print '';
//Line extrafield
diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php
index 371853dc70c..23766a91bbe 100644
--- a/htdocs/fichinter/class/fichinter.class.php
+++ b/htdocs/fichinter/class/fichinter.class.php
@@ -1004,7 +1004,7 @@ class Fichinter extends CommonObject
if (!$error) {
// Delete object
$sql = "DELETE FROM ".MAIN_DB_PREFIX."fichinter";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog("Fichinter::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -1066,7 +1066,7 @@ class Fichinter extends CommonObject
if ($user->rights->ficheinter->creer) {
$sql = "UPDATE ".MAIN_DB_PREFIX."fichinter ";
$sql .= " SET datei = '".$this->db->idate($date_delivery)."'";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND fk_statut = 0";
if ($this->db->query($sql)) {
@@ -1097,7 +1097,7 @@ class Fichinter extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."fichinter ";
$sql .= " SET description = '".$this->db->escape($description)."',";
$sql .= " fk_user_modif = ".$user->id;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
if ($this->db->query($sql)) {
$this->description = $description;
@@ -1127,7 +1127,7 @@ class Fichinter extends CommonObject
if ($user->rights->ficheinter->creer) {
$sql = "UPDATE ".MAIN_DB_PREFIX."fichinter ";
$sql .= " SET fk_contrat = ".((int) $contractid);
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
if ($this->db->query($sql)) {
$this->fk_contrat = $contractid;
@@ -1481,7 +1481,7 @@ class FichinterLigne extends CommonObjectLine
if ($rangToUse == -1) {
// Recupere rang max de la ligne d'intervention dans $rangmax
$sql = 'SELECT max(rang) as max FROM '.MAIN_DB_PREFIX.'fichinterdet';
- $sql .= ' WHERE fk_fichinter ='.$this->fk_fichinter;
+ $sql .= ' WHERE fk_fichinter = '.((int) $this->fk_fichinter);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);
@@ -1496,7 +1496,7 @@ class FichinterLigne extends CommonObjectLine
// Insertion dans base de la ligne
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'fichinterdet';
$sql .= ' (fk_fichinter, description, date, duree, rang)';
- $sql .= " VALUES (".$this->fk_fichinter.",";
+ $sql .= " VALUES (".((int) $this->fk_fichinter).",";
$sql .= " '".$this->db->escape($this->desc)."',";
$sql .= " '".$this->db->idate($this->datei)."',";
$sql .= " ".((int) $this->duration).",";
diff --git a/htdocs/fichinter/class/fichinterrec.class.php b/htdocs/fichinter/class/fichinterrec.class.php
index 4fe35c32a2c..d23c25253ac 100644
--- a/htdocs/fichinter/class/fichinterrec.class.php
+++ b/htdocs/fichinter/class/fichinterrec.class.php
@@ -356,7 +356,7 @@ class FichinterRec extends Fichinter
$sql .= ' p.label as product_label, p.description as product_desc';
$sql .= ' FROM '.MAIN_DB_PREFIX.'fichinterdet_rec as l';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid';
- $sql .= ' WHERE l.fk_fichinter = '.$this->id;
+ $sql .= ' WHERE l.fk_fichinter = '.((int) $this->id);
dol_syslog('FichInter-rec::fetch_lines', LOG_DEBUG);
$result = $this->db->query($sql);
@@ -599,7 +599,7 @@ class FichinterRec extends Fichinter
$sql = "UPDATE ".MAIN_DB_PREFIX."fichinter_rec ";
$sql .= " SET frequency='".$this->db->escape($freq)."'";
$sql .= ", date_last_gen='".$this->db->escape($courant)."'";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
@@ -718,7 +718,7 @@ class FichinterRec extends Fichinter
if (!empty($unit)) {
$sql .= ', unit_frequency = "'.$this->db->escape($unit).'"';
}
- $sql .= ' WHERE rowid = '.$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setFrequencyAndUnit", LOG_DEBUG);
if ($this->db->query($sql)) {
@@ -751,7 +751,7 @@ class FichinterRec extends Fichinter
if ($increment_nb_gen_done > 0) {
$sql .= ', nb_gen_done = nb_gen_done + 1';
}
- $sql .= ' WHERE rowid = '.$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setNextDate", LOG_DEBUG);
if ($this->db->query($sql)) {
@@ -844,7 +844,7 @@ class FichinterRec extends Fichinter
$sql .= ' , statut = 1';
}
- $sql .= ' WHERE rowid = '.$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setAutoValidate", LOG_DEBUG);
if ($this->db->query($sql)) {
diff --git a/htdocs/fichinter/index.php b/htdocs/fichinter/index.php
index 8513238b385..8eca043ef40 100644
--- a/htdocs/fichinter/index.php
+++ b/htdocs/fichinter/index.php
@@ -80,7 +80,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE f.entity IN (".getEntity('intervention').")";
$sql .= " AND f.fk_soc = s.rowid";
if ($user->socid) {
- $sql .= ' AND f.fk_soc = '.$user->socid;
+ $sql .= ' AND f.fk_soc = '.((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php
index 508eb984307..6f4dccd878d 100644
--- a/htdocs/fichinter/list.php
+++ b/htdocs/fichinter/list.php
@@ -231,7 +231,7 @@ if (!empty($conf->contrat->enabled)) {
// Add fields from extrafields
if (!empty($extrafields->attributes[$object->table_element]['label'])) {
foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) {
- $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : '');
+ $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : '');
}
}
// Add fields from hooks
diff --git a/htdocs/fourn/card.php b/htdocs/fourn/card.php
index 866fd31318e..599242375d2 100644
--- a/htdocs/fourn/card.php
+++ b/htdocs/fourn/card.php
@@ -519,7 +519,7 @@ if ($object->id > 0) {
$sql .= ' FROM '.MAIN_DB_PREFIX.'product_fournisseur_price as pfp';
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = pfp.fk_product";
$sql .= ' WHERE p.entity IN ('.getEntity('product').')';
- $sql .= ' AND pfp.fk_soc = '.$object->id;
+ $sql .= ' AND pfp.fk_soc = '.((int) $object->id);
$sql .= $db->order('pfp.tms', 'desc');
$sql .= $db->plimit($MAXLIST);
@@ -589,7 +589,7 @@ if ($object->id > 0) {
$sql = "SELECT p.rowid, p.ref, p.date_valid as dc, p.fk_statut, p.total_ht, p.total_tva, p.total_ttc";
$sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p ";
- $sql .= " WHERE p.fk_soc =".$object->id;
+ $sql .= " WHERE p.fk_soc = ".((int) $object->id);
$sql .= " AND p.entity IN (".getEntity('supplier_proposal').")";
$sql .= " ORDER BY p.date_valid DESC";
$sql .= $db->plimit($MAXLIST);
@@ -658,7 +658,7 @@ if ($object->id > 0) {
$sql2 .= ', '.MAIN_DB_PREFIX.'commande_fournisseur as c';
$sql2 .= ' WHERE c.fk_soc = s.rowid';
$sql2 .= " AND c.entity IN (".getEntity('commande_fournisseur').")";
- $sql2 .= ' AND s.rowid = '.$object->id;
+ $sql2 .= ' AND s.rowid = '.((int) $object->id);
// Show orders we can bill
if (empty($conf->global->SUPPLIER_ORDER_TO_INVOICE_STATUS)) {
$sql2 .= " AND c.fk_statut IN (".$db->sanitize(CommandeFournisseur::STATUS_RECEIVED_COMPLETELY).")"; // Must match filter in htdocs/fourn/commande/list.php
@@ -681,7 +681,7 @@ if ($object->id > 0) {
// TODO move to DAO class
$sql = "SELECT count(p.rowid) as total";
$sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as p";
- $sql .= " WHERE p.fk_soc =".$object->id;
+ $sql .= " WHERE p.fk_soc = ".((int) $object->id);
$sql .= " AND p.entity IN (".getEntity('commande_fournisseur').")";
$resql = $db->query($sql);
if ($resql) {
@@ -691,7 +691,7 @@ if ($object->id > 0) {
$sql = "SELECT p.rowid,p.ref, p.date_commande as dc, p.fk_statut, p.total_ht, p.total_tva, p.total_ttc";
$sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as p";
- $sql .= " WHERE p.fk_soc =".$object->id;
+ $sql .= " WHERE p.fk_soc = ".((int) $object->id);
$sql .= " AND p.entity IN (".getEntity('commande_fournisseur').")";
$sql .= " ORDER BY p.date_commande DESC";
$sql .= $db->plimit($MAXLIST);
@@ -758,7 +758,7 @@ if ($object->id > 0) {
$sql .= ' SUM(pf.amount) as am';
$sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn as f';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf ON f.rowid=pf.fk_facturefourn';
- $sql .= ' WHERE f.fk_soc = '.$object->id;
+ $sql .= ' WHERE f.fk_soc = '.((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('facture_fourn').")";
$sql .= ' GROUP BY f.rowid,f.libelle,f.ref,f.ref_supplier,f.fk_statut,f.datef,f.total_ht,f.total_tva,f.total_ttc,f.paye';
$sql .= ' ORDER BY f.datef DESC';
diff --git a/htdocs/fourn/class/fournisseur.class.php b/htdocs/fourn/class/fournisseur.class.php
index 121e699757c..805ed7c1ba6 100644
--- a/htdocs/fourn/class/fournisseur.class.php
+++ b/htdocs/fourn/class/fournisseur.class.php
@@ -59,7 +59,7 @@ class Fournisseur extends Societe
{
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as cf";
- $sql .= " WHERE cf.fk_soc = ".$this->id;
+ $sql .= " WHERE cf.fk_soc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php
index 3d71fd46b11..9d965ee034e 100644
--- a/htdocs/fourn/class/fournisseur.commande.class.php
+++ b/htdocs/fourn/class/fournisseur.commande.class.php
@@ -473,7 +473,7 @@ class CommandeFournisseur extends CommonOrder
if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON l.fk_product = pfp.fk_product and l.ref = pfp.ref_fourn AND pfp.fk_soc = ".((int) $this->socid);
}
- $sql .= " WHERE l.fk_commande = ".$this->id;
+ $sql .= " WHERE l.fk_commande = ".((int) $this->id);
if ($only_product) {
$sql .= ' AND p.fk_product_type = 0';
}
@@ -627,7 +627,7 @@ class CommandeFournisseur extends CommonOrder
if (preg_match('/^[\(]?PROV/i', $this->ref)) {
// Now we rename also files into index
$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'fournisseur/commande/".$this->db->escape($this->newref)."'";
- $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'fournisseur/commande/".$this->db->escape($this->ref)."' and entity = ".$conf->entity;
+ $sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'fournisseur/commande/".$this->db->escape($this->ref)."' and entity = ".((int) $conf->entity);
$resql = $this->db->query($sql);
if (!$resql) {
$error++; $this->error = $this->db->lasterror();
@@ -930,7 +930,7 @@ class CommandeFournisseur extends CommonOrder
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur SET billed = 1';
- $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut > '.self::STATUS_DRAFT;
+ $sql .= " WHERE rowid = ".((int) $this->id).' AND fk_statut > '.self::STATUS_DRAFT;
if ($this->db->query($sql)) {
if (!$error) {
@@ -2236,7 +2236,7 @@ class CommandeFournisseur extends CommonOrder
$sql .= " FROM ".MAIN_DB_PREFIX."product as p,";
$sql .= " ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as cfd";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."entrepot as e ON cfd.fk_entrepot = e.rowid";
- $sql .= " WHERE cfd.fk_commande = ".$this->id;
+ $sql .= " WHERE cfd.fk_commande = ".((int) $this->id);
$sql .= " AND cfd.fk_product = p.rowid";
if ($status >= 0) {
$sql .= " AND cfd.status = ".((int) $status);
@@ -2537,10 +2537,10 @@ class CommandeFournisseur extends CommonOrder
$sql = "INSERT INTO ".MAIN_DB_PREFIX."commande_fournisseurdet";
$sql .= " (fk_commande, label, description, fk_product, price, qty, tva_tx, localtax1_tx, localtax2_tx, remise_percent, subprice, remise, ref)";
- $sql .= " VALUES (".$idc.", '".$this->db->escape($label)."', ".$this->db->escape($comclient->lines[$i]->desc);
- $sql .= ",".$comclient->lines[$i]->fk_product.", ".price2num($comclient->lines[$i]->price);
- $sql .= ", ".$comclient->lines[$i]->qty.", ".$comclient->lines[$i]->tva_tx.", ".$comclient->lines[$i]->localtax1_tx.", ".$comclient->lines[$i]->localtax2_tx.", ".$comclient->lines[$i]->remise_percent;
- $sql .= ", '".price2num($comclient->lines[$i]->subprice)."','0', '".$this->db->escape($ref)."');";
+ $sql .= " VALUES (".((int) $idc).", '".$this->db->escape($label)."', '".$this->db->escape($comclient->lines[$i]->desc)."'";
+ $sql .= ",".$comclient->lines[$i]->fk_product.", ".price2num($comclient->lines[$i]->price, 'MU');
+ $sql .= ", ".price2num($comclient->lines[$i]->qty, 'MS').", ".price2num($comclient->lines[$i]->tva_tx, 5).", ".price2num($comclient->lines[$i]->localtax1_tx, 5).", ".price2num($comclient->lines[$i]->localtax2_tx, 5).", ".price2num($comclient->lines[$i]->remise_percent, 3);
+ $sql .= ", '".price2num($comclient->lines[$i]->subprice, 'MT')."','0', '".$this->db->escape($ref)."');";
if ($this->db->query($sql)) {
$this->update_price();
}
@@ -2564,8 +2564,8 @@ class CommandeFournisseur extends CommonOrder
$this->db->begin();
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur';
- $sql .= ' SET fk_statut='.$status;
- $sql .= ' WHERE rowid = '.$this->id;
+ $sql .= " SET fk_statut = ".$status;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::setStatus", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -3399,12 +3399,12 @@ class CommandeFournisseur extends CommonOrder
$sql .= ' cfd.fk_reception = e.rowid AND';
}
$sql .= ' cfd.fk_commandefourndet = cd.rowid';
- $sql .= ' AND cd.fk_commande ='.$this->id;
+ $sql .= ' AND cd.fk_commande ='.((int) $this->id);
if ($this->fk_product > 0) {
- $sql .= ' AND cd.fk_product = '.$this->fk_product;
+ $sql .= ' AND cd.fk_product = '.((int) $this->fk_product);
}
if ($filtre_statut >= 0) {
- $sql .= ' AND e.fk_statut >= '.$filtre_statut;
+ $sql .= ' AND e.fk_statut >= '.((int) $filtre_statut);
}
$sql .= ' GROUP BY cd.rowid, cd.fk_product';
diff --git a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php
index cd1ff267fb7..fcf1c6a50f4 100644
--- a/htdocs/fourn/class/fournisseur.commande.dispatch.class.php
+++ b/htdocs/fourn/class/fournisseur.commande.dispatch.class.php
@@ -666,13 +666,13 @@ class CommandeFournisseurDispatch extends CommonObject
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.comment') {
- $sqlwhere [] = $key.' LIKE \'%'.$this->db->escape($value).'%\'';
+ $sqlwhere [] = $key." LIKE '%".$this->db->escape($value)."%'";
} elseif ($key == 't.datec' || $key == 't.tms' || $key == 't.eatby' || $key == 't.sellby' || $key == 't.batch') {
- $sqlwhere [] = $key.' = \''.$this->db->escape($value).'\'';
+ $sqlwhere [] = $key." = '".$this->db->escape($value)."'";
