Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix escaping

Browse Source
This commit is contained in:
Laurent Destailleur 2020-09-19 23:30:29 +02:00
parent c191dd1a34
commit 216b3c885d
75 changed files with 486 additions and 436 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/adherents/class/api_members.class.php
View File

@ -227,7 +227,7 @@ class Members extends DolibarrApi
}
// Select members of given category
if ($category > 0) {
$sql .= " AND c.fk_categorie = ".$db->escape($category);
$sql .= " AND c.fk_categorie = ".$this->db->escape($category);
$sql .= " AND c.fk_member = t.rowid ";
}
// Add sql filters
@ -239,23 +239,23 @@ class Members extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {
$page = 0;
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result) {
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min) {
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$member = new Adherent($this->db);
if ($member->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($member);
@ -263,7 +263,7 @@ class Members extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve member list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve member list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No member found');

12
htdocs/adherents/class/api_memberstypes.class.php
View File

@ -109,23 +109,23 @@ class MembersTypes extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {
$page = 0;
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result) {
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min) {
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$membertype = new AdherentType($this->db);
if ($membertype->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($membertype);
@ -133,7 +133,7 @@ class MembersTypes extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve member type list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve member type list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No member type found');

12
htdocs/adherents/class/api_subscriptions.class.php
View File

@ -107,22 +107,22 @@ class Subscriptions extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {
$page = 0;
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result) {
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
while ($i < min($limit, $num)) {
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$subscription = new Subscription($this->db);
if ($subscription->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($subscription);
@ -130,7 +130,7 @@ class Subscriptions extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve subscription list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve subscription list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No Subscription found');

7
htdocs/admin/menus/edit.php
View File

@ -233,24 +233,25 @@ if ($action == 'add')
// delete
if ($action == 'confirm_delete' && $_POST["confirm"] == 'yes')
{
$this->db->begin();
$db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."menu WHERE rowid = ".GETPOST('menuId', 'int');
$result = $db->query($sql);
if ($result == 0)
{
$this->db->commit();
$db->commit();
llxHeader();
setEventMessages($langs->trans("MenuDeleted"), null, 'mesgs');
llxFooter();
exit;
} else {
$this->db->rollback();
$db->rollback();
$reload = 0;
$_GET["action"] = '';
$action = '';
}
}

24
htdocs/api/class/api_access.class.php
View File

@ -59,6 +59,16 @@ class DolibarrApiAccess implements iAuthenticate
*/
public static $user = '';
/**
* Constructor
*/
public function __construct()
{
global $db;
$this->db = $db;
}
// phpcs:disable PEAR.NamingConventions.ValidFunctionName
/**
* Check access
@ -107,15 +117,15 @@ class DolibarrApiAccess implements iAuthenticate
$sql = "SELECT u.login, u.datec, u.api_key, ";
$sql .= " u.tms as date_modification, u.entity";
$sql .= " FROM ".MAIN_DB_PREFIX."user as u";
$sql .= " WHERE u.api_key = '".$db->escape($api_key)."'";
$sql .= " WHERE u.api_key = '".$this->db->escape($api_key)."'";
// TODO Check if 2 users has same API key.
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
if ($db->num_rows($result))
if ($this->db->num_rows($result))
{
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$login = $obj->login;
$stored_key = $obj->api_key;
$userentity = $obj->entity;
@ -125,11 +135,11 @@ class DolibarrApiAccess implements iAuthenticate
$conf->entity = ($obj->entity ? $obj->entity : 1);
// We must also reload global conf to get params from the entity
dol_syslog("Entity was not set on http header with HTTP_DOLAPIENTITY (recommanded for performance purpose), so we switch now on entity of user (".$conf->entity.") and we have to reload configuration.", LOG_WARNING);
$conf->setValues($db);
$conf->setValues($this->db);
}
}
} else {
throw new RestException(503, 'Error when fetching user api_key :'.$db->error_msg);
throw new RestException(503, 'Error when fetching user api_key :'.$this->db->error_msg);
}
if ($stored_key != $api_key) { // This should not happen since we did a search on api_key
@ -141,7 +151,7 @@ class DolibarrApiAccess implements iAuthenticate
{
throw new RestException(503, 'Error when searching login user from api key');
}
$fuser = new User($db);
$fuser = new User($this->db);
$result = $fuser->fetch('', $login, '', 0, (empty($userentity) ? -1 : $conf->entity)); // If user is not entity 0, we search in working entity $conf->entity (that may have been forced to a different value than user entity)
if ($result <= 0) {
throw new RestException(503, 'Error when fetching user :'.$fuser->error.' (conf->entity='.$conf->entity.')');

14
htdocs/bom/class/api_boms.class.php
View File

@ -99,7 +99,7 @@ class Boms extends DolibarrApi
global $db, $conf;
$obj_ret = array();
$tmpobject = new BOM($db);
$tmpobject = new BOM($this->db);
$socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : '';
@ -139,7 +139,7 @@ class Boms extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -147,18 +147,18 @@ class Boms extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$i = 0;
while ($i < $num)
{
$obj = $db->fetch_object($result);
$bom_static = new BOM($db);
$obj = $this->db->fetch_object($result);
$bom_static = new BOM($this->db);
if ($bom_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($bom_static);
}

14
htdocs/categories/class/api_categories.class.php
View File

@ -155,7 +155,7 @@ class Categories extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -163,19 +163,19 @@ class Categories extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min)
{
$obj = $db->fetch_object($result);
$category_static = new Categorie($db);
$obj = $this->db->fetch_object($result);
$category_static = new Categorie($this->db);
if ($category_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($category_static);
}
@ -183,7 +183,7 @@ class Categories extends DolibarrApi
}
}
else {
throw new RestException(503, 'Error when retrieve category list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve category list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No category found');

14
htdocs/comm/action/class/api_agendaevents.class.php
View File

@ -148,7 +148,7 @@ class AgendaEvents extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -156,27 +156,27 @@ class AgendaEvents extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min)
{
$obj = $db->fetch_object($result);
$actioncomm_static = new ActionComm($db);
$obj = $this->db->fetch_object($result);
$actioncomm_static = new ActionComm($this->db);
if ($actioncomm_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($actioncomm_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve Agenda Event list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve Agenda Event list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No Agenda Event found');

14
htdocs/comm/propal/class/api_proposals.class.php
View File

@ -190,7 +190,7 @@ class Proposals extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -198,21 +198,21 @@ class Proposals extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
dol_syslog("API Rest request");
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
$i = 0;
while ($i < $min)
{
$obj = $db->fetch_object($result);
$proposal_static = new Propal($db);
$obj = $this->db->fetch_object($result);
$proposal_static = new Propal($this->db);
if ($proposal_static->fetch($obj->rowid)) {
// Add external contacts ids
$proposal_static->contacts_ids = $proposal_static->liste_contact(-1, 'external', 1);
@ -221,7 +221,7 @@ class Proposals extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve propal list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve propal list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No proposal found');

2
htdocs/comm/propal/list.php
View File

@ -361,7 +361,7 @@ if ($search_product_category > 0) $sql .= " AND cp.fk_categorie = ".$db->escape(
if ($socid > 0) $sql .= ' AND s.rowid = '.$socid;
if ($search_status != '' && $search_status != '-1')
{
$sql .= ' AND p.fk_statut IN ('.$this->db->sanitize($db->escape($search_status)).')';
$sql .= ' AND p.fk_statut IN ('.$db->sanitize($db->escape($search_status)).')';
}
if ($search_date_start) $sql .= " AND p.datep >= '".$db->idate($search_date_start)."'";
if ($search_date_end) $sql .= " AND p.datep <= '".$db->idate($search_date_end)."'";

2
htdocs/comm/propal/stats/index.php
View File

@ -101,7 +101,7 @@ dol_mkdir($dir);
$stats = new PropaleStats($db, $socid, ($userid > 0 ? $userid : 0), $mode, ($typent_id > 0 ? $typent_id : 0), ($categ_id > 0 ? $categ_id : 0));
if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND p.fk_statut IN ('.$this->db->sanitize($db->escape($object_status)).')';
if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND p.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')';
// Build graphic number of object
$data = $stats->getNbByMonthWithPrevYear($endyear, $startyear);

2
htdocs/commande/card.php
View File

@ -417,7 +417,7 @@ if (empty($reshook))
$originidforcontact=$srcobject->origin_id;
}
$sqlcontact = "SELECT code, fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
$sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$originforcontact."'";
$sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'";
$resqlcontact = $db->query($sqlcontact);
if ($resqlcontact)

14
htdocs/commande/class/api_orders.class.php
View File

@ -193,7 +193,7 @@ class Orders extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -201,21 +201,21 @@ class Orders extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
dol_syslog("API Rest request");
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
$i = 0;
while ($i < $min)
{
$obj = $db->fetch_object($result);
$commande_static = new Commande($db);
$obj = $this->db->fetch_object($result);
$commande_static = new Commande($this->db);
if ($commande_static->fetch($obj->rowid)) {
// Add external contacts ids
$commande_static->contacts_ids = $commande_static->liste_contact(-1, 'external', 1);
@ -224,7 +224,7 @@ class Orders extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve commande list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve commande list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No order found');

2
htdocs/commande/class/commande.class.php
View File

@ -1122,7 +1122,7 @@ class Commande extends CommonOrder
}
$sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
$sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$originforcontact."'";
$sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
$resqlcontact = $this->db->query($sqlcontact);
if ($resqlcontact)

4
htdocs/commande/orderstoinvoice.php
View File

@ -199,9 +199,9 @@ if (($action == 'create' || $action == 'add') && !$error)
$sql .= ", targettype";
$sql .= ") VALUES (";
$sql .= $origin_id;
$sql .= ", '".$object->origin."'";
$sql .= ", '".$db->escape($object->origin)."'";
$sql .= ", ".$id;
$sql .= ", '".$object->element."'";
$sql .= ", '".$db->escape($object->element)."'";
$sql .= ")";
if ($db->query($sql))

4
htdocs/commande/stats/index.php
View File

@ -94,11 +94,11 @@ dol_mkdir($dir);
$stats = new CommandeStats($db, $socid, $mode, ($userid > 0 ? $userid : 0), ($typent_id > 0 ? $typent_id : 0), ($categ_id > 0 ? $categ_id : 0));
if ($mode == 'customer')
{
if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND c.fk_statut IN ('.$this->db->sanitize($db->escape($object_status)).')';
if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')';
}
if ($mode == 'supplier')
{
if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND c.fk_statut IN ('.$this->db->sanitize($db->escape($object_status)).')';
if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')';
}

