Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

QUAL: Remove use of customurl filter. Must use the USF syntax.

Browse Source
This commit is contained in:
Laurent Destailleur 2024-03-05 03:51:36 +01:00
parent 847c7a73c8
commit c544efec7f
62 changed files with 402 additions and 495 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/accountancy/bookkeeping/export.php
View File

@ -608,7 +608,7 @@ if ($action == 'export_fileconfirm' && $user->hasRight('accounting', 'mouvements
// Replace this with the query($sqlforexport) on a limited block and loop on each line to export them.
$limit = 0;
$offset = 0;
$result = $object->fetchAll($sortorder, $sortfield, $limit, $offset, $filter, 'AND', (!getDolGlobalString('ACCOUNTING_REEXPORT') ? 0 : 1));
$result = $object->fetchAll($sortorder, $sortfield, $limit, $offset, $filter, 'AND', (getDolGlobalString('ACCOUNTING_REEXPORT') ? 1 : 0));
if ($result < 0) {
$error++;

4
htdocs/accountancy/class/accountingjournal.class.php
View File

@ -178,7 +178,7 @@ class AccountingJournal extends CommonObject
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.code' || $key == 't.label' || $key == 't.nature') {
$sqlwhere[] = $key."='".$this->db->escape($value)."'";
$sqlwhere[] = $key." = '".$this->db->escape($value)."'";
} elseif ($key == 't.rowid' || $key == 't.active') {
$sqlwhere[] = $key.'='.((int) $value);
}
@ -187,7 +187,7 @@ class AccountingJournal extends CommonObject
$sql .= ' WHERE 1 = 1';
$sql .= " AND entity IN (".getEntity('accountancy').")";
if (count($sqlwhere) > 0) {
$sql .= " AND ".$this->db->sanitize(implode(" ".$this->db->sanitize($filtermode)." ", $sqlwhere), 1, 1, 1);
$sql .= " AND ".implode(" ".$this->db->sanitize($filtermode)." ", $sqlwhere);
}
if (!empty($sortfield)) {

8
htdocs/accountancy/class/bookkeeping.class.php
View File

@ -915,7 +915,7 @@ class BookKeeping extends CommonObject
} elseif ($key == 't.numero_compte>=' || $key == 't.numero_compte<=' || $key == 't.subledger_account>=' || $key == 't.subledger_account<=') {
$sqlwhere[] = $key.'\''.$this->db->escape($value).'\'';
} elseif ($key == 't.fk_doc' || $key == 't.fk_docdet' || $key == 't.piece_num') {
$sqlwhere[] = $key.'='.$value;
$sqlwhere[] = $key.' = '.((int) $value);
} elseif ($key == 't.subledger_account' || $key == 't.numero_compte') {
$sqlwhere[] = $key.' LIKE \''.$this->db->escape($this->db->escapeforlike($value)).'%\'';
} elseif ($key == 't.date_creation>=' || $key == 't.date_creation<=') {
@ -1114,7 +1114,7 @@ class BookKeeping extends CommonObject
$sql .= " AND t.date_export IS NULL";
}
if (count($sqlwhere) > 0) {
$sql .= ' AND '.$this->db->sanitize(implode(" ".$this->db->sanitize($filtermode)." ", $sqlwhere), 1, 1, 1);
$sql .= ' AND '.implode(" ".$this->db->sanitize($filtermode)." ", $sqlwhere);
}
if (!empty($sortfield)) {
$sql .= $this->db->order($sortfield, $sortorder);
@ -1231,13 +1231,13 @@ class BookKeeping extends CommonObject
} elseif ($key == 't.reconciled_option') {
$sqlwhere[] = 't.lettering_code IS NULL';
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
$sqlwhere[] = $key." LIKE '%".$this->escape($this->db->escapeforlike($value))."%'";
}
}
}
$sql .= ' WHERE entity = ' . ((int) $conf->entity); // Do not use getEntity for accounting features
if (count($sqlwhere) > 0) {
$sql .= " AND ".$this->db->sanitize(implode(" ".$this->db->sanitize($filtermode)." ", $sqlwhere), 1, 1, 1);
$sql .= " AND ".implode(" ".$this->db->sanitize($filtermode)." ", $sqlwhere);
}
if (!empty($option)) {

2
htdocs/admin/defaultvalues.php
View File

@ -356,7 +356,7 @@ print '<input type="submit" class="button"'.$disabled.' value="'.$langs->trans("
print '</td>'."\n";
print '</tr>'."\n";
$result = $object->fetchAll($sortorder, $sortfield, 0, 0, array('t.type'=>$mode,'t.entity'=>array($user->entity,$conf->entity)));
$result = $object->fetchAll($sortorder, $sortfield, 0, 0, array('t.type'=>$mode, 't.entity'=>array($user->entity,$conf->entity)));
if (!is_array($result) && $result < 0) {
setEventMessages($object->error, $object->errors, 'errors');

44
htdocs/bom/class/bom.class.php
View File

@ -1275,7 +1275,7 @@ class BOM extends CommonObject
$this->lines = array();
$objectline = new BOMLine($this->db);
$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_bom = '.((int) $this->id)));
$result = $objectline->fetchAll('ASC', 'position', 0, 0, '(fk_bom:=:'.((int) $this->id).')');
if (is_numeric($result)) {
$this->error = $objectline->error;
@ -1885,18 +1885,17 @@ class BOMLine extends CommonObjectLine
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...)
* @param string $filtermode Filter mode (AND or OR)
* @return array|int int <0 if KO, array of pages if OK
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
global $conf;
dol_syslog(__METHOD__, LOG_DEBUG);
$records = array();
@ -1909,23 +1908,14 @@ class BOMLine extends CommonObjectLine
} else {
$sql .= ' WHERE 1 = 1';
}
// Manage filter
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid') {
$sqlwhere[] = $key." = ".((int) $value);
} elseif (strpos($key, 'date') !== false) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
if (count($sqlwhere) > 0) {
$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
$errormessage = '';
$sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage);
if ($errormessage) {
$this->errors[] = $errormessage;
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
return -1;
}
if (!empty($sortfield)) {

4
htdocs/bookcal/class/availabilities.class.php
View File

@ -392,7 +392,7 @@ class Availabilities extends CommonObject
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
dol_syslog(__METHOD__, LOG_DEBUG);
@ -936,7 +936,7 @@ class Availabilities extends CommonObject
$this->lines = array();
$objectline = new AvailabilitiesLine($this->db);
$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_availabilities = '.((int) $this->id)));
$result = $objectline->fetchAll('ASC', 'position', 0, 0, '(fk_availabilities:=:'.((int) $this->id).')');
if (is_numeric($result)) {
$this->error = $objectline->error;

2
htdocs/bookcal/class/calendar.class.php
View File

@ -926,7 +926,7 @@ class Calendar extends CommonObject
$this->lines = array();
$objectline = new CalendarLine($this->db);
$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_calendar = '.((int) $this->id)));
$result = $objectline->fetchAll('ASC', 'position', 0, 0, '(fk_calendar:=:'.((int) $this->id).')');
if (is_numeric($result)) {
$this->setErrorsFromObject($objectline);

3
htdocs/compta/bank/bankentries_list.php
View File

@ -539,7 +539,8 @@ if ($id > 0 || !empty($ref)) {
require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/bankcateg.class.php';
$bankcateg = new BankCateg($db);
foreach ($bankcateg->fetchAll() as $bankcategory) {
$arrayofbankcateg = $bankcateg->fetchAll();
foreach ($arrayofbankcateg as $bankcategory) {
$options[$bankcategory->id] = $bankcategory->label;
}

