Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix cast into variable into sql request.

Browse Source
This commit is contained in:
Laurent Destailleur 2021-08-23 17:41:11 +02:00
parent edb239837c
commit d4b5ee6c85
130 changed files with 396 additions and 379 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/accountancy/class/bookkeeping.class.php
View File

@ -297,7 +297,7 @@ class BookKeeping extends CommonObject
$sql .= " AND fk_doc = ".((int) $this->fk_doc);
if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) {
// DO NOT USE THIS IN PRODUCTION. This will generate a lot of trouble into reports and will corrupt database (by generating duplicate entries.
$sql .= " AND fk_docdet = ".$this->fk_docdet; // This field can be 0 if record is for several lines
$sql .= " AND fk_docdet = ".((int) $this->fk_docdet); // This field can be 0 if record is for several lines
}
$sql .= " AND numero_compte = '".$this->db->escape($this->numero_compte)."'";
$sql .= " AND label_operation = '".$this->db->escape($this->label_operation)."'";

2
htdocs/adherents/class/adherentstats.class.php
View File

@ -70,7 +70,7 @@ class AdherentStats extends Stats
$this->where .= " m.statut != -1";
$this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")";
//if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
//if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
if ($this->memberid) {
$this->where .= " AND m.rowid = ".((int) $this->memberid);
}

4
htdocs/admin/mails_templates.php
View File

@ -564,8 +564,8 @@ $sql = "SELECT rowid as rowid, module, label, type_template, lang, fk_user, priv
$sql .= " FROM ".MAIN_DB_PREFIX."c_email_templates";
$sql .= " WHERE entity IN (".getEntity('email_template').")";
if (!$user->admin) {
$sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".$user->id."))"; // Show only public and private to me
$sql .= " AND (active = 1 OR fk_user = ".$user->id.")"; // Show only active or owned by me
$sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".((int) $user->id)."))"; // Show only public and private to me
$sql .= " AND (active = 1 OR fk_user = ".((int) $user->id).")"; // Show only active or owned by me
}
if (empty($conf->global->MAIN_MULTILANGS)) {
$sql .= " AND (lang = '".$db->escape($langs->defaultlang)."' OR lang IS NULL OR lang = '')";

26
htdocs/categories/class/categorie.class.php
View File

@ -540,7 +540,7 @@ class Categorie extends CommonObject
$sql .= ", visible = ".(int) $this->visible;
$sql .= ", fk_parent = ".(int) $this->fk_parent;
$sql .= ", fk_user_modif = ".(int) $user->id;
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::update", LOG_DEBUG);
if ($this->db->query($sql)) {
@ -686,7 +686,7 @@ class Categorie extends CommonObject
if ($this->db->query($sql)) {
if (!empty($conf->global->CATEGORIE_RECURSIV_ADD)) {
$sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'categorie';
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog(get_class($this)."::add_type", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -774,7 +774,7 @@ class Categorie extends CommonObject
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]);
$sql .= " WHERE fk_categorie = ".$this->id;
$sql .= " WHERE fk_categorie = ".((int) $this->id);
$sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $obj->id);
dol_syslog(get_class($this).'::del_type', LOG_DEBUG);
@ -826,11 +826,11 @@ class Categorie extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type])." as c";
$sql .= ", ".MAIN_DB_PREFIX.(empty($this->MAP_OBJ_TABLE[$type]) ? $type : $this->MAP_OBJ_TABLE[$type])." as o";
$sql .= " WHERE o.entity IN (".getEntity($obj->element).")";
$sql .= " AND c.fk_categorie = ".$this->id;
$sql .= " AND c.fk_categorie = ".((int) $this->id);
$sql .= " AND c.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = o.rowid";
// Protection for external users
if (($type == 'customer' || $type == 'supplier') && $user->socid > 0) {
$sql .= " AND o.rowid = ".$user->socid;
$sql .= " AND o.rowid = ".((int) $user->socid);
}
if ($limit > 0 || $offset > 0) {
$sql .= $this->db->plimit($limit + 1, $offset);
@ -870,7 +870,7 @@ class Categorie extends CommonObject
public function containsObject($type, $object_id)
{
$sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]);
$sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id);
$sql .= " WHERE fk_categorie = ".((int) $this->id)." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id);
dol_syslog(get_class($this)."::containsObject", LOG_DEBUG);
$resql = $this->db->query($sql);
if ($resql) {
@ -1501,7 +1501,7 @@ class Categorie extends CommonObject
$sql .= " WHERE ct.fk_categorie = c.rowid AND ct.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".(int) $id;
// This seems useless because the table already contains id of category of 1 unique type. So commented.
// So now it works also with external added categories.
//$sql .= " AND c.type = ".$this->MAP_ID[$type];
//$sql .= " AND c.type = ".((int) $this->MAP_ID[$type]);
$sql .= " AND c.entity IN (".getEntity('category').")";
$res = $this->db->query($sql);
@ -1796,7 +1796,7 @@ class Categorie extends CommonObject
foreach ($langs_available as $key => $value) {
$sql = "SELECT rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang";
$sql .= " WHERE fk_category=".$this->id;
$sql .= " WHERE fk_category=".((int) $this->id);
$sql .= " AND lang = '".$this->db->escape($key)."'";
$result = $this->db->query($sql);
@ -1806,10 +1806,10 @@ class Categorie extends CommonObject
$sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang";
$sql2 .= " SET label='".$this->db->escape($this->label)."',";
$sql2 .= " description='".$this->db->escape($this->description)."'";
$sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'";
$sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'";
} else {
$sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)";
$sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->label);
$sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->label);
$sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')";
}
dol_syslog(get_class($this).'::setMultiLangs', LOG_DEBUG);
@ -1822,10 +1822,10 @@ class Categorie extends CommonObject
$sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang";
$sql2 .= " SET label='".$this->db->escape($this->multilangs["$key"]["label"])."',";
$sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'";
$sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'";
$sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'";
} else {
$sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)";
$sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->multilangs["$key"]["label"]);
$sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->multilangs["$key"]["label"]);
$sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')";
}
@ -1864,7 +1864,7 @@ class Categorie extends CommonObject
$sql = "SELECT lang, label, description";
$sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang";
$sql .= " WHERE fk_category=".$this->id;
$sql .= " WHERE fk_category=".((int) $this->id);
$result = $this->db->query($sql);
if ($result) {