20
htdocs/compta/bank/class/account.class.php
View File

@ -390,11 +390,11 @@ class Account extends CommonObject
$sql .= ", label";
$sql .= ", type";
$sql .= ") VALUES (";
$sql .= "'".$line_id."'";
$sql .= ", '".$url_id."'";
$sql .= ", '".$url."'";
$sql .= " ".((int) $line_id);
$sql .= ", '".$this->db->escape($url_id)."'";
$sql .= ", '".$this->db->escape($url)."'";
$sql .= ", '".$this->db->escape($label)."'";
$sql .= ", '".$type."'";
$sql .= ", '".$this->db->escape($type)."'";
$sql .= ")";
dol_syslog(get_class($this)."::add_url_line", LOG_DEBUG);
@ -434,7 +434,7 @@ class Account extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."bank_url";
if ($fk_bank > 0) {
$sql .= " WHERE fk_bank = ".$fk_bank;
} else { $sql .= " WHERE url_id = ".$url_id." AND type = '".$type."'";
} else { $sql .= " WHERE url_id = ".$url_id." AND type = '".$this->db->escape($type)."'";
}
$sql .= " ORDER BY type, label";
@ -1315,7 +1315,7 @@ class Account extends CommonObject
*
* @return int Nb of account we can reconciliate
*/
public static function countAccountToReconcile()
public function countAccountToReconcile()
{
global $db, $conf, $user;
@ -1331,12 +1331,12 @@ class Account extends CommonObject
$sql .= " WHERE ba.rappro > 0 and ba.clos = 0";
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
if (empty($conf->global->BANK_CAN_RECONCILIATE_CASHACCOUNT)) $sql .= " AND ba.courant != 2";
$resql = $db->query($sql);
$resql = $this->db->query($sql);
if ($resql)
{
$obj = $db->fetch_object($resql);
$obj = $this->db->fetch_object($resql);
$nb = $obj->nb;
} else dol_print_error($db);
} else dol_print_error($this->db);
return $nb;
}
@ -2421,7 +2421,7 @@ class AccountLine extends CommonObject
$type = 'bank';
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$type."' AND ab.fk_doc = ".$this->id;
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id;
$resql = $this->db->query($sql);
if ($resql)
{

2
htdocs/compta/bank/class/paymentvarious.class.php
View File

@ -710,7 +710,7 @@ class PaymentVarious extends CommonObject
$type = 'bank';
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$type."' AND ab.fk_doc = ".$banklineid;
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$banklineid;
$resql = $this->db->query($sql);
if ($resql)
{

28
htdocs/compta/bank/graph.php
View File

@ -130,8 +130,8 @@ if ($result < 0)
$sql .= ", ".MAIN_DB_PREFIX."bank_account as ba";
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
$sql .= " AND b.datev >= '".$year."-".$month."-01 00:00:00'";
$sql .= " AND b.datev < '".$yearnext."-".$monthnext."-01 00:00:00'";
$sql .= " AND b.datev >= '".$db->escape($year)."-".$db->escape($month)."-01 00:00:00'";
$sql .= " AND b.datev < '".$db->escape($yearnext)."-".$db->escape($monthnext)."-01 00:00:00'";
if ($account && $_GET["option"] != 'all') $sql .= " AND b.fk_account IN (".$account.")";
$sql .= " GROUP BY date_format(b.datev,'%Y%m%d')";
@ -159,7 +159,7 @@ if ($result < 0)
$sql .= ", ".MAIN_DB_PREFIX."bank_account as ba";
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
$sql .= " AND b.datev < '".$year."-".sprintf("%02s", $month)."-01'";
$sql .= " AND b.datev < '".$db->escape($year)."-".sprintf("%02s", $month)."-01'";
if ($account && $_GET["option"] != 'all') $sql .= " AND b.fk_account IN (".$account.")";
$resql = $db->query($sql);
@ -267,8 +267,8 @@ if ($result < 0)
$sql .= ", ".MAIN_DB_PREFIX."bank_account as ba";
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
$sql .= " AND b.datev >= '".$year."-01-01 00:00:00'";
$sql .= " AND b.datev <= '".$year."-12-31 23:59:59'";
$sql .= " AND b.datev >= '".$db->escape($year)."-01-01 00:00:00'";
$sql .= " AND b.datev <= '".$db->escape($year)."-12-31 23:59:59'";
if ($account && $_GET["option"] != 'all') $sql .= " AND b.fk_account IN (".$account.")";
$sql .= " GROUP BY date_format(b.datev,'%Y%m%d')";
@ -296,7 +296,7 @@ if ($result < 0)
$sql .= ", ".MAIN_DB_PREFIX."bank_account as ba";
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
$sql .= " AND b.datev < '".$year."-01-01'";
$sql .= " AND b.datev < '".$db->escape($year)."-01-01'";
if ($account && $_GET["option"] != 'all') $sql .= " AND b.fk_account IN (".$account.")";
$resql = $db->query($sql);
@ -519,8 +519,8 @@ if ($result < 0)
$sql .= ", ".MAIN_DB_PREFIX."bank_account as ba";
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
$sql .= " AND b.datev >= '".$year."-".$month."-01 00:00:00'";
$sql .= " AND b.datev < '".$yearnext."-".$monthnext."-01 00:00:00'";
$sql .= " AND b.datev >= '".$db->escape($year)."-".$db->escape($month)."-01 00:00:00'";
$sql .= " AND b.datev < '".$db->escape($yearnext)."-".$db->escape($monthnext)."-01 00:00:00'";
$sql .= " AND b.amount > 0";
if ($account && $_GET["option"] != 'all') $sql .= " AND b.fk_account IN (".$account.")";
$sql .= " GROUP BY date_format(b.datev,'%d')";
@ -555,8 +555,8 @@ if ($result < 0)
$sql .= ", ".MAIN_DB_PREFIX."bank_account as ba";
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
$sql .= " AND b.datev >= '".$year."-".$month."-01 00:00:00'";
$sql .= " AND b.datev < '".$yearnext."-".$monthnext."-01 00:00:00'";
$sql .= " AND b.datev >= '".$db->escape($year)."-".$db->escape($month)."-01 00:00:00'";
$sql .= " AND b.datev < '".$db->escape($yearnext)."-".$db->escape($monthnext)."-01 00:00:00'";
$sql .= " AND b.amount < 0";
if ($account && $_GET["option"] != 'all') $sql .= " AND b.fk_account IN (".$account.")";
$sql .= " GROUP BY date_format(b.datev,'%d')";
@ -632,8 +632,8 @@ if ($result < 0)
$sql .= ", ".MAIN_DB_PREFIX."bank_account as ba";
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
$sql .= " AND b.datev >= '".$year."-01-01 00:00:00'";
$sql .= " AND b.datev <= '".$year."-12-31 23:59:59'";
$sql .= " AND b.datev >= '".$db->escape($year)."-01-01 00:00:00'";
$sql .= " AND b.datev <= '".$db->escape($year)."-12-31 23:59:59'";
$sql .= " AND b.amount > 0";
if ($account && $_GET["option"] != 'all') $sql .= " AND b.fk_account IN (".$account.")";
$sql .= " GROUP BY date_format(b.datev,'%m');";
@ -659,8 +659,8 @@ if ($result < 0)
$sql .= ", ".MAIN_DB_PREFIX."bank_account as ba";
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND ba.entity IN (".getEntity('bank_account').")";
$sql .= " AND b.datev >= '".$year."-01-01 00:00:00'";
$sql .= " AND b.datev <= '".$year."-12-31 23:59:59'";
$sql .= " AND b.datev >= '".$db->escape($year)."-01-01 00:00:00'";
$sql .= " AND b.datev <= '".$db->escape($year)."-12-31 23:59:59'";
$sql .= " AND b.amount < 0";
if ($account && $_GET["option"] != 'all') $sql .= " AND b.fk_account IN (".$account.")";
$sql .= " GROUP BY date_format(b.datev,'%m')";

14
htdocs/compta/bank/line.php
View File

@ -138,15 +138,15 @@ if ($user->rights->banque->modifier && $action == "update")
$sql = "UPDATE ".MAIN_DB_PREFIX."bank";
$sql .= " SET ";
// Always opened
if (isset($_POST['value'])) $sql .= " fk_type='".$db->escape($_POST['value'])."',";
if (isset($_POST['num_chq'])) $sql .= " num_chq='".$db->escape($_POST["num_chq"])."',";
if (isset($_POST['banque'])) $sql .= " banque='".$db->escape($_POST["banque"])."',";
if (isset($_POST['emetteur'])) $sql .= " emetteur='".$db->escape($_POST["emetteur"])."',";
if (isset($_POST['value'])) $sql .= " fk_type='".$db->escape(GETPOST('value'))."',";
if (isset($_POST['num_chq'])) $sql .= " num_chq='".$db->escape(GETPOST("num_chq"))."',";
if (isset($_POST['banque'])) $sql .= " banque='".$db->escape(GETPOST("banque"))."',";
if (isset($_POST['emetteur'])) $sql .= " emetteur='".$db->escape(GETPOST("emetteur"))."',";
// Blocked when conciliated
if (!$acline->rappro)
{
if (isset($_POST['label'])) $sql .= " label='".$db->escape($_POST["label"])."',";
if (isset($_POST['amount'])) $sql .= " amount='".$amount."',";
if (isset($_POST['label'])) $sql .= " label = '".$db->escape(GETPOST("label"))."',";
if (isset($_POST['amount'])) $sql .= " amount= '".$db->escape($amount)."',";
if (isset($_POST['dateomonth'])) $sql .= " dateo = '".$db->idate($dateop)."',";
if (isset($_POST['datevmonth'])) $sql .= " datev = '".$db->idate($dateval)."',";
}
@ -212,7 +212,7 @@ if ($user->rights->banque->consolidate && ($action == 'num_releve' || $action ==
$db->begin();
$sql = "UPDATE ".MAIN_DB_PREFIX."bank";
$sql .= " SET num_releve=".($num_rel ? "'".$num_rel."'" : "null");
$sql .= " SET num_releve=".($num_rel ? "'".$db->escape($num_rel)."'" : "null");
if (empty($num_rel)) $sql .= ", rappro = 0";
else $sql .= ", rappro = ".$rappro;
$sql .= " WHERE rowid = ".$rowid;

4
htdocs/compta/cashcontrol/report.php
View File

@ -297,8 +297,8 @@ if ($resql)
/*
$sql = "UPDATE ".MAIN_DB_PREFIX."pos_cash_fence ";
$sql .= "SET";
$sql .= " cash='".$cash."'";
$sql .= ", card='".$bank."'";
$sql .= " cash='".$db->escape($cash)."'";
$sql .= ", card='".$db->escape($bank)."'";
$sql .= " where rowid=".$id;
$db->query($sql);
*/

2
htdocs/compta/clients.php
View File

@ -66,7 +66,7 @@ $thirdpartystatic = new Societe($db);
if ($action == 'note')
{
$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET note='".$note."' WHERE rowid=".$socid;
$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET note='".$db->escape($note)."' WHERE rowid=".$socid;
$result = $db->query($sql);
}

4
htdocs/compta/deplacement/class/deplacementstats.class.php
View File

@ -122,7 +122,7 @@ class DeplacementStats extends Stats
{
$sql = "SELECT date_format(dated,'%m') as dm, sum(".$this->field.")";
$sql .= " FROM ".$this->from;
$sql .= " WHERE date_format(dated,'%Y') = '".$year."'";
$sql .= " WHERE date_format(dated,'%Y') = '".$this->db->escape($year)."'";
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
@ -142,7 +142,7 @@ class DeplacementStats extends Stats
{
$sql = "SELECT date_format(dated,'%m') as dm, avg(".$this->field.")";
$sql .= " FROM ".$this->from;
$sql .= " WHERE date_format(dated,'%Y') = '".$year."'";
$sql .= " WHERE date_format(dated,'%Y') = '".$this->db->escape($year)."'";
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');

2
htdocs/compta/facture/card.php
View File

@ -1664,7 +1664,7 @@ if (empty($reshook))
$originidforcontact=$srcobject->origin_id;
}
$sqlcontact = "SELECT code, fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
$sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$originforcontact."'";
$sqlcontact.= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$db->escape($originforcontact)."'";
$resqlcontact = $db->query($sqlcontact);
if ($resqlcontact)