4
htdocs/compta/bank/various_payment/card.php
View File

@ -356,7 +356,9 @@ $options = array();
require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/bankcateg.class.php';
$bankcateg = new BankCateg($db);
foreach ($bankcateg->fetchAll() as $bankcategory) {
$arrayofbankcategs = $bankcateg->fetchAll();
foreach ($arrayofbankcategs as $bankcategory) {
$options[$bankcategory->id] = $bankcategory->label;
}

14
htdocs/core/class/commonobject.class.php
View File

@ -10169,20 +10169,20 @@ abstract class CommonObject
// Delete cascade first
if (is_array($this->childtablesoncascade) && !empty($this->childtablesoncascade)) {
foreach ($this->childtablesoncascade as $table) {
$deleteFromObject = explode(':', $table);
foreach ($this->childtablesoncascade as $tabletodelete) {
$deleteFromObject = explode(':', $tabletodelete, 4);
if (count($deleteFromObject) >= 2) {
$className = str_replace('@', '', $deleteFromObject[0]);
$filePath = $deleteFromObject[1];
$columnName = $deleteFromObject[2];
$TMoreSQL = array();
$filter = '';
if (!empty($deleteFromObject[3])) {
$TMoreSQL['customsql'] = $deleteFromObject[3];
$filter = $deleteFromObject[3];
}
if (dol_include_once($filePath)) {
$childObject = new $className($this->db);
if (method_exists($childObject, 'deleteByParentField')) {
$result = $childObject->deleteByParentField($this->id, $columnName, $TMoreSQL);
$result = $childObject->deleteByParentField($this->id, $columnName, $filter);
if ($result < 0) {
$error++;
$this->errors[] = $childObject->error;
@ -10200,7 +10200,7 @@ abstract class CommonObject
}
} else {
// Delete record in child table
$sql = "DELETE FROM ".$this->db->prefix().$table." WHERE ".$this->fk_element." = ".((int) $this->id);
$sql = "DELETE FROM ".$this->db->prefix().$tabletodelete." WHERE ".$this->fk_element." = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
@ -10287,7 +10287,7 @@ abstract class CommonObject
$this->db->begin();
$sql = "SELECT rowid FROM ".$this->db->prefix().$this->table_element;
$sql .= " WHERE ".$parentField." = ".(int) $parentId;
$sql .= " WHERE ".$this->db->sanitize($parentField)." = ".(int) $parentId;
// Manage filter
$errormessage = '';

17
htdocs/core/class/commonobjectline.class.php
View File

@ -198,15 +198,16 @@ abstract class CommonObjectLine extends CommonObject
/**
* Empty function to prevent errors on call of this function must be overload if useful
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit offset limit
* @param int $offset offset limit
* @param array $filter filter array
* @param string $filtermode filter mode (AND or OR)
* @return int Return integer <0 if KO, >0 if OK
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit Limit the number of lines returned
* @param int $offset Offset
* @param string|array $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
return 0;
}

2
htdocs/core/class/cproductnature.class.php
View File

@ -161,8 +161,6 @@ class CProductNature extends CommonDict
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
{
global $conf;
dol_syslog(__METHOD__, LOG_DEBUG);
$sql = "SELECT";

9
htdocs/core/class/cunits.class.php
View File

@ -229,18 +229,19 @@ class CUnits extends CommonDict
$sql .= " t.scale,";
$sql .= " t.active";
$sql .= " FROM ".$this->db->prefix()."c_units as t";
// Manage filter
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid' || $key == 't.active' || $key == 't.scale') {
$sqlwhere[] = $key." = ".((int) $value);
$sqlwhere[] = $this->db->sanitize($key)." = ".((int) $value);
} elseif (strpos($key, 'date') !== false) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
$sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->idate($value)."'";
} elseif ($key == 't.unit_type' || $key == 't.code' || $key == 't.short_label') {
$sqlwhere[] = $key." = '".$this->db->escape($value)."'";
$sqlwhere[] = $this->db->sanitize($key)." = '".$this->db->escape($value)."'";
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
$sqlwhere[] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
}
}
}

67
htdocs/core/class/defaultvalues.class.php
View File

@ -243,18 +243,17 @@ class DefaultValues extends CommonObject
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...)
* @param string $filtermode Filter mode (AND or OR)
* @return array|int int <0 if KO, array of pages if OK
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string|array $filter Filter as an Universal Search string or Array (array use is deprecated)
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
global $conf;
dol_syslog(__METHOD__, LOG_DEBUG);
$records = array();
@ -263,27 +262,39 @@ class DefaultValues extends CommonObject
$sql .= $this->getFieldList();
$sql .= " FROM ".$this->db->prefix().$this->table_element." as t";
$sql .= " WHERE 1 = 1";
// Manage filter
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid' || ($key == 't.entity' && !is_array($value)) || ($key == 't.user_id' && !is_array($value))) {
$sqlwhere[] = $key." = ".((int) $value);
} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 't.page' || $key == 't.param' || $key == 't.type') {
$sqlwhere[] = $key." = '".$this->db->escape($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} elseif (is_array($value)) {
$sqlwhere[] = $key." IN (".$this->db->sanitize(implode(',', $value)).")";
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
// Deprecated. For compatibility.
if (is_array($filter)) {
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid' || ($key == 't.entity' && !is_array($value)) || ($key == 't.user_id' && !is_array($value))) {
$sqlwhere[] = $key." = ".((int) $value);
} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 't.page' || $key == 't.param' || $key == 't.type') {
$sqlwhere[] = $key." = '".$this->db->escape($value)."'";
} elseif (is_array($value)) {
$sqlwhere[] = $key." IN (".$this->db->sanitize(implode(',', $value)).")";
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
if (count($sqlwhere) > 0) {
$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
}
$filter = '';
}
if (count($sqlwhere) > 0) {
$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
// Manage filter
$errormessage = '';
$sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage);
if ($errormessage) {
$this->errors[] = $errormessage;
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
return -1;
}
if (!empty($sortfield)) {

1
htdocs/core/lib/functions.lib.php
View File

@ -12719,6 +12719,7 @@ function forgeSQLFromUniversalSearchCriteria($filter, &$errorstr = '', $noand =
$t = preg_replace_callback('/'.$regexstring.'/i', 'dolForgeDummyCriteriaCallback', $filter);
$t = str_replace(array('and','or','AND','OR',' '), '', $t); // Remove the only strings allowed between each () criteria
// If the string result contains something else than '()', the syntax was wrong
if (preg_match('/[^\(\)]/', $t)) {
$tmperrorstr = 'Bad syntax of the search string';
$errorstr = 'Bad syntax of the search string: '.$filter;

