From 2c660504bb1e005fb39ca3449557f5b79e20d753 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 19 Sep 2020 23:11:38 +0200 Subject: [PATCH] Fix escape --- htdocs/admin/boxes.php | 14 +++++++------- htdocs/admin/commande.php | 2 +- htdocs/admin/contract.php | 2 +- htdocs/admin/expedition.php | 2 +- htdocs/admin/expensereport.php | 2 +- htdocs/admin/external_rss.php | 4 ++-- htdocs/admin/facture.php | 2 +- htdocs/admin/fichinter.php | 2 +- htdocs/admin/holiday.php | 2 +- htdocs/admin/limits.php | 2 +- htdocs/admin/livraison.php | 2 +- htdocs/admin/mails_templates.php | 10 +++++----- htdocs/admin/mrp.php | 2 +- htdocs/admin/paymentbybanktransfer.php | 2 +- htdocs/admin/prelevement.php | 2 +- htdocs/admin/propal.php | 2 +- htdocs/admin/reception_setup.php | 2 +- htdocs/admin/stock.php | 2 +- htdocs/admin/supplier_payment.php | 2 +- htdocs/admin/supplier_proposal.php | 2 +- htdocs/admin/user.php | 2 +- htdocs/admin/usergroup.php | 2 +- htdocs/admin/website.php | 14 +++++++------- 23 files changed, 40 insertions(+), 40 deletions(-) diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index 412427494e3..4f6dfff33a5 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -192,12 +192,12 @@ if ($action == 'switch') $newsecondnum = preg_replace('/[a-zA-Z]+/', '', $newsecond); $newsecond = sprintf("%s%02d", $newsecondchar ? $newsecondchar : 'A', $newsecondnum + 1); } - $sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$newfirst."' WHERE rowid=".$objfrom->rowid; + $sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($newfirst)."' WHERE rowid=".$objfrom->rowid; dol_syslog($sql); $resultupdatefrom = $db->query($sql); if (!$resultupdatefrom) { dol_print_error($db); } - $sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$newsecond."' WHERE rowid=".$objto->rowid; + $sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($newsecond)."' WHERE rowid=".$objto->rowid; dol_syslog($sql); $resultupdateto = $db->query($sql); if (!$resultupdateto) { dol_print_error($db); } @@ -261,7 +261,7 @@ if ($resql) // This occurs just after an insert. if ($decalage) { - $sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$decalage."' WHERE rowid=".$obj->rowid; + $sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order='".$db->escape($decalage)."' WHERE rowid=".$obj->rowid; $db->query($sql); } } @@ -286,12 +286,12 @@ if ($resql) if (preg_match("/[13579]{1}/", substr($record['box_order'], -1))) { $box_order = "A0".$record['box_order']; - $sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE entity = ".$conf->entity." AND box_order = '".$record['box_order']."'"; + $sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$db->escape($box_order)."' WHERE entity = ".$conf->entity." AND box_order = '".$db->escape($record['box_order'])."'"; $resql = $db->query($sql); } elseif (preg_match("/[02468]{1}/", substr($record['box_order'], -1))) { $box_order = "B0".$record['box_order']; - $sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE entity = ".$conf->entity." AND box_order = '".$record['box_order']."'"; + $sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$db->escape($box_order)."' WHERE entity = ".$conf->entity." AND box_order = '".$db->escape($record['box_order'])."'"; $resql = $db->query($sql); } } elseif (dol_strlen($record['box_order']) == 2) @@ -299,12 +299,12 @@ if ($resql) if (preg_match("/[13579]{1}/", substr($record['box_order'], -1))) { $box_order = "A".$record['box_order']; - $sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE entity = ".$conf->entity." AND box_order = '".$record['box_order']."'"; + $sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$db->escape($box_order)."' WHERE entity = ".$conf->entity." AND box_order = '".$db->escape($record['box_order'])."'"; $resql = $db->query($sql); } elseif (preg_match("/[02468]{1}/", substr($record['box_order'], -1))) { $box_order = "B".