diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index a2199a42f97..451926a030c 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -485,18 +485,16 @@ class BOM extends CommonObject /** * Load list of objects in memory from the database. * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset Offset - * @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...) - * @param string $filtermode Filter mode (AND or OR) - * @return array|int int <0 if KO, array of pages if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset + * @param string $filter Filter USF + * @param string $filtermode Filter mode (AND or OR) + * @return array|int int <0 if KO, array of pages if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { - global $conf; - dol_syslog(__METHOD__, LOG_DEBUG); $records = array(); @@ -510,6 +508,7 @@ class BOM extends CommonObject $sql .= ' WHERE 1 = 1'; } + // Manage filter $errormessage = ''; $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); if ($errormessage) { diff --git a/htdocs/core/class/cgenericdic.class.php b/htdocs/core/class/cgenericdic.class.php index 9c617d9c78d..b6e9e2e9674 100644 --- a/htdocs/core/class/cgenericdic.class.php +++ b/htdocs/core/class/cgenericdic.class.php @@ -220,16 +220,15 @@ class CGenericDic extends CommonDict /** * Load object in memory from the database * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit offset limit - * @param int $offset offset limit - * @param array $filter filter array - * @param string $filtermode filter mode (AND or OR) - * - * @return int Return integer <0 if KO, >0 if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset offset limit + * @param string|array $filter filter USF + * @param string $filtermode filter mode (AND or OR) + * @return int Return integer <0 if KO, >0 if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -243,23 +242,36 @@ class CGenericDic extends CommonDict } $sql = "SELECT"; - $sql .= " t.".$fieldrowid.","; + $sql .= " t.".$this->db->sanitize($fieldrowid).","; $sql .= " t.code,"; - $sql .= " t.".$fieldlabel." as label,"; + $sql .= " t.".$this->db->sanitize($fieldlabel)." as label,"; $sql .= " t.active"; $sql .= " FROM ".$this->db->prefix().$this->table_element." as t"; // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($value)."%'"; + } } + if (count($sqlwhere) > 0) { + $sql .= " WHERE ".implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= " WHERE ".implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + return -1; } + if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } diff --git a/htdocs/core/class/cproductnature.class.php b/htdocs/core/class/cproductnature.class.php index b395bf8983f..b643ff8c931 100644 --- a/htdocs/core/class/cproductnature.class.php +++ b/htdocs/core/class/cproductnature.class.php @@ -153,13 +153,13 @@ class CProductNature extends CommonDict * * @param string $sortorder Sort Order * @param string $sortfield Sort field - * @param int $limit limit + * @param int $limit Limit * @param int $offset Offset - * @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...) + * @param string $filter Filter USF * @param string $filtermode Filter mode (AND or OR) * @return array|int int <0 if KO, array of pages if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -169,23 +169,38 @@ class CProductNature extends CommonDict $sql .= " t.label,"; $sql .= " t.active"; $sql .= " FROM ".$this->db->prefix().$this->table_element." as t"; + $sql .= " WHERE 1 = 1"; + // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.rowid' || $key == 't.active' || $key == 't.code') { - $sqlwhere[] = $key." = ".((int) $value); - } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; - } elseif ($key == 't.label') { - $sqlwhere[] = $key." = '".$this->db->escape($value)."'"; - } else { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid' || $key == 't.active' || $key == 't.code') { + $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); + } elseif (strpos($key, 'date') !== false) { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; + } elseif ($key == 't.label') { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->escape($value)."'"; + } else { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($value)."%'"; + } } } + if (count($sqlwhere) > 0) { + $sql .= " AND ".implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= ' WHERE ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + return -1; } if (!empty($sortfield)) { diff --git a/htdocs/core/class/ctyperesource.class.php b/htdocs/core/class/ctyperesource.class.php index 5d839fb0f26..b6c100a7bab 100644 --- a/htdocs/core/class/ctyperesource.class.php +++ b/htdocs/core/class/ctyperesource.class.php @@ -194,16 +194,15 @@ class Ctyperesource extends CommonDict /** * Load object in memory from the database * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit offset limit - * @param int $offset offset limit - * @param array $filter filter array - * @param string $filtermode filter mode (AND or OR) - * - * @return int Return integer <0 if KO, >0 if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset limit + * @param string|array $filter filter array + * @param string $filtermode filter mode (AND or OR) + * @return int Return integer <0 if KO, >0 if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -213,18 +212,40 @@ class Ctyperesource extends CommonDict $sql .