14
htdocs/compta/facture/class/api_invoices.class.php
View File

@ -207,7 +207,7 @@ class Invoices extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit)
{
if ($page < 0)
@ -216,19 +216,19 @@ class Invoices extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min)
{
$obj = $db->fetch_object($result);
$invoice_static = new Facture($db);
$obj = $this->db->fetch_object($result);
$invoice_static = new Facture($this->db);
if ($invoice_static->fetch($obj->rowid))
{
// Get payment details
@ -245,7 +245,7 @@ class Invoices extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve invoice list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve invoice list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No invoice found');

34
htdocs/compta/facture/class/facture-rec.class.php
View File

@ -277,8 +277,8 @@ class FactureRec extends CommonInvoice
$sql .= ", ".(!empty($this->note_public) ? ("'".$this->db->escape($this->note_public)."'") : "NULL");
$sql .= ", ".(!empty($this->modelpdf) ? ("'".$this->db->escape($this->modelpdf)."'") : "NULL");
$sql .= ", '".$this->db->escape($user->id)."'";
$sql .= ", ".(!empty($facsrc->fk_project) ? "'".$facsrc->fk_project."'" : "null");
$sql .= ", ".(!empty($facsrc->fk_account) ? "'".$facsrc->fk_account."'" : "null");
$sql .= ", ".(!empty($facsrc->fk_project) ? "'".$this->db->escape($facsrc->fk_project)."'" : "null");
$sql .= ", ".(!empty($facsrc->fk_account) ? "'".$this->db->escape($facsrc->fk_account)."'" : "null");
$sql .= ", ".($facsrc->cond_reglement_id > 0 ? $this->db->escape($facsrc->cond_reglement_id) : "null");
$sql .= ", ".($facsrc->mode_reglement_id > 0 ? $this->db->escape($facsrc->mode_reglement_id) : "null");
$sql .= ", ".$this->usenewprice;
@ -921,7 +921,7 @@ class FactureRec extends CommonInvoice
$sql .= ", fk_unit";
$sql .= ', fk_multicurrency, multicurrency_code, multicurrency_subprice, multicurrency_total_ht, multicurrency_total_tva, multicurrency_total_ttc';
$sql .= ") VALUES (";
$sql .= "'".$facid."'";
$sql .= " ".((int) $facid);
$sql .= ", ".(!empty($label) ? "'".$this->db->escape($label)."'" : "null");
$sql .= ", '".$this->db->escape($desc)."'";
$sql .= ", ".price2num($pu_ht);
@ -932,7 +932,7 @@ class FactureRec extends CommonInvoice
$sql .= ", '".$this->db->escape($localtaxes_type[0])."'";
$sql .= ", ".price2num($txlocaltax2);
$sql .= ", '".$this->db->escape($localtaxes_type[2])."'";
$sql .= ", ".(!empty($fk_product) ? "'".$fk_product."'" : "null");
$sql .= ", ".(!empty($fk_product) ? "'".$this->db->escape($fk_product)."'" : "null");
$sql .= ", ".$product_type;
$sql .= ", ".price2num($remise_percent);
$sql .= ", ".price2num($pu_ht);
@ -1083,7 +1083,7 @@ class FactureRec extends CommonInvoice
}
$sql = "UPDATE ".MAIN_DB_PREFIX."facturedet_rec SET ";
$sql .= "fk_facture = '".$facid."'";
$sql .= "fk_facture = ".((int) $facid);
$sql .= ", label=".(!empty($label) ? "'".$this->db->escape($label)."'" : "null");
$sql .= ", description='".$this->db->escape($desc)."'";
$sql .= ", price=".price2num($pu_ht);
@ -1094,7 +1094,7 @@ class FactureRec extends CommonInvoice
$sql .= ", localtax1_type='".$this->db->escape($localtaxes_type[0])."'";
$sql .= ", localtax2_tx=".$txlocaltax2;
$sql .= ", localtax2_type='".$this->db->escape($localtaxes_type[2])."'";
$sql .= ", fk_product=".(!empty($fk_product) ? "'".$fk_product."'" : "null");
$sql .= ", fk_product=".(!empty($fk_product) ? "'".$this->db->escape($fk_product)."'" : "null");
$sql .= ", product_type=".$product_type;
$sql .= ", remise_percent='".price2num($remise_percent)."'";
$sql .= ", subprice='".price2num($pu_ht)."'";
@ -1194,13 +1194,13 @@ class FactureRec extends CommonInvoice
$sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX.'facture_rec';
$sql .= ' WHERE frequency > 0'; // A recurring invoice is an invoice with a frequency
$sql .= " AND (date_when IS NULL OR date_when <= '".$db->idate($today)."')";
$sql .= " AND (date_when IS NULL OR date_when <= '".$this->db->idate($today)."')";
$sql .= ' AND (nb_gen_done < nb_gen_max OR nb_gen_max = 0)';
$sql .= ' AND suspended = 0';
$sql .= ' AND entity = '.$conf->entity; // MUST STAY = $conf->entity here
if ($restrictioninvoiceid > 0)
$sql .= ' AND rowid = '.$restrictioninvoiceid;
$sql .= $db->order('entity', 'ASC');
$sql .= $this->db->order('entity', 'ASC');
//print $sql;exit;
$parameters = array(
'restrictioninvoiceid' => $restrictioninvoiceid,
@ -1208,11 +1208,11 @@ class FactureRec extends CommonInvoice
);
$reshook = $hookmanager->executeHooks('beforeCreationOfRecurringInvoices', $parameters, $sql); // note that $sql might be modified by hooks
$resql = $db->query($sql);
$resql = $this->db->query($sql);
if ($resql)
{
$i = 0;
$num = $db->num_rows($resql);
$num = $this->db->num_rows($resql);
if ($num)
$this->output .= $langs->trans("FoundXQualifiedRecurringInvoiceTemplate", $num)."\n";
@ -1222,14 +1222,14 @@ class FactureRec extends CommonInvoice
while ($i < $num) // Loop on each template invoice. If $num = 0, test is false at first pass.
{
$line = $db->fetch_object($resql);
$line = $this->db->fetch_object($resql);
$db->begin();
$this->db->begin();
$invoiceidgenerated = 0;
$facture = null;
$facturerec = new FactureRec($db);
$facturerec = new FactureRec($this->db);
$facturerec->fetch($line->rowid);
if ($facturerec->id > 0)
@ -1239,7 +1239,7 @@ class FactureRec extends CommonInvoice
dol_syslog("createRecurringInvoices Process invoice template id=".$facturerec->id.", ref=".$facturerec->ref.", entity=".$facturerec->entity);
$facture = new Facture($db);
$facture = new Facture($this->db);
$facture->fac_rec = $facturerec->id; // We will create $facture from this recurring invoice
$facture->fk_fac_rec_source = $facturerec->id; // We will create $facture from this recurring invoice
@ -1286,12 +1286,12 @@ class FactureRec extends CommonInvoice
if (!$error && $invoiceidgenerated >= 0)
{
$db->commit("createRecurringInvoices Process invoice template id=".$facturerec->id.", ref=".$facturerec->ref);
$this->db->commit("createRecurringInvoices Process invoice template id=".$facturerec->id.", ref=".$facturerec->ref);
dol_syslog("createRecurringInvoices Process invoice template ".$facturerec->ref." is finished with a success generation");
$nb_create++;
$this->output .= $langs->trans("InvoiceGeneratedFromTemplate", $facture->ref, $facturerec->ref)."\n";
} else {
$db->rollback("createRecurringInvoices Process invoice template id=".$facturerec->id.", ref=".$facturerec->ref);
$this->db->rollback("createRecurringInvoices Process invoice template id=".$facturerec->id.", ref=".$facturerec->ref);
}
$parameters = array(
@ -1308,7 +1308,7 @@ class FactureRec extends CommonInvoice
}
$conf->entity = $saventity; // Restore entity context
} else dol_print_error($db);
} else dol_print_error($this->db);
$this->output = trim($this->output);

6
htdocs/compta/facture/class/facture.class.php
View File

@ -612,7 +612,7 @@ class Facture extends CommonInvoice
$sql .= ", ".setEntity($this);
$sql .= ", ".($this->ref_ext ? "'".$this->db->escape($this->ref_ext)."'" : "null");
$sql .= ", '".$this->db->escape($this->type)."'";
$sql .= ", '".$socid."'";
$sql .= ", ".((int) $socid);
$sql .= ", '".$this->db->idate($now)."'";
$sql .= ", ".($this->remise_absolue > 0 ? $this->remise_absolue : 'NULL');
$sql .= ", ".($this->remise_percent > 0 ? $this->remise_percent : 'NULL');
@ -627,7 +627,7 @@ class Facture extends CommonInvoice
$sql .= ", ".($this->pos_source != '' ? "'".$this->db->escape($this->pos_source)."'" : "null");
$sql .= ", ".($this->fk_fac_rec_source ? "'".$this->db->escape($this->fk_fac_rec_source)."'" : "null");
$sql .= ", ".($this->fk_facture_source ? "'".$this->db->escape($this->fk_facture_source)."'" : "null");
$sql .= ", ".($user->id > 0 ? "'".$user->id."'" : "null");
$sql .= ", ".($user->id > 0 ? (int) $user->id : "null");
$sql .= ", ".($this->fk_project ? $this->fk_project : "null");
$sql .= ", ".$this->cond_reglement_id;
$sql .= ", ".$this->mode_reglement_id;
@ -715,7 +715,7 @@ class Facture extends CommonInvoice
}
$sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
$sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$originforcontact."'";
$sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
$resqlcontact = $this->db->query($sqlcontact);
if ($resqlcontact)

4
htdocs/compta/facture/stats/index.php
View File

@ -94,7 +94,7 @@ dol_mkdir($dir);
$stats = new FactureStats($db, $socid, $mode, ($userid > 0 ? $userid : 0), ($typent_id > 0 ? $typent_id : 0), ($categ_id > 0 ? $categ_id : 0));
if ($mode == 'customer')
{
if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND f.fk_statut IN ('.$this->db->sanitize($db->escape($object_status)).')';
if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND f.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')';
if (is_array($custcats) && !empty($custcats)) {
$stats->from .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_societe as cat ON (f.fk_soc = cat.fk_soc)';
$stats->where .= ' AND cat.fk_categorie IN ('.implode(',', $custcats).')';
@ -102,7 +102,7 @@ if ($mode == 'customer')
}
if ($mode == 'supplier')
{
if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND f.fk_statut IN ('.$this->db->sanitize($db->escape($object_status)).')';
if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND f.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')';
}
// Build graphic number of object

2
htdocs/compta/journal/purchasesjournal.php
View File

@ -106,7 +106,7 @@ $sql .= " s.rowid as socid, s.nom as name, s.code_compta_fournisseur,";
$sql .= " p.rowid as pid, p.ref as ref, p.accountancy_code_buy,";
$sql .= " ct.accountancy_code_buy as account_tva, ct.recuperableonly";
$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn_det as fd";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_tva as ct ON fd.tva_tx = ct.taux AND fd.info_bits = ct.recuperableonly AND ct.fk_pays = '".$idpays."'";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_tva as ct ON fd.tva_tx = ct.taux AND fd.info_bits = ct.recuperableonly AND ct.fk_pays = ".((int) $idpays);
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = fd.fk_product";
$sql .= " JOIN ".MAIN_DB_PREFIX."facture_fourn as f ON f.rowid = fd.fk_facture_fourn";
$sql .= " JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";

