From 1d560c3623515ab12586b45de43bb445030c9465 Mon Sep 17 00:00:00 2001
From: "Laurent Destailleur (aka Eldy)" <eldy@destailleur.fr>
Date: Wed, 5 Feb 2025 14:11:32 +0100
Subject: [PATCH] Fix sql injection detection

---
 htdocs/don/class/donstats.class.php | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/htdocs/don/class/donstats.class.php b/htdocs/don/class/donstats.class.php
index b0e8440e2f7..50a482c9db0 100644
--- a/htdocs/don/class/donstats.class.php
+++ b/htdocs/don/class/donstats.class.php
@@ -91,11 +91,11 @@ class DonationStats extends Stats
 		$this->join = '';
 
 		if ($status == 0 || $status == 1 || $status == 2) {
-			$this->where = ' d.fk_statut IN ('.$this->db->sanitize($status).')';
+			$this->where = " d.fk_statut IN (".$this->db->sanitize($status).")";
 		} elseif ($status == 3) {
-			$this->where = ' d.fk_statut IN (-1)';
+			$this->where = " d.fk_statut IN (-1)";
 		} elseif ($status == 4) {
-			$this->where = ' d.fk_statut >= 0';
+			$this->where = " d.fk_statut >= 0";
 		}
 
 		$object = new Don($this->db);
@@ -105,14 +105,14 @@ class DonationStats extends Stats
 			$this->where .= " AND d.fk_soc = ".((int) $socid);
 		}
 
-		$this->where .= " AND d.entity = ".$conf->entity;
+		$this->where .= " AND d.entity = ".((int) $conf->entity);
 		if ($this->userid > 0) {
 			$this->where .= ' AND d.fk_user_author = '.((int) $this->userid);
 		}
 
 		if ($typentid) {
-			$this->join .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = d.fk_soc';
-			$this->where .= ' AND s.fk_typent = '.((int) $typentid);
+			$this->join .= " LEFT JOIN '.MAIN_DB_PREFIX.'societe as s ON s.rowid = d.fk_soc";
+			$this->where .= " AND s.fk_typent = ".((int) $typentid);
 		}
 	}
 
@@ -144,7 +144,7 @@ class DonationStats extends Stats
 	 */
 	public function getNbByYear()
 	{
-		$sql = "SELECT date_format(d.datedon,'%Y') as dm, COUNT(*) as nb, SUM(d.".$this->field.")";
+		$sql = "SELECT date_format(d.datedon,'%Y') as dm, COUNT(*) as nb, SUM(d.".$this->db->sanitize($this->field).")";
 		$sql .= " FROM ".$this->from;
 		$sql .= $this->join;
 		$sql .= " WHERE ".$this->where;
@@ -163,7 +163,7 @@ class DonationStats extends Stats
 	 */
 	public function getAmountByMonth($year, $format = 0)
 	{
-		$sql = "SELECT date_format(d.datedon,'%m') as dm, sum(d.".$this->field.")";
+		$sql = "SELECT date_format(d.datedon,'%m') as dm, sum(d.".$this->db->sanitize($this->field).")";
 		$sql .= " FROM ".$this->from;
 		$sql .= $this->join;
 		$sql .= " WHERE ".dolSqlDateFilter('d.datedon', 0, 0, (int) $year, 1);
@@ -182,7 +182,7 @@ class DonationStats extends Stats
 	 */
 	public function getAverageByMonth($year)
 	{
-		$sql = "SELECT date_format(d.datedon,'%m') as dm, avg(d.".$this->field.")";
+		$sql = "SELECT date_format(d.datedon,'%m') as dm, avg(d.".$this->db->sanitize($this->field).")";
 		$sql .= " FROM ".$this->from;
 		$sql .= $this->join;
 		$sql .= " WHERE ".dolSqlDateFilter('d.datedon', 0, 0, (int) $year, 1);
@@ -200,7 +200,7 @@ class DonationStats extends Stats
 	 */
 	public function getAllByYear()
 	{
-		$sql = "SELECT date_format(d.datedon,'%Y') as year, COUNT(*) as nb, SUM(d.".$this->field.") as total, AVG(".$this->field.") as avg";
+		$sql = "SELECT date_format(d.datedon,'%Y') as year, COUNT(*) as nb, SUM(d.".$this->db->sanitize($this->field).") as total, AVG(".$this->field.") as avg";
 		$sql .= " FROM ".$this->from;
 		$sql .= $this->join;
 		$sql .= " WHERE ".$this->where;