Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix #9205 quote in Label/number on supplier payment

Browse Source 
# Fix #9205 #9205
the num_paiement wasn't escaped, not sure it's an real issue but it was reported here
https://www.dolibarr.fr/forum/8-mise-a-jour/62340-message-erreur-suite-mise-a-jour#99408
This commit is contained in:
delcroix Patrick 2018-08-13 20:39:20 +02:00 committed by GitHub
parent 6a8ed56c3d
commit cbdd1949df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/fourn/class/paiementfourn.class.php
View File

@ -193,7 +193,7 @@ class PaiementFourn extends Paiement
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'paiementfourn (';
$sql.= 'ref, entity, datec, datep, amount, multicurrency_amount, fk_paiement, num_paiement, note, fk_user_author, fk_bank)';
$sql.= " VALUES ('".$this->db->escape($ref)."', ".$conf->entity.", '".$this->db->idate($now)."',";
$sql.= " '".$this->db->idate($this->datepaye)."', '".$total."', '".$mtotal."', ".$this->paiementid.", '".$this->num_paiement."', '".$this->db->escape($this->note)."', ".$user->id.", 0)";
$sql.= " '".$this->db->idate($this->datepaye)."', '".$total."', '".$mtotal."', ".$this->paiementid.", '".$this->db->escape($this->num_paiement)."', '".$this->db->escape($this->note)."', ".$user->id.", 0)";
$resql = $this->db->query($sql);
if ($resql)