2
htdocs/compta/journal/sellsjournal.php
View File

@ -109,7 +109,7 @@ $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as fd";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON p.rowid = fd.fk_product";
$sql .= " JOIN ".MAIN_DB_PREFIX."facture as f ON f.rowid = fd.fk_facture";
$sql .= " JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = f.fk_soc";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_tva ct ON fd.tva_tx = ct.taux AND fd.info_bits = ct.recuperableonly AND ct.fk_pays = '".$idpays."'";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_tva ct ON fd.tva_tx = ct.taux AND fd.info_bits = ct.recuperableonly AND ct.fk_pays = ".((int) $idpays);
$sql .= " WHERE f.entity IN (".getEntity('invoice').")";
$sql .= " AND f.fk_statut > 0";
if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) {

4
htdocs/compta/paiement/cheque/card.php
View File

@ -57,7 +57,7 @@ $offset = $limit * $page;
$dir = $conf->bank->dir_output.'/checkdeposits/';
$filterdate = dol_mktime(0, 0, 0, GETPOST('fdmonth'), GETPOST('fdday'), GETPOST('fdyear'));
$filteraccountid = GETPOST('accountid');
$filteraccountid = GETPOST('accountid', 'int');
$object = new RemiseCheque($db);
@ -394,7 +394,7 @@ if ($action == 'new')
$sql .= " AND b.fk_bordereau = 0";
$sql .= " AND b.amount > 0";
if ($filterdate) $sql .= " AND b.dateo = '".$db->idate($filterdate)."'";
if ($filteraccountid > 0) $sql .= " AND ba.rowid= '".$filteraccountid."'";
if ($filteraccountid > 0) $sql .= " AND ba.rowid = ".((int) $filteraccountid);
$sql .= $db->order("b.dateo,b.rowid", "ASC");
$resql = $db->query($sql);

10
htdocs/compta/paiement/cheque/class/remisecheque.class.php
View File

@ -211,7 +211,7 @@ class RemiseCheque extends CommonObject
$sql .= " WHERE b.fk_type = 'CHQ'";
$sql .= " AND b.amount > 0";
$sql .= " AND b.fk_bordereau = 0";
$sql .= " AND b.fk_account='".$account_id."'";
$sql .= " AND b.fk_account = ".((int) $account_id);
if ($limit) $sql .= $this->db->plimit($limit);
dol_syslog("RemiseCheque::Create", LOG_DEBUG);
@ -775,18 +775,18 @@ class RemiseCheque extends CommonObject
$sql .= ' FROM '.MAIN_DB_PREFIX.'paiement_facture as pf';
$sql .= ' WHERE pf.fk_paiement = '.$payment->id;
$resql = $db->query($sql);
$resql = $this->db->query($sql);
if ($resql)
{
$rejectedPayment = new Paiement($db);
$rejectedPayment = new Paiement($this->db);
$rejectedPayment->amounts = array();
$rejectedPayment->datepaye = $rejection_date;
$rejectedPayment->paiementid = dol_getIdFromCode($this->db, 'CHQ', 'c_paiement', 'code', 'id', 1);
$rejectedPayment->num_payment = $payment->num_payment;
while ($obj = $db->fetch_object($resql))
while ($obj = $this->db->fetch_object($resql))
{
$invoice = new Facture($db);
$invoice = new Facture($this->db);
$invoice->fetch($obj->fk_facture);
$invoice->set_unpaid($user);

2
htdocs/compta/paiement/class/paiement.class.php
View File

@ -800,7 +800,7 @@ class Paiement extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX.'bank';
$sql .= " SET dateo = '".$this->db->idate($date)."', datev = '".$this->db->idate($date)."'";
$sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$type."' AND url_id = ".$this->id.")";
$sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".$this->id.")";
$sql .= " AND rappro = 0";
$result = $this->db->query($sql);

20
htdocs/compta/prelevement/class/bonprelevement.class.php
View File

@ -205,9 +205,9 @@ class BonPrelevement extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."prelevement_lignes";
$sql .= " WHERE fk_prelevement_bons = ".$this->id;
$sql .= " AND fk_soc =".$client_id;
$sql .= " AND code_banque ='".$code_banque."'";
$sql .= " AND code_guichet ='".$code_guichet."'";
$sql .= " AND number ='".$number."'";
$sql .= " AND code_banque = '".$this->db->escape($code_banque)."'";
$sql .= " AND code_guichet = '".$this->db->escape($code_guichet)."'";
$sql .= " AND number = '".$this->db->escape($number)."'";
$resql = $this->db->query($sql);
if ($resql)
@ -234,10 +234,10 @@ class BonPrelevement extends CommonObject
$sql .= ", ".$client_id;
$sql .= ", '".$this->db->escape($client_nom)."'";
$sql .= ", '".price2num($amount)."'";
$sql .= ", '".$code_banque."'";
$sql .= ", '".$code_guichet."'";
$sql .= ", '".$number."'";
$sql .= ", '".$number_key."'";
$sql .= ", '".$this->db->escape($code_banque)."'";
$sql .= ", '".$this->db->escape($code_guichet)."'";
$sql .= ", '".$this->db->escape($number)."'";
$sql .= ", '".$this->db->escape($number_key)."'";
$sql .= ")";
if ($this->db->query($sql))
@ -1380,7 +1380,7 @@ class BonPrelevement extends CommonObject
$result = 0;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def";
$sql .= " WHERE rowid = '".$rowid."'";
$sql .= " WHERE rowid = ".((int) $rowid);
if ($this->db->query($sql))
{
@ -1404,7 +1404,7 @@ class BonPrelevement extends CommonObject
$result = 0;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def";
$sql .= " WHERE fk_user=".$user." AND fk_action='".$action."'";
$sql .= " WHERE fk_user=".$user." AND fk_action='".$this->db->escape($action)."'";
if ($this->db->query($sql))
{
@ -1433,7 +1433,7 @@ class BonPrelevement extends CommonObject
$now = dol_now();
$sql = "INSERT INTO ".MAIN_DB_PREFIX."notify_def (datec,fk_user, fk_soc, fk_contact, fk_action)";
$sql .= " VALUES (".$db->idate($now).",".$user.", 'NULL', 'NULL', '".$action."')";
$sql .= " VALUES ('".$this->db->idate($now)."', ".$user.", 'NULL', 'NULL', '".$this->db->escape($action)."')";
dol_syslog("adnotiff: ".$sql);
if ($this->db->query($sql))

4
htdocs/compta/sociales/list.php
View File

@ -138,8 +138,8 @@ if ($year > 0)
$sql .= " AND (";
// Si period renseignee on l'utilise comme critere de date, sinon on prend date echeance,
// ceci afin d'etre compatible avec les cas ou la periode n'etait pas obligatoire
$sql .= " (cs.periode IS NOT NULL AND date_format(cs.periode, '%Y') = '".$year."') ";
$sql .= "OR (cs.periode IS NULL AND date_format(cs.date_ech, '%Y') = '".$year."')";
$sql .= " (cs.periode IS NOT NULL AND date_format(cs.periode, '%Y') = '".$db->escape($year)."') ";
$sql .= "OR (cs.periode IS NULL AND date_format(cs.date_ech, '%Y') = '".$db->escape($year)."')";
$sql .= ")";
}
if ($filtre) {

6
htdocs/compta/tva/class/tva.class.php
View File

@ -384,7 +384,7 @@ class Tva extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f WHERE f.paye = 1";
if ($year)
{
$sql .= " AND f.datef >= '".$year."-01-01' AND f.datef <= '".$year."-12-31' ";
$sql .= " AND f.datef >= '".$this->db->escape($year)."-01-01' AND f.datef <= '".$this->db->escape($year)."-12-31' ";
}
$result = $this->db->query($sql);
@ -421,7 +421,7 @@ class Tva extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f";
if ($year)
{
$sql .= " WHERE f.datef >= '".$year."-01-01' AND f.datef <= '".$year."-12-31' ";
$sql .= " WHERE f.datef >= '".$this->db->escape($year)."-01-01' AND f.datef <= '".$this->db->escape($year)."-12-31' ";
}
$result = $this->db->query($sql);
@ -460,7 +460,7 @@ class Tva extends CommonObject
if ($year)
{
$sql .= " WHERE f.datev >= '".$year."-01-01' AND f.datev <= '".$year."-12-31' ";
$sql .= " WHERE f.datev >= '".$this->db->escape($year)."-01-01' AND f.datev <= '".$this->db->escape($year)."-12-31' ";
}
$result = $this->db->query($sql);

2
htdocs/contact/class/contact.class.php
View File

@ -1649,7 +1649,7 @@ class Contact extends CommonObject
$sql .= ", ".MAIN_DB_PREFIX."societe_contacts sc";
$sql .= " WHERE sc.fk_soc =".$this->socid;
$sql .= " AND sc.fk_c_type_contact=tc.rowid";
$sql .= " AND tc.element='".$element."'";
$sql .= " AND tc.element='".$this->db->escape($element)."'";
$sql .= " AND tc.active=1";
dol_syslog(__METHOD__, LOG_DEBUG);

14
htdocs/contrat/class/api_contracts.class.php
View File

@ -141,7 +141,7 @@ class Contracts extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -149,28 +149,28 @@ class Contracts extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
dol_syslog("API Rest request");
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
$i = 0;
while ($i < $min)
{
$obj = $db->fetch_object($result);
$contrat_static = new Contrat($db);
$obj = $this->db->fetch_object($result);
$contrat_static = new Contrat($this->db);
if ($contrat_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($contrat_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve contrat list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve contrat list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No contract found');

16
htdocs/contrat/class/contrat.class.php
View File

@ -510,7 +510,7 @@ class Contrat extends CommonObject
if ($num)
{
$sql = "UPDATE ".MAIN_DB_PREFIX."contrat SET ref = '".$num."', statut = 1";
$sql = "UPDATE ".MAIN_DB_PREFIX."contrat SET ref = '".$this->db->escape($num)."', statut = 1";
//$sql.= ", fk_user_valid = ".$user->id.", date_valid = '".$this->db->idate($now)."'";
$sql .= " WHERE rowid = ".$this->id." AND statut = 0";
@ -1093,7 +1093,7 @@ class Contrat extends CommonObject
}
$sqlcontact = "SELECT ctc.code, ctc.source, ec.fk_socpeople FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as ctc";
$sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$originforcontact."'";
$sqlcontact .= " WHERE element_id = ".$originidforcontact." AND ec.fk_c_type_contact = ctc.rowid AND ctc.element = '".$this->db->escape($originforcontact)."'";
$resqlcontact = $this->db->query($sqlcontact);
if ($resqlcontact)
@ -1541,15 +1541,15 @@ class Contrat extends CommonObject
$sql .= ($fk_product > 0 ? $fk_product : "null").",";
$sql .= " ".$qty.",";
$sql .= " ".$txtva.",";
$sql .= " ".($vat_src_code ? "'".$vat_src_code."'" : "null").",";
$sql .= " ".($vat_src_code ? "'".$this->db->escape($vat_src_code)."'" : "null").",";
$sql .= " ".$txlocaltax1.",";
$sql .= " ".$txlocaltax2.",";
$sql .= " '".$localtax1_type."',";
$sql .= " '".$localtax2_type."',";
$sql .= " '".$this->db->escape($localtax1_type)."',";
$sql .= " '".$this->db->escape($localtax2_type)."',";
$sql .= " ".price2num($remise_percent).",";
$sql .= " ".price2num($pu_ht).",";
$sql .= " ".price2num($total_ht).",".price2num($total_tva).",".price2num($total_localtax1).",".price2num($total_localtax2).",".price2num($total_ttc).",";
$sql .= " '".$info_bits."',";
$sql .= " '".$this->db->escape($info_bits)."',";
$sql .= " ".price2num($price).",".price2num($remise).",";
if (isset($fk_fournprice)) $sql .= ' '.$fk_fournprice.',';
else $sql .= ' null,';
@ -1717,8 +1717,8 @@ class Contrat extends CommonObject
$sql .= ",tva_tx='".price2num($tvatx)."'";
$sql .= ",localtax1_tx='".price2num($localtax1tx)."'";
$sql .= ",localtax2_tx='".price2num($localtax2tx)."'";
$sql .= ",localtax1_type='".$localtax1_type."'";
$sql .= ",localtax2_type='".$localtax2_type."'";
$sql .= ",localtax1_type='".$this->db->escape($localtax1_type)."'";
$sql .= ",localtax2_type='".$this->db->escape($localtax2_type)."'";
$sql .= ", total_ht='".price2num($total_ht)."'";
$sql .= ", total_tva='".price2num($total_tva)."'";
$sql .= ", total_localtax1='".price2num($total_localtax1)."'";