$record['box_order']; - $sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$box_order."' WHERE entity = ".$conf->entity." AND box_order = '".$record['box_order']."'"; + $sql = "UPDATE ".MAIN_DB_PREFIX."boxes SET box_order = '".$db->escape($box_order)."' WHERE entity = ".$conf->entity." AND box_order = '".$db->escape($record['box_order'])."'"; $resql = $db->query($sql); } } diff --git a/htdocs/admin/commande.php b/htdocs/admin/commande.php index 9add7675da6..288eac6de92 100644 --- a/htdocs/admin/commande.php +++ b/htdocs/admin/commande.php @@ -357,7 +357,7 @@ print load_fiche_titre($langs->trans("OrdersModelModule"), '', ''); $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); if ($resql) diff --git a/htdocs/admin/contract.php b/htdocs/admin/contract.php index 0b84e23d992..971596d1c06 100644 --- a/htdocs/admin/contract.php +++ b/htdocs/admin/contract.php @@ -287,7 +287,7 @@ print load_fiche_titre($langs->trans("TemplatePDFContracts"), '', ''); $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); if ($resql) diff --git a/htdocs/admin/expedition.php b/htdocs/admin/expedition.php index 92372c076cb..cf01d287d23 100644 --- a/htdocs/admin/expedition.php +++ b/htdocs/admin/expedition.php @@ -296,7 +296,7 @@ $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); diff --git a/htdocs/admin/expensereport.php b/htdocs/admin/expensereport.php index f082c89286f..13b1b0277a6 100644 --- a/htdocs/admin/expensereport.php +++ b/htdocs/admin/expensereport.php @@ -297,7 +297,7 @@ $type = 'expensereport'; $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); if ($resql) diff --git a/htdocs/admin/external_rss.php b/htdocs/admin/external_rss.php index 3d81ab01c43..7f5bcde4b3d 100644 --- a/htdocs/admin/external_rss.php +++ b/htdocs/admin/external_rss.php @@ -80,8 +80,8 @@ if ($action == 'add' || GETPOST("modify")) { // Supprime boite box_external_rss de definition des boites /* $sql = "UPDATE ".MAIN_DB_PREFIX."boxes_def"; - $sql.= " SET name = '".$boxlabel."'"; - $sql.= " WHERE file ='box_external_rss.php' AND note like '".$_POST["norss"]." %'"; + $sql.= " SET name = '".$db->escape($boxlabel)."'"; + $sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape($_POST["norss"])." %'"; $resql=$db->query($sql); if (! $resql) diff --git a/htdocs/admin/facture.php b/htdocs/admin/facture.php index 7042f291828..fe84cf12478 100644 --- a/htdocs/admin/facture.php +++ b/htdocs/admin/facture.php @@ -421,7 +421,7 @@ $type = 'invoice'; $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); if ($resql) diff --git a/htdocs/admin/fichinter.php b/htdocs/admin/fichinter.php index a30a9d767a9..df97e9875a0 100644 --- a/htdocs/admin/fichinter.php +++ b/htdocs/admin/fichinter.php @@ -349,7 +349,7 @@ $type = 'ficheinter'; $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); if ($resql) diff --git a/htdocs/admin/holiday.php b/htdocs/admin/holiday.php index 067c0698a99..bac8e99e70f 100644 --- a/htdocs/admin/holiday.php +++ b/htdocs/admin/holiday.php @@ -299,7 +299,7 @@ print load_fiche_titre($langs->trans("TemplatePDFHolidays"), '', ''); $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); if ($resql) diff --git a/htdocs/admin/limits.php b/htdocs/admin/limits.php index 95a8d52bc57..db29deef9d7 100644 --- a/htdocs/admin/limits.php +++ b/htdocs/admin/limits.php @@ -243,7 +243,7 @@ if (empty($mysoc->country_code)) $sql = "SELECT taux as vat_rate, t.code as vat_code, t.localtax1 as localtax_rate1, t.localtax2 as localtax_rate2"; $sql .= " FROM ".MAIN_DB_PREFIX."c_tva as t, ".MAIN_DB_PREFIX."c_country as c"; - $sql .= " WHERE t.active=1 AND t.fk_pays = c.rowid AND c.code='".$mysoc->country_code."' AND (t.taux <> 0 OR t.localtax1 <>0 OR t.localtax2 <>0)"; + $sql .= " WHERE t.active=1 AND t.fk_pays = c.rowid AND c.code='".$db->escape($mysoc->country_code)."' AND (t.taux <> 0 OR t.localtax1 <>0 OR t.localtax2 <>0)"; $sql .