} elseif ($key == 'qty') {
- $sqlwhere [] = $key.' = '.((float) $value);
+ $sqlwhere [] = $key." = ".((float) $value);
} else {
- $sqlwhere [] = $key.' = '.((int) $value);
+ $sqlwhere [] = $key." = ".((int) $value);
}
}
}
@@ -684,7 +684,7 @@ class CommandeFournisseurDispatch extends CommonObject
$sql .= $this->db->order($sortfield, $sortorder);
}
if (!empty($limit)) {
- $sql .= ' '.$this->db->plimit($limit, $offset);
+ $sql .= $this->db->plimit($limit, $offset);
}
$this->lines = array();
diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php
index abb5b01fb2c..ca7c95cd464 100644
--- a/htdocs/fourn/class/fournisseur.facture.class.php
+++ b/htdocs/fourn/class/fournisseur.facture.class.php
@@ -438,19 +438,19 @@ class FactureFournisseur extends CommonInvoice
$sql .= " VALUES (";
$sql .= "'(PROV)'";
$sql .= ", '".$this->db->escape($this->ref_supplier)."'";
- $sql .= ", ".$conf->entity;
+ $sql .= ", ".((int) $conf->entity);
$sql .= ", '".$this->db->escape($this->type)."'";
$sql .= ", '".$this->db->escape(isset($this->label) ? $this->label : (isset($this->libelle) ? $this->libelle : ''))."'";
- $sql .= ", ".$this->socid;
+ $sql .= ", ".((int) $this->socid);
$sql .= ", '".$this->db->idate($now)."'";
$sql .= ", '".$this->db->idate($this->date)."'";
- $sql .= ", ".($this->fk_project > 0 ? $this->fk_project : "null");
- $sql .= ", ".($this->cond_reglement_id > 0 ? $this->cond_reglement_id : "null");
- $sql .= ", ".($this->mode_reglement_id > 0 ? $this->mode_reglement_id : "null");
- $sql .= ", ".($this->fk_account > 0 ? $this->fk_account : 'NULL');
+ $sql .= ", ".($this->fk_project > 0 ? ((int) $this->fk_project) : "null");
+ $sql .= ", ".($this->cond_reglement_id > 0 ? ((int) $this->cond_reglement_id) : "null");
+ $sql .= ", ".($this->mode_reglement_id > 0 ? ((int) $this->mode_reglement_id) : "null");
+ $sql .= ", ".($this->fk_account > 0 ? ((int) $this->fk_account) : 'NULL');
$sql .= ", '".$this->db->escape($this->note_private)."'";
$sql .= ", '".$this->db->escape($this->note_public)."'";
- $sql .= ", ".$user->id.",";
+ $sql .= ", ".((int) $user->id).",";
$sql .= $this->date_echeance != '' ? "'".$this->db->idate($this->date_echeance)."'" : "null";
$sql .= ", ".(int) $this->fk_incoterms;
$sql .= ", '".$this->db->escape($this->location_incoterms)."'";
@@ -506,7 +506,7 @@ class FactureFournisseur extends CommonInvoice
dol_syslog("There is ".count($this->lines)." lines that are invoice lines objects");
foreach ($this->lines as $i => $val) {
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'facture_fourn_det (fk_facture_fourn, special_code, fk_remise_except)';
- $sql .= ' VALUES ('.$this->id.','.intval($this->lines[$i]->special_code).','.($this->lines[$i]->fk_remise_except > 0 ? $this->lines[$i]->fk_remise_except : 'NULL').')';
+ $sql .= " VALUES (".((int) $this->id).", ".((int) $this->lines[$i]->special_code).", ".($this->lines[$i]->fk_remise_except > 0 ? ((int) $this->lines[$i]->fk_remise_except) : 'NULL').')';
$resql_insert = $this->db->query($sql);
if ($resql_insert) {
@@ -552,7 +552,7 @@ class FactureFournisseur extends CommonInvoice
}
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'facture_fourn_det (fk_facture_fourn, special_code, fk_remise_except)';
- $sql .= ' VALUES ('.$this->id.','.intval($this->lines[$i]->special_code).','.($this->lines[$i]->fk_remise_except > 0 ? $this->lines[$i]->fk_remise_except : 'NULL').')';
+ $sql .= " VALUES (".((int) $this->id).", ".((int) $this->lines[$i]->special_code).", ".($this->lines[$i]->fk_remise_except > 0 ? ((int) $this->lines[$i]->fk_remise_except) : 'NULL').')';
$resql_insert = $this->db->query($sql);
if ($resql_insert) {
@@ -818,7 +818,7 @@ class FactureFournisseur extends CommonInvoice
$sql .= ', f.fk_code_ventilation, f.fk_multicurrency, f.multicurrency_code, f.multicurrency_subprice, f.multicurrency_total_ht, f.multicurrency_total_tva, f.multicurrency_total_ttc';
$sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn_det as f';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON f.fk_product = p.rowid';
- $sql .= ' WHERE fk_facture_fourn='.$this->id;
+ $sql .= ' WHERE fk_facture_fourn='.((int) $this->id);
$sql .= ' ORDER BY f.rang, f.rowid';
dol_syslog(get_class($this)."::fetch_lines", LOG_DEBUG);
@@ -1375,7 +1375,7 @@ class FactureFournisseur extends CommonInvoice
if ($close_note) {
$sql .= ", close_note='".$this->db->escape($close_note)."'";
}
- $sql .= ', fk_user_closing = '.$user->id;
+ $sql .= ', fk_user_closing = '.((int) $user->id);
$sql .= ", date_closing = '".$this->db->idate($now)."'";
$sql .= ' WHERE rowid = '.((int) $this->id);
@@ -1491,7 +1491,7 @@ class FactureFournisseur extends CommonInvoice
if ($close_note) {
$sql .= ", close_note='".$this->db->escape($close_note)."'";
}
- $sql .= ' WHERE rowid = '.$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@@ -1499,7 +1499,7 @@ class FactureFournisseur extends CommonInvoice
// as they have not been used since the invoice is abandoned.
$sql = 'UPDATE '.MAIN_DB_PREFIX.'societe_remise_except';
$sql .= ' SET fk_invoice_supplier = NULL';
- $sql .= ' WHERE fk_invoice_supplier = '.$this->id;
+ $sql .= ' WHERE fk_invoice_supplier = '.((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@@ -1579,7 +1579,7 @@ class FactureFournisseur extends CommonInvoice
$sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn";
$sql .= " SET ref='".$this->db->escape($num)."', fk_statut = 1, fk_user_valid = ".((int) $user->id).", date_valid = '".$this->db->idate($now)."'";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::validate", LOG_DEBUG);
$resql = $this->db->query($sql);
@@ -1706,7 +1706,7 @@ class FactureFournisseur extends CommonInvoice
$sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn";
$sql .= " SET fk_statut = ".self::STATUS_DRAFT;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
if ($result) {
@@ -2411,7 +2411,7 @@ class FactureFournisseur extends CommonInvoice
$sql .= ' AND ff.fk_statut > 0';
$sql .= " AND ff.entity = ".$conf->entity;
if ($user->socid) {
- $sql .= ' AND ff.fk_soc = '.$user->socid;
+ $sql .= ' AND ff.fk_soc = '.((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND ff.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
@@ -2946,7 +2946,7 @@ class FactureFournisseur extends CommonInvoice
{
$isUsed = false;
- $sql = "SELECT fk_invoice_supplier FROM ".MAIN_DB_PREFIX."societe_remise_except WHERE fk_invoice_supplier_source=".$this->id;
+ $sql = "SELECT fk_invoice_supplier FROM ".MAIN_DB_PREFIX."societe_remise_except WHERE fk_invoice_supplier_source = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!empty($resql)) {
$obj = $this->db->fetch_object($resql);
@@ -3317,7 +3317,7 @@ class SupplierInvoiceLine extends CommonObjectLine
if (!$error) {
// Supprime ligne
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'facture_fourn_det ';
- $sql .= ' WHERE rowid = '.$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@@ -3392,13 +3392,13 @@ class SupplierInvoiceLine extends CommonObjectLine
if (empty($this->fk_product)) {
$fk_product = "null";
} else {
- $fk_product = $this->fk_product;
+ $fk_product = (int) $this->fk_product;
}
if (empty($this->fk_unit)) {
$fk_unit = "null";
} else {
- $fk_unit = "'".$this->db->escape($this->fk_unit)."'";
+ $fk_unit = (int) $this->fk_unit;
}
$sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det SET";
@@ -3410,7 +3410,7 @@ class SupplierInvoiceLine extends CommonObjectLine
$sql .= ", pu_ttc = ".price2num($this->pu_ttc);
$sql .= ", qty = ".price2num($this->qty);
$sql .= ", remise_percent = ".price2num($this->remise_percent);
- if ($this->fk_remise_except) $sql .= ", fk_remise_except=".((int) $this->fk_remise_except);
+ if ($this->fk_remise_except > 0) $sql .= ", fk_remise_except=".((int) $this->fk_remise_except);
else $sql .= ", fk_remise_except=null";
$sql .= ", vat_src_code = '".$this->db->escape(empty($this->vat_src_code) ? '' : $this->vat_src_code)."'";
$sql .= ", tva_tx = ".price2num($this->tva_tx);
@@ -3423,7 +3423,7 @@ class SupplierInvoiceLine extends CommonObjectLine
$sql .= ", total_localtax1= ".price2num($this->total_localtax1);
$sql .= ", total_localtax2= ".price2num($this->total_localtax2);
$sql .= ", total_ttc = ".price2num($this->total_ttc);
- $sql .= ", fk_product = ".((int) $fk_product);
+ $sql .= ", fk_product = ".($fk_product > 0 ? (int) $fk_product : 'null');
$sql .= ", product_type = ".((int) $this->product_type);
$sql .= ", info_bits = ".((int) $this->info_bits);
$sql .= ", fk_unit = ".($fk_unit > 0 ? (int) $fk_unit : 'null');
@@ -3701,12 +3701,12 @@ class SupplierInvoiceLine extends CommonObjectLine
// Mise a jour ligne en base
$sql = "UPDATE ".MAIN_DB_PREFIX."facture_fourn_det SET";
- $sql .= " total_ht='".price2num($this->total_ht)."'";
- $sql .= ", tva='".price2num($this->total_tva)."'";
- $sql .= ", total_localtax1='".price2num($this->total_localtax1)."'";
- $sql .= ", total_localtax2='".price2num($this->total_localtax2)."'";
- $sql .= ", total_ttc='".price2num($this->total_ttc)."'";
- $sql .= " WHERE rowid = ".$this->rowid;
+ $sql .= " total_ht = ".price2num($this->total_ht);
+ $sql .= ", tva= ".price2num($this->total_tva);
+ $sql .= ", total_localtax1 = ".price2num($this->total_localtax1);
+ $sql .= ", total_localtax2 = ".price2num($this->total_localtax2);
+ $sql .= ", total_ttc = ".price2num($this->total_ttc);
+ $sql .= " WHERE rowid = ".((int) $this->rowid);
dol_syslog("FactureFournisseurLigne.class.php::update_total", LOG_DEBUG);
diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php
index 3eaed8d27b8..b08d9237c63 100644
--- a/htdocs/fourn/class/fournisseur.product.class.php
+++ b/htdocs/fourn/class/fournisseur.product.class.php
@@ -164,7 +164,7 @@ class ProductFournisseur extends Product
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price";
- $sql .= " WHERE fk_product = ".$this->id." AND fk_soc = ".((int) $id_fourn);
+ $sql .= " WHERE fk_product = ".((int) $this->id)." AND fk_soc = ".((int) $id_fourn);
dol_syslog(get_class($this)."::remove_fournisseur", LOG_DEBUG);
$resql2 = $this->db->query($sql);
@@ -438,7 +438,7 @@ class ProductFournisseur extends Product
// Delete price for this quantity
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_fournisseur_price";
- $sql .= " WHERE fk_soc = ".$fourn->id." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".((float) $qty)." AND entity = ".$conf->entity;
+ $sql .= " WHERE fk_soc = ".((int) $fourn->id)." AND ref_fourn = '".$this->db->escape($ref_fourn)."' AND quantity = ".((float) $qty)." AND entity = ".((int) $conf->entity);
$resql = $this->db->query($sql);
if ($resql) {
// Add price for this quantity to supplier
@@ -459,7 +459,7 @@ class ProductFournisseur extends Product
$sql .= " ".((int) $fourn->id).",";
$sql .= " '".$this->db->escape($ref_fourn)."',";
$sql .= " '".$this->db->escape($desc_fourn)."',";
- $sql .= " ".$user->id.",";
+ $sql .= " ".((int) $user->id).",";
$sql .= " ".price2num($buyprice).",";
$sql .= " ".((float) $qty).",";
$sql .= " ".((float) $remise_percent).",";
diff --git a/htdocs/fourn/class/paiementfourn.class.php b/htdocs/fourn/class/paiementfourn.class.php
index 28ef8025a98..fa58139b7e7 100644
--- a/htdocs/fourn/class/paiementfourn.class.php
+++ b/htdocs/fourn/class/paiementfourn.class.php
@@ -201,8 +201,8 @@ class PaiementFourn extends Paiement
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'paiementfourn (';
$sql .= 'ref, entity, datec, datep, amount, multicurrency_amount, fk_paiement, num_paiement, note, fk_user_author, fk_bank)';
- $sql .= " VALUES ('".$this->db->escape($ref)."', ".$conf->entity.", '".$this->db->idate($now)."',";
- $sql .= " '".$this->db->idate($this->datepaye)."', '".$total."', '".$mtotal."', ".$this->paiementid.", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note_private)."', ".$user->id.", 0)";
+ $sql .= " VALUES ('".$this->db->escape($ref)."', ".((int) $conf->entity).", '".$this->db->idate($now)."',";
+ $sql .= " '".$this->db->idate($this->datepaye)."', ".((float) $total).", ".((float) $mtotal).", ".((int) $this->paiementid).", '".$this->db->escape($this->num_payment)."', '".$this->db->escape($this->note_private)."', ".((int) $user->id).", 0)";
$resql = $this->db->query($sql);
if ($resql) {
@@ -214,7 +214,7 @@ class PaiementFourn extends Paiement
if (is_numeric($amount) && $amount <> 0) {
$amount = price2num($amount);
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'paiementfourn_facturefourn (fk_facturefourn, fk_paiementfourn, amount, multicurrency_amount)';
- $sql .= ' VALUES ('.$facid.','.$this->id.',\''.$amount.'\', \''.$this->multicurrency_amounts[$key].'\')';
+ $sql .= " VALUES (".((int) $facid).", ".((int) $this->id).", ".((float) $amount).', '.((float) $this->multicurrency_amounts[$key]).')';
$resql = $this->db->query($sql);
if ($resql) {
$invoice = new FactureFournisseur($this->db);
@@ -398,11 +398,11 @@ class PaiementFourn extends Paiement
// Efface la ligne de paiement (dans paiement_facture et paiement)
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn';
- $sql .= ' WHERE fk_paiementfourn = '.$this->id;
+ $sql .= ' WHERE fk_paiementfourn = '.((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX.'paiementfourn';
- $sql .= ' WHERE rowid = '.$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$result = $this->db->query($sql);
if (!$result) {
$this->error = $this->db->error();
@@ -484,16 +484,16 @@ class PaiementFourn extends Paiement
/**
* Return list of supplier invoices the payment point to
*
- * @param string $filter SQL filter
+ * @param string $filter SQL filter. Warning: This value must not come from a user input.