10
htdocs/core/class/comment.class.php
View File

@ -349,25 +349,25 @@ class Comment extends CommonObject
$sql .= " c.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as c";
$sql .= " WHERE c.fk_element = ".$fk_element;
$sql .= " AND c.element_type = '".$db->escape($element_type)."'";
$sql .= " AND c.element_type = '".$this->db->escape($element_type)."'";
$sql .= " AND c.entity = ".$conf->entity;
$sql .= " ORDER BY c.tms DESC";
dol_syslog(get_class($this).'::'.__METHOD__, LOG_DEBUG);
$resql = $db->query($sql);
$resql = $this->db->query($sql);
if ($resql)
{
$num_rows = $db->num_rows($resql);
$num_rows = $this->db->num_rows($resql);
if ($num_rows > 0)
{
while ($obj = $db->fetch_object($resql))
while ($obj = $this->db->fetch_object($resql))
{
$comment = new self($db);
$comment->fetch($obj->rowid);
$this->comments[] = $comment;
}
}
$db->free($resql);
$this->db->free($resql);
} else {
$this->errors[] = "Error ".$this->db->lasterror();
return -1;

26
htdocs/core/class/html.form.class.php
View File

@ -2108,9 +2108,9 @@ class Form
$selectFields = " p.rowid, p.ref, p.label, p.description, p.barcode, p.fk_country, p.fk_product_type, p.price, p.price_ttc, p.price_base_type, p.tva_tx, p.duration, p.fk_price_expression";
if (count($warehouseStatusArray))
{
$selectFieldsGrouped = ", sum(".$db->ifsql("e.statut IS NULL", "0", "ps.reel").") as stock"; // e.statut is null if there is no record in stock
$selectFieldsGrouped = ", sum(".$this->db->ifsql("e.statut IS NULL", "0", "ps.reel").") as stock"; // e.statut is null if there is no record in stock
} else {
$selectFieldsGrouped = ", ".$db->ifsql("p.stock IS NULL", 0, "p.stock")." AS stock";
$selectFieldsGrouped = ", ".$this->db->ifsql("p.stock IS NULL", 0, "p.stock")." AS stock";
}
$sql = "SELECT ";
@ -2226,19 +2226,19 @@ class Form
foreach ($scrit as $crit)
{
if ($i > 0) $sql .= " AND ";
$sql .= "(p.ref LIKE '".$db->escape($prefix.$crit)."%' OR p.label LIKE '".$db->escape($prefix.$crit)."%'";
if (!empty($conf->global->MAIN_MULTILANGS)) $sql .= " OR pl.label LIKE '".$db->escape($prefix.$crit)."%'";
$sql .= "(p.ref LIKE '".$this->db->escape($prefix.$crit)."%' OR p.label LIKE '".$this->db->escape($prefix.$crit)."%'";
if (!empty($conf->global->MAIN_MULTILANGS)) $sql .= " OR pl.label LIKE '".$this->db->escape($prefix.$crit)."%'";
if (!empty($conf->global->PRODUCT_AJAX_SEARCH_ON_DESCRIPTION))
{
$sql .= " OR p.description LIKE '".$db->escape($prefix.$crit)."%'";
if (!empty($conf->global->MAIN_MULTILANGS)) $sql .= " OR pl.description LIKE '".$db->escape($prefix.$crit)."%'";
$sql .= " OR p.description LIKE '".$this->db->escape($prefix.$crit)."%'";
if (!empty($conf->global->MAIN_MULTILANGS)) $sql .= " OR pl.description LIKE '".$this->db->escape($prefix.$crit)."%'";
}
if (!empty($conf->global->MAIN_SEARCH_PRODUCT_BY_FOURN_REF)) $sql .= " OR pfp.ref_fourn LIKE '".$db->escape($prefix.$crit)."%'";
if (!empty($conf->global->MAIN_SEARCH_PRODUCT_BY_FOURN_REF)) $sql .= " OR pfp.ref_fourn LIKE '".$this->db->escape($prefix.$crit)."%'";
$sql .= ")";
$i++;
}
if (count($scrit) > 1) $sql .= ")";
if (!empty($conf->barcode->enabled)) $sql .= " OR p.barcode LIKE '".$db->escape($prefix.$filterkey)."%'";
if (!empty($conf->barcode->enabled)) $sql .= " OR p.barcode LIKE '".$this->db->escape($prefix.$filterkey)."%'";
$sql .= ')';
}
if (count($warehouseStatusArray))
@ -2253,10 +2253,10 @@ class Form
//ASC OR DESC order
($conf->global->PRODUCT_SORT_BY_CATEGORY == 1) ? $sql .= "ASC" : $sql .= "DESC";
} else {
$sql .= $db->order("p.ref");
$sql .= $this->db->order("p.ref");
}
$sql .= $db->plimit($limit, 0);
$sql .= $this->db->plimit($limit, 0);
// Build output string
dol_syslog(get_class($this)."::select_produits_list search product", LOG_DEBUG);
@ -2770,7 +2770,7 @@ class Form
$sql .= ')';
}
$sql .= " ORDER BY pfp.ref_fourn DESC, pfp.quantity ASC";
$sql .= $db->plimit($limit, 0);
$sql .= $this->db->plimit($limit, 0);
// Build output string
@ -4913,10 +4913,10 @@ class Form
$sql = 'SELECT code FROM '.MAIN_DB_PREFIX.'multicurrency';
$sql .= " WHERE entity IN ('".getEntity('mutlicurrency')."')";
$resql = $db->query($sql);
$resql = $this->db->query($sql);
if ($resql)
{
while ($obj = $db->fetch_object($resql)) $TCurrency[$obj->code] = $obj->code;
while ($obj = $this->db->fetch_object($resql)) $TCurrency[$obj->code] = $obj->code;
}
$out = '';

8
htdocs/core/class/html.formaccounting.class.php
View File

@ -179,10 +179,10 @@ class FormAccounting extends Form
}
dol_syslog(get_class($this).'::'.__METHOD__, LOG_DEBUG);
$resql = $db->query($sql);
$resql = $this->db->query($sql);
if ($resql)
{
$num = $db->num_rows($resql);
$num = $this->db->num_rows($resql);
if ($num)
{
$out = '<select class="flat minwidth200" id="'.$htmlname.'" name="'.$htmlname.'">';
@ -191,7 +191,7 @@ class FormAccounting extends Form
if ($useempty) $out .= '<option value="0">&nbsp;</option>';
while ($i < $num)
{
$obj = $db->fetch_object($resql);
$obj = $this->db->fetch_object($resql);
$out .= '<option value="'.$obj->rowid.'"';
if ($obj->rowid == $selected) $out .= ' selected';
$out .= '>'.($maxlen ? dol_trunc($obj->type, $maxlen) : $obj->type);
@ -204,7 +204,7 @@ class FormAccounting extends Form
$out .= $langs->trans("ErrorNoAccountingCategoryForThisCountry", $mysoc->country_code);
}
} else {
dol_print_error($db, $db->lasterror());
dol_print_error($this->db);
}
$out .= ajax_combobox($htmlname, array());

10
htdocs/core/class/html.formcontract.class.php
View File

@ -89,18 +89,18 @@ class FormContract
$sql .= " ORDER BY c.ref ";
dol_syslog(get_class($this)."::select_contract", LOG_DEBUG);
$resql = $db->query($sql);
$resql = $this->db->query($sql);
if ($resql)
{
print '<select class="flat" name="'.$htmlname.'">';
if ($showempty) print '<option value="0">&nbsp;</option>';
$num = $db->num_rows($resql);
$num = $this->db->num_rows($resql);
$i = 0;
if ($num)
{
while ($i < $num)
{
$obj = $db->fetch_object($resql);
$obj = $this->db->fetch_object($resql);
// If we ask to filter on a company and user has no permission to see all companies and project is linked to another company, we hide project.
if ($socid > 0 && (empty($obj->fk_soc) || $obj->fk_soc == $socid) && !$user->rights->societe->lire)
{
@ -150,7 +150,7 @@ class FormContract
}
}
print '</select>';
$db->free($resql);
$this->db->free($resql);
if (!empty($conf->use_javascript_ajax))
{
@ -161,7 +161,7 @@ class FormContract
return $num;
} else {
dol_print_error($db);
dol_print_error($this->db);
return -1;
}
}

10
htdocs/core/class/html.formintervention.class.php
View File

@ -80,18 +80,18 @@ class FormIntervention
}
dol_syslog(get_class($this)."::select_intervention", LOG_DEBUG);
$resql = $db->query($sql);
$resql = $this->db->query($sql);
if ($resql)
{
$out .= '<select id="interventionid" class="flat" name="'.$htmlname.'">';
if ($showempty) $out .= '<option value="0">&nbsp;</option>';
$num = $db->num_rows($resql);
$num = $this->db->num_rows($resql);
$i = 0;
if ($num)
{
while ($i < $num)
{
$obj = $db->fetch_object($resql);
$obj = $this->db->fetch_object($resql);
// If we ask to filter on a company and user has no permission to see all companies and project is linked to another company, we hide project.
if ($socid > 0 && (empty($obj->fk_soc) || $obj->fk_soc == $socid) && !$user->rights->societe->lire)
{
@ -130,10 +130,10 @@ class FormIntervention
}
}
$out .= '</select>';
$db->free($resql);
$this->db->free($resql);
return $out;
} else {
dol_print_error($db);
dol_print_error($this->db);
return '';
}
}

2
htdocs/core/class/html.formmargin.class.php
View File

@ -87,7 +87,7 @@ class FormMargin
if (empty($line->pa_ht) && isset($line->fk_fournprice) && !$force_price)
{
require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.product.class.php';
$product = new ProductFournisseur($db);
$product = new ProductFournisseur($this->db);
if ($product->fetch_product_fournisseur_price($line->fk_fournprice))
$line->pa_ht = $product->fourn_unitprice * (1 - $product->fourn_remise_percent / 100);
}