6
htdocs/core/lib/project.lib.php
View File

@ -240,7 +240,7 @@ function project_prepare_head(Project $project, $moreparam = '')
} else {
require_once DOL_DOCUMENT_ROOT.'/eventorganization/class/conferenceorbooth.class.php';
$conforbooth=new ConferenceOrBooth($db);
$result = $conforbooth->fetchAll('', '', 0, 0, array('t.fk_project'=>$project->id));
$result = $conforbooth->fetchAll('', '', 0, 0, '(t.fk_project:=:'.((int) $project->id).")");
//,
if (!is_array($result) && $result<0) {
setEventMessages($conforbooth->error, $conforbooth->errors, 'errors');
@ -256,8 +256,8 @@ function project_prepare_head(Project $project, $moreparam = '')
} else {
require_once DOL_DOCUMENT_ROOT.'/eventorganization/class/conferenceorboothattendee.class.php';
$conforboothattendee=new ConferenceOrBoothAttendee($db);
$result = $conforboothattendee->fetchAll('', '', 0, 0, array('t.fk_project'=>$project->id));
//,
$result = $conforboothattendee->fetchAll('', '', 0, 0, '(t.fk_project:=:'.((int) $project->id).')');
if (!is_array($result) && $result<0) {
setEventMessages($conforboothattendee->error, $conforboothattendee->errors, 'errors');
} else {

4
htdocs/core/tpl/card_presend.tpl.php
View File

@ -220,11 +220,11 @@ if ($action == 'presend') {
}
}
}
if (getDolGlobalString('MAIN_MAIL_ENABLED_USER_DEST_SELECT')) {
$listeuser = array();
$fuserdest = new User($db);
$result = $fuserdest->fetchAll('ASC', 't.lastname', 0, 0, array('customsql'=>"t.statut=1 AND t.employee=1 AND t.email IS NOT NULL AND t.email <> ''"), 'AND', true);
$result = $fuserdest->fetchAll('ASC', 't.lastname', 0, 0, "(t.statut:=:1) AND (t.employee:=:1) AND (t.email:isnot:NULL) AND (t.email:!=:'')", 'AND', true);
if ($result > 0 && is_array($fuserdest->users) && count($fuserdest->users) > 0) {
foreach ($fuserdest->users as $uuserdest) {
$listeuser[$uuserdest->id] = $uuserdest->user_get_property($uuserdest->id, 'email');

5
htdocs/cron/class/cronjob.class.php
View File

@ -571,13 +571,14 @@ class Cronjob extends CommonObject
} elseif ($status == 2) {
$sql .= " AND t.status = 2";
}
// Manage filter
if (is_array($filter) && count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid') {
$sql .= " AND ".$key." = ".((int) $value);
$sql .= " AND ".$this->db->sanitize($key)." = ".((int) $value);
} else {
$sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'";
$sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
}
}
}

18
htdocs/ecm/class/ecmfiles.class.php
View File

@ -530,14 +530,13 @@ class EcmFiles extends CommonObject
/**
* Load object in memory from the database
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit offset limit
* @param int $offset offset limit
* @param array $filter filter array
* @param string $filtermode filter mode (AND or OR)
*
* @return int Return integer <0 if KO, >0 if OK
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset offset limit
* @param array $filter filter array
* @param string $filtermode filter mode (AND or OR)
* @return int Return integer <0 if KO, >0 if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
{
@ -573,10 +572,11 @@ class EcmFiles extends CommonObject
if ($key == 't.src_object_id') {
$sqlwhere[] = $key." = ".((int) $value);
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
$sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
}
}
}
$sql .= ' WHERE 1 = 1';
/* Fetching this table depends on filepath+filename, it must not depends on entity
if (isModEnabled('multicompany')) {

42
htdocs/eventorganization/class/conferenceorbooth.class.php
View File

@ -273,15 +273,16 @@ class ConferenceOrBooth extends ActionComm
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...)
* @param string $filtermode Filter mode (AND or OR)
* @return array|int int <0 if KO, array of pages if OK
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
//TODO set percent according status
global $conf;
@ -299,25 +300,14 @@ class ConferenceOrBooth extends ActionComm
} else {
$sql .= ' WHERE 1 = 1';
}
// Manage filter
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.id' || $key == 't.fk_project' || $key == 't.fk_soc' || $key == 't.fk_action') {
$sqlwhere[] = $key." = ".((int) $value);
} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} elseif (strpos($value, '%') === false) {
$sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')';
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
if (count($sqlwhere) > 0) {
$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
$errormessage = '';
$sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage);
if ($errormessage) {
$this->errors[] = $errormessage;
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
return -1;
}
if (!empty($sortfield)) {

44
htdocs/eventorganization/class/conferenceorboothattendee.class.php
View File

@ -401,18 +401,17 @@ class ConferenceOrBoothAttendee extends CommonObject
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...). WARNING: customerurl must be a sanitized SQL string.
* @param string $filtermode Filter mode (AND or OR)
* @return array|int int <0 if KO, array of pages if OK
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
global $conf;
dol_syslog(__METHOD__, LOG_DEBUG);
$records = array();
@ -426,25 +425,14 @@ class ConferenceOrBoothAttendee extends CommonObject
} else {
$sql .= ' WHERE 1 = 1';
}
// Manage filter
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid' || $key == 't.fk_soc' || $key == 't.fk_project' || $key == 't.fk_actioncomm') {
$sqlwhere[] = $key.'='.((int) $value);
} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} elseif (strpos($value, '%') === false) {
$sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')';
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
if (count($sqlwhere) > 0) {
$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
$errormessage = '';
$sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage);
if ($errormessage) {
$this->errors[] = $errormessage;
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
return -1;
}
if (!empty($sortfield)) {

4
htdocs/eventorganization/lib/eventorganization_conferenceorbooth.lib.php
View File

@ -139,7 +139,7 @@ function conferenceorboothProjectPrepareHead($object)
} else {
require_once DOL_DOCUMENT_ROOT.'/eventorganization/class/conferenceorbooth.class.php';
$conforbooth=new ConferenceOrBooth($db);
$result = $conforbooth->fetchAll('', '', 0, 0, array('t.fk_project'=>$object->id));
$result = $conforbooth->fetchAll('', '', 0, 0, '(t.fk_project:=:'.((int) $object->id).')');
if (!is_array($result) && $result<0) {
setEventMessages($conforbooth->error, $conforbooth->errors, 'errors');
} else {
@ -165,7 +165,7 @@ function conferenceorboothProjectPrepareHead($object)
} else {
require_once DOL_DOCUMENT_ROOT.'/eventorganization/class/conferenceorboothattendee.class.php';
$attendees=new ConferenceOrBoothAttendee($db);
$result = $attendees->fetchAll('', '', 0, 0, array('t.fk_project'=>$object->id));
$result = $attendees->fetchAll('', '', 0, 0, '(t.fk_project:=:'.((int) $object->id).')');
if (!is_array($result) && $result<0) {
setEventMessages($attendees->error, $attendees->errors, 'errors');
} else {

1
htdocs/fourn/class/fournisseur.commande.class.php
View File

@ -3528,6 +3528,7 @@ class CommandeFournisseur extends CommonOrder
$qtywished = array();
$supplierorderdispatch = new CommandeFournisseurDispatch($this->db);
$filter = array('t.fk_commande' => $this->id);
if (getDolGlobalString('SUPPLIER_ORDER_USE_DISPATCH_STATUS')) {
$filter['t.status'] = 1; // Restrict to lines with status validated