= " t.label,"; $sql .= " t.active"; $sql .= " FROM ".$this->db->prefix().$this->table_element." as t"; + $sql .= " WHERE 1 = 1"; // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid' || $key == 't.active' || $key == 't.code') { + $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); + } elseif (strpos($key, 'date') !== false) { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; + } elseif ($key == 't.label') { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->escape($value)."'"; + } else { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($value)."%'"; + } + } } + if (count($sqlwhere) > 0) { + $sql .= " AND ".implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= ' WHERE '.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + return -1; } + if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } diff --git a/htdocs/core/class/cunits.class.php b/htdocs/core/class/cunits.class.php index 7db6859f82b..6339175c5d5 100644 --- a/htdocs/core/class/cunits.class.php +++ b/htdocs/core/class/cunits.class.php @@ -207,15 +207,15 @@ class CUnits extends CommonDict /** * Load list of objects in memory from the database. * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset Offset - * @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...) - * @param string $filtermode Filter mode (AND or OR) - * @return array|int int <0 if KO, array of pages if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset + * @param string|array $filter Filter USF + * @param string $filtermode Filter mode (AND or OR) + * @return array|int int <0 if KO, array of pages if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -229,24 +229,38 @@ class CUnits extends CommonDict $sql .= " t.scale,"; $sql .= " t.active"; $sql .= " FROM ".$this->db->prefix()."c_units as t"; + $sql .= " WHERE 1 = 1"; // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.rowid' || $key == 't.active' || $key == 't.scale') { - $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); - } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; - } elseif ($key == 't.unit_type' || $key == 't.code' || $key == 't.short_label') { - $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->escape($value)."'"; - } else { - $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid' || $key == 't.active' || $key == 't.scale') { + $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); + } elseif (strpos($key, 'date') !== false) { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; + } elseif ($key == 't.unit_type' || $key == 't.code' || $key == 't.short_label') { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->escape($value)."'"; + } else { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } } } + if (count($sqlwhere) > 0) { + $sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= ' WHERE ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + return -1; } if (!empty($sortfield)) { diff --git a/htdocs/core/class/link.class.php b/htdocs/core/class/link.class.php index b8a54ec53c7..34f05db4c11 100644 --- a/htdocs/core/class/link.class.php +++ b/htdocs/core/class/link.class.php @@ -237,7 +237,7 @@ class Link extends CommonObject $sql = "SELECT rowid, entity, datea, url, label, objecttype, objectid FROM ".$this->db->prefix()."links"; $sql .= " WHERE objecttype = '".$this->db->escape($objecttype)."' AND objectid = ".((int) $objectid); if ($conf->entity != 0) { - $sql .= " AND entity = ".$conf->entity; + $sql .= " AND entity = ".((int) $conf->entity); } if ($sortfield) { if (empty($sortorder)) { diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php index b9fef39837f..419d0f65f7e 100644 --- a/htdocs/cron/class/cronjob.class.php +++ b/htdocs/cron/class/cronjob.class.php @@ -573,14 +573,27 @@ class Cronjob extends CommonObject } // Manage filter - if (is_array($filter) && count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.rowid') { - $sql .= " AND ".$this->db->sanitize($key)." = ".((int) $value); - } else { - $sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + if (is_array($filter)) { + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid') { + $sql .= " AND ".$this->db->sanitize($key)." = ".((int) $value); + } else { + $sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } } } + + $filter = ''; + } + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + return -1; } $sql .= $this->db->order($sortfield, $sortorder); diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php index 0f622d01370..e5b8e4ebadf 100644 --- a/htdocs/ecm/class/ecmfiles.class.php +++ b/htdocs/ecm/class/ecmfiles.class.php @@ -530,15 +530,15 @@ class EcmFiles extends CommonObject /** * Load object in memory from the database * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset offset limit - * @param array $filter filter array - * @param string $filtermode filter mode (AND or OR) - * @return int Return integer <0 if KO, >0 if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset limit + * @param string|array $filter filter array + * @param string $filtermode filter mode (AND or OR) + * @return int Return integer <0 if KO, >0 if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -564,27 +564,40 @@ class EcmFiles extends CommonObject $sql .