* @return array Array of supplier invoice id
*/
public function getBillsArray($filter = '')
{
$sql = 'SELECT fk_facturefourn';
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf, '.MAIN_DB_PREFIX.'facture_fourn as f';
- $sql .= ' WHERE pf.fk_facturefourn = f.rowid AND fk_paiementfourn = '.$this->id;
+ $sql .= ' WHERE pf.fk_facturefourn = f.rowid AND fk_paiementfourn = '.((int) $this->id);
if ($filter) {
- $sql .= ' AND '.$filter;
+ $sql .= " AND ".$filter;
}
dol_syslog(get_class($this).'::getBillsArray', LOG_DEBUG);
diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php
index 6ea356e189e..6f4a591e567 100644
--- a/htdocs/fourn/commande/card.php
+++ b/htdocs/fourn/commande/card.php
@@ -243,9 +243,9 @@ if (empty($reshook)) {
// Update supplier
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur';
- $sql .= ' SET fk_soc='.$new_socid;
- $sql .= ' WHERE fk_soc='.$object->thirdparty->id;
- $sql .= ' AND rowid='.$object->id;
+ $sql .= ' SET fk_soc = '.((int) $new_socid);
+ $sql .= ' WHERE fk_soc = '.((int) $object->thirdparty->id);
+ $sql .= ' AND rowid = '.((int) $object->id);
$res = $db->query($sql);
@@ -258,8 +258,8 @@ if (empty($reshook)) {
foreach ($object->lines as $l) {
$sql = 'SELECT price, unitprice, tva_tx, ref_fourn';
$sql .= ' FROM '.MAIN_DB_PREFIX.'product_fournisseur_price';
- $sql .= ' WHERE fk_product='.$l->fk_product;
- $sql .= ' AND fk_soc='.$new_socid;
+ $sql .= ' WHERE fk_product = '.((int) $l->fk_product);
+ $sql .= ' AND fk_soc = '.((int) $new_socid);
$sql .= ' ORDER BY unitprice ASC';
$resql = $db->query($sql);
@@ -337,14 +337,14 @@ if (empty($reshook)) {
// Currently the "Re-open" also remove the billed flag because there is no button "Set unpaid" yet.
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur';
$sql .= ' SET billed = 0';
- $sql .= ' WHERE rowid = '.$object->id;
+ $sql .= ' WHERE rowid = '.((int) $object->id);
$resql = $db->query($sql);
if ($newstatus == 0) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.'commande_fournisseur';
$sql .= ' SET fk_user_approve = null, fk_user_approve2 = null, date_approve = null, date_approve2 = null';
- $sql .= ' WHERE rowid = '.$object->id;
+ $sql .= ' WHERE rowid = '.((int) $object->id);
$resql = $db->query($sql);
}
@@ -1617,7 +1617,7 @@ if ($action == 'create') {
print '
';
if ($societe->id > 0) {
- print $societe->getNomUrl(1);
+ print $societe->getNomUrl(1, 'supplier');
print '';
} else {
print img_picto('', 'company').$form->select_company((empty($socid) ? '' : $socid), 'socid', 's.fournisseur=1', 'SelectThirdParty', 0, 0, null, 0, 'minwidth300');
@@ -1743,7 +1743,7 @@ if ($action == 'create') {
print '';
$newclassname = $classname;
- print ' | | '.$langs->trans($newclassname).' | '.$objectsrc->getNomUrl(1).' |
';
+ print '
| '.$langs->trans($newclassname).' | '.$objectsrc->getNomUrl(1, 'supplier').' |
';
print '
| '.$langs->trans('AmountHT').' | '.price($objectsrc->total_ht).' |
';
print '
| '.$langs->trans('AmountVAT').' | '.price($objectsrc->total_tva)." |
";
if ($mysoc->localtax1_assuj == "1" || $objectsrc->total_localtax1 != 0) { // Localtax1 RE
@@ -1966,7 +1966,7 @@ if ($action == 'create') {
if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && $object->statut == CommandeFournisseur::STATUS_DRAFT) {
$morehtmlref .= '
'.img_edit($langs->transnoentitiesnoconv('SetThirdParty')).'';
}
- $morehtmlref .= ' : '.$object->thirdparty->getNomUrl(1);
+ $morehtmlref .= ' : '.$object->thirdparty->getNomUrl(1, 'supplier');
if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) {
$morehtmlref .= ' (
'.$langs->trans("OtherOrders").')';
}
@@ -2189,7 +2189,7 @@ if ($action == 'create') {
$usehourmin = 1;
}
print $form->selectDate($object->delivery_date ? $object->delivery_date : -1, 'liv_', $usehourmin, $usehourmin, '', "setdate_livraison");
- print '
';
+ print '
';
print '';
} else {
$usehourmin = 'day';
@@ -2724,7 +2724,7 @@ if ($action == 'create') {
print '
| '.$langs->trans("Password").' | |
';
//Submit button
print '
';
- print '';
+ print '';
print ' ';
//Cancel button
print '';
@@ -2843,7 +2843,7 @@ if ($action == 'create') {
if ($error_occurred) {
print "
".$langs->trans("ErrorOccurredReviseAndRetry")."
";
} else {
- print '';
+ print '';
print ' ';
}
print '';
diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php
index 09588389cb1..ead05251920 100644
--- a/htdocs/fourn/commande/dispatch.php
+++ b/htdocs/fourn/commande/dispatch.php
@@ -341,11 +341,11 @@ if ($action == 'dispatch' && $user->rights->fournisseur->commande->receptionner)
if (GETPOSTISSET($saveprice)) {
// TODO Use class
$sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price";
- $sql .= " SET unitprice='".GETPOST($pu)."'";
- $sql .= ", price=".GETPOST($pu)."*quantity";
- $sql .= ", remise_percent='".(!empty($dto) ? $dto : 0)."'";
- $sql .= " WHERE fk_soc=".$object->socid;
- $sql .= " AND fk_product=".GETPOST($prod, 'int');
+ $sql .= " SET unitprice = ".price2num(GETPOST($pu), 'MU', 2);
+ $sql .= ", price = ".price2num(GETPOST($pu), 'MU', 2)." * quantity";
+ $sql .= ", remise_percent = ".price2num((empty($dto) ? 0 : $dto), 3, 2)."'";
+ $sql .= " WHERE fk_soc = ".((int) $object->socid);
+ $sql .= " AND fk_product=".((int) GETPOST($prod, 'int'));
$resql = $db->query($sql);
}
@@ -653,7 +653,7 @@ if ($id > 0 || !empty($ref)) {
$sql = "SELECT l.rowid, cfd.fk_product, sum(cfd.qty) as qty";
$sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as cfd";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_fournisseurdet as l on l.rowid = cfd.fk_commandefourndet";
- $sql .= " WHERE cfd.fk_commande = ".$object->id;
+ $sql .= " WHERE cfd.fk_commande = ".((int) $object->id);
$sql .= " GROUP BY l.rowid, cfd.fk_product";
$resql = $db->query($sql);
@@ -689,7 +689,7 @@ if ($id > 0 || !empty($ref)) {
$sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as l";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON l.fk_product=p.rowid";
- $sql .= " WHERE l.fk_commande = ".$object->id;
+ $sql .= " WHERE l.fk_commande = ".((int) $object->id);
if (empty($conf->global->STOCK_SUPPORTS_SERVICES)) {
$sql .= " AND l.product_type = 0";
}
@@ -1113,7 +1113,7 @@ if ($id > 0 || !empty($ref)) {
if ($conf->reception->enabled) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."reception as r ON cfd.fk_reception = r.rowid";
}
- $sql .= " WHERE cfd.fk_commande = ".$object->id;
+ $sql .= " WHERE cfd.fk_commande = ".((int) $object->id);
$sql .= " AND cfd.fk_product = p.rowid";
$sql .= " ORDER BY cfd.rowid ASC";
diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php
index 866063382bb..b4956ea706f 100644
--- a/htdocs/fourn/commande/index.php
+++ b/htdocs/fourn/commande/index.php
@@ -73,7 +73,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE cf.fk_soc = s.rowid";
$sql .= " AND cf.entity IN (".getEntity('supplier_order').")";
if ($user->socid) {
- $sql .= ' AND cf.fk_soc = '.$user->socid;
+ $sql .= ' AND cf.fk_soc = '.((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php
index a5d0382dbdc..ef39e7502f6 100644
--- a/htdocs/fourn/commande/list.php
+++ b/htdocs/fourn/commande/list.php
@@ -653,7 +653,7 @@ $sql .= " u.firstname, u.lastname, u.photo, u.login, u.email as user_email, u.st
// Add fields from extrafields
if (!empty($extrafields->attributes[$object->table_element]['label'])) {
foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) {
- $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : '');
+ $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : '');
}
}
// Add fields from hooks
@@ -769,7 +769,7 @@ if ($search_total_ttc != '') {
$sql .= natural_search('cf.total_ttc', $search_total_ttc, 1);
}
if ($search_multicurrency_code != '') {
- $sql .= ' AND cf.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"';
+ $sql .= " AND cf.multicurrency_code = '".$db->escape($search_multicurrency_code)."'";
}
if ($search_multicurrency_tx != '') {
$sql .= natural_search('cf.multicurrency_tx', $search_multicurrency_tx, 1);
diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php
index ae0d306b2cd..582caa3338a 100644
--- a/htdocs/fourn/facture/card.php
+++ b/htdocs/fourn/facture/card.php
@@ -578,7 +578,7 @@ if (empty($reshook)) {
$sql = 'SELECT SUM(pf.amount) as total_paiements';
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf, '.MAIN_DB_PREFIX.'paiementfourn as p';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id AND c.entity IN ('.getEntity('c_paiement').')';
- $sql .= ' WHERE pf.fk_facturefourn = '.$object->id;
+ $sql .= ' WHERE pf.fk_facturefourn = '.((int) $object->id);
$sql .= ' AND pf.fk_paiementfourn = p.rowid';
$sql .= ' AND p.entity IN ('.getEntity('invoice').')';
@@ -595,7 +595,7 @@ if (empty($reshook)) {
$sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,";
$sql .= " re.description, re.fk_invoice_supplier_source";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re";
- $sql .= " WHERE fk_invoice_supplier = ".$object->id;
+ $sql .= " WHERE fk_invoice_supplier = ".((int) $object->id);
$resql = $db->query($sql);
if (!empty($resql)) {
while ($obj = $db->fetch_object($resql)) {
@@ -1927,7 +1927,7 @@ if ($action == 'create') {
if ($societe->id > 0) {
$absolute_discount = $societe->getAvailableDiscounts('', '', 0, 1);
- print $societe->getNomUrl(1);
+ print $societe->getNomUrl(1, 'supplier');
print '';
} else {
print img_picto('', 'company').$form->select_company($societe->id, 'socid', 's.fournisseur=1', 'SelectThirdParty', 0, 0, null, 0, 'minwidth300 widthcentpercentminusxx');
@@ -2629,7 +2629,7 @@ if ($action == 'create') {
$morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', 0, 1);
$morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', null, null, '', 1);
// Thirdparty
- $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1);
+ $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1, 'supplier');
if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) {
$morehtmlref .= ' ('.$langs->trans("OtherBills").')';
}
@@ -3018,7 +3018,7 @@ if ($action == 'create') {
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement as c ON p.fk_paiement = c.id';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf ON pf.fk_paiementfourn = p.rowid';
- $sql .= ' WHERE pf.fk_facturefourn = '.$object->id;
+ $sql .= ' WHERE pf.fk_facturefourn = '.((int) $object->id);
$sql .= ' ORDER BY p.datep, p.tms';
$result = $db->query($sql);
@@ -3132,11 +3132,10 @@ if ($action == 'create') {
$creditnoteamount = 0;
$depositamount = 0;
-
$sql = "SELECT re.rowid, re.amount_ht, re.amount_tva, re.amount_ttc,";
$sql .= " re.description, re.fk_invoice_supplier_source";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as re";
- $sql .= " WHERE fk_invoice_supplier = ".$object->id;
+ $sql .= " WHERE fk_invoice_supplier = ".((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
@@ -3232,19 +3231,21 @@ if ($action == 'create') {
}
print '';
print ' | ';
- print ''.price($resteapayeraffiche).' | ';
+ print ''.price($resteapayeraffiche).' | |
';
// Remainder to pay Multicurrency
if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) {
print '
| ';
print '';
- print $langs->trans('MulticurrencyRemainderToPay');
+ if ($resteapayeraffiche <= 0) {
+ print $langs->trans('RemainderToPayBackMulticurrency');
+ } else {
+ print $langs->trans('ExcessPaidMulticurrency');
+ }
print '';
print ' | ';
- print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).' | ';
+ print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($object->multicurrency_tx*$resteapayeraffiche, 'MT')).' | |
';
}
-
- print '
| ';
} else // Credit note
{
$cssforamountpaymentcomplete = 'amountpaymentneutral';
@@ -3267,8 +3268,21 @@ if ($action == 'create') {
}
print '';
print '';
- print '
'.price($sign * $resteapayeraffiche).' | ';
- print '
| ';
+ print '
'.price($sign * $resteapayeraffiche).' | | ';
+
+ // Remainder to pay back Multicurrency
+ if ($object->multicurrency_code != $conf->currency || $object->multicurrency_tx != 1) {
+ print '
| ';
+ print '';
+ if ($resteapayeraffiche <= 0) {
+ print $langs->trans('RemainderToPayBackMulticurrency');
+ } else {
+ print $langs->trans('ExcessPaidMulticurrency');
+ }
+ print '';
+ print ' | ';