25
htdocs/fourn/class/fournisseur.commande.dispatch.class.php
View File

@ -646,14 +646,13 @@ class CommandeFournisseurDispatch extends CommonObjectLine
/**
* Load object in memory from the database
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit offset limit
* @param int $offset offset limit
* @param array $filter filter array
* @param string $filtermode filter mode (AND or OR)
*
* @return int Return integer <0 if KO, >0 if OK
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset offset limit
* @param array $filter filter array
* @param string $filtermode filter mode (AND or OR)
* @return int Return integer <0 if KO, >0 if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
{
@ -661,7 +660,6 @@ class CommandeFournisseurDispatch extends CommonObjectLine
$sql = "SELECT";
$sql .= " t.rowid,";
$sql .= " t.fk_commande,";
$sql .= " t.fk_product,";
$sql .= " t.fk_commandefourndet,";
@ -675,7 +673,6 @@ class CommandeFournisseurDispatch extends CommonObjectLine
$sql .= " t.batch,";
$sql .= " t.eatby,";
$sql .= " t.sellby";
$sql .= " FROM ".MAIN_DB_PREFIX.$this->table_element." as t";
// Manage filter
@ -683,13 +680,13 @@ class CommandeFournisseurDispatch extends CommonObjectLine
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.comment') {
$sqlwhere [] = $key." LIKE '%".$this->db->escape($value)."%'";
$sqlwhere [] = $this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
} elseif ($key == 't.datec' || $key == 't.tms' || $key == 't.eatby' || $key == 't.sellby' || $key == 't.batch') {
$sqlwhere [] = $key." = '".$this->db->escape($value)."'";
$sqlwhere [] = $this->db->sanitize($key)." = '".$this->db->escape($value)."'";
} elseif ($key == 'qty') {
$sqlwhere [] = $key." = ".((float) $value);
$sqlwhere [] = $this->db->sanitize($key)." = ".((float) $value);
} else {
$sqlwhere [] = $key." = ".((int) $value);
$sqlwhere [] = $this->db->sanitize($key)." = ".((int) $value);
}
}
}

4
htdocs/hrm/class/evaluation.class.php
View File

@ -232,7 +232,7 @@ class Evaluation extends CommonObject
if ($resultcreate > 0) {
require_once DOL_DOCUMENT_ROOT . '/hrm/class/skillrank.class.php';
$skillRank = new SkillRank($this->db);
$TRequiredRanks = $skillRank->fetchAll('ASC', 't.rowid', 0, 0, array('customsql' => 'fk_object='.$this->fk_job." AND objecttype='job'"));
$TRequiredRanks = $skillRank->fetchAll('ASC', 't.rowid', 0, 0, '(fk_object:=:'.((int) $this->fk_job).") AND (objecttype:=:'job')");
if (is_array($TRequiredRanks) && !empty($TRequiredRanks)) {
$this->lines = array();
@ -918,7 +918,7 @@ class Evaluation extends CommonObject
$this->lines = array();
$objectline = new EvaluationLine($this->db);
$result = $objectline->fetchAll('ASC', '', 0, 0, array('customsql'=>'fk_evaluation = '.$this->id));
$result = $objectline->fetchAll('ASC', '', 0, 0, '(fk_evaluation:=:'.((int) $this->id).')');
if (is_numeric($result)) {
$this->error = $objectline->error;

14
htdocs/hrm/class/evaluationdet.class.php
View File

@ -352,16 +352,16 @@ class EvaluationLine extends CommonObjectLine
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
global $conf;
@ -886,7 +886,7 @@ class EvaluationLine extends CommonObjectLine
$this->lines = array();
$objectline = new EvaluationLine($this->db);
$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_evaluationdet = '.$this->id));
$result = $objectline->fetchAll('ASC', 'position', 0, 0, '(fk_evaluationdet:=:'.((int) $this->id).')');
if (is_numeric($result)) {
$this->error = $objectline->error;

18
htdocs/hrm/class/job.class.php
View File

@ -1,10 +1,10 @@
<?php
/* Copyright (C) 2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2021 Gauthier VERDOL <gauthier.verdol@atm-consulting.fr>
* Copyright (C) 2021 Greg Rastklan <greg.rastklan@atm-consulting.fr>
* Copyright (C) 2021 Jean-Pascal BOUDET <jean-pascal.boudet@atm-consulting.fr>
* Copyright (C) 2021 Grégory BLEMAND <gregory.blemand@atm-consulting.fr>
* Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
/* Copyright (C) 2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2021 Gauthier VERDOL <gauthier.verdol@atm-consulting.fr>
* Copyright (C) 2021 Greg Rastklan <greg.rastklan@atm-consulting.fr>
* Copyright (C) 2021 Jean-Pascal BOUDET <jean-pascal.boudet@atm-consulting.fr>
* Copyright (C) 2021 Grégory BLEMAND <gregory.blemand@atm-consulting.fr>
* Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -153,10 +153,10 @@ class Job extends CommonObject
// /**
// * @var array List of child tables. To know object to delete on cascade.
// * If name matches '@ClassNAme:FilePathClass;ParentFkFieldName' it will
// * If name matches '@ClassNAme:FilePathClass:ParentFkFieldName' it will
// * call method deleteByParentField(parentId, ParentFkFieldName) to fetch and delete child object
// */
protected $childtablesoncascade = array("@SkillRank:hrm/class/skillrank.class.php:fk_object:objecttype='job'");
protected $childtablesoncascade = array("@SkillRank:hrm/class/skillrank.class.php:fk_object:(objecttype:=:'job')");
// /**
// * @var JobLine[] Array of subtable lines
@ -926,7 +926,7 @@ class Job extends CommonObject
$this->lines = array();
$objectline = new JobLine($this->db);
$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_job = '.$this->id));
$result = $objectline->fetchAll('ASC', 'position', 0, 0, '(fk_job:=:'.((int) $this->id).')');
if (is_numeric($result)) {
$this->error = $objectline->error;

4
htdocs/hrm/class/position.class.php
View File

@ -968,7 +968,7 @@ class Position extends CommonObject
$this->lines = array();
$objectline = new PositionLine($this->db);
$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql' => 'fk_position = ' . $this->id));
$result = $objectline->fetchAll('ASC', 'position', 0, 0, '(fk_position:=:'.((int) $this->id).')');
if (is_numeric($result)) {
$this->error = $objectline->error;
@ -1045,7 +1045,7 @@ class Position extends CommonObject
{
$TPosition = array();
$TPosition = $this->fetchAll('ASC', 't.rowid', 0, 0, array('customsql' => 'fk_user=' . $userid));
$TPosition = $this->fetchAll('ASC', 't.rowid', 0, 0, '(fk_user:=:'.((int) $userid).')');
return $TPosition;
}

16
htdocs/hrm/class/skill.class.php
View File

@ -424,19 +424,17 @@ class Skill extends CommonObject
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
global $conf;
dol_syslog(__METHOD__, LOG_DEBUG);
$records = array();
@ -967,7 +965,7 @@ class Skill extends CommonObject
$this->lines = array();
$objectline = new Skilldet($this->db);
$result = $objectline->fetchAll('ASC', 'rankorder', 0, 0, array('customsql'=>'fk_skill = '.$this->id));
$result = $objectline->fetchAll('ASC', 'rankorder', 0, 0, '(fk_skill:=:'.((int) $this->id).')');
if (is_numeric($result)) {
$this->error = $objectline->error;

14
htdocs/hrm/class/skilldet.class.php
View File

@ -347,19 +347,17 @@ class Skilldet extends CommonObjectLine
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
global $conf;
dol_syslog(__METHOD__, LOG_DEBUG);
$records = array();