= " t.src_object_type,"; $sql .= " t.src_object_id"; $sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t'; + $sql .= ' WHERE 1 = 1'; // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.src_object_id') { - $sqlwhere[] = $key." = ".((int) $value); - } else { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.src_object_id') { + $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); + } else { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } } } + if (count($sqlwhere) > 0) { + $sql .= ' AND '.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + } + + $filter = ''; + } + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + return -1; } - $sql .= ' WHERE 1 = 1'; /* Fetching this table depends on filepath+filename, it must not depends on entity if (isModEnabled('multicompany')) { $sql .= " AND entity IN (" . getEntity('ecmfiles') . ")"; }*/ - if (count($sqlwhere) > 0) { - $sql .= ' AND '.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); - } if (!empty($sortfield)) { $sql .= $this->db->order($sortfield, $sortorder); } diff --git a/htdocs/knowledgemanagement/class/knowledgerecord.class.php b/htdocs/knowledgemanagement/class/knowledgerecord.class.php index 5e6ed1b5ebb..7aecbd5a79c 100644 --- a/htdocs/knowledgemanagement/class/knowledgerecord.class.php +++ b/htdocs/knowledgemanagement/class/knowledgerecord.class.php @@ -369,18 +369,16 @@ class KnowledgeRecord extends CommonObject /** * Load list of objects in memory from the database. * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset Offset - * @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...) - * @param string $filtermode Filter mode (AND or OR) - * @return array|int int <0 if KO, array of pages if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset + * @param string|array $filter Filter USF. + * @param string $filtermode Filter mode (AND or OR) + * @return array|int int <0 if KO, array of pages if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { - global $conf; - dol_syslog(__METHOD__, LOG_DEBUG); $records = array(); @@ -393,23 +391,37 @@ class KnowledgeRecord extends CommonObject } else { $sql .= ' WHERE 1 = 1'; } + // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.rowid') { - $sqlwhere[] = $key." = ".((int) $value); - } elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { - $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; - } elseif (strpos($value, '%') === false) { - $sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')'; - } else { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid') { + $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); + } elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; + } elseif (strpos($value, '%') === false) { + $sqlwhere[] = $this->db->sanitize($key).' IN ('.$this->db->sanitize($this->db->escape($value)).')'; + } else { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } } } + if (count($sqlwhere) > 0) { + $sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + return -1; } if (!empty($sortfield)) { diff --git a/htdocs/mrp/class/mo.class.php b/htdocs/mrp/class/mo.class.php index 4b91802fd5a..a194503ec74 100644 --- a/htdocs/mrp/class/mo.class.php +++ b/htdocs/mrp/class/mo.class.php @@ -474,15 +474,15 @@ class Mo extends CommonObject /** * Load list of objects in memory from the database. * - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset Offset - * @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...) - * @param string $filtermode Filter mode (AND or OR) - * @return array|int int <0 if KO, array of pages if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset + * @param string|array $filter Filter USF. + * @param string $filtermode Filter mode (AND or OR) + * @return array|int int <0 if KO, array of pages if OK */ - public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -496,21 +496,35 @@ class Mo extends CommonObject } else { $sql .= ' WHERE 1 = 1'; } + // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - if ($key == 't.rowid') { - $sqlwhere[] = $key." = ".((int) $value); - } elseif (strpos($key, 'date') !== false) { - $sqlwhere[] = $key." = '".$this->db->idate($value)."'"; - } else { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + if ($key == 't.rowid') { + $sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value); + } elseif (strpos($key, 'date') !== false) { + $sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'"; + } else { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } } } + if (count($sqlwhere) > 0) { + $sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')'; + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + return -1; } if (!empty($sortfield)) { diff --git a/htdocs/product/stock/class/productstockentrepot.class.php b/htdocs/product/stock/class/productstockentrepot.class.php index a8937fced52..d77531060cb 100644 --- a/htdocs/product/stock/class/productstockentrepot.class.php +++ b/htdocs/product/stock/class/productstockentrepot.class.php @@ -232,15 +232,15 @@ class ProductStockEntrepot extends CommonObject * * @param int $fk_product Product from which we want to get limit and desired stock by warehouse * @param int $fk_entrepot Warehouse in which we want to get products limit and desired stock - * @param string $sortorder