+ print ''.(!empty($object->multicurrency_code) ? $object->multicurrency_code : $conf->currency).' '.price(price2num($sign * $object->multicurrency_tx * $resteapayeraffiche, 'MT')).' | |
';
+ }
// Sold credit note
// print '
| '.$langs->trans('TotalTTC').' : | ';
diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php
index 0d34a3790df..358b1c59c1b 100644
--- a/htdocs/fourn/facture/list.php
+++ b/htdocs/fourn/facture/list.php
@@ -344,7 +344,7 @@ if (empty($reshook)) {
$rsql .= " , u.rowid as user_id, u.lastname, u.firstname, u.login";
$rsql .= " FROM ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd";
$rsql .= " , ".MAIN_DB_PREFIX."user as u";
- $rsql .= " WHERE fk_facture_fourn = ".$objecttmp->id;
+ $rsql .= " WHERE fk_facture_fourn = ".((int) $objecttmp->id);
$rsql .= " AND pfd.fk_user_demande = u.rowid";
$rsql .= " AND pfd.traite = 0";
$rsql .= " ORDER BY pfd.date_demande DESC";
@@ -430,7 +430,7 @@ if (!$search_all) {
// Add fields from extrafields
if (!empty($extrafields->attributes[$object->table_element]['label'])) {
foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) {
- $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : '');
+ $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : '');
}
}
// Add fields from hooks
@@ -549,7 +549,7 @@ if ($search_montant_ttc != '') {
$sql .= natural_search('f.total_ttc', $search_montant_ttc, 1);
}
if ($search_multicurrency_code != '') {
- $sql .= ' AND f.multicurrency_code = "'.$db->escape($search_multicurrency_code).'"';
+ $sql .= " AND f.multicurrency_code = '".$db->escape($search_multicurrency_code)."'";
}
if ($search_multicurrency_tx != '') {
$sql .= natural_search('f.multicurrency_tx', $search_multicurrency_tx, 1);
@@ -606,7 +606,7 @@ if ($filter && $filter != -1) {
$aFilter = explode(',', $filter);
foreach ($aFilter as $fil) {
$filt = explode(':', $fil);
- $sql .= ' AND '.$db->escape(trim($filt[0]))." = '".$db->escape(trim($filt[1]))."'";
+ $sql .= " AND ".$db->escape(trim($filt[0]))." = '".$db->escape(trim($filt[1]))."'";
}
}
if ($search_sale > 0) {
@@ -655,7 +655,7 @@ if (!$search_all) {
// Add HAVING from hooks
$parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListHaving', $parameters, $object); // Note that $action and $object may have been modified by hook
-$sql .= !empty($hookmanager->resPrint) ? (' HAVING 1=1 ' . $hookmanager->resPrint) : '';
+$sql .= !empty($hookmanager->resPrint) ? (" HAVING 1=1 " . $hookmanager->resPrint) : "";
$sql .= $db->order($sortfield, $sortorder);
diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php
index f0967453701..fcbfdcf7b45 100644
--- a/htdocs/fourn/facture/paiement.php
+++ b/htdocs/fourn/facture/paiement.php
@@ -10,6 +10,7 @@
* Copyright (C) 2015 Juanjo Menent
* Copyright (C) 2017 Alexandre Spangaro
* Copyright (C) 2018-2020 Frédéric France
+ * Copyright (C) 2021 Charlene Benke
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -291,8 +292,6 @@ if (empty($reshook)) {
$paiement->num_payment = GETPOST('num_paiement', 'alphanohtml');
$paiement->note_private = GETPOST('comment', 'alpha');
- $paiement->num_payment = $paiement->num_payment;
- $paiement->note_private = $paiement->note_private;
if (!$error) {
$paiement_id = $paiement->create($user, (GETPOST('closepaidinvoices') == 'on' ? 1 : 0), $thirdparty);
@@ -510,8 +509,8 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
$sql .= ' SUM(pf.amount) as am, SUM(pf.multicurrency_amount) as multicurrency_am';
$sql .= ' FROM '.MAIN_DB_PREFIX.'facture_fourn as f';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf ON pf.fk_facturefourn = f.rowid';
- $sql .= " WHERE f.entity = ".$conf->entity;
- $sql .= ' AND f.fk_soc = '.$object->socid;
+ $sql .= " WHERE f.entity = ".((int) $conf->entity);
+ $sql .= ' AND f.fk_soc = '.((int) $object->socid);
$sql .= ' AND f.paye = 0';
$sql .= ' AND f.fk_statut = 1'; // Status=0 => unvalidated, Status=2 => canceled
if ($object->type != FactureFournisseur::TYPE_CREDIT_NOTE) {
diff --git a/htdocs/fourn/paiement/card.php b/htdocs/fourn/paiement/card.php
index ccc29105e4f..708fa266f0a 100644
--- a/htdocs/fourn/paiement/card.php
+++ b/htdocs/fourn/paiement/card.php
@@ -259,7 +259,7 @@ if ($result > 0) {
$sql .= ' pf.amount, s.nom as name, s.rowid as socid';
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn_facturefourn as pf,'.MAIN_DB_PREFIX.'facture_fourn as f,'.MAIN_DB_PREFIX.'societe as s';
$sql .= ' WHERE pf.fk_facturefourn = f.rowid AND f.fk_soc = s.rowid';
- $sql .= ' AND pf.fk_paiementfourn = '.$object->id;
+ $sql .= ' AND pf.fk_paiementfourn = '.((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
diff --git a/htdocs/fourn/paiement/list.php b/htdocs/fourn/paiement/list.php
index f02c872fb0e..8534ad8bac1 100644
--- a/htdocs/fourn/paiement/list.php
+++ b/htdocs/fourn/paiement/list.php
@@ -192,7 +192,7 @@ if (!$user->rights->societe->client->voir) {
$sql .= ' WHERE f.entity = '.$conf->entity;
if (!$user->rights->societe->client->voir) {
- $sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.$user->id;
+ $sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.((int) $user->id);
}
if ($socid > 0) {
$sql .= ' AND f.fk_soc = '.((int) $socid);
diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php
index 41af59a751b..ec7b4c463b6 100644
--- a/htdocs/holiday/class/holiday.class.php
+++ b/htdocs/holiday/class/holiday.class.php
@@ -719,7 +719,7 @@ class Holiday extends CommonObject
$error++;
}
$sql .= " ref = '".$this->db->escape($num)."'";
- $sql .= " WHERE rowid= ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$this->db->begin();
@@ -828,7 +828,7 @@ class Holiday extends CommonObject
} else {
$sql .= " detail_refuse = NULL";
}
- $sql .= " WHERE rowid= ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$this->db->begin();
@@ -937,7 +937,7 @@ class Holiday extends CommonObject
$sql .= " detail_refuse = NULL";
}
- $sql .= " WHERE rowid= ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$this->db->begin();
diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php
index 334f68da404..6aecff5eac0 100644
--- a/htdocs/holiday/list.php
+++ b/htdocs/holiday/list.php
@@ -296,7 +296,7 @@ $sql .= " ua.photo as validator_photo";
// Add fields from extrafields
if (!empty($extrafields->attributes[$object->table_element]['label'])) {
foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) {
- $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : '');
+ $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : '');
}
}
// Add fields from hooks
diff --git a/htdocs/hrm/admin/admin_hrm.php b/htdocs/hrm/admin/admin_hrm.php
index 455035a6b53..810c0da870d 100644
--- a/htdocs/hrm/admin/admin_hrm.php
+++ b/htdocs/hrm/admin/admin_hrm.php
@@ -117,7 +117,7 @@ print "\n";
print dol_get_fiche_end();
-print '';
+print '';
print '';
diff --git a/htdocs/hrm/class/establishment.class.php b/htdocs/hrm/class/establishment.class.php
index 2cac4a1352b..d26a10a923a 100644
--- a/htdocs/hrm/class/establishment.class.php
+++ b/htdocs/hrm/class/establishment.class.php
@@ -231,7 +231,7 @@ class Establishment extends CommonObject
$this->id = $this->db->last_insert_id(MAIN_DB_PREFIX.'establishment');
$sql = 'UPDATE '.MAIN_DB_PREFIX."establishment SET ref = '".$this->db->escape($this->id)."'";
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$this->db->query($sql);
$this->db->commit();
@@ -269,7 +269,7 @@ class Establishment extends CommonObject
$sql .= ", entity = ".((int) $this->entity);
$sql .= " WHERE rowid = ".((int) $this->id);
- dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG);
+ dol_syslog(get_class($this)."::update", LOG_DEBUG);
$result = $this->db->query($sql);
if ($result) {
$this->db->commit();
diff --git a/htdocs/install/lib/repair.lib.php b/htdocs/install/lib/repair.lib.php
index bd54e55ebde..aa0866fac69 100644
--- a/htdocs/install/lib/repair.lib.php
+++ b/htdocs/install/lib/repair.lib.php
@@ -88,7 +88,7 @@ function checkLinkedElements($sourcetype, $targettype)
$out = $langs->trans('SourceType').': '.$sourcetype.' => '.$langs->trans('TargetType').': '.$targettype.' ';
$sql = 'SELECT rowid, fk_source, fk_target FROM '.MAIN_DB_PREFIX.'element_element';
- $sql .= ' WHERE sourcetype="'.$sourcetype.'" AND targettype="'.$targettype.'"';
+ $sql .= " WHERE sourcetype='".$db->escape($sourcetype)."' AND targettype='".$db->escape($targettype)."'";
$resql = $db->query($sql);
if ($resql) {
$num = $db->num_rows($resql);
diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php
index 5cfe9f66846..8160f6e89b8 100644
--- a/htdocs/install/repair.php
+++ b/htdocs/install/repair.php
@@ -929,7 +929,7 @@ if ($ok && GETPOST('clean_product_stock_batch', 'alpha')) {
// TODO If it fails, we must make update
//$sql2 ="UPDATE ".MAIN_DB_PREFIX."product_batch";
//$sql2.=" SET ".$obj->psrowid.", '000000', ".($obj->reel - $obj->reelbatch).")";
- //$sql2.=" WHERE fk_product_stock = ".$obj->psrowid"
+ //$sql2.=" WHERE fk_product_stock = ".((int) $obj->psrowid)
}
}
}
@@ -1236,7 +1236,7 @@ if ($ok && GETPOST('force_utf8_on_tables', 'alpha')) {
print '| ';
print $table;
- $sql = 'ALTER TABLE '.$table.' CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci';
+ $sql = "ALTER TABLE ".$table." CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci";
print '';
if ($force_utf8_on_tables == 'confirmed') {
$resql = $db->query($sql);
@@ -1282,8 +1282,8 @@ if ($ok && GETPOST('force_utf8mb4_on_tables', 'alpha')) {
print ' |
| ';
print $table;
- $sql1 = 'ALTER TABLE '.$table.' ROW_FORMAT=dynamic;';
- $sql2 = 'ALTER TABLE '.$table.' CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci';
+ $sql1 = "ALTER TABLE ".$table." ROW_FORMAT=dynamic";
+ $sql2 = "ALTER TABLE ".$table." CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci";
print '';
print '';
if ($force_utf8mb4_on_tables == 'confirmed') {
@@ -1407,25 +1407,25 @@ if ($ok && GETPOST('repair_link_dispatch_lines_supplier_order_lines')) {
$first_iteration = false;
} else {
$sql_attach_values = array(
- $obj_dispatch->fk_commande,
- $obj_dispatch->fk_product,
- $obj_line->rowid,
- $qty_for_line,
- $obj_dispatch->fk_entrepot,
- $obj_dispatch->fk_user,
- $obj_dispatch->datec ? '"'.$db->escape($obj_dispatch->datec).'"' : 'NULL',
- $obj_dispatch->comment ? '"'.$db->escape($obj_dispatch->comment).'"' : 'NULL',
- $obj_dispatch->status ?: 'NULL',
- $obj_dispatch->tms ? '"'.$db->escape($obj_dispatch->tms).'"' : 'NULL',
- $obj_dispatch->batch ?: 'NULL',
- $obj_dispatch->eatby ? '"'.$db->escape($obj_dispatch->eatby).'"' : 'NULL',
- $obj_dispatch->sellby ? '"'.$db->escape($obj_dispatch->sellby).'"' : 'NULL'
+ ((int) $obj_dispatch->fk_commande),
+ ((int) $obj_dispatch->fk_product),
+ ((int) $obj_line->rowid),
+ ((float) $qty_for_line),
+ ((int) $obj_dispatch->fk_entrepot),
+ ((int) $obj_dispatch->fk_user),
+ $obj_dispatch->datec ? "'".$db->idate($db->jdate($obj_dispatch->datec))."'" : 'NULL',
+ $obj_dispatch->comment ? "'".$db->escape($obj_dispatch->comment)."'" : 'NULL',
+ $obj_dispatch->status ? ((int) $obj_dispatch->status) : 'NULL',
+ $obj_dispatch->tms ? "'".$db->idate($db->jdate($obj_dispatch->tms))."'" : 'NULL',
+ $obj_dispatch->batch ? "'".$db->escape($obj_dispatch->batch)."'" : 'NULL',
+ $obj_dispatch->eatby ? "'".$db->escape($obj_dispatch->eatby)."'" : 'NULL',
+ $obj_dispatch->sellby ? "'".$db->escape($obj_dispatch->sellby)."'" : 'NULL'
);
$sql_attach_values = join(', ', $sql_attach_values);
$sql_attach = 'INSERT INTO '.MAIN_DB_PREFIX.'commande_fournisseur_dispatch';
$sql_attach .= ' (fk_commande, fk_product, fk_commandefourndet, qty, fk_entrepot, fk_user, datec, comment, status, tms, batch, eatby, sellby)';
- $sql_attach .= ' VALUES ('.$sql_attach_values.')';
+ $sql_attach .= " VALUES (".$sql_attach_values.")";
}
if ($repair_link_dispatch_lines_supplier_order_lines == 'confirmed') {
diff --git a/htdocs/install/step5.php b/htdocs/install/step5.php
index 0958ef7bb3b..b434612afcd 100644
--- a/htdocs/install/step5.php
+++ b/htdocs/install/step5.php
@@ -234,7 +234,7 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) {
// Insert MAIN_VERSION_FIRST_INSTALL in a dedicated transaction. So if it fails (when first install was already done), we can do other following requests.