21
htdocs/hrm/class/skillrank.class.php
View File

@ -218,8 +218,9 @@ class SkillRank extends CommonObject
{
global $langs;
$sqlfilter = 'fk_object='.((int) $this->fk_object)." AND objecttype='".$this->db->escape($this->objecttype)."' AND fk_skill = ".((int) $this->fk_skill);
$alreadyLinked = $this->fetchAll('ASC', 'rowid', 0, 0, array('customsql' => $sqlfilter));
$filter = '(fk_object:=:'.((int) $this->fk_object).") AND (objecttype:=:'".$this->db->escape($this->objecttype)."') AND (fk_skill:=:".((int) $this->fk_skill).")";
$alreadyLinked = $this->fetchAll('ASC', 'rowid', 0, 0, $filter);
if (!empty($alreadyLinked)) {
$this->error = $langs->trans('ErrSkillAlreadyAdded');
return -1;
@ -395,19 +396,17 @@ class SkillRank extends CommonObject
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
global $conf;
dol_syslog(__METHOD__, LOG_DEBUG);
$records = array();
@ -925,7 +924,7 @@ class SkillRank extends CommonObject
/*
$objectline = new SkillRankLine($this->db);
$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_skillrank = '.((int) $this->id)));
$result = $objectline->fetchAll('ASC', 'position', 0, 0, '(fk_skillrank:=:'.((int) $this->id).')');
if (is_numeric($result)) {
$this->error = $objectline->error;

2
htdocs/hrm/evaluation_card.php
View File

@ -169,7 +169,7 @@ if (empty($reshook)) {
if ($action == 'close') {
// save evaldet lines to user;
$sk = new SkillRank($db);
$SkillrecordsForActiveUser = $sk->fetchAll('ASC', 'fk_skill', 0, 0, array("customsql"=>"fk_object = ".$object->fk_user ." AND objecttype ='".SkillRank::SKILLRANK_TYPE_USER."'"), 'AND');
$SkillrecordsForActiveUser = $sk->fetchAll('ASC', 'fk_skill', 0, 0, "(fk_object:=:".((int) $object->fk_user).") AND (objecttype:=:'".$db->escape(SkillRank::SKILLRANK_TYPE_USER)."')", 'AND');
$errors = 0;
// we go through the evaldets of the eval

2
htdocs/hrm/lib/hrm_skillrank.lib.php
View File

@ -113,7 +113,7 @@ function displayRankInfos($selected_rank, $fk_skill, $inputname = 'TNote', $mode
// On charge les différentes notes possibles pour la compétence $fk_skill
$skilldet = new Skilldet($db);
$Lines = $skilldet->fetchAll('ASC', 'rankorder', 0, 0, array('customsql'=>'fk_skill = '.$fk_skill));
$Lines = $skilldet->fetchAll('ASC', 'rankorder', 0, 0, '(fk_skill:=:'.((int) $fk_skill).')');
if (!is_array($Lines) && $Lines<0) {
setEventMessages($skilldet->error, $skilldet->errors, 'errors');

2
htdocs/hrm/skill_tab.php
View File

@ -159,7 +159,7 @@ if (empty($reshook)) {
} elseif ($action == 'saveSkill') {
if (!empty($TNote)) {
foreach ($TNote as $skillId => $rank) {
$TSkills = $skill->fetchAll('ASC', 't.rowid', 0, 0, array('customsql' => 'fk_object=' . ((int) $id) . " AND objecttype='" . $db->escape($objecttype) . "' AND fk_skill = " . ((int) $skillId)));
$TSkills = $skill->fetchAll('ASC', 't.rowid', 0, 0, '(fk_object:=:'.((int) $id).") AND (objecttype:=:'".$db->escape($objecttype)."') AND (fk_skill:=:".((int) $skillId).')');
if (is_array($TSkills) && !empty($TSkills)) {
foreach ($TSkills as $tmpObj) {
$tmpObj->rankorder = $rank;

6
htdocs/knowledgemanagement/class/knowledgerecord.class.php
View File

@ -401,12 +401,10 @@ class KnowledgeRecord extends CommonObject
$sqlwhere[] = $key." = ".((int) $value);
} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} elseif (strpos($value, '%') === false) {
$sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')';
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
$sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
}
}
}
@ -978,7 +976,7 @@ class KnowledgeRecord extends CommonObject
$this->lines = array();
$objectline = new KnowledgeRecordLine($this->db);
$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_knowledgerecord = '.((int) $this->id)));
$result = $objectline->fetchAll('ASC', 'position', 0, 0, '(fk_knowledgerecord:=:'.((int) $this->id).')');
if (is_numeric($result)) {
$this->error = $objectline->error;

2
htdocs/loan/class/loanschedule.class.php
View File

@ -436,8 +436,6 @@ class LoanSchedule extends CommonObject
*/
public function fetchAll($loanid)
{
global $langs;
$sql = "SELECT";
$sql .= " t.rowid,";
$sql .= " t.fk_loan,";

2
htdocs/modulebuilder/template/class/myobject.class.php
View File

@ -1091,7 +1091,7 @@ class MyObject extends CommonObject
$this->lines = array();
$objectline = new MyObjectLine($this->db);
$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_myobject = '.((int) $this->id)));
$result = $objectline->fetchAll('ASC', 'position', 0, 0, '(fk_myobject:=:'.((int) $this->id).')');
if (is_numeric($result)) {
$this->setErrorsFromObject($objectline);

70
htdocs/mrp/class/mo.class.php
View File

@ -506,10 +506,8 @@ class Mo extends CommonObject
$sqlwhere[] = $key." = ".((int) $value);
} elseif (strpos($key, 'date') !== false) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
$sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
}
}
}
@ -911,7 +909,7 @@ class Mo extends CommonObject
if (!empty($fk_movement)) {
// The fk_movement was not recorded so we try to guess the product and quantity to restore.
$moline = new MoLine($this->db);
$TArrayMoLine = $moline->fetchAll('', '', 1, 0, array('customsql' => 'fk_stock_movement = '.(int) $fk_movement));
$TArrayMoLine = $moline->fetchAll('', '', 1, 0, '(fk_stock_movement:=:'.((int) $fk_movement).')');
$moline = array_shift($TArrayMoLine);
$movement = new MouvementStock($this->db);
@ -1613,11 +1611,11 @@ class Mo extends CommonObject
$objectline = new MoLine($this->db);
$TFilters = array('customsql'=>'fk_mo = '.((int) $this->id));
$filter = '(fk_mo:=:'.((int) $this->id).')';
if (!empty($rolefilter)) {
$TFilters['role'] = $rolefilter;
$filter .= " AND (role:=:'".$this->db->escape($rolefilter)."')";
}
$result = $objectline->fetchAll('ASC', 'position', 0, 0, $TFilters);
$result = $objectline->fetchAll('ASC', 'position', 0, 0, $filter);
if (is_numeric($result)) {
$this->error = $objectline->error;
@ -2146,18 +2144,16 @@ class MoLine extends CommonObjectLine
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...)
* @param string $filtermode Filter mode (AND or OR)
* @return array|int int <0 if KO, array of pages if OK
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string|array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...)
* @param string $filtermode Filter mode (AND or OR)
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
global $conf;
dol_syslog(__METHOD__, LOG_DEBUG);
$records = array();
@ -2170,23 +2166,35 @@ class MoLine extends CommonObjectLine
} else {
$sql .= ' WHERE 1 = 1';
}
// Manage filter
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid') {
$sqlwhere[] = $key." = ".((int) $value);
} elseif (strpos($key, 'date') !== false) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
// Deprecated.
if (is_array($filter)) {
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid') {
$sqlwhere[] = $key." = ".((int) $value);
} elseif (strpos($key, 'date') !== false) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
}
}
}
if (count($sqlwhere) > 0) {
$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
}
$filter = '';
}
if (count($sqlwhere) > 0) {
$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
// Manage filter
$errormessage = '';
$sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage);
if ($errormessage) {
$this->errors[] = $errormessage;
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
return -1;
}
if (!empty($sortfield)) {