Sort Order - * @param string $sortfield Sort field - * @param int $limit limit - * @param int $offset offset limit - * @param array $filter filter array - * @param string $filtermode filter mode (AND or OR) - * @return int|array Return integer <0 if KO, array if OK + * @param string $sortorder Sort Order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset limit + * @param string|array $filter Filter USF. + * @param string $filtermode Filter mode (AND or OR) + * @return int|array Return integer <0 if KO, array if OK */ - public function fetchAll($fk_product = 0, $fk_entrepot = 0, $sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND') + public function fetchAll($fk_product = 0, $fk_entrepot = 0, $sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND') { dol_syslog(__METHOD__, LOG_DEBUG); @@ -256,14 +256,27 @@ class ProductStockEntrepot extends CommonObject $sql .= " WHERE 1=1"; // Manage filter - $sqlwhere = array(); - if (count($filter) > 0) { - foreach ($filter as $key => $value) { - $sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + if (is_array($filter)) { + $sqlwhere = array(); + if (count($filter) > 0) { + foreach ($filter as $key => $value) { + $sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; + } } + if (count($sqlwhere) > 0) { + $sql .= " AND ".implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + } + + $filter = ''; } - if (count($sqlwhere) > 0) { - $sql .= " AND ".implode(' '.$this->db->escape($filtermode).' ', $sqlwhere); + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + return -1; } if (!empty($fk_product) && $fk_product > 0) { diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index cce2244df42..76a4334d71c 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -599,14 +599,14 @@ class Dolresource extends CommonObject /** * Load resource objects into $this->lines * - * @param string $sortorder sort order - * @param string $sortfield sort field - * @param int $limit limit page - * @param int $offset page - * @param array $filter filter output - * @return int if KO: <0 || if OK number of lines loaded + * @param string $sortorder Sort order + * @param string $sortfield Sort field + * @param int $limit Limit page + * @param int $offset Offset page + * @param string|array $filter Filter USF. + * @return int If KO: <0 || if OK number of lines loaded */ - public function fetchAll(string $sortorder, string $sortfield, int $limit, int $offset, array $filter = []) + public function fetchAll(string $sortorder, string $sortfield, int $limit, int $offset, $filter = '') { require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; $extrafields = new ExtraFields($this->db); @@ -641,16 +641,27 @@ class Dolresource extends CommonObject $sql .= " WHERE t.entity IN (".getEntity('resource').")"; // Manage filter - if (!empty($filter)) { + if (is_array($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { $sql .= " AND ".$this->db->sanitize($key)." = '".$this->db->idate($value)."'"; } elseif (strpos($key, 'ef.') !== false) { - $sql .= ((float) $value); + $sql .= " AND ".$this->db->sanitize($key)." = ".((float) $value); } else { $sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; } } + + $filter = ''; + } + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + return -1; } $sql .= $this->db->order($sortfield, $sortorder); diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 4980565b264..679d4489ad9 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -782,16 +782,16 @@ class Ticket extends CommonObject /** * Load all objects in memory from database * - * @param User $user User for action - * @param string $sortorder Sort order - * @param string $sortfield Sort field - * @param int $limit page number - * @param int $offset Offset for query - * @param int $arch archive or not (not used) - * @param array $filter Filter for query - * @return int Return integer <0 if KO, >0 if OK + * @param User $user User for action + * @param string $sortorder Sort order + * @param string $sortfield Sort field + * @param int $limit Limit + * @param int $offset Offset page + * @param int $arch Archive or not (not used) + * @param string|array $filter Filter for query + * @return int Return integer <0 if KO, >0 if OK */ - public function fetchAll($user, $sortorder = 'ASC', $sortfield = 't.datec', $limit = 0, $offset = 0, $arch = 0, $filter = []) + public function fetchAll($user, $sortorder = 'ASC', $sortfield = 't.datec', $limit = 0, $offset = 0, $arch = 0, $filter = '') { global $langs, $extrafields; @@ -845,7 +845,7 @@ class Ticket extends CommonObject $sql .= " WHERE t.entity IN (".getEntity('ticket').")"; // Manage filter - if (!empty($filter)) { + if (is_array($filter)) { foreach ($filter as $key => $value) { if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year $sql .= " AND ".$this->db->sanitize($key)." = '".$this->db->escape($value)."'"; @@ -863,6 +863,17 @@ class Ticket extends CommonObject $sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'"; } } + + $filter = ''; + } + + // Manage filter + $errormessage = ''; + $sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage); + if ($errormessage) { + $this->errors[] = $errormessage; + dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR); + return -1; } // Case of external user