$db->begin();
dolibarr_install_syslog('step5: set MAIN_VERSION_FIRST_INSTALL const to '.$targetversion, LOG_DEBUG);
- $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_FIRST_INSTALL', 1).",".$db->encrypt($targetversion, 1).",'chaine',0,'Dolibarr version when first install',0)");
+ $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name, value, type, visible, note, entity) values('".$db->escape($db->encrypt('MAIN_VERSION_FIRST_INSTALL'))."', '".$db->escape($db->encrypt($targetversion))."', 'chaine', 0, 'Dolibarr version when first install', 0)");
if ($resql) {
$conf->global->MAIN_VERSION_FIRST_INSTALL = $targetversion;
$db->commit();
@@ -246,11 +246,11 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) {
$db->begin();
dolibarr_install_syslog('step5: set MAIN_VERSION_LAST_INSTALL const to '.$targetversion, LOG_DEBUG);
- $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')."='MAIN_VERSION_LAST_INSTALL'");
+ $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')." = 'MAIN_VERSION_LAST_INSTALL'");
if (!$resql) {
dol_print_error($db, 'Error in setup program');
}
- $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_LAST_INSTALL', 1).",".$db->encrypt($targetversion, 1).",'chaine',0,'Dolibarr version when last install',0)");
+ $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values('".$db->escape($db->encrypt('MAIN_VERSION_LAST_INSTALL'))."', '".$db->escape($db->encrypt($targetversion))."', 'chaine', 0, 'Dolibarr version when last install', 0)");
if (!$resql) {
dol_print_error($db, 'Error in setup program');
}
@@ -258,11 +258,11 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) {
if ($useforcedwizard) {
dolibarr_install_syslog('step5: set MAIN_REMOVE_INSTALL_WARNING const to 1', LOG_DEBUG);
- $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')."='MAIN_REMOVE_INSTALL_WARNING'");
+ $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')." = 'MAIN_REMOVE_INSTALL_WARNING'");
if (!$resql) {
dol_print_error($db, 'Error in setup program');
}
- $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_REMOVE_INSTALL_WARNING', 1).",".$db->encrypt(1, 1).",'chaine',1,'Disable install warnings',0)");
+ $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) values('".$db->escape($db->encrypt('MAIN_REMOVE_INSTALL_WARNING'))."', '".$db->escape($db->encrypt(1))."', 'chaine', 1, 'Disable install warnings', 0)");
if (!$resql) {
dol_print_error($db, 'Error in setup program');
}
@@ -326,11 +326,11 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) {
if ($tagdatabase) {
dolibarr_install_syslog('step5: set MAIN_VERSION_LAST_UPGRADE const to value '.$targetversion);
- $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')."='MAIN_VERSION_LAST_UPGRADE'");
+ $resql = $db->query("DELETE FROM ".MAIN_DB_PREFIX."const WHERE ".$db->decrypt('name')." = 'MAIN_VERSION_LAST_UPGRADE'");
if (!$resql) {
dol_print_error($db, 'Error in setup program');
}
- $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) VALUES (".$db->encrypt('MAIN_VERSION_LAST_UPGRADE', 1).",".$db->encrypt($targetversion, 1).",'chaine',0,'Dolibarr version for last upgrade',0)");
+ $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name, value, type, visible, note, entity) VALUES ('".$db->escape($db->encrypt('MAIN_VERSION_LAST_UPGRADE'))."', '".$db->escape($db->encrypt($targetversion))."', 'chaine', 0, 'Dolibarr version for last upgrade', 0)");
if (!$resql) {
dol_print_error($db, 'Error in setup program');
}
@@ -346,7 +346,7 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i', $action)) {
}
// May fail if parameter already defined
- $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) VALUES (".$db->encrypt('MAIN_LANG_DEFAULT', 1).",".$db->encrypt($setuplang, 1).",'chaine',0,'Default language',1)");
+ $resql = $db->query("INSERT INTO ".MAIN_DB_PREFIX."const(name,value,type,visible,note,entity) VALUES ('".$db->escape($db->encrypt('MAIN_LANG_DEFAULT'))."', '".$db->escape($db->encrypt($setuplang))."', 'chaine', 0, 'Default language', 1)");
//if (! $resql) dol_print_error($db,'Error in setup program');
$db->close();
diff --git a/htdocs/install/upgrade.php b/htdocs/install/upgrade.php
index e349317b0c4..129ee9d7827 100644
--- a/htdocs/install/upgrade.php
+++ b/htdocs/install/upgrade.php
@@ -270,6 +270,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
$values = $db->fetch_array($resql);
$i = 0;
$createsql = $values[1];
+ $reg = array();
while (preg_match('/CONSTRAINT `(0_[0-9a-zA-Z]+|[_0-9a-zA-Z]+_ibfk_[0-9]+)`/i', $createsql, $reg) && $i < 100) {
$sqldrop = "ALTER TABLE ".$val." DROP FOREIGN KEY ".$reg[1];
$resqldrop = $db->query($sqldrop);
@@ -282,7 +283,7 @@ if (!GETPOST('action', 'aZ09') || preg_match('/upgrade/i', GETPOST('action', 'aZ
$db->free($resql);
} else {
if ($db->lasterrno() != 'DB_ERROR_NOSUCHTABLE') {
- print ' |
| '.$sql.' : '.$db->lasterror()." |
\n";
+ print '| '.dol_escape_htmltag($sql).' : '.dol_escape_htmltag($db->lasterror())." |
\n";
}
}
}
diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php
index de34a38e82c..368e05c5b04 100644
--- a/htdocs/install/upgrade2.php
+++ b/htdocs/install/upgrade2.php
@@ -692,7 +692,7 @@ function migrate_paiements($db, $langs, $conf)
$num = count($row);
for ($i = 0; $i < $num; $i++) {
$sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement_facture (fk_facture, fk_paiement, amount)";
- $sql .= " VALUES (".$row[$i][1].",".$row[$i][0].",".$row[$i][2].")";
+ $sql .= " VALUES (".((int) $row[$i][1]).",".((int) $row[$i][0]).",".((float) $row[$i][2]).")";
$res += $db->query($sql);
@@ -803,7 +803,7 @@ function migrate_paiements_orphelins_1($db, $langs, $conf)
$facid = $obj->rowid;
$sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement_facture (fk_facture, fk_paiement, amount)";
- $sql .= " VALUES (".((int) $facid).",".((int) $row[$i]['paymentid']).",".$row[$i]['pamount'].")";
+ $sql .= " VALUES (".((int) $facid).",".((int) $row[$i]['paymentid']).", ".((float) $row[$i]['pamount']).")";
$res += $db->query($sql);
@@ -914,7 +914,7 @@ function migrate_paiements_orphelins_2($db, $langs, $conf)
$facid = $obj->rowid;
$sql = "INSERT INTO ".MAIN_DB_PREFIX."paiement_facture (fk_facture, fk_paiement, amount)";
- $sql .= " VALUES (".((int) $facid).",".((int) $row[$i]['paymentid']).",".$row[$i]['pamount'].")";
+ $sql .= " VALUES (".((int) $facid).",".((int) $row[$i]['paymentid']).", ".((float) $row[$i]['pamount']).")";
$res += $db->query($sql);
@@ -1002,14 +1002,14 @@ function migrate_contracts_det($db, $langs, $conf)
$sql .= "date_ouverture_prevue, date_ouverture, date_fin_validite, tva_tx, qty,";
$sql .= "subprice, price_ht, fk_user_author, fk_user_ouverture)";
$sql .= " VALUES (";
- $sql .= $obj->cref.", ".($obj->fk_product ? $obj->fk_product : 0).", ";
+ $sql .= ((int) $obj->cref).", ".($obj->fk_product ? ((int) $obj->fk_product) : 0).", ";
$sql .= "0, ";
$sql .= "'".$db->escape($obj->label)."', null, ";
- $sql .= ($obj->date_contrat ? "'".$db->escape($obj->date_contrat)."'" : "null").", ";
+ $sql .= ($obj->date_contrat ? "'".$db->idate($db->jdate($obj->date_contrat))."'" : "null").", ";
$sql .= "null, ";
$sql .= "null, ";
- $sql .= "'".$db->escape($obj->tva_tx)."' , 1, ";
- $sql .= "'".$db->escape($obj->price)."', '".$db->escape($obj->price)."', ".$obj->fk_user_author.",";
+ $sql .= ((float) $obj->tva_tx).", 1, ";
+ $sql .= ((float) $obj->price).", ".((float) $obj->price).", ".((int) $obj->fk_user_author).",";
$sql .= "null";
$sql .= ")";
@@ -2020,7 +2020,7 @@ function migrate_commande_expedition($db, $langs, $conf)
$obj = $db->fetch_object($resql);
$sql = "INSERT INTO ".MAIN_DB_PREFIX."co_exp (fk_expedition,fk_commande)";
- $sql .= " VALUES (".$obj->rowid.",".$obj->fk_commande.")";
+ $sql .= " VALUES (".((int) $obj->rowid).", ".((int) $obj->fk_commande).")";
$resql2 = $db->query($sql);
if (!$resql2) {
@@ -2088,16 +2088,16 @@ function migrate_commande_livraison($db, $langs, $conf)
$obj = $db->fetch_object($resql);
$sql = "INSERT INTO ".MAIN_DB_PREFIX."co_liv (fk_livraison,fk_commande)";
- $sql .= " VALUES (".$obj->rowid.",".$obj->fk_commande.")";
+ $sql .= " VALUES (".((int) $obj->rowid).", ".((int) $obj->fk_commande).")";
$resql2 = $db->query($sql);
if ($resql2) {
$delivery_date = $db->jdate($obj->delivery_date);
$sqlu = "UPDATE ".MAIN_DB_PREFIX."livraison SET";
- $sqlu .= " ref_client='".$db->escape($obj->ref_client)."'";
- $sqlu .= ", date_livraison='".$db->idate($delivery_date)."'";
- $sqlu .= " WHERE rowid = ".$obj->rowid;
+ $sqlu .= " ref_client = '".$db->escape($obj->ref_client)."'";
+ $sqlu .= ", date_livraison = '".$db->idate($delivery_date)."'";
+ $sqlu .= " WHERE rowid = ".((int) $obj->rowid);
$resql3 = $db->query($sqlu);
if (!$resql3) {
$error++;
@@ -2170,11 +2170,11 @@ function migrate_detail_livraison($db, $langs, $conf)
$obj = $db->fetch_object($resql);
$sql = "UPDATE ".MAIN_DB_PREFIX."livraisondet SET";
- $sql .= " fk_product=".$obj->fk_product;
- $sql .= ",description='".$db->escape($obj->description)."'";
- $sql .= ",subprice='".$db->escape($obj->subprice)."'";
- $sql .= ",total_ht='".$db->escape($obj->total_ht)."'";
- $sql .= " WHERE fk_commande_ligne = ".$obj->rowid;
+ $sql .= " fk_product = ".((int) $obj->fk_product);
+ $sql .= ",description = '".$db->escape($obj->description)."'";
+ $sql .= ",subprice = ".price2num($obj->subprice);
+ $sql .= ",total_ht = ".price2num($obj->total_ht);
+ $sql .= " WHERE fk_commande_ligne = ".((int) $obj->rowid);
$resql2 = $db->query($sql);
if ($resql2) {
@@ -2188,8 +2188,8 @@ function migrate_detail_livraison($db, $langs, $conf)
$total_ht = $obju->total_ht + $obj->total_ht;
$sqlu = "UPDATE ".MAIN_DB_PREFIX."livraison SET";
- $sqlu .= " total_ht='".$db->escape($total_ht)."'";
- $sqlu .= " WHERE rowid=".$obj->fk_livraison;
+ $sqlu .= " total_ht = ".price2num($total_ht, 'MT');
+ $sqlu .= " WHERE rowid = ".((int) $obj->fk_livraison);
$resql4 = $db->query($sqlu);
if (!$resql4) {
$error++;
@@ -2266,8 +2266,8 @@ function migrate_stocks($db, $langs, $conf)
$obj = $db->fetch_object($resql);
$sql = "UPDATE ".MAIN_DB_PREFIX."product SET";
- $sql .= " stock = '".$db->escape($obj->total)."'";
- $sql .= " WHERE rowid=".$obj->fk_product;
+ $sql .= " stock = ".price2num($obj->total, 'MS');
+ $sql .= " WHERE rowid = ".((int) $obj->fk_product);
$resql2 = $db->query($sql);
if ($resql2) {
@@ -2330,7 +2330,7 @@ function migrate_menus($db, $langs, $conf)
$sql = "UPDATE ".MAIN_DB_PREFIX."menu SET";
$sql .= " enabled = '".$db->escape($obj->action)."'";
- $sql .= " WHERE rowid=".$obj->rowid;
+ $sql .= " WHERE rowid = ".((int) $obj->rowid);
$sql .= " AND enabled = '1'";
$resql2 = $db->query($sql);
@@ -2400,7 +2400,7 @@ function migrate_commande_deliveryaddress($db, $langs, $conf)
$sql = "UPDATE ".MAIN_DB_PREFIX."expedition SET";
$sql .= " fk_adresse_livraison = '".$db->escape($obj->fk_adresse_livraison)."'";
- $sql .= " WHERE rowid=".$obj->fk_expedition;
+ $sql .= " WHERE rowid = ".((int) $obj->fk_expedition);
$resql2 = $db->query($sql);
if (!$resql2) {
@@ -3049,7 +3049,7 @@ function migrate_shipping_delivery($db, $langs, $conf)
$result = $db->query($sqlInsert);
if ($result) {
$sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."livraison SET fk_expedition = NULL";
- $sqlUpdate .= " WHERE rowid = ".$obj->rowid;
+ $sqlUpdate .= " WHERE rowid = ".((int) $obj->rowid);
$result = $db->query($sqlUpdate);
if (!$result) {
@@ -3137,7 +3137,7 @@ function migrate_shipping_delivery2($db, $langs, $conf)
$sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."livraison SET";
$sqlUpdate .= " ref_customer = '".$db->escape($obj->ref_customer)."',";
$sqlUpdate .= " date_delivery = ".($obj->date_delivery ? "'".$db->escape($obj->date_delivery)."'" : 'null');
- $sqlUpdate .= " WHERE rowid = ".$obj->delivery_id;
+ $sqlUpdate .= " WHERE rowid = ".((int) $obj->delivery_id);
$result = $db->query($sqlUpdate);
if (!$result) {
@@ -3361,7 +3361,7 @@ function migrate_clean_association($db, $langs, $conf)
// And we insert only each record once
foreach ($couples as $key => $val) {
$sql = "INSERT INTO ".MAIN_DB_PREFIX."categorie_association(fk_categorie_mere,fk_categorie_fille)";
- $sql .= " VALUES(".$val['mere'].", ".$val['fille'].")";
+ $sql .= " VALUES(".((int) $val['mere']).", ".((int) $val['fille']).")";
dolibarr_install_syslog("upgrade: insert association");
$resqli = $db->query($sql);
if (!$resqli) {
@@ -3493,7 +3493,7 @@ function migrate_event_assignement($db, $langs, $conf)
$obj = $db->fetch_object($resql);
$sqlUpdate = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element) ";
- $sqlUpdate .= "VALUES(".$obj->id.", 'user', ".$obj->fk_user_action.")";
+ $sqlUpdate .= "VALUES(".((int) $obj->id).", 'user', ".((int) $obj->fk_user_action).")";
$result = $db->query($sqlUpdate);
if (!$result) {
@@ -3559,7 +3559,7 @@ function migrate_event_assignement_contact($db, $langs, $conf)
$obj = $db->fetch_object($resql);
$sqlUpdate = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm_resources(fk_actioncomm, element_type, fk_element) ";
- $sqlUpdate .= "VALUES(".$obj->id.", 'socpeople', ".$obj->fk_contact.")";
+ $sqlUpdate .= "VALUES(".((int) $obj->id).", 'socpeople', ".((int) $obj->fk_contact).")";
$result = $db->query($sqlUpdate);
if (!$result) {
@@ -3629,7 +3629,7 @@ function migrate_reset_blocked_log($db, $langs, $conf)
print 'Process entity '.$obj->entity;
- $sqlSearch = "SELECT count(rowid) as nb FROM ".MAIN_DB_PREFIX."blockedlog WHERE action = 'MODULE_SET' and entity = ".$obj->entity;
+ $sqlSearch = "SELECT count(rowid) as nb FROM ".MAIN_DB_PREFIX."blockedlog WHERE action = 'MODULE_SET' and entity = ".((int) $obj->entity);
$resqlSearch = $db->query($sqlSearch);
if ($resqlSearch) {
$objSearch = $db->fetch_object($resqlSearch);
@@ -3638,7 +3638,7 @@ function migrate_reset_blocked_log($db, $langs, $conf)
print ' - Record for entity must be reset...';
$sqlUpdate = "DELETE FROM ".MAIN_DB_PREFIX."blockedlog";
- $sqlUpdate .= " WHERE entity = ".$obj->entity;
+ $sqlUpdate .= " WHERE entity = ".((int) $obj->entity);
$resqlUpdate = $db->query($sqlUpdate);
if (!$resqlUpdate) {
$error++;
@@ -3725,7 +3725,7 @@ function migrate_remise_entity($db, $langs, $conf)
$sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."societe_remise SET";
$sqlUpdate .= " entity = ".$obj->entity;
- $sqlUpdate .= " WHERE rowid = ".$obj->rowid;
+ $sqlUpdate .= " WHERE rowid = ".((int) $obj->rowid);
$result = $db->query($sqlUpdate);
if (!$result) {
@@ -3810,8 +3810,8 @@ function migrate_remise_except_entity($db, $langs, $conf)
$obj2 = $db->fetch_object($resql2);
$sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."societe_remise_except SET";
- $sqlUpdate .= " entity = ".$obj2->entity;
- $sqlUpdate .= " WHERE rowid = ".$obj->rowid;
+ $sqlUpdate .= " entity = ".((int) $obj2->entity);
+ $sqlUpdate .= " WHERE rowid = ".((int) $obj->rowid);
$result = $db->query($sqlUpdate);
if (!$result) {
@@ -3880,8 +3880,8 @@ function migrate_user_rights_entity($db, $langs, $conf)
$obj = $db->fetch_object($resql);
$sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."user_rights SET";
- $sqlUpdate .= " entity = ".$obj->entity;
- $sqlUpdate .= " WHERE fk_user = ".$obj->rowid;
+ $sqlUpdate .= " entity = ".((int) $obj->entity);
+ $sqlUpdate .= " WHERE fk_user = ".((int) $obj->rowid);
$result = $db->query($sqlUpdate);
if (!$result) {
@@ -3945,8 +3945,8 @@ function migrate_usergroup_rights_entity($db, $langs, $conf)
$obj = $db->fetch_object($resql);
$sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."usergroup_rights SET";
- $sqlUpdate .= " entity = ".$obj->entity;
- $sqlUpdate .= " WHERE fk_usergroup = ".$obj->rowid;
+ $sqlUpdate .= " entity = ".((int) $obj->entity);
+ $sqlUpdate .= " WHERE fk_usergroup = ".((int) $obj->rowid);
$result = $db->query($sqlUpdate);
if (!$result) {
@@ -4605,7 +4605,7 @@ function migrate_users_socialnetworks()
$sqlupd .= ', googleplus=null';
$sqlupd .= ', youtube=null';
$sqlupd .= ', whatsapp=null';
- $sqlupd .= ' WHERE rowid='.$obj->rowid;
+ $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid);
//print $sqlupd."