42
htdocs/opensurvey/class/opensurveysondage.class.php
View File

@ -803,15 +803,16 @@ class Opensurveysondage extends CommonObject
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...)
* @param string $filtermode Filter mode (AND or OR)
* @return array|int int <0 if KO, array of pages if OK
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
dol_syslog(__METHOD__, LOG_DEBUG);
@ -825,25 +826,14 @@ class Opensurveysondage extends CommonObject
} else {
$sql .= ' WHERE 1 = 1';
}
// Manage filter
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid') {
$sqlwhere[] = $key." = ".((int) $value);
} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} elseif (strpos($value, '%') === false) {
$sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")";
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
if (count($sqlwhere) > 0) {
$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
$errormessage = '';
$sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage);
if ($errormessage) {
$this->errors[] = $errormessage;
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
return -1;
}
if (!empty($sortfield)) {

6
htdocs/partnership/class/partnership.class.php
View File

@ -454,12 +454,10 @@ class Partnership extends CommonObject
$sqlwhere[] = $key." = ".((int) $value);
} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} elseif (strpos($value, '%') === false) {
$sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")";
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
$sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
}
}
}
@ -1179,7 +1177,7 @@ class Partnership extends CommonObject
$this->lines = array();
$objectline = new PartnershipLine($this->db);
$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_partnership = '.((int) $this->id)));
$result = $objectline->fetchAll('ASC', 'position', 0, 0, '(fk_partnership:=:'.((int) $this->id).')');
if (is_numeric($result)) {
$this->error = $objectline->error;

2
htdocs/partnership/class/partnership_type.class.php
View File

@ -160,7 +160,7 @@ class PartnershipType extends CommonObject
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
global $conf;

10
htdocs/product/class/productcustomerprice.class.php
View File

@ -421,15 +421,15 @@ class ProductCustomerPrice extends CommonObject
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year
$sql .= " AND ".$key." = '".$this->db->escape($value)."'";
$sql .= " AND ".$this->db->sanitize($key)." = '".$this->db->escape($value)."'";
} elseif ($key == 'soc.nom') {
$sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'";
$sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
} elseif ($key == 'prod.ref' || $key == 'prod.label') {
$sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'";
$sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
} elseif ($key == 't.price' || $key == 't.price_ttc') {
$sql .= " AND ".$key." LIKE '%".price2num($value)."%'";
$sql .= " AND ".$this->db->sanitize($key)." = ".((float) price2num($value));
} else {
$sql .= " AND ".$key." = ".((int) $value);
$sql .= " AND ".$this->db->sanitize($key)." = ".((int) $value);
}
}
}

4
htdocs/product/class/productfournisseurprice.class.php
View File

@ -350,12 +350,10 @@ class ProductFournisseurPrice extends CommonObject
$sqlwhere[] = $key." = ".((int) $value);
} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} elseif (strpos($value, '%') === false) {
$sqlwhere[] = $key.' IN ('.$this->db->sanitize($this->db->escape($value)).')';
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
$sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
}
}
}

25
htdocs/product/stock/class/productstockentrepot.class.php
View File

@ -230,16 +230,15 @@ class ProductStockEntrepot extends CommonObject
/**
* Load object in memory from the database
*
* @param int $fk_product Product from which we want to get limit and desired stock by warehouse
* @param int $fk_entrepot Warehouse in which we want to get products limit and desired stock
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit offset limit
* @param int $offset offset limit
* @param array $filter filter array
* @param string $filtermode filter mode (AND or OR)
*
* @return int|array Return integer <0 if KO, array if OK
* @param int $fk_product Product from which we want to get limit and desired stock by warehouse
* @param int $fk_entrepot Warehouse in which we want to get products limit and desired stock
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset offset limit
* @param array $filter filter array
* @param string $filtermode filter mode (AND or OR)
* @return int|array Return integer <0 if KO, array if OK
*/
public function fetchAll($fk_product = 0, $fk_entrepot = 0, $sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
{
@ -247,24 +246,20 @@ class ProductStockEntrepot extends CommonObject
$sql = "SELECT";
$sql .= " t.rowid,";
$sql .= " t.tms,";
$sql .= " t.fk_product,";
$sql .= " t.fk_entrepot,";
$sql .= " t.seuil_stock_alerte,";
$sql .= " t.desiredstock,";
$sql .= " t.import_key";
$sql .= " FROM ".$this->db->prefix().$this->table_element." as t";
$sql .= " WHERE 1=1";
// Manage filter
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
$sqlwhere [] = $key." LIKE '%".$this->db->escape($value)."%'";
$sqlwhere[] = $key." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
}
}
if (count($sqlwhere) > 0) {

2
htdocs/product/stock/stocktransfer/class/stocktransfer.class.php
View File

@ -936,7 +936,7 @@ class StockTransfer extends CommonObject
$this->lines = array();
$objectline = new StockTransferLine($this->db);
$result = $objectline->fetchAll('ASC', 'rang', 0, 0, array('customsql'=>'fk_stocktransfer = '.$this->id));
$result = $objectline->fetchAll('ASC', 'rang', 0, 0, "(fk_stocktransfer:=:".((int) $this->id).")");
if (is_numeric($result)) {
$this->error = $objectline->error;

2
htdocs/product/stock/stocktransfer/stocktransfer_card.php
View File

@ -194,7 +194,7 @@ if (empty($reshook)) {
if (empty($error)) {
$line = new StockTransferLine($db);
$records = $line->fetchAll('', '', 0, 0, array('customsql'=>' fk_stocktransfer = '.((int) $id).' AND fk_product = '.((int) $fk_product).' AND fk_warehouse_source = '.((int) $fk_warehouse_source).' AND fk_warehouse_destination = '.((int) $fk_warehouse_destination).' AND ('.(empty($batch) ? 'batch = "" or batch IS NULL' : "batch = '".$db->escape($batch)."'").')'));
$records = $line->fetchAll('', '', 0, 0, '(fk_stocktransfer:=:'.((int) $id).') AND (fk_product:=:'.((int) $fk_product).') AND (fk_warehouse_source:=:'.((int) $fk_warehouse_source).') AND (fk_warehouse_destination:=:'.((int) $fk_warehouse_destination).') AND ('.(empty($batch) ? "(batch:=:'') OR (batch:IS:NULL)" : "batch:=:'".$db->escape($batch)."'").')');
if (!empty($records[key($records)])) {
$line = $records[key($records)];
}

2
htdocs/public/bookcal/index.php
View File

@ -418,7 +418,7 @@ if ($action == 'afteradd') {
// Load into an array all days with availabilities of the calendar for the current month $todayarray['mon'] and $todayarray['year']
$arrayofavailabledays = array();
$arrayofavailabilities = $availability->fetchAll('', '', 0, 0, array('status' => '1', 'fk_bookcal_calendar' => $id));
$arrayofavailabilities = $availability->fetchAll('', '', 0, 0, '(status:=:1) AND (fk_bookcal_calendar:=:'.((int) $id).')');
if ($arrayofavailabilities < 0) {
setEventMessages($availability->error, $availability->errors, 'errors');
} else {