4
htdocs/core/class/html.formother.class.php
View File

@ -1012,7 +1012,7 @@ class FormOther
// $boxidactivatedforuser will be array of boxes choosed by user
$selectboxlist = '';
$boxactivated = InfoBox::listBoxes($db, 'activated', $areacode, (empty($user->conf->$confuserzone) ?null:$user), array(), 0); // Search boxes of common+user (or common only if user has no specific setup)
$boxactivated = InfoBox::listBoxes($this->db, 'activated', $areacode, (empty($user->conf->$confuserzone) ?null:$user), array(), 0); // Search boxes of common+user (or common only if user has no specific setup)
$boxidactivatedforuser = array();
foreach ($boxactivated as $box)
@ -1141,7 +1141,7 @@ class FormOther
// Load translation files required by the page
$langs->loadLangs(array("boxes", "projects"));
$emptybox = new ModeleBoxes($db);
$emptybox = new ModeleBoxes($this->db);
$boxlista .= "\n<!-- Box left container -->\n";

8
htdocs/core/class/html.formsocialcontrib.class.php
View File

@ -88,10 +88,10 @@ class FormSocialContrib
}
dol_syslog("Form::select_type_socialcontrib", LOG_DEBUG);
$resql = $db->query($sql);
$resql = $this->db->query($sql);
if ($resql)
{
$num = $db->num_rows($resql);
$num = $this->db->num_rows($resql);
if ($num)
{
print '<select class="'.($morecss ? $morecss : '').'" id="'.$htmlname.'" name="'.$htmlname.'">';
@ -100,7 +100,7 @@ class FormSocialContrib
if ($useempty) print '<option value="0">&nbsp;</option>';
while ($i < $num)
{
$obj = $db->fetch_object($resql);
$obj = $this->db->fetch_object($resql);
print '<option value="'.$obj->id.'"';
if ($obj->id == $selected) print ' selected';
print '>'.dol_trunc($obj->type, $maxlen);
@ -113,7 +113,7 @@ class FormSocialContrib
print $langs->trans("ErrorNoSocialContributionForSellerCountry", $mysoc->country_code);
}
} else {
dol_print_error($db, $db->lasterror());
dol_print_error($this->db);
}
}
}

1
htdocs/core/class/infobox.class.php
View File

@ -125,6 +125,7 @@ class InfoBox
if (!in_array($obj->box_id, $excludelist))
{
$regs = array();
if (preg_match('/^([^@]+)@([^@]+)$/i', $obj->file, $regs))
{
$boxname = preg_replace('/\.php$/i', '', $regs[1]);

3
htdocs/core/class/interfaces.class.php
View File

@ -83,8 +83,7 @@ class Interfaces
if (!is_object($user)) // Warning
{
dol_syslog(get_class($this).'::run_triggers was called with wrong parameters action='.$action.' object='.is_object($object).' user='.is_object($user).' langs='.is_object($langs).' conf='.is_object($conf), LOG_WARNING);
global $db;
$user = new User($db);
$user = new User($this->db);
}
//dol_syslog(get_class($this)."::run_triggers action=".$action." Launch run_triggers", LOG_DEBUG);

2
htdocs/core/class/utils.class.php
View File

@ -208,7 +208,7 @@ class Utils
}
// Check type parameter
if ($type == 'auto') $type = $db->type;
if ($type == 'auto') $type = $this->db->type;
if (!in_array($type, array('postgresql', 'pgsql', 'mysql', 'mysqli', 'mysqlnobin')))
{
$langs->load("errors");

2
htdocs/core/lib/functions.lib.php
View File

@ -550,7 +550,7 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
if (!is_array($out) || empty($out)) {
$out = array();
} else {
foreach($out as $outkey => $outval) {
foreach ($out as $outkey => $outval) {
$out[$outkey] = checkVal($outval, 'alphanohtml', $filter, $options);
}
}

1
htdocs/core/triggers/dolibarrtriggers.class.php
View File

@ -20,7 +20,6 @@
*/
abstract class DolibarrTriggers
{
/**
* Database handler
* @var DoliDB

14
htdocs/don/class/api_donations.class.php
View File

@ -127,7 +127,7 @@ class Donations extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -135,21 +135,21 @@ class Donations extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
dol_syslog("API Rest request");
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
$i = 0;
while ($i < $min)
{
$obj = $db->fetch_object($result);
$don_static = new Don($db);
$obj = $this->db->fetch_object($result);
$don_static = new Don($this->db);
if ($don_static->fetch($obj->rowid)) {
// Add external contacts ids
//$don_static->contacts_ids = $don_static->liste_contact(-1, 'external', 1);
@ -158,7 +158,7 @@ class Donations extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve donation list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve donation list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No donation found');

14
htdocs/expedition/class/api_shipments.class.php
View File

@ -138,7 +138,7 @@ class Shipments extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -146,28 +146,28 @@ class Shipments extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
dol_syslog("API Rest request");
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
$i = 0;
while ($i < $min)
{
$obj = $db->fetch_object($result);
$shipment_static = new Expedition($db);
$obj = $this->db->fetch_object($result);
$shipment_static = new Expedition($this->db);
if ($shipment_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($shipment_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve commande list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve commande list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No shipment found');

14
htdocs/expensereport/class/api_expensereports.class.php
View File

@ -119,7 +119,7 @@ class ExpenseReports extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -127,26 +127,26 @@ class ExpenseReports extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min)
{
$obj = $db->fetch_object($result);
$expensereport_static = new ExpenseReport($db);
$obj = $this->db->fetch_object($result);
$expensereport_static = new ExpenseReport($this->db);
if ($expensereport_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($expensereport_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve Expense Report list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve Expense Report list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No Expense Report found');

14
htdocs/fichinter/class/api_interventions.class.php
View File

@ -144,7 +144,7 @@ class Interventions extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -152,28 +152,28 @@ class Interventions extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
dol_syslog("API Rest request");
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
$i = 0;
while ($i < $min)
{
$obj = $db->fetch_object($result);
$fichinter_static = new Fichinter($db);
$obj = $this->db->fetch_object($result);
$fichinter_static = new Fichinter($this->db);
if ($fichinter_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($fichinter_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve intervention list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve intervention list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No intervention found');

14
htdocs/fourn/class/api_supplier_invoices.class.php
View File

@ -152,7 +152,7 @@ class SupplierInvoices extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -160,25 +160,25 @@ class SupplierInvoices extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result) {
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min)
{
$obj = $db->fetch_object($result);
$invoice_static = new FactureFournisseur($db);
$obj = $this->db->fetch_object($result);
$invoice_static = new FactureFournisseur($this->db);
if ($invoice_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($invoice_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve supplier invoice list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve supplier invoice list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No supplier invoice found');

14
htdocs/fourn/class/api_supplier_orders.class.php
View File

@ -149,7 +149,7 @@ class SupplierOrders extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -157,26 +157,26 @@ class SupplierOrders extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min)
{
$obj = $db->fetch_object($result);
$order_static = new CommandeFournisseur($db);
$obj = $this->db->fetch_object($result);
$order_static = new CommandeFournisseur($this->db);
if ($order_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($order_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve supplier order list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve supplier order list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No supplier order found');

2
htdocs/index.php
View File

@ -428,7 +428,7 @@ if (empty($conf->global->MAIN_DISABLE_GLOBAL_WORKBOARD)) {
if (!empty($conf->banque->enabled) && $user->rights->banque->lire && !$user->socid) {
include_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
$board = new Account($db);
$nb = $board::countAccountToReconcile(); // Get nb of account to reconciliate
$nb = $board->countAccountToReconcile(); // Get nb of account to reconciliate
if ($nb > 0) {
$dashboardlines[$board->element] = $board->load_board($user);
}

16
htdocs/modulebuilder/template/class/api_mymodule.class.php
View File

@ -106,7 +106,7 @@ class MyModuleApi extends DolibarrApi
global $db, $conf;
$obj_ret = array();
$tmpobject = new MyObject($db);
$tmpobject = new MyObject($this->db);
if (!DolibarrApiAccess::$user->rights->mymodule->myobject->read) {
throw new RestException(401);
@ -148,32 +148,32 @@ class MyModuleApi extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {
$page = 0;
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
$i = 0;
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
while ($i < $num)
{
$obj = $db->fetch_object($result);
$tmp_object = new MyObject($db);
$obj = $this->db->fetch_object($result);
$tmp_object = new MyObject($this->db);
if ($tmp_object->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($tmp_object);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieving myobject list: '.$db->lasterror());
throw new RestException(503, 'Error when retrieving myobject list: '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No myobject found');

14
htdocs/mrp/class/api_mos.class.php
View File

@ -99,7 +99,7 @@ class Mos extends DolibarrApi
global $db, $conf;
$obj_ret = array();
$tmpobject = new Mo($db);
$tmpobject = new Mo($this->db);
$socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : '';
@ -139,7 +139,7 @@ class Mos extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -147,18 +147,18 @@ class Mos extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$i = 0;
while ($i < $num)
{
$obj = $db->fetch_object($result);
$tmp_object = new Mo($db);
$obj = $this->db->fetch_object($result);
$tmp_object = new Mo($this->db);
if ($tmp_object->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($tmp_object);
}

4
htdocs/product/admin/product_tools.php
View File

@ -90,7 +90,7 @@ if ($action == 'convert')
$sql .= ' FROM '.MAIN_DB_PREFIX.'product';
$sql .= ' WHERE entity IN ('.getEntity('product').')';
$sql .= " AND tva_tx = '".$db->escape($oldvatrateclean)."'";
if ($vat_src_code_old) $sql .= " AND default_vat_code = '".$vat_src_code_old."'";
if ($vat_src_code_old) $sql .= " AND default_vat_code = '".$db->escape($vat_src_code_old)."'";
else " AND default_vat_code = IS NULL";
$resql = $db->query($sql);
@ -182,7 +182,7 @@ if ($action == 'convert')
$sql .= ' FROM '.MAIN_DB_PREFIX.'product_fournisseur_price as pfp, '.MAIN_DB_PREFIX.'societe as s';
$sql .= ' WHERE pfp.fk_soc = s.rowid AND pfp.entity IN ('.getEntity('product').')';
$sql .= " AND tva_tx = '".$db->escape($oldvatrate)."'";
if ($vat_src_code_old) $sql .= " AND default_vat_code = '".$vat_src_code_old."'";
if ($vat_src_code_old) $sql .= " AND default_vat_code = '".$db->escape($vat_src_code_old)."'";
else " AND default_vat_code = IS NULL";
$sql .= " AND s.fk_pays = '".$country_id."'";
//print $sql;