";
$resqlupd = $db->query($sqlupd);
if (!$resqlupd) {
@@ -4696,7 +4696,7 @@ function migrate_members_socialnetworks()
$sqlupd .= ', googleplus=null';
$sqlupd .= ', youtube=null';
$sqlupd .= ', whatsapp=null';
- $sqlupd .= ' WHERE rowid='.$obj->rowid;
+ $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid);
//print $sqlupd."
";
$resqlupd = $db->query($sqlupd);
if (!$resqlupd) {
@@ -4791,7 +4791,7 @@ function migrate_contacts_socialnetworks()
$sqlupd .= ', googleplus=null';
$sqlupd .= ', youtube=null';
$sqlupd .= ', whatsapp=null';
- $sqlupd .= ' WHERE rowid='.$obj->rowid;
+ $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid);
//print $sqlupd."
";
$resqlupd = $db->query($sqlupd);
if (!$resqlupd) {
@@ -4881,7 +4881,7 @@ function migrate_thirdparties_socialnetworks()
$sqlupd .= ', googleplus=null';
$sqlupd .= ', youtube=null';
$sqlupd .= ', whatsapp=null';
- $sqlupd .= ' WHERE rowid='.$obj->rowid;
+ $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid);
//print $sqlupd."
";
$resqlupd = $db->query($sqlupd);
if (!$resqlupd) {
@@ -4945,7 +4945,7 @@ function migrate_export_import_profiles($mode = 'export')
if ($mode == 'export') {
$sqlupd .= ", filter = '".$db->escape($newfilter)."'";
}
- $sqlupd .= ' WHERE rowid='.$obj->rowid;
+ $sqlupd .= ' WHERE rowid = '.((int) $obj->rowid);
$resultstring .= '| '.$sqlupd." |
\n";
$resqlupd = $db->query($sqlupd);
if (!$resqlupd) {
diff --git a/htdocs/intracommreport/class/intracommreport.class.php b/htdocs/intracommreport/class/intracommreport.class.php
index 9675d1f3860..d3f34fc149b 100644
--- a/htdocs/intracommreport/class/intracommreport.class.php
+++ b/htdocs/intracommreport/class/intracommreport.class.php
@@ -437,7 +437,7 @@ class IntracommReport extends CommonObject
*/
public function getNextDeclarationNumber()
{
- $resql = $this->db->query('SELECT MAX(numero_declaration) as max_declaration_number FROM '.MAIN_DB_PREFIX.$this->table_element.' WHERE exporttype="'.$this->exporttype.'"');
+ $resql = $this->db->query('SELECT MAX(numero_declaration) as max_declaration_number FROM '.MAIN_DB_PREFIX.$this->table_element." WHERE exporttype='".$this->db->escape($this->exporttype)."'");
if ($resql) {
$res = $this->db->fetch_object($resql);
}
diff --git a/htdocs/intracommreport/list.php b/htdocs/intracommreport/list.php
index 686bd16d5de..a4fed4def2d 100644
--- a/htdocs/intracommreport/list.php
+++ b/htdocs/intracommreport/list.php
@@ -207,7 +207,7 @@ $sql = 'SELECT DISTINCT i.rowid, i.type_declaration, i.type_export, i.periods, i
/*
// Add fields from extrafields
if (! empty($extrafields->attributes[$object->table_element]['label'])) {
- foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) $sql.=($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key.' as options_'.$key : '');
+ foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) $sql.=($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ", ef.".$key." as options_".$key : '');
}
*/
// Add fields from hooks
diff --git a/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php
new file mode 100644
index 00000000000..16429060a17
--- /dev/null
+++ b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php
@@ -0,0 +1,393 @@
+
+ * Copyright (C) 2021 SuperAdmin
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+use Luracast\Restler\RestException;
+
+dol_include_once('/knowledgemanagement/class/knowledgerecord.class.php');
+
+
+
+/**
+ * \file knowledgemanagement/class/api_knowledgemanagement.class.php
+ * \ingroup knowledgemanagement
+ * \brief File for API management of knowledgerecord.
+ */
+
+/**
+ * API class for knowledgemanagement knowledgerecord
+ *
+ * @access protected
+ * @class DolibarrApiAccess {@requires user,external}
+ */
+class KnowledgeManagement extends DolibarrApi
+{
+ /**
+ * @var KnowledgeRecord $knowledgerecord {@type KnowledgeRecord}
+ */
+ public $knowledgerecord;
+
+ /**
+ * Constructor
+ *
+ * @url GET /
+ *
+ */
+ public function __construct()
+ {
+ global $db, $conf;
+ $this->db = $db;
+ $this->knowledgerecord = new KnowledgeRecord($this->db);
+ }
+
+ /**
+ * Get properties of a knowledgerecord object
+ *
+ * Return an array with knowledgerecord informations
+ *
+ * @param int $id ID of knowledgerecord
+ * @return array|mixed data without useless information
+ *
+ * @url GET knowledgerecords/{id}
+ *
+ * @throws RestException 401 Not allowed
+ * @throws RestException 404 Not found
+ */
+ public function get($id)
+ {
+ if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->read) {
+ throw new RestException(401);
+ }
+
+ $result = $this->knowledgerecord->fetch($id);
+ if (!$result) {
+ throw new RestException(404, 'KnowledgeRecord not found');
+ }
+
+ if (!DolibarrApi::_checkAccessToResource('knowledgerecord', $this->knowledgerecord->id, 'knowledgemanagement_knowledgerecord')) {
+ throw new RestException(401, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login);
+ }
+
+ return $this->_cleanObjectDatas($this->knowledgerecord);
+ }
+
+
+ /**
+ * List knowledgerecords
+ *
+ * Get a list of knowledgerecords
+ *
+ * @param string $sortfield Sort field
+ * @param string $sortorder Sort order
+ * @param int $limit Limit for list
+ * @param int $page Page number
+ * @param string $sqlfilters Other criteria to filter answers separated by a comma. Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"
+ * @return array Array of order objects
+ *
+ * @throws RestException
+ *
+ * @url GET /knowledgerecords/
+ */
+ public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '')
+ {
+ global $db, $conf;
+
+ $obj_ret = array();
+ $tmpobject = new KnowledgeRecord($this->db);
+
+ if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->read) {
+ throw new RestException(401);
+ }
+
+ $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : '';
+
+ $restrictonsocid = 0; // Set to 1 if there is a field socid in table of object
+
+ // If the internal user must only see his customers, force searching by him
+ $search_sale = 0;
+ if ($restrictonsocid && !DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) {
+ $search_sale = DolibarrApiAccess::$user->id;
+ }
+
+ $sql = "SELECT t.rowid";
+ if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) {
+ $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
+ }
+ $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." as t";
+
+ if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) {
+ $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale
+ }
+ $sql .= " WHERE 1 = 1";
+
+ // Example of use $mode
+ //if ($mode == 1) $sql.= " AND s.client IN (1, 3)";
+ //if ($mode == 2) $sql.= " AND s.client IN (2, 3)";
+
+ if ($tmpobject->ismultientitymanaged) {
+ $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')';
+ }
+ if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) {
+ $sql .= " AND t.fk_soc = sc.fk_soc";
+ }
+ if ($restrictonsocid && $socid) {
+ $sql .= " AND t.fk_soc = ".((int) $socid);
+ }
+ if ($restrictonsocid && $search_sale > 0) {
+ $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
+ }
+ // Insert sale filter
+ if ($restrictonsocid && $search_sale > 0) {
+ $sql .= " AND sc.fk_user = ".((int) $search_sale);
+ }
+ if ($sqlfilters) {
+ if (!DolibarrApi::_checkFilters($sqlfilters)) {
+ throw new RestException(503, 'Error when validating parameter sqlfilters '.$sqlfilters);
+ }
+ $regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^\(\)]+)\)';
+ $sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
+ }
+
+ $sql .= $this->db->order($sortfield, $sortorder);
+ if ($limit) {
+ if ($page < 0) {
+ $page = 0;
+ }
+ $offset = $limit * $page;
+
+ $sql .= $this->db->plimit($limit + 1, $offset);
+ }
+
+ $result = $this->db->query($sql);
+ $i = 0;
+ if ($result) {
+ $num = $this->db->num_rows($result);
+ while ($i < $num) {
+ $obj = $this->db->fetch_object($result);
+ $tmp_object = new KnowledgeRecord($this->db);
+ if ($tmp_object->fetch($obj->rowid)) {
+ $obj_ret[] = $this->_cleanObjectDatas($tmp_object);
+ }
+ $i++;
+ }
+ } else {
+ throw new RestException(503, 'Error when retrieving knowledgerecord list: '.$this->db->lasterror());
+ }
+ if (!count($obj_ret)) {
+ throw new RestException(404, 'No knowledgerecord found');
+ }
+ return $obj_ret;
+ }
+
+ /**
+ * Create knowledgerecord object
+ *
+ * @param array $request_data Request datas
+ * @return int ID of knowledgerecord
+ *
+ * @throws RestException
+ *
+ * @url POST knowledgerecords/
+ */
+ public function post($request_data = null)
+ {
+ if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->write) {
+ throw new RestException(401);
+ }
+
+ // Check mandatory fields
+ $result = $this->_validate($request_data);
+
+ foreach ($request_data as $field => $value) {
+ $this->knowledgerecord->$field = $this->_checkValForAPI($field, $value, $this->knowledgerecord);
+ }
+
+ // Clean data
+ // $this->knowledgerecord->abc = checkVal($this->knowledgerecord->abc, 'alphanohtml');
+
+ if ($this->knowledgerecord->create(DolibarrApiAccess::$user)<0) {
+ throw new RestException(500, "Error creating KnowledgeRecord", array_merge(array($this->knowledgerecord->error), $this->knowledgerecord->errors));
+ }
+ return $this->knowledgerecord->id;
+ }
+
+ /**
+ * Update knowledgerecord
+ *
+ * @param int $id Id of knowledgerecord to update
+ * @param array $request_data Datas
+ * @return int
+ *
+ * @throws RestException
+ *
+ * @url PUT knowledgerecords/{id}
+ */
+ public function put($id, $request_data = null)
+ {
+ if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->write) {
+ throw new RestException(401);
+ }
+
+ $result = $this->knowledgerecord->fetch($id);
+ if (!$result) {
+ throw new RestException(404, 'KnowledgeRecord not found');
+ }
+
+ if (!DolibarrApi::_checkAccessToResource('knowledgerecord', $this->knowledgerecord->id, 'knowledgemanagement_knowledgerecord')) {
+ throw new RestException(401, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login);
+ }
+
+ foreach ($request_data as $field => $value) {
+ if ($field == 'id') {
+ continue;
+ }
+ $this->knowledgerecord->$field = $this->_checkValForAPI($field, $value, $this->knowledgerecord);
+ }
+
+ // Clean data
+ // $this->knowledgerecord->abc = checkVal($this->knowledgerecord->abc, 'alphanohtml');
+
+ if ($this->knowledgerecord->update(DolibarrApiAccess::$user, false) > 0) {
+ return $this->get($id);
+ } else {
+ throw new RestException(500, $this->knowledgerecord->error);
+ }
+ }
+
+ /**
+ * Delete knowledgerecord
+ *
+ * @param int $id KnowledgeRecord ID
+ * @return array
+ *
+ * @throws RestException
+ *
+ * @url DELETE knowledgerecords/{id}
+ */
+ public function delete($id)
+ {
+ if (!DolibarrApiAccess::$user->rights->knowledgemanagement->knowledgerecord->delete) {
+ throw new RestException(401);
+ }
+ $result = $this->knowledgerecord->fetch($id);
+ if (!$result) {
+ throw new RestException(404, 'KnowledgeRecord not found');
+ }
+
+ if (!DolibarrApi::_checkAccessToResource('knowledgerecord', $this->knowledgerecord->id, 'knowledgemanagement_knowledgerecord')) {
+ throw new RestException(401, 'Access to instance id='.$this->knowledgerecord->id.' of object not allowed for login '.DolibarrApiAccess::$user->login);
+ }
+
+ if (!$this->knowledgerecord->delete(DolibarrApiAccess::$user)) {
+ throw new RestException(500, 'Error when deleting KnowledgeRecord : '.$this->knowledgerecord->error);
+ }
+
+ return array(
+ 'success' => array(
+ 'code' => 200,
+ 'message' => 'KnowledgeRecord deleted'
+ )
+ );
+ }
+
+
+ // phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
+ /**
+ * Clean sensible object datas
+ *
+ * @param Object $object Object to clean
+ * @return Object Object with cleaned properties
+ */
+ protected function _cleanObjectDatas($object)
+ {
+ // phpcs:enable
+ $object = parent::_cleanObjectDatas($object);
+
+ unset($object->rowid);
+ unset($object->canvas);
+
+ /*unset($object->name);
+ unset($object->lastname);
+ unset($object->firstname);