4
htdocs/public/eventorganization/attendee_new.php
View File

@ -268,10 +268,10 @@ if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conferen
$filter = array();
if ($type == 'global') {
$filter = array('t.fk_project'=>((int) $id), 'customsql'=>'t.email="'.$db->escape($email).'"');
$filter = "(t.fk_project:=:".((int) $id).") AND (t.email:=:'".$db->escape($email)."')";
}
if ($type == 'conf') {
$filter = array('t.fk_actioncomm'=>((int) $id), 'customsql'=>'t.email="'.$db->escape($email).'"');
$filter = "(t.fk_actioncomm:=:".((int) $id).") AND (t.email:=:'".$db->escape($email)."')";
}
// Check if there is already an attendee into table eventorganization_conferenceorboothattendee for same event (or conference/booth)

2
htdocs/public/opensurvey/index.php
View File

@ -169,7 +169,7 @@ if (getDolGlobalString('OPENSURVEY_IMAGE_PUBLIC_INTERFACE')) {
}
$results = $object->fetchAll($sortfield, $sortorder, 0, 0, array('status' => 1));
$results = $object->fetchAll($sortfield, $sortorder, 0, 0, '(status:=:1)');
$now = dol_now();
if (is_array($results)) {

2
htdocs/public/partnership/new.php
View File

@ -597,7 +597,7 @@ jQuery(document).ready(function () {
// Type
$partnershiptype = new PartnershipType($db);
$listofpartnershipobj = $partnershiptype->fetchAll('', '', 1000, 0, array('active'=>1));
$listofpartnershipobj = $partnershiptype->fetchAll('', '', 1000, 0, '(active:=:1)');
$listofpartnership = array();
foreach ($listofpartnershipobj as $partnershipobj) {
$listofpartnership[$partnershipobj->id] = $partnershipobj->label;

2
htdocs/public/recruitment/index.php
View File

@ -170,7 +170,7 @@ if (getDolGlobalString('RECRUITMENT_IMAGE_PUBLIC_INTERFACE')) {
}
$results = $object->fetchAll($sortfield, $sortorder, 0, 0, array('status' => 1));
$results = $object->fetchAll($sortfield, $sortorder, 0, 0, '(status:=:1)');
$now = dol_now();
if (is_array($results)) {

44
htdocs/recruitment/class/recruitmentcandidature.class.php
View File

@ -356,15 +356,16 @@ class RecruitmentCandidature extends CommonObject
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...)
* @param string $filtermode Filter mode (AND or OR)
* @return array|int int <0 if KO, array of pages if OK
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
dol_syslog(__METHOD__, LOG_DEBUG);
@ -378,25 +379,14 @@ class RecruitmentCandidature extends CommonObject
} else {
$sql .= ' WHERE 1 = 1';
}
// Manage filter
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid') {
$sqlwhere[] = $key." = ".((int) $value);
} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} elseif (strpos($value, '%') === false) {
$sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")";
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
if (count($sqlwhere) > 0) {
$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
$errormessage = '';
$sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage);
if ($errormessage) {
$this->errors[] = $errormessage;
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
return -1;
}
if (!empty($sortfield)) {
@ -924,7 +914,7 @@ class RecruitmentCandidature extends CommonObject
$this->lines = array();
$objectline = new RecruitmentCandidatureLine($this->db);
$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_recruitmentcandidature = '.((int) $this->id)));
$result = $objectline->fetchAll('ASC', 'position', 0, 0, '(fk_recruitmentcandidature:=:'.((int) $this->id).')');
if (is_numeric($result)) {
$this->error = $objectline->error;

42
htdocs/recruitment/class/recruitmentjobposition.class.php
View File

@ -371,15 +371,16 @@ class RecruitmentJobPosition extends CommonObject
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...)
* @param string $filtermode Filter mode (AND or OR)
* @return array|int int <0 if KO, array of pages if OK
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
dol_syslog(__METHOD__, LOG_DEBUG);
@ -393,25 +394,14 @@ class RecruitmentJobPosition extends CommonObject
} else {
$sql .= ' WHERE 1 = 1';
}
// Manage filter
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid') {
$sqlwhere[] = $key." = ".((int) $value);
} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} elseif (strpos($value, '%') === false) {
$sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")";
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
if (count($sqlwhere) > 0) {
$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
$errormessage = '';
$sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage);
if ($errormessage) {
$this->errors[] = $errormessage;
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
return -1;
}
if (!empty($sortfield)) {

8
htdocs/resource/class/dolresource.class.php
View File

@ -636,18 +636,20 @@ class Dolresource extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_resource as ty ON ty.code=t.fk_code_type_resource";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$this->table_element."_extrafields as ef ON ef.fk_object=t.rowid";
$sql .= " WHERE t.entity IN (".getEntity('resource').")";
// Manage filter
if (!empty($filter)) {
foreach ($filter as $key => $value) {
if (strpos($key, 'date')) {
$sql .= " AND ".$key." = '".$this->db->idate($value)."'";
$sql .= " AND ".$this->db->sanitize($key)." = '".$this->db->idate($value)."'";
} elseif (strpos($key, 'ef.') !== false) {
$sql .= $value;
$sql .= ((float) $value);
} else {
$sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'";
$sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
}
}
}
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
$sql .= $this->db->plimit($limit, $offset);

2
htdocs/societe/class/societe.class.php
View File

@ -2162,7 +2162,7 @@ class Societe extends CommonObject
if (!$error) {
foreach ($this->childtablesoncascade as $tabletodelete) {
$deleteFromObject = explode(':', $tabletodelete);
$deleteFromObject = explode(':', $tabletodelete, 4);
if (count($deleteFromObject) >= 2) {
$className = str_replace('@', '', $deleteFromObject[0]);
$filepath = $deleteFromObject[1];

4
htdocs/takepos/ajax/ajax.php
View File

@ -93,9 +93,9 @@ if ($action == 'getProducts') {
$result = $object->fetch($category);
if ($result > 0) {
$filter = array();
$filter = '';
if ($tosell != '') {
$filter = array('customsql' => 'o.tosell = '.((int) $tosell));
$filter = '(o.tosell:=:'.((int) $tosell).')';
}
$prods = $object->getObjectsInCateg("product", 0, $limit, $offset, getDolGlobalString('TAKEPOS_SORTPRODUCTFIELD'), 'ASC', $filter);
// Removed properties we don't need

42
htdocs/ticket/class/cticketcategory.class.php
View File

@ -360,15 +360,16 @@ class CTicketCategory extends CommonObject
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...)
* @param string $filtermode Filter mode (AND or OR)
* @return array|int int <0 if KO, array of pages if OK
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
dol_syslog(__METHOD__, LOG_DEBUG);
@ -382,25 +383,14 @@ class CTicketCategory extends CommonObject
} else {
$sql .= ' WHERE 1 = 1';
}
// Manage filter
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid') {
$sqlwhere[] = $key." = ".((int) $value);
} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} elseif (strpos($value, '%') === false) {
$sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")";
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
if (count($sqlwhere) > 0) {
$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
$errormessage = '';
$sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage);
if ($errormessage) {
$this->errors[] = $errormessage;
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
return -1;
}
if (!empty($sortfield)) {