32
htdocs/product/class/api_products.class.php
View File

@ -178,7 +178,7 @@ class Products extends DolibarrApi
$sql .= ' WHERE t.entity IN ('.getEntity('product').')';
// Select products of given category
if ($category > 0) {
$sql .= " AND c.fk_categorie = ".$db->escape($category);
$sql .= " AND c.fk_categorie = ".$this->db->escape($category);
$sql .= " AND c.fk_product = t.rowid ";
}
if ($mode == 1) {
@ -197,32 +197,32 @@ class Products extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {
$page = 0;
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result) {
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
$i = 0;
while ($i < $min)
{
$obj = $db->fetch_object($result);
$product_static = new Product($db);
$obj = $this->db->fetch_object($result);
$product_static = new Product($this->db);
if ($product_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($product_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve product list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve product list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No product found');
@ -762,12 +762,12 @@ class Products extends DolibarrApi
$sql .= ' WHERE t.entity IN ('.getEntity('product').')';
if ($supplier > 0) {
$sql .= " AND s.fk_soc = ".$db->escape($supplier);
$sql .= " AND s.fk_soc = ".$this->db->escape($supplier);
}
$sql .= " AND s.fk_product = t.rowid";
// Select products of given category
if ($category > 0) {
$sql .= " AND c.fk_categorie = ".$db->escape($category);
$sql .= " AND c.fk_categorie = ".$this->db->escape($category);
$sql .= " AND c.fk_product = t.rowid";
}
if ($mode == 1) {
@ -785,22 +785,22 @@ class Products extends DolibarrApi
$regexstring = '\(([^:\'\(\)]+:[^:\'\(\)]+:[^:\(\)]+)\)';
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {
$page = 0;
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result) {
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
$i = 0;
while ($i < $min)
{
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$product_fourn = new ProductFournisseur($this->db);
$product_fourn_list = $product_fourn->list_product_fournisseur_price($obj->rowid, '', '', 0, 0);
@ -814,7 +814,7 @@ class Products extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve product list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve product list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No product found');

14
htdocs/product/stock/class/api_stockmovements.class.php
View File

@ -118,7 +118,7 @@ class StockMovements extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -126,26 +126,26 @@ class StockMovements extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min)
{
$obj = $db->fetch_object($result);
$stockmovement_static = new MouvementStock($db);
$obj = $this->db->fetch_object($result);
$stockmovement_static = new MouvementStock($this->db);
if ($stockmovement_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($stockmovement_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve stock movement list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve stock movement list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No stock movement found');

16
htdocs/product/stock/class/api_warehouses.class.php
View File

@ -111,7 +111,7 @@ class Warehouses extends DolibarrApi
$sql .= ' WHERE t.entity IN ('.getEntity('stock').')';
// Select warehouses of given category
if ($category > 0) {
$sql .= " AND c.fk_categorie = ".$db->escape($category);
$sql .= " AND c.fk_categorie = ".$this->db->escape($category);
$sql .= " AND c.fk_warehouse = t.rowid ";
}
// Add sql filters
@ -125,7 +125,7 @@ class Warehouses extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -133,26 +133,26 @@ class Warehouses extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min)
{
$obj = $db->fetch_object($result);
$warehouse_static = new Entrepot($db);
$obj = $this->db->fetch_object($result);
$warehouse_static = new Entrepot($this->db);
if ($warehouse_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($warehouse_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve warehouse list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve warehouse list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No warehouse found');

16
htdocs/projet/class/api_projects.class.php
View File

@ -131,7 +131,7 @@ class Projects extends DolibarrApi
}
// Select projects of given category
if ($category > 0) {
$sql .= " AND c.fk_categorie = ".$db->escape($category)." AND c.fk_project = t.rowid ";
$sql .= " AND c.fk_categorie = ".$this->db->escape($category)." AND c.fk_project = t.rowid ";
}
// Add sql filters
if ($sqlfilters)
@ -144,7 +144,7 @@ class Projects extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -152,27 +152,27 @@ class Projects extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
dol_syslog("API Rest request");
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min)
{
$obj = $db->fetch_object($result);
$project_static = new Project($db);
$obj = $this->db->fetch_object($result);
$project_static = new Project($this->db);
if ($project_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($project_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve project list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve project list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No project found');

14
htdocs/projet/class/api_tasks.class.php
View File

@ -146,7 +146,7 @@ class Tasks extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -154,28 +154,28 @@ class Tasks extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
dol_syslog("API Rest request");
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
$i = 0;
while ($i < $min)
{
$obj = $db->fetch_object($result);
$task_static = new Task($db);
$obj = $this->db->fetch_object($result);
$task_static = new Task($this->db);
if ($task_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($task_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve task list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve task list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No task found');

14
htdocs/societe/class/api_contacts.class.php
View File

@ -160,7 +160,7 @@ class Contacts extends DolibarrApi
// Select contacts of given category
if ($category > 0) {
$sql .= " AND c.fk_categorie = ".$db->escape($category);
$sql .= " AND c.fk_categorie = ".$this->db->escape($category);
$sql .= " AND c.fk_socpeople = t.rowid ";
}
@ -175,7 +175,7 @@ class Contacts extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit)
{
@ -185,18 +185,18 @@ class Contacts extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
$i = 0;
while ($i < $min)
{
$obj = $db->fetch_object($result);
$contact_static = new Contact($db);
$obj = $this->db->fetch_object($result);
$contact_static = new Contact($this->db);
if ($contact_static->fetch($obj->rowid))
{
if ($includecount)

90
htdocs/societe/class/api_thirdparties.class.php
View File

@ -160,7 +160,9 @@ class Thirdparties extends DolibarrApi
// Select thirdparties of given category
if ($category > 0) {
if (!empty($mode) && $mode != 4) { $sql .= " AND c.fk_categorie = ".$db->escape($category)." AND c.fk_soc = t.rowid"; } elseif (!empty($mode) && $mode == 4) { $sql .= " AND cc.fk_categorie = ".$db->escape($category)." AND cc.fk_soc = t.rowid"; } else { $sql .= " AND ((c.fk_categorie = ".$db->escape($category)." AND c.fk_soc = t.rowid) OR (cc.fk_categorie = ".$db->escape($category)." AND cc.fk_soc = t.rowid))"; }
if (!empty($mode) && $mode != 4) { $sql .= " AND c.fk_categorie = ".$this->db->escape($category)." AND c.fk_soc = t.rowid"; }
elseif (!empty($mode) && $mode == 4) { $sql .= " AND cc.fk_categorie = ".$this->db->escape($category)." AND cc.fk_soc = t.rowid"; }
else { $sql .= " AND ((c.fk_categorie = ".$this->db->escape($category)." AND c.fk_soc = t.rowid) OR (cc.fk_categorie = ".$this->db->escape($category)." AND cc.fk_soc = t.rowid))"; }
}
if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) $sql .= " AND t.rowid = sc.fk_soc";
@ -183,7 +185,7 @@ class Thirdparties extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
@ -192,26 +194,26 @@ class Thirdparties extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
$i = 0;
while ($i < $min)
{
$obj = $db->fetch_object($result);
$soc_static = new Societe($db);
$obj = $this->db->fetch_object($result);
$soc_static = new Societe($this->db);
if ($soc_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($soc_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve thirdparties : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve thirdparties : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'Thirdparties not found');
@ -313,7 +315,7 @@ class Thirdparties extends DolibarrApi
throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
}
$this->companytoremove = new Societe($db);
$this->companytoremove = new Societe($this->db);
$result = $this->companytoremove->fetch($idtodelete); // include the fetch of extra fields
if (!$result) {
@ -332,7 +334,7 @@ class Thirdparties extends DolibarrApi
// Call same code than into action 'confirm_merge'
$db->begin();
$this->db->begin();
// Recopy some data
$object->client = $object->client | $soc_origin->client;
@ -369,7 +371,7 @@ class Thirdparties extends DolibarrApi
}
// Merge categories
$static_cat = new Categorie($db);
$static_cat = new Categorie($this->db);
$custcats = $static_cat->containing($soc_origin->id, 'customer', 'id');
$object->setCategories($custcats, 'customer');
$suppcats = $static_cat->containing($soc_origin->id, 'supplier', 'id');
@ -426,10 +428,10 @@ class Thirdparties extends DolibarrApi
{
require_once DOL_DOCUMENT_ROOT.$object_file;
if (!$errors && !$object_name::replaceThirdparty($db, $soc_origin->id, $object->id))
if (!$errors && !$object_name::replaceThirdparty($this->db, $soc_origin->id, $object->id))
{
$errors++;
//setEventMessages($db->lasterror(), null, 'errors');
//setEventMessages($this->db->lasterror(), null, 'errors');
}
}
}
@ -477,11 +479,11 @@ class Thirdparties extends DolibarrApi
if ($error)
{
$db->rollback();
$this->db->rollback();
throw new RestException(500, 'Error failed to merged thirdparty '.$this->companytoremove->id.' into '.$id.'. Enable and read log file for more information.');
} else {
$db->commit();
$this->db->commit();
}
return $this->get($id);
@ -1155,7 +1157,7 @@ class Thirdparties extends DolibarrApi
if ($id) $sql .= " WHERE fk_soc = ".$id." ";
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result->num_rows == 0) {
throw new RestException(404, 'Account not found');
@ -1167,11 +1169,11 @@ class Thirdparties extends DolibarrApi
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
while ($i < $num)
{
$obj = $db->fetch_object($result);
$account = new CompanyBankAccount($db);
$obj = $this->db->fetch_object($result);
$account = new CompanyBankAccount($this->db);
if ($account->fetch($obj->rowid)) {
$accounts[] = $account;
}
@ -1435,7 +1437,7 @@ class Thirdparties extends DolibarrApi
$sql .= " WHERE fk_soc = $id";
if ($site) $sql .= " AND site ='$site'";
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result->num_rows == 0) {
throw new RestException(404, 'This thirdparty does not have any gateway attached or does not exist.');
@ -1445,11 +1447,11 @@ class Thirdparties extends DolibarrApi
$accounts = array();
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
while ($i < $num)
{
$obj = $db->fetch_object($result);
$account = new SocieteAccount($db);
$obj = $this->db->fetch_object($result);
$account = new SocieteAccount($this->db);
if ($account->fetch($obj->rowid)) {
$accounts[] = $account;
@ -1505,8 +1507,8 @@ class Thirdparties extends DolibarrApi
throw new RestException(422, 'Unprocessable Entity: You must pass the site attribute in your request data !');
}
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$request_data['site']."' ";
$result = $db->query($sql);
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."'";
$result = $this->db->query($sql);
if ($result->num_rows == 0) {
$account = new SocieteAccount($this->db);
@ -1560,8 +1562,8 @@ class Thirdparties extends DolibarrApi
throw new RestException(401);
}
$sql = "SELECT rowid, fk_user_creat, date_creation FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = $id AND site = '$site' ";
$result = $db->query($sql);
$sql = "SELECT rowid, fk_user_creat, date_creation FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = $id AND site = '".$this->db->escape($site)."'";
$result = $this->db->query($sql);
// We do not found an existing SocieteAccount entity for this fk_soc and site ; we then create a new one.
if ($result->num_rows == 0) {
@ -1587,14 +1589,14 @@ class Thirdparties extends DolibarrApi
} else {
if (isset($request_data['site']) && $request_data['site'] !== $site) {
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$request_data['site']."' ";
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result->num_rows !== 0) {
throw new RestException(409, "You are trying to update this thirdparty SocieteAccount (gateway record) from $site to ".$request_data['site']." but another SocieteAccount entity already exists with this site key.");
}
}
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$account = new SocieteAccount($this->db);
$account->id = $obj->rowid;
@ -1644,21 +1646,21 @@ class Thirdparties extends DolibarrApi
}
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = $id AND site = '$site' ";
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result->num_rows == 0) {
throw new RestException(404, "This thirdparty does not have $site gateway attached or does not exist.");
} else {
// If the user tries to edit the site member, we check first if
if (isset($request_data['site']) && $request_data['site'] !== $site) {
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$request_data['site']."' ";
$result = $db->query($sql);
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id." AND site = '".$this->db->escape($request_data['site'])."' ";
$result = $this->db->query($sql);
if ($result->num_rows !== 0)
throw new RestException(409, "You are trying to update this thirdparty SocieteAccount (gateway record) site member from $site to ".$request_data['site']." but another SocieteAccount entity already exists for this thirdparty with this site key.");
}
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$account = new SocieteAccount($this->db);
$account->fetch($obj->rowid);
@ -1690,20 +1692,19 @@ class Thirdparties extends DolibarrApi
*/
public function deleteSocieteAccount($id, $site)
{
global /** @var Database $db */
$db;
global $db;
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
}
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = $id AND site = '$site' ";
$result = $db->query($sql);
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = $id AND site = '".$this->db->escape($site)."'";
$result = $this->db->query($sql);
if ($result->num_rows == 0) {
throw new RestException(404);
} else {
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$account = new SocieteAccount($this->db);
$account->fetch($obj->rowid);
@ -1727,8 +1728,7 @@ class Thirdparties extends DolibarrApi
*/
public function deleteSocieteAccounts($id)
{
global /** @var Database $db */
$db;
global $db;
if (!DolibarrApiAccess::$user->rights->societe->creer) {
throw new RestException(401);
@ -1739,20 +1739,20 @@ class Thirdparties extends DolibarrApi
*/
$sql = "SELECT rowid, fk_soc, key_account, site, date_creation, tms";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = $id ";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_account WHERE fk_soc = ".$id;
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result->num_rows == 0) {
throw new RestException(404, 'This third party does not have any gateway attached or does not exist.');
} else {
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
while ($i < $num)
{
$obj = $db->fetch_object($result);
$account = new SocieteAccount($db);
$obj = $this->db->fetch_object($result);
$account = new SocieteAccount($this->db);
$account->fetch($obj->rowid);
if ($account->delete(DolibarrApiAccess::$user) < 0) {