+ unset($object->civility_id);
+ unset($object->statut);
+ unset($object->state);
+ unset($object->state_id);
+ unset($object->state_code);
+ unset($object->region);
+ unset($object->region_code);
+ unset($object->country);
+ unset($object->country_id);
+ unset($object->country_code);
+ unset($object->barcode_type);
+ unset($object->barcode_type_code);
+ unset($object->barcode_type_label);
+ unset($object->barcode_type_coder);
+ unset($object->total_ht);
+ unset($object->total_tva);
+ unset($object->total_localtax1);
+ unset($object->total_localtax2);
+ unset($object->total_ttc);
+ unset($object->fk_account);
+ unset($object->comments);
+ unset($object->note);
+ unset($object->mode_reglement_id);
+ unset($object->cond_reglement_id);
+ unset($object->cond_reglement);
+ unset($object->shipping_method_id);
+ unset($object->fk_incoterms);
+ unset($object->label_incoterms);
+ unset($object->location_incoterms);
+ */
+
+ // If object has lines, remove $db property
+ if (isset($object->lines) && is_array($object->lines) && count($object->lines) > 0) {
+ $nboflines = count($object->lines);
+ for ($i = 0; $i < $nboflines; $i++) {
+ $this->_cleanObjectDatas($object->lines[$i]);
+
+ unset($object->lines[$i]->lines);
+ unset($object->lines[$i]->note);
+ }
+ }
+
+ return $object;
+ }
+
+ /**
+ * Validate fields before create or update object
+ *
+ * @param array $data Array of data to validate
+ * @return array
+ *
+ * @throws RestException
+ */
+ private function _validate($data)
+ {
+ $knowledgerecord = array();
+ foreach ($this->knowledgerecord->fields as $field => $propfield) {
+ if (in_array($field, array('rowid', 'entity', 'date_creation', 'tms', 'fk_user_creat')) || $propfield['notnull'] != 1) {
+ continue; // Not a mandatory field
+ }
+ if (!isset($data[$field])) {
+ throw new RestException(400, "$field field missing");
+ }
+ $knowledgerecord[$field] = $data[$field];
+ }
+ return $knowledgerecord;
+ }
+}
diff --git a/htdocs/knowledgemanagement/class/knowledgerecord.class.php b/htdocs/knowledgemanagement/class/knowledgerecord.class.php
index f85e795326e..559e6f21cf0 100644
--- a/htdocs/knowledgemanagement/class/knowledgerecord.class.php
+++ b/htdocs/knowledgemanagement/class/knowledgerecord.class.php
@@ -387,15 +387,15 @@ class KnowledgeRecord extends CommonObject
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid') {
- $sqlwhere[] = $key.'='.$value;
+ $sqlwhere[] = $key." = ".((int) $value);
} elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
- $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\'';
+ $sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} elseif (strpos($value, '%') === false) {
$sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')';
} else {
- $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\'';
+ $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
@@ -407,7 +407,7 @@ class KnowledgeRecord extends CommonObject
$sql .= $this->db->order($sortfield, $sortorder);
}
if (!empty($limit)) {
- $sql .= ' '.$this->db->plimit($limit, $offset);
+ $sql .= $this->db->plimit($limit, $offset);
}
$resql = $this->db->query($sql);
diff --git a/htdocs/knowledgemanagement/core/modules/knowledgemanagement/mod_knowledgerecord_advanced.php b/htdocs/knowledgemanagement/core/modules/knowledgemanagement/mod_knowledgerecord_advanced.php
index 48efbfbc8eb..70cda7254c8 100644
--- a/htdocs/knowledgemanagement/core/modules/knowledgemanagement/mod_knowledgerecord_advanced.php
+++ b/htdocs/knowledgemanagement/core/modules/knowledgemanagement/mod_knowledgerecord_advanced.php
@@ -81,7 +81,7 @@ class mod_knowledgerecord_advanced extends ModeleNumRefKnowledgeRecord
$texte .= '| '.$langs->trans("Mask").': | ';
$texte .= ''.$form->textwithpicto('', $tooltip, 1, 1).' | ';
- $texte .= ' | ';
+ $texte .= ' | ';
$texte .= '
';
diff --git a/htdocs/knowledgemanagement/knowledgerecord_list.php b/htdocs/knowledgemanagement/knowledgerecord_list.php
index 828137556ce..868c64e8786 100644
--- a/htdocs/knowledgemanagement/knowledgerecord_list.php
+++ b/htdocs/knowledgemanagement/knowledgerecord_list.php
@@ -220,7 +220,7 @@ $sql .= $object->getFieldList('t');
// Add fields from extrafields
if (!empty($extrafields->attributes[$object->table_element]['label'])) {
foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) {
- $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ",ef.".$key.' as options_'.$key.', ' : '');
+ $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? ",ef.".$key." as options_".$key.', ' : '');
}
}
// Add fields from hooks
@@ -284,7 +284,7 @@ $sql .= $hookmanager->resPrint;
/* If a group by is required
$sql.= " GROUP BY ";
foreach($object->fields as $key => $val) {
- $sql.='t.'.$key.', ';
+ $sql .= "t.".$key.", ";
}
// Add fields from extrafields
if (! empty($extrafields->attributes[$object->table_element]['label'])) {
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index f8b3928d97f..454df4ed28e 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -1421,7 +1421,7 @@ WAREHOUSE_ASK_WAREHOUSE_DURING_ORDER=Ask for Warehouse Source for order
##### Suppliers Orders #####
BANK_ASK_PAYMENT_BANK_DURING_SUPPLIER_ORDER=Ask for bank account destination of purchase order
##### Orders #####
-SuggestedPaymentModesIfNotDefinedInOrder=Suggested payments mode on sale order by default if not defined on the order
+SuggestedPaymentModesIfNotDefinedInOrder=Suggested payments mode on sales order by default if not defined on the order
OrdersSetup=Sales Orders management setup
OrdersNumberingModules=Orders numbering models
OrdersModelModule=Order documents models
diff --git a/htdocs/langs/en_US/bills.lang b/htdocs/langs/en_US/bills.lang
index a921aac9e48..e475a815ac9 100644
--- a/htdocs/langs/en_US/bills.lang
+++ b/htdocs/langs/en_US/bills.lang
@@ -234,12 +234,17 @@ AlreadyPaidBack=Already paid back
AlreadyPaidNoCreditNotesNoDeposits=Already paid (without credit notes and down payments)
Abandoned=Abandoned
RemainderToPay=Remaining unpaid
+RemainderToPayMulticurrency=Remaining unpaid, original currency
RemainderToTake=Remaining amount to take
+RemainderToTakeMulticurrency=Remaining amount to take, original currency
RemainderToPayBack=Remaining amount to refund
+RemainderToPayBackMulticurrency=Remaining amount to refund, original currency
Rest=Pending
AmountExpected=Amount claimed
ExcessReceived=Excess received
+ExcessReceivedMulticurrency=Excess received, original currency
ExcessPaid=Excess paid
+ExcessPaidMulticurrency=Excess paid, original currency
EscompteOffered=Discount offered (payment before term)
EscompteOfferedShort=Discount
SendBillRef=Submission of invoice %s
@@ -570,7 +575,7 @@ ToCreateARecurringInvoiceGene=To generate future invoices regularly and manually
ToCreateARecurringInvoiceGeneAuto=If you need to have such invoices generated automatically, ask your administrator to enable and setup module %s. Note that both methods (manual and automatic) can be used together with no risk of duplication.
DeleteRepeatableInvoice=Delete template invoice
ConfirmDeleteRepeatableInvoice=Are your sure you want to delete the template invoice?
-CreateOneBillByThird=Create one invoice per third party (otherwise, one invoice per order)
+CreateOneBillByThird=Create one invoice per third party (otherwise, one invoice per selected object)
BillCreated=%s invoice(s) generated
BillXCreated=Invoice %s generated
StatusOfGeneratedDocuments=Status of document generation
@@ -591,6 +596,5 @@ SituationTotalRayToRest=Remainder to pay without taxe
PDFSituationTitle=Situation n° %d
SituationTotalProgress=Total progress %d %%
SearchUnpaidInvoicesWithDueDate=Search unpaid invoices with a due date = %s
-RegisterPaymentAndClasiffiedPayed=Enter payment and classify 'Paid'
NoPaymentAvailable=No payment available for %s
-RegisterPaymentAndClasiffiedPayedDone=Payment registered and classify 'Paid' done for invoice %s
+PaymentRegisteredAndInvoiceSetToPaid=Payment registered and invoice %s set to paid
diff --git a/htdocs/langs/en_US/exports.lang b/htdocs/langs/en_US/exports.lang
index cb652229825..f2f2d2cf587 100644
--- a/htdocs/langs/en_US/exports.lang
+++ b/htdocs/langs/en_US/exports.lang
@@ -96,8 +96,8 @@ DataComeFromFileFieldNb=Value to insert comes from field number %s in sou
DataComeFromIdFoundFromRef=Value that comes from field number %s of source file will be used to find the id of the parent object to use (so the object %s that has the ref. from source file must exist in the database).
DataComeFromIdFoundFromCodeId=Code that comes from field number %s of source file will be used to find the id of the parent object to use (so the code from source file must exist in the dictionary %s). Note that if you know the id, you can also use it in the source file instead of the code. Import should work in both cases.
DataIsInsertedInto=Data coming from source file will be inserted into the following field:
-DataIDSourceIsInsertedInto=The id of parent object was found using the data in the source file, will be inserted into the following field:
-DataCodeIDSourceIsInsertedInto=The id of parent line found from code, will be inserted into following field:
+DataIDSourceIsInsertedInto=The id of the parent object, that was found using the data in the source file, will be inserted into the following field:
+DataCodeIDSourceIsInsertedInto=The id of the parent line, that was found from code, will be inserted into the following field:
SourceRequired=Data value is mandatory
SourceExample=Example of possible data value
ExampleAnyRefFoundIntoElement=Any ref found for element %s
diff --git a/htdocs/langs/en_US/orders.lang b/htdocs/langs/en_US/orders.lang
index 5dab5b99bf1..aad0010b4af 100644
--- a/htdocs/langs/en_US/orders.lang
+++ b/htdocs/langs/en_US/orders.lang
@@ -17,7 +17,7 @@ ToOrder=Make order
MakeOrder=Make order
SupplierOrder=Purchase order
SuppliersOrders=Purchase orders
-SaleOrderLines=Sale order lines
+SaleOrderLines=Sales order lines
PurchaseOrderLines=Puchase order lines
SuppliersOrdersRunning=Current purchase orders
CustomerOrder=Sales Order
@@ -151,6 +151,7 @@ PDFEdisonDescription=A simple order model
PDFProformaDescription=A complete Proforma invoice template
CreateInvoiceForThisCustomer=Bill orders
CreateInvoiceForThisSupplier=Bill orders
+CreateInvoiceForThisReceptions=Bill receptions
NoOrdersToInvoice=No orders billable
CloseProcessedOrdersAutomatically=Classify "Processed" all selected orders.
OrderCreation=Order creation
diff --git a/htdocs/langs/en_US/receptions.lang b/htdocs/langs/en_US/receptions.lang
index 338602e722e..4ee0555c396 100644
--- a/htdocs/langs/en_US/receptions.lang
+++ b/htdocs/langs/en_US/receptions.lang
@@ -36,7 +36,7 @@ StatsOnReceptionsOnlyValidated=Statistics conducted on receptions only validated
SendReceptionByEMail=Send reception by email
SendReceptionRef=Submission of reception %s
ActionsOnReception=Events on reception
-ReceptionCreationIsDoneFromOrder=For the moment, creation of a new reception is done from the order card.
+ReceptionCreationIsDoneFromOrder=For the moment, creation of a new reception is done from the Purchase Order record.
ReceptionLine=Reception line
ProductQtyInReceptionAlreadySent=Product quantity from open sales order already sent
ProductQtyInSuppliersReceptionAlreadyRecevied=Product quantity from open supplier order already received
diff --git a/htdocs/langs/en_US/sendings.lang b/htdocs/langs/en_US/sendings.lang
index b94891d79c5..8f10b1e9404 100644
--- a/htdocs/langs/en_US/sendings.lang
+++ b/htdocs/langs/en_US/sendings.lang
@@ -53,7 +53,7 @@ SendShippingByEMail=Send shipment by email
SendShippingRef=Submission of shipment %s
ActionsOnShipping=Events on shipment
LinkToTrackYourPackage=Link to track your package
-ShipmentCreationIsDoneFromOrder=For the moment, creation of a new shipment is done from the order card.
+ShipmentCreationIsDoneFromOrder=For the moment, creation of a new shipment is done from the Sales Order record.