= " ORDER BY t.taux ASC"; $resql = $db->query($sql); if ($resql) diff --git a/htdocs/admin/livraison.php b/htdocs/admin/livraison.php index ddd2b3f83c6..4073b0a59a9 100644 --- a/htdocs/admin/livraison.php +++ b/htdocs/admin/livraison.php @@ -291,7 +291,7 @@ $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index b33741cd571..610dd9c1ef2 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -341,7 +341,7 @@ if (empty($reshook)) $i++; } - $sql .= " WHERE ".$rowidcol." = '".$rowid."'"; + $sql .= " WHERE ".$rowidcol." = ".((int) $rowid); //print $sql;exit; dol_syslog("actionmodify", LOG_DEBUG); //print $sql; @@ -359,7 +359,7 @@ if (empty($reshook)) { $rowidcol = "rowid"; - $sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol."='".$rowid."'"; + $sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol."=".((int) $rowid); dol_syslog("delete", LOG_DEBUG); $result = $db->query($sql); @@ -379,7 +379,7 @@ if (empty($reshook)) { $rowidcol = "rowid"; - $sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol."='".$rowid."'"; + $sql = "UPDATE ".$tabname[$id]." SET active = 1 WHERE ".$rowidcol."=".((int) $rowid); $result = $db->query($sql); if (!$result) @@ -393,7 +393,7 @@ if (empty($reshook)) { $rowidcol = "rowid"; - $sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol."='".$rowid."'"; + $sql = "UPDATE ".$tabname[$id]." SET active = 0 WHERE ".$rowidcol."=".((int) $rowid); $result = $db->query($sql); if (!$result) @@ -443,7 +443,7 @@ if (!$user->admin) } if (empty($conf->global->MAIN_MULTILANGS)) { - $sql .= " AND (lang = '".$langs->defaultlang."' OR lang IS NULL OR lang = '')"; + $sql .= " AND (lang = '".$db->escape($langs->defaultlang)."' OR lang IS NULL OR lang = '')"; } if ($search_label) $sql .= natural_search('label', $search_label); if ($search_type_template != '' && $search_type_template != '-1') $sql .= natural_search('type_template', $search_type_template); diff --git a/htdocs/admin/mrp.php b/htdocs/admin/mrp.php index ffa4d8e7c6b..10e992c7ac2 100644 --- a/htdocs/admin/mrp.php +++ b/htdocs/admin/mrp.php @@ -293,7 +293,7 @@ print load_fiche_titre($langs->trans("MOsModelModule"), '', ''); $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); if ($resql) diff --git a/htdocs/admin/paymentbybanktransfer.php b/htdocs/admin/paymentbybanktransfer.php index c549e29443e..4056ce238e3 100644 --- a/htdocs/admin/paymentbybanktransfer.php +++ b/htdocs/admin/paymentbybanktransfer.php @@ -210,7 +210,7 @@ print load_fiche_titre($langs->trans("OrdersModelModule"),'',''); $def = array(); $sql = "SELECT nom"; $sql.= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql.= " WHERE type = '".$type."'"; +$sql.= " WHERE type = '".$db->escape($type)."'"; $sql.= " AND entity = ".$conf->entity; $resql=$db->query($sql); if ($resql) diff --git a/htdocs/admin/prelevement.php b/htdocs/admin/prelevement.php index 0429fde6287..24d4a379f83 100644 --- a/htdocs/admin/prelevement.php +++ b/htdocs/admin/prelevement.php @@ -217,7 +217,7 @@ print load_fiche_titre($langs->trans("OrdersModelModule"),'',''); $def = array(); $sql = "SELECT nom"; $sql.= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql.= " WHERE type = '".$type."'"; +$sql.= " WHERE type = '".$db->escape($type)."'"; $sql.= " AND entity = ".$conf->entity; $resql=$db->query($sql); if ($resql) diff --git a/htdocs/admin/propal.php b/htdocs/admin/propal.php index a0f9adb86d9..843cf0cfd55 100644 --- a/htdocs/admin/propal.php +++ b/htdocs/admin/propal.php @@ -316,7 +316,7 @@ print load_fiche_titre($langs->trans("ProposalsPDFModules"), '', ''); $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); if ($resql) diff --git a/htdocs/admin/reception_setup.php b/htdocs/admin/reception_setup.php index 4c33ee78ef7..60833669753 100644 --- a/htdocs/admin/reception_setup.php +++ b/htdocs/admin/reception_setup.php @@ -301,7 +301,7 @@ $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); diff --git a/htdocs/admin/stock.php b/htdocs/admin/stock.php index 44ae6a82945..61ab031376b 100644 --- a/htdocs/admin/stock.php +++ b/htdocs/admin/stock.php @@ -516,7 +516,7 @@ print load_fiche_titre($langs->trans("WarehouseModelModules"), '', ''); $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); if ($resql) diff --git a/htdocs/admin/supplier_payment.php b/htdocs/admin/supplier_payment.php index 27b3c023fcb..5541b8ff895 100644 --- a/htdocs/admin/supplier_payment.php +++ b/htdocs/admin/supplier_payment.php @@ -179,7 +179,7 @@ print load_fiche_titre($langs->trans("PaymentsNumberingModule"), '', ''); $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); if ($resql) diff --git a/htdocs/admin/supplier_proposal.php b/htdocs/admin/supplier_proposal.php index b0c5c4bff10..f2110687042 100644 --- a/htdocs/admin/supplier_proposal.php +++ b/htdocs/admin/supplier_proposal.php @@ -310,7 +310,7 @@ print load_fiche_titre($langs->trans("SupplierProposalPDFModules"), '', ''); $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); if ($resql) diff --git a/htdocs/admin/user.php b/htdocs/admin/user.php index 25822cd380b..723a4bb0063 100644 --- a/htdocs/admin/user.php +++ b/htdocs/admin/user.php @@ -192,7 +192,7 @@ $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); if ($resql) diff --git a/htdocs/admin/usergroup.php b/htdocs/admin/usergroup.php index d6b66b6fd22..0b372bf3518 100644 --- a/htdocs/admin/usergroup.php +++ b/htdocs/admin/usergroup.php @@ -124,7 +124,7 @@ $form = new Form($db); $def = array(); $sql = "SELECT nom"; $sql .= " FROM ".MAIN_DB_PREFIX."document_model"; -$sql .= " WHERE type = '".$type."'"; +$sql .= " WHERE type = '".$db->escape($type)."'"; $sql .= " AND entity = ".$conf->entity; $resql = $db->query($sql); if ($resql) diff --git a/htdocs/admin/website.php b/htdocs/admin/website.php index 55c7993788c..595848fe232 100644 --- a/htdocs/admin/website.php +++ b/htdocs/admin/website.php @@ -252,7 +252,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) else $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'"; $i++; } - $sql .= " WHERE ".$rowidcol." = '".$rowid."'"; + $sql .= " WHERE ".$rowidcol." = ".((int) $rowid); dol_syslog("actionmodify", LOG_DEBUG); //print $sql; @@ -310,16 +310,16 @@ if ($action == 'confirm_delete' && $confirm == 'yes') // delete if ($website->id > 0) { - $sql = "DELETE from ".MAIN_DB_PREFIX."website_account WHERE fk_website ='".$rowid."'"; + $sql = "DELETE from ".MAIN_DB_PREFIX."website_account WHERE fk_website = ".((int) $rowid); $result = $db->query($sql); - $sql = "DELETE from ".MAIN_DB_PREFIX."website_page WHERE fk_website ='".$rowid."'"; + $sql = "DELETE from ".MAIN_DB_PREFIX."website_page WHERE fk_website = ".((int) $rowid); $result = $db->query($sql); - $sql = "DELETE from ".MAIN_DB_PREFIX."website_extrafields WHERE fk_object ='".$rowid."'"; + $sql = "DELETE from ".MAIN_DB_PREFIX."website_extrafields WHERE fk_object = ".((int) $rowid); $result = $db->query($sql); - $sql = "DELETE from ".MAIN_DB_PREFIX."website WHERE rowid ='".$rowid."'"; + $sql = "DELETE from ".MAIN_DB_PREFIX."website WHERE rowid = ".((int) $rowid); $result = $db->query($sql); if (!$result) { @@ -346,7 +346,7 @@ if ($action == $acts[0]) if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; } if ($rowid) { - $sql = "UPDATE ".$tabname[$id]." SET status = 1 WHERE rowid ='".$rowid."'"; + $sql = "UPDATE ".$tabname[$id]." SET status = 1 WHERE rowid = ".((int) $rowid); } $result = $db->query($sql); @@ -362,7 +362,7 @@ if ($action == $acts[1]) if ($tabrowid[$id]) { $rowidcol = $tabrowid[$id]; } else { $rowidcol = "rowid"; } if ($rowid) { - $sql = "UPDATE ".$tabname[$id]." SET status = 0 WHERE rowid ='".$rowid."'"; + $sql = "UPDATE ".$tabname[$id]." SET status = 0 WHERE rowid = ".((int) $rowid); } $result = $db->query($sql);