14
htdocs/supplier_proposal/class/api_supplier_proposals.class.php
View File

@ -133,7 +133,7 @@ class Supplierproposals extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -141,27 +141,27 @@ class Supplierproposals extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
$i = 0;
while ($i < $min)
{
$obj = $db->fetch_object($result);
$propal_static = new SupplierProposal($db);
$obj = $this->db->fetch_object($result);
$propal_static = new SupplierProposal($this->db);
if ($propal_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($propal_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieving supplier proposal list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieving supplier proposal list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No supplier proposal found');

10
htdocs/ticket/class/api_tickets.class.php
View File

@ -276,7 +276,7 @@ class Tickets extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {
@ -287,13 +287,13 @@ class Tickets extends DolibarrApi
$sql .= $this->db->plimit($limit, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result) {
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$i = 0;
while ($i < $num) {
$obj = $db->fetch_object($result);
$ticket_static = new Ticket($db);
$obj = $this->db->fetch_object($result);
$ticket_static = new Ticket($this->db);
if ($ticket_static->fetch($obj->rowid)) {
if ($ticket_static->fk_user_assign > 0) {
$userStatic = new User($this->db);

28
htdocs/user/class/api_users.class.php
View File

@ -90,7 +90,7 @@ class Users extends DolibarrApi
// Select products of given category
if ($category > 0) {
$sql .= " AND c.fk_categorie = ".$db->escape($category);
$sql .= " AND c.fk_categorie = ".$this->db->escape($category);
$sql .= " AND c.fk_user = t.rowid ";
}
@ -105,7 +105,7 @@ class Users extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -113,27 +113,27 @@ class Users extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min)
{
$obj = $db->fetch_object($result);
$user_static = new User($db);
$obj = $this->db->fetch_object($result);
$user_static = new User($this->db);
if ($user_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($user_static);
}
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve User list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve User list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No User found');
@ -490,7 +490,7 @@ class Users extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0)
{
@ -498,19 +498,19 @@ class Users extends DolibarrApi
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$i = 0;
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$min = min($num, ($limit <= 0 ? $num : $limit));
while ($i < $min)
{
$obj = $db->fetch_object($result);
$obj = $this->db->fetch_object($result);
$group_static = new UserGroup($this->db);
if ($group_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($group_static);
@ -518,7 +518,7 @@ class Users extends DolibarrApi
$i++;
}
} else {
throw new RestException(503, 'Error when retrieve Group list : '.$db->lasterror());
throw new RestException(503, 'Error when retrieve Group list : '.$this->db->lasterror());
}
if (!count($obj_ret)) {
throw new RestException(404, 'No Group found');

30
htdocs/variants/class/ProductCombination.class.php
View File

@ -27,7 +27,7 @@ class ProductCombination
* Database handler
* @var DoliDB
*/
private $db;
public $db;
/**
* Rowid of combination
@ -672,14 +672,14 @@ class ProductCombination
require_once DOL_DOCUMENT_ROOT.'/variants/class/ProductAttribute.class.php';
require_once DOL_DOCUMENT_ROOT.'/variants/class/ProductAttributeValue.class.php';
$db->begin();
$this->db->begin();
$price_impact = array(1=>0); // init level price impact
$forced_refvar = trim($forced_refvar);
if (!empty($forced_refvar) && $forced_refvar != $product->ref) {
$existingProduct = new Product($db);
$existingProduct = new Product($this->db);
$result = $existingProduct->fetch('', $forced_refvar);
if ($result > 0) {
$newproduct = $existingProduct;
@ -705,7 +705,7 @@ class ProductCombination
$price_impact = $forced_pricevar;
}
$newcomb = new ProductCombination($db);
$newcomb = new ProductCombination($this->db);
$existingCombination = $newcomb->fetchByProductCombination2ValuePairs($product->id, $combinations);
if ($existingCombination) {
@ -718,13 +718,13 @@ class ProductCombination
if ($result < 0) {
$this->error = $newcomb->error;
$this->errors = $newcomb->errors;
$db->rollback();
$this->db->rollback();
return -1;
}
}
$prodattr = new ProductAttribute($db);
$prodattrval = new ProductAttributeValue($db);
$prodattr = new ProductAttribute($this->db);
$prodattrval = new ProductAttributeValue($this->db);
// $combination contains list of attributes pairs key->value. Example: array('id Color'=>id Blue, 'id Size'=>id Small, 'id Option'=>id val a, ...)
//var_dump($combinations);
@ -735,7 +735,7 @@ class ProductCombination
//If there is an existing combination, there is no need to duplicate the valuepair
if (!$existingCombination) {
$tmp = new ProductCombination2ValuePair($db);
$tmp = new ProductCombination2ValuePair($this->db);
$tmp->fk_prod_attr = $currcombattr;
$tmp->fk_prod_attr_val = $currcombval;
$tmp->fk_prod_combination = $newcomb->id;
@ -743,7 +743,7 @@ class ProductCombination
if ($tmp->create($user) < 0) { // Create 1 entry into product_attribute_combination2val
$this->error = $tmp->error;
$this->errors = $tmp->errors;
$db->rollback();
$this->db->rollback();
return -1;
}
}
@ -822,7 +822,7 @@ class ProductCombination
if ($newproduct->error != 'ErrorProductAlreadyExists') {
$this->error[] = $newproduct->error;
$this->errors = $newproduct->errors;
$db->rollback();
$this->db->rollback();
return -1;
}
@ -851,7 +851,7 @@ class ProductCombination
}
if ($res < 0) {
$db->rollback();
$this->db->rollback();
return -1;
}
}
@ -859,7 +859,7 @@ class ProductCombination
$result = $newproduct->update($newproduct->id, $user);
if ($result < 0)
{
$db->rollback();
$this->db->rollback();
return -1;
}
}
@ -870,11 +870,11 @@ class ProductCombination
{
$this->error = $newcomb->error;
$this->errors = $newcomb->errors;
$db->rollback();
$this->db->rollback();
return -1;
}
$db->commit();
$this->db->commit();
return $newproduct->id;
}
@ -971,7 +971,7 @@ class ProductCombinationLevel
* Database handler
* @var DoliDB
*/
private $db;
public $db;
/**
* @var string Name of table without prefix where object is stored

14
htdocs/zapier/class/api_zapier.class.php
View File

@ -174,7 +174,7 @@ class ZapierApi extends DolibarrApi
//if ($mode == 1) $sql.= " AND s.client IN (1, 3)";
//if ($mode == 2) $sql.= " AND s.client IN (2, 3)";
$tmpobject = new Hook($db);
$tmpobject = new Hook($this->db);
if ($tmpobject->ismultientitymanaged) {
$sql .= ' AND t.entity IN ('.getEntity('hook').')';
}
@ -200,23 +200,23 @@ class ZapierApi extends DolibarrApi
$sql .= " AND (".preg_replace_callback('/'.$regexstring.'/', 'DolibarrApi::_forge_criteria_callback', $sqlfilters).")";
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
if ($page < 0) {
$page = 0;
}
$offset = $limit * $page;
$sql .= $db->plimit($limit + 1, $offset);
$sql .= $this->db->plimit($limit + 1, $offset);
}
$result = $db->query($sql);
$result = $this->db->query($sql);
$i = 0;
if ($result) {
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
while ($i < $num) {
$obj = $db->fetch_object($result);
$hook_static = new Hook($db);
$obj = $this->db->fetch_object($result);
$hook_static = new Hook($this->db);
if ($hook_static->fetch($obj->rowid)) {
$obj_ret[] = $this->_cleanObjectDatas($hook_static);
}

52
test/phpunit/CodingPhpTest.php
View File

@ -152,7 +152,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
$db=$this->savdb;
include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT.'/bom', 'files', 1, '\.php', null, 'fullname');
$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname');
//$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname');
foreach ($filesarray as $key => $file)
@ -166,12 +166,52 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
print 'Check php file '.$file['fullname']."\n";
$filecontent=file_get_contents($file['fullname']);
if (preg_match('/\.class\.php/', $file['relativename'])) {
// Must must not found $db->
if (preg_match('/\.class\.php/', $file['relativename'])
|| preg_match('/^core\/boxes\/box_/', $file['relativename'])
|| in_array($file['relativename'], array('core/boxes/modules_boxes.php'))) {
if (! in_array($file['relativename'], array(
'api/class/api.class.php',
'core/class/commonobject.class.php',
'core/class/conf.class.php',
'core/class/html.form.class.php',
'core/class/html.formmail.class.php',
'core/class/infobox.class.php',
'core/class/link.class.php',
'core/class/translate.class.php',
'core/class/utils.class.php'
))) {
// Must must not found $db->
$ok=true;
$matches=array();
// Check string get_class...
preg_match_all('/'.preg_quote('$db->', '/').'/', $filecontent, $matches, PREG_SET_ORDER);
foreach ($matches as $key => $val)
{
$ok=false;
break;
}
//print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
$this->assertTrue($ok, 'Found string $db-> into a .class.php file in '.$file['relativename']);
//exit;
}
} else {
// Must must not found $this->db->
if (! in_array($file['relativename'], array(
'core/extrafieldsinexport.inc.php'
))) {
// Must must not found $this->db->
$ok=true;
$matches=array();
// Check string get_class...
preg_match_all('/'.preg_quote('$this->db->', '/').'/', $filecontent, $matches, PREG_SET_ORDER);
foreach ($matches as $key => $val)
{
$ok=false;
break;
}
//print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n";
$this->assertTrue($ok, 'Found string $this->db-> in '.$file['relativename']);
//exit;
}
}
$ok=true;