12
htdocs/ticket/class/ticket.class.php
View File

@ -848,19 +848,19 @@ class Ticket extends CommonObject
if (!empty($filter)) {
foreach ($filter as $key => $value) {
if (strpos($key, 'date')) { // To allow $filter['YEAR(s.dated)']=>$year
$sql .= " AND ".$key." = '".$this->db->escape($value)."'";
$sql .= " AND ".$this->db->sanitize($key)." = '".$this->db->escape($value)."'";
} elseif (($key == 't.fk_user_assign') || ($key == 't.type_code') || ($key == 't.category_code') || ($key == 't.severity_code') || ($key == 't.fk_soc')) {
$sql .= " AND ".$key." = '".$this->db->escape($value)."'";
$sql .= " AND ".$this->db->sanitize($key)." = '".$this->db->escape($value)."'";
} elseif ($key == 't.fk_statut') {
if (is_array($value) && count($value) > 0) {
$sql .= " AND ".$key." IN (".$this->db->sanitize(implode(',', $value)).")";
$sql .= " AND ".$this->db->sanitize($key)." IN (".$this->db->sanitize(implode(',', $value)).")";
} else {
$sql .= " AND ".$key.' = '.((int) $value);
$sql .= " AND ".$this->db->sanitize($key).' = '.((int) $value);
}
} elseif ($key == 't.fk_contract') {
$sql .= " AND ".$key.' = '.((int) $value);
$sql .= " AND ".$this->db->sanitize($key).' = '.((int) $value);
} else {
$sql .= " AND ".$key." LIKE '%".$this->db->escape($value)."%'";
$sql .= " AND ".$this->db->sanitize($key)." LIKE '%".$this->db->escape($this->db->escapeforlike($value))."%'";
}
}
}

33
htdocs/user/class/user.class.php
View File

@ -715,7 +715,8 @@ class User extends CommonObject
require_once DOL_DOCUMENT_ROOT.'/core/class/defaultvalues.class.php';
$defaultValues = new DefaultValues($this->db);
$result = $defaultValues->fetchAll('', '', 0, 0, array('t.user_id'=>array(0, $this->id), 'entity'=>array((isset($this->entity) ? $this->entity : $conf->entity), $conf->entity))); // User 0 (all) + me (if defined)
$result = $defaultValues->fetchAll('', '', 0, 0, '(t.user_id:in:0,'.$this->id.') AND (entity:in:'.(isset($this->entity) ? $this->entity : $conf->entity).','.$conf->entity.')'); // User 0 (all) + me (if defined)
//$result = $defaultValues->fetchAll('', '', 0, 0, array('t.user_id'=>array(0, $this->id), 'entity'=>array((isset($this->entity) ? $this->entity : $conf->entity), $conf->entity))); // User 0 (all) + me (if defined)
if (!is_array($result) && $result < 0) {
setEventMessages($defaultValues->error, $defaultValues->errors, 'errors');
@ -4036,12 +4037,13 @@ class User extends CommonObject
* @param string $sortfield sort field
* @param int $limit limit page
* @param int $offset page
* @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...)
* @param string $filtermode Filter mode (AND or OR)
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @param bool $entityfilter Activate entity filter
* @return int Return integer <0 if KO, >0 if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = array(), $filtermode = 'AND', $entityfilter = false)
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND', $entityfilter = false)
{
global $conf, $user;
@ -4066,23 +4068,14 @@ class User extends CommonObject
}
// Manage filter
$sqlwhere = array();
if (!empty($filter)) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid') {
$sqlwhere[] = $key." = ".((int) $value);
} elseif (array_key_exists($key, $this->fields) && isset($this->fields[$key]['type']) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
if (count($sqlwhere) > 0) {
$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
$errormessage = '';
$sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage);
if ($errormessage) {
$this->errors[] = $errormessage;
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
return -1;
}
$sql .= $this->db->order($sortfield, $sortorder);
if ($limit) {
$sql .= $this->db->plimit($limit + 1, $offset);

12
htdocs/webhook/class/target.class.php
View File

@ -358,14 +358,14 @@ class Target extends CommonObject
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
@ -868,7 +868,7 @@ class Target extends CommonObject
$this->lines = array();
$objectline = new TargetLine($this->db);
$result = $objectline->fetchAll('ASC', 'position', 0, 0, array('customsql'=>'fk_target = '.((int) $this->id)));
$result = $objectline->fetchAll('ASC', 'position', 0, 0, '(fk_target:=:'.((int) $this->id).')');
if (is_numeric($result)) {
$this->error = $objectline->error;

44
htdocs/workstation/class/workstation.class.php
View File

@ -406,18 +406,17 @@ class Workstation extends CommonObject
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...)
* @param string $filtermode Filter mode (AND or OR)
* @return array|int int <0 if KO, array of pages if OK
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
global $conf;
dol_syslog(__METHOD__, LOG_DEBUG);
$records = array();
@ -430,25 +429,14 @@ class Workstation extends CommonObject
} else {
$sql .= ' WHERE 1 = 1';
}
// Manage filter
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid') {
$sqlwhere[] = $key." = ".((int) $value);
} elseif (array_key_exists($key, $this->fields) && in_array($this->fields[$key]['type'], array('date', 'datetime', 'timestamp'))) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} elseif (strpos($value, '%') === false) {
$sqlwhere[] = $key." IN (".$this->db->sanitize($this->db->escape($value)).")";
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
if (count($sqlwhere) > 0) {
$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
$errormessage = '';
$sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage);
if ($errormessage) {
$this->errors[] = $errormessage;
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
return -1;
}
if (!empty($sortfield)) {

40
htdocs/zapier/class/hook.class.php
View File

@ -388,15 +388,16 @@ class Hook extends CommonObject
/**
* Load list of objects in memory from the database.
*
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param array $filter Filter array. Example array('field'=>'valueforlike', 'customurl'=>...)
* @param string $filtermode Filter mode (AND or OR)
* @return array|int int <0 if KO, array of pages if OK
* @param string $sortorder Sort Order
* @param string $sortfield Sort field
* @param int $limit limit
* @param int $offset Offset
* @param string $filter Filter as an Universal Search string.
* Example: '((client:=:1) OR ((client:>=:2) AND (client:<=:3))) AND (client:!=:8) AND (nom:like:'a%')'
* @param string $filtermode No more used
* @return array|int int <0 if KO, array of pages if OK
*/
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, array $filter = array(), $filtermode = 'AND')
public function fetchAll($sortorder = '', $sortfield = '', $limit = 0, $offset = 0, $filter = '', $filtermode = 'AND')
{
global $conf;
@ -409,23 +410,14 @@ class Hook extends CommonObject
// TODO Get all fields
$sql .= ' FROM '.MAIN_DB_PREFIX.$this->table_element.' as t';
$sql .= ' WHERE t.entity = '.((int) $conf->entity);
// Manage filter
$sqlwhere = array();
if (count($filter) > 0) {
foreach ($filter as $key => $value) {
if ($key == 't.rowid') {
$sqlwhere[] = $key." = ".((int) $value);
} elseif (strpos($key, 'date') !== false) {
$sqlwhere[] = $key." = '".$this->db->idate($value)."'";
} elseif ($key == 'customsql') {
$sqlwhere[] = $value;
} else {
$sqlwhere[] = $key." LIKE '%".$this->db->escape($value)."%'";
}
}
}
if (count($sqlwhere) > 0) {
$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
$errormessage = '';
$sql .= forgeSQLFromUniversalSearchCriteria($filter, $errormessage);
if ($errormessage) {
$this->errors[] = $errormessage;
dol_syslog(__METHOD__.' '.join(',', $this->errors), LOG_ERR);
return -1;
}
if (!empty($sortfield)) {