ShipmentLine=Shipment line
ProductQtyInCustomersOrdersRunning=Product quantity from open sales orders
ProductQtyInSuppliersOrdersRunning=Product quantity from open purchase orders
diff --git a/htdocs/langs/en_US/stocks.lang b/htdocs/langs/en_US/stocks.lang
index 4396139f1f9..78b095d9f11 100644
--- a/htdocs/langs/en_US/stocks.lang
+++ b/htdocs/langs/en_US/stocks.lang
@@ -62,7 +62,7 @@ AllowAddLimitStockByWarehouse=Manage also value for minimum and desired stock pe
RuleForWarehouse=Rule for warehouses
WarehouseAskWarehouseOnThirparty=Set a warehouse on Third-parties
WarehouseAskWarehouseDuringPropal=Set a warehouse on Commercial proposals
-WarehouseAskWarehouseDuringOrder=Set a warehouse on Sale orders
+WarehouseAskWarehouseDuringOrder=Set a warehouse on Sales Orders
UserDefaultWarehouse=Set a warehouse on Users
MainDefaultWarehouse=Default warehouse
MainDefaultWarehouseUser=Use a default warehouse for each user
diff --git a/htdocs/loan/class/loan.class.php b/htdocs/loan/class/loan.class.php
index 91f384703a9..0ec7786fc20 100644
--- a/htdocs/loan/class/loan.class.php
+++ b/htdocs/loan/class/loan.class.php
@@ -404,7 +404,7 @@ class Loan extends CommonObject
{
$sql = "UPDATE ".MAIN_DB_PREFIX."loan SET";
$sql .= " paid = ".$this::STATUS_PAID;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$return = $this->db->query($sql);
if ($return) {
return 1;
@@ -440,7 +440,7 @@ class Loan extends CommonObject
{
$sql = "UPDATE ".MAIN_DB_PREFIX."loan SET";
$sql .= " paid = ".$this::STATUS_STARTED;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$return = $this->db->query($sql);
if ($return) {
return 1;
@@ -475,7 +475,7 @@ class Loan extends CommonObject
{
$sql = "UPDATE ".MAIN_DB_PREFIX."loan SET";
$sql .= " paid = ".$this::STATUS_UNPAID;
- $sql .= " WHERE rowid = ".$this->id;
+ $sql .= " WHERE rowid = ".((int) $this->id);
$return = $this->db->query($sql);
if ($return) {
return 1;
@@ -651,7 +651,7 @@ class Loan extends CommonObject
$sql = 'SELECT sum(amount_capital) as amount';
$sql .= ' FROM '.MAIN_DB_PREFIX.$table;
- $sql .= ' WHERE '.$field.' = '.$this->id;
+ $sql .= " WHERE ".$field." = ".((int) $this->id);
dol_syslog(get_class($this)."::getSumPayment", LOG_DEBUG);
$resql = $this->db->query($sql);
diff --git a/htdocs/loan/class/loanschedule.class.php b/htdocs/loan/class/loanschedule.class.php
index 126002eb47a..9beff9dd22e 100644
--- a/htdocs/loan/class/loanschedule.class.php
+++ b/htdocs/loan/class/loanschedule.class.php
@@ -498,7 +498,7 @@ class LoanSchedule extends CommonObject
$toinsert = array();
$sql = "SELECT l.rowid";
- $sql .= " FROM ".MAIN_DB_PREFIX."loan as l ";
+ $sql .= " FROM ".MAIN_DB_PREFIX."loan as l";
$sql .= " WHERE l.paid = 0";
$resql = $this->db->query($sql);
@@ -511,7 +511,8 @@ class LoanSchedule extends CommonObject
$this->db->begin();
$sql = "INSERT INTO ".MAIN_DB_PREFIX."payment_loan ";
$sql .= "(fk_loan,datec,tms,datep,amount_capital,amount_insurance,amount_interest,fk_typepayment,num_payment,note_private,note_public,fk_bank,fk_user_creat,fk_user_modif) ";
- $sql .= "SELECT fk_loan,datec,tms,datep,amount_capital,amount_insurance,amount_interest,fk_typepayment,num_payment,note_private,note_public,fk_bank,fk_user_creat,fk_user_modif FROM ".MAIN_DB_PREFIX."loan_schedule WHERE rowid =".$echid;
+ $sql .= "SELECT fk_loan,datec,tms,datep,amount_capital,amount_insurance,amount_interest,fk_typepayment,num_payment,note_private,note_public,fk_bank,fk_user_creat,fk_user_modif";
+ $sql .= " FROM ".MAIN_DB_PREFIX."loan_schedule WHERE rowid =".((int) $echid);
$res = $this->db->query($sql);
if ($res) {
$this->db->commit();
diff --git a/htdocs/loan/payment/card.php b/htdocs/loan/payment/card.php
index 675401e34f9..0292fbf5b2c 100644
--- a/htdocs/loan/payment/card.php
+++ b/htdocs/loan/payment/card.php
@@ -156,8 +156,8 @@ $disable_delete = 0;
$sql = 'SELECT l.rowid as id, l.label, l.paid, l.capital as capital, pl.amount_capital, pl.amount_insurance, pl.amount_interest';
$sql .= ' FROM '.MAIN_DB_PREFIX.'payment_loan as pl,'.MAIN_DB_PREFIX.'loan as l';
$sql .= ' WHERE pl.fk_loan = l.rowid';
-$sql .= ' AND l.entity = '.$conf->entity;
-$sql .= ' AND pl.rowid = '.$payment->id;
+$sql .= ' AND l.entity = '.((int) $conf->entity);
+$sql .= ' AND pl.rowid = '.((int) $payment->id);
dol_syslog("loan/payment/card.php", LOG_DEBUG);
$resql = $db->query($sql);
diff --git a/htdocs/loan/schedule.php b/htdocs/loan/schedule.php
index 67be217f0d2..6dae3383d47 100644
--- a/htdocs/loan/schedule.php
+++ b/htdocs/loan/schedule.php
@@ -335,7 +335,7 @@ if (count($echeances->lines) == 0) {
} else {
$label = $langs->trans("Save");
}
-print '';
+print '';
print '';
// End of page
diff --git a/htdocs/mailmanspip/class/mailmanspip.class.php b/htdocs/mailmanspip/class/mailmanspip.class.php
index d08f6f65094..c5ce2292f6a 100644
--- a/htdocs/mailmanspip/class/mailmanspip.class.php
+++ b/htdocs/mailmanspip/class/mailmanspip.class.php
@@ -232,7 +232,7 @@ class MailmanSpip
$mydb = $this->connectSpip();
if ($mydb) {
- $query = "DELETE FROM spip_auteurs WHERE login='".$object->login."'";
+ $query = "DELETE FROM spip_auteurs WHERE login = '".$mydb->escape($object->login)."'";
$result = $mydb->query($query);
@@ -271,7 +271,7 @@ class MailmanSpip
$mydb = $this->connectSpip();
if ($mydb) {
- $query = "SELECT login FROM spip_auteurs WHERE login='".$object->login."'";
+ $query = "SELECT login FROM spip_auteurs WHERE login = '".$mydb->escape($object->login)."'";
$result = $mydb->query($query);
diff --git a/htdocs/margin/admin/margin.php b/htdocs/margin/admin/margin.php
index 4df01332eb1..2c224678f60 100644
--- a/htdocs/margin/admin/margin.php
+++ b/htdocs/margin/admin/margin.php
@@ -140,7 +140,7 @@ print '/> ';
print $langs->trans('MargeType3');
print '';
print '';
-print '';
+print '';
print ' | ';
print ''.$langs->trans('MarginTypeDesc');
print ' | ';
@@ -215,7 +215,7 @@ print '';
print Form::selectarray('MARGIN_METHODE_FOR_DISCOUNT', $methods, $conf->global->MARGIN_METHODE_FOR_DISCOUNT);
print ' | ';
print '';
-print '';
+print '';
print ' | ';
print ''.$langs->trans('MARGIN_METHODE_FOR_DISCOUNT_DETAILS').' | ';
print '
';
@@ -233,7 +233,7 @@ $facture = new Facture($db);
print $formcompany->selectTypeContact($facture, $conf->global->AGENT_CONTACT_TYPE, "AGENT_CONTACT_TYPE", "internal", "code", 1);
print '';
print '
';
-print '';
+print '';
print ' | ';
print '
'.$langs->trans('AgentContactTypeDetails').' | ';
print '';
diff --git a/htdocs/margin/checkMargins.php b/htdocs/margin/checkMargins.php
index d12c827cc3e..1349e02d2d8 100644
--- a/htdocs/margin/checkMargins.php
+++ b/htdocs/margin/checkMargins.php
@@ -106,8 +106,8 @@ if (empty($reshook)) {
$invoicedet_id = $tmp_array[1];
if (!empty($invoicedet_id)) {
$sql = 'UPDATE '.MAIN_DB_PREFIX.'facturedet';
- $sql .= ' SET buy_price_ht=\''.price2num($value).'\'';
- $sql .= ' WHERE rowid='.$invoicedet_id;
+ $sql .= " SET buy_price_ht = ".((float) price2num($value));
+ $sql .= ' WHERE rowid = '.((int) $invoicedet_id);
$result = $db->query($sql);
if (!$result) {
setEventMessages($db->lasterror, null, 'errors');
diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php
index 0a05266b6ff..db8bc85816e 100644
--- a/htdocs/modulebuilder/index.php
+++ b/htdocs/modulebuilder/index.php
@@ -383,7 +383,7 @@ if ($dirins && $action == 'initphpunit' && !empty($module)) {
$modulename = ucfirst($module); // Force first letter in uppercase
$objectname = $tabobj;
- dol_mkdir($dirins.'/'.strtolower($module).'/class');
+ dol_mkdir($dirins.'/'.strtolower($module).'/test/phpunit');
$srcdir = DOL_DOCUMENT_ROOT.'/modulebuilder/template';
$srcfile = $srcdir.'/test/phpunit/MyObjectTest.php';
$destfile = $dirins.'/'.strtolower($module).'/test/phpunit/'.strtolower($objectname).'Test.php';
@@ -2219,7 +2219,8 @@ if ($module == 'initmodule') {
if ($action != 'editfile' || empty($file)) {
print '
';
- $htmlhelp = $langs->trans("DictionariesDefDescTooltip", ''.$langs->trans('Setup').' - '.$langs->trans('Dictionaries').'');
+ $htmlhelp = $langs->trans("DictionariesDefDescTooltip", '{s1}');
+ $htmlhelp = str_replace('{s1}', ''.$langs->trans('Setup').' - '.$langs->trans('Dictionaries').'', $htmlhelp);
print $form->textwithpicto($langs->trans("DictionariesDefDesc"), $htmlhelp, 1, 'help', '', 0, 2, 'helpondesc').'
';
print '';
print '
';
@@ -2717,7 +2718,7 @@ if ($module == 'initmodule') {
print '
| ';
print '
| ';
print '
';
- print '';
+ print '';
print ' | ';
// List of existing properties
@@ -3012,7 +3013,8 @@ if ($module == 'initmodule') {
if ($action != 'editfile' || empty($file)) {
print '
';
- $htmlhelp = $langs->trans("MenusDefDescTooltip", ''.$langs->trans('Setup').' - '.$langs->trans('Menus').'');
+ $htmlhelp = $langs->trans("MenusDefDescTooltip", '{s1}');
+ $htmlhelp = str_replace('{s1}', ''.$langs->trans('Setup').' - '.$langs->trans('Menus').'', $htmlhelp);
print $form->textwithpicto($langs->trans("MenusDefDesc"), $htmlhelp, 1, 'help', '', 0, 2, 'helpondesc').'
';
print '';
print '
';
@@ -3144,7 +3146,8 @@ if ($module == 'initmodule') {
if ($action != 'editfile' || empty($file)) {
print '
';
- $htmlhelp = $langs->trans("PermissionsDefDescTooltip", ''.$langs->trans('DefaultPermissions').'');
+ $htmlhelp = $langs->trans("PermissionsDefDescTooltip", '{s1}');
+ $htmlhelp = str_replace('{s1}', ''.$langs->trans('DefaultRights').'', $htmlhelp);
print $form->textwithpicto($langs->trans("PermissionsDefDesc"), $htmlhelp, 1, 'help', '', 0, 2, 'helpondesc').'
';
print '';
print '
';
@@ -3611,7 +3614,7 @@ if ($module == 'initmodule') {
$cronjobs = $moduleobj->cronjobs;
if ($action != 'editfile' || empty($file)) {
- print '
'.str_replace('{s1}', ''.$langs->transnoentities('CronList').'', $langs->trans("CronJobDefDesc", '{s1}')).'';
+ print '
'.str_replace('{s1}', ''.$langs->transnoentities('CronList').'', $langs->trans("CronJobDefDesc", '{s1}')).'';
print '
';
print '
'.$langs->trans("DescriptorFile").' :
'.$pathtofile.'';
diff --git a/htdocs/modulebuilder/template/class/api_mymodule.class.php b/htdocs/modulebuilder/template/class/api_mymodule.class.php
index faeb22a095b..cb2fbda68a6 100644
--- a/htdocs/modulebuilder/template/class/api_mymodule.class.php
+++ b/htdocs/modulebuilder/template/class/api_mymodule.class.php
@@ -69,7 +69,7 @@ class MyModuleApi extends DolibarrApi
*/
public function get($id)
{
- if (!DolibarrApiAccess::$user->rights->mymodule->read) {
+ if (!DolibarrApiAccess::$user->rights->mymodule->myobject->read) {
throw new RestException(401);
}
@@ -205,7 +205,7 @@ class MyModuleApi extends DolibarrApi
*/
public function post($request_data = null)
{
- if (!DolibarrApiAccess::$user->rights->mymodule->write) {
+ if (!DolibarrApiAccess::$user->rights->mymodule->myobject->write) {
throw new RestException(401);
}
@@ -238,7 +238,7 @@ class MyModuleApi extends DolibarrApi
*/
public function put($id, $request_data = null)
{
- if (!DolibarrApiAccess::$user->rights->mymodule->write) {
+ if (!DolibarrApiAccess::$user->rights->mymodule->myobject->write) {
throw new RestException(401);
}
@@ -280,7 +280,7 @@ class MyModuleApi extends DolibarrApi
*/
public function delete($id)
{
- if (!DolibarrApiAccess::$user->rights->mymodule->delete) {
+ if (!DolibarrApiAccess::$user->rights->mymodule->myobject->delete) {
throw new RestException(401);
}
$result = $this->myobject->fetch($id);
diff --git a/htdocs/modulebuilder/template/class/myobject.class.php b/htdocs/modulebuilder/template/class/myobject.class.php
index 243567082fa..dc72b81a96a 100644
--- a/htdocs/modulebuilder/template/class/myobject.class.php
+++ b/htdocs/modulebuilder/template/class/myobject.class.php
@@ -443,27 +443,27 @@ class MyObject extends CommonObject
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid') {
- $sqlwhere[] = $key.'='.$value;
+ $sqlwhere[] = $key." = ".((int) $value);
} elseif (in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
- $sqlwhere[] = $key.' = \''.$this->db->idate($value).'\'';
+ $sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} elseif (strpos($value, '%') === false) {
- $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')';
+ $sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")";
} else {
- $sqlwhere[] = $key.' LIKE \'%'.$this->db->escape($value).'%\'';
+ $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
if (count($sqlwhere) > 0) {
- $sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')';
+ $sql .= " AND (".implode(" ".$filtermode." ", $sqlwhere).")";
}
if (!empty($sortfield)) {
$sql .= $this->db->order($sortfield, $sortorder);
}
if (!empty($limit)) {
- $sql .= ' '.$this->db->plimit($limit, $offset);
+ $sql .= $this->db->plimit($limit, $offset);
}
$resql = $this->db->query($sql);
diff --git a/htdocs/modulebuilder/template/core/modules/modMyModule.class.php b/htdocs/modulebuilder/template/core/modules/modMyModule.class.php
index 9db4bcb9854..de9188e714d 100644
--- a/htdocs/modulebuilder/template/core/modules/modMyModule.class.php
+++ b/htdocs/modulebuilder/template/core/modules/modMyModule.class.php
@@ -456,10 +456,10 @@ class modMyModule extends DolibarrModules
}
$sql = array_merge($sql, array(
- "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity,
- "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."','".strtolower($myTmpObjectKey)."',".$conf->entity.")",
- "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".strtolower($myTmpObjectKey)."' AND entity = ".$conf->entity,
- "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".strtolower($myTmpObjectKey)."', ".$conf->entity.")"
+ "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'standard_".strtolower($myTmpObjectKey)."' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity),
+ "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('standard_".strtolower($myTmpObjectKey)."', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")",
+ "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'generic_".strtolower($myTmpObjectKey)."_odt' AND type = '".$this->db->escape(strtolower($myTmpObjectKey))."' AND entity = ".((int) $conf->entity),
+ "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('generic_".strtolower($myTmpObjectKey)."_odt', '".$this->db->escape(strtolower($myTmpObjectKey))."', ".((int) $conf->entity).")"
));
}
}
diff --git a/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php b/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php
index f3228915592..4e154b5665d 100644
--- a/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php
+++ b/htdocs/modulebuilder/template/core/modules/mymodule/doc/doc_generic_myobject_odt.modules.php
@@ -158,7 +158,7 @@ class doc_generic_myobject_odt extends ModelePDFMyObject
$texte .= $conf->global->MYMODULE_MYOBJECT_ADDON_PDF_ODT_PATH;
$texte .= '';
$texte .= '