10
htdocs/comm/action/class/actioncomm.class.php
View File

@ -919,7 +919,7 @@ class ActionComm extends CommonObject
// phpcs:enable
$sql = "SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency";
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_resources";
$sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".$this->id;
$sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".((int) $this->id);
$resql2 = $this->db->query($sql);
if ($resql2) {
@ -1320,7 +1320,7 @@ class ActionComm extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
}
if (!$user->rights->agenda->allactions->read) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".$user->id;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".((int) $user->id);
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
$sql .= " WHERE 1 = 1";
@ -1329,13 +1329,13 @@ class ActionComm extends CommonObject
}
$sql .= " AND a.entity IN (".getEntity('agenda').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($user->socid) {
$sql .= " AND a.fk_soc = ".$user->socid;
$sql .= " AND a.fk_soc = ".((int) $user->socid);
}
if (!$user->rights->agenda->allactions->read) {
$sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id;
$sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id);
$sql .= " OR ar.fk_element = ".$user->id; // Added by PV
$sql .= ")";
}

2
htdocs/comm/action/index.php
View File

@ -689,7 +689,7 @@ if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.$socid;

2
htdocs/comm/action/list.php
View File

@ -447,7 +447,7 @@ if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= " AND s.rowid = ".((int) $socid);

2
htdocs/comm/action/pertype.php
View File

@ -558,7 +558,7 @@ if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.((int) $socid);

2
htdocs/comm/action/peruser.php
View File

@ -579,7 +579,7 @@ if ($pid) {
$sql .= " AND a.fk_project = ".((int) $pid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.((int) $socid);

16
htdocs/comm/card.php
View File

@ -826,7 +826,7 @@ if ($object->id > 0) {
$sql .= ", p.datep as dp, p.fin_validite as date_limit";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."c_propalst as c";
$sql .= " WHERE p.fk_soc = s.rowid AND p.fk_statut = c.id";
$sql .= " AND s.rowid = ".$object->id;
$sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND p.entity IN (".getEntity('propal').")";
$sql .= " ORDER BY p.datep DESC";
@ -891,7 +891,7 @@ if ($object->id > 0) {
$sql .= ", c.facture as billed";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c";
$sql .= " WHERE c.fk_soc = s.rowid ";
$sql .= " AND s.rowid = ".$object->id;
$sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND c.entity IN (".getEntity('commande').')';
$sql .= " ORDER BY c.date_commande DESC";
@ -907,7 +907,7 @@ if ($object->id > 0) {
$sql2 .= ' FROM '.MAIN_DB_PREFIX.'societe as s';
$sql2 .= ', '.MAIN_DB_PREFIX.'commande as c';
$sql2 .= ' WHERE c.fk_soc = s.rowid';
$sql2 .= ' AND s.rowid = '.$object->id;
$sql2 .= ' AND s.rowid = '.((int) $object->id);
// Show orders with status validated, shipping started and delivered (well any order we can bill)
$sql2 .= " AND ((c.fk_statut IN (1,2)) OR (c.fk_statut = 3 AND c.facture = 0))";
@ -967,7 +967,7 @@ if ($object->id > 0) {
$sql .= ', s.nom';
$sql .= ', s.rowid as socid';
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."expedition as e";
$sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".$object->id;
$sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".((int) $object->id);
$sql .= " AND e.entity IN (".getEntity('expedition').")";
$sql .= ' GROUP BY e.rowid';
$sql .= ', e.ref';
@ -1032,7 +1032,7 @@ if ($object->id > 0) {
$sql = "SELECT s.nom, s.rowid, c.rowid as id, c.ref as ref, c.statut as contract_status, c.datec as dc, c.date_contrat as dcon, c.ref_customer as refcus, c.ref_supplier as refsup";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c";
$sql .= " WHERE c.fk_soc = s.rowid ";
$sql .= " AND s.rowid = ".$object->id;
$sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND c.entity IN (".getEntity('contract').")";
$sql .= " ORDER BY c.datec DESC";
@ -1106,7 +1106,7 @@ if ($object->id > 0) {
$sql = "SELECT s.nom, s.rowid, f.rowid as id, f.ref, f.fk_statut, f.duree as duration, f.datei as startdate";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as f";
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND s.rowid = ".$object->id;
$sql .= " AND s.rowid = ".((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('intervention').")";
$sql .= " ORDER BY f.tms DESC";
@ -1171,7 +1171,7 @@ if ($object->id > 0) {
$sql .= ', f.suspended as suspended';
$sql .= ', s.nom, s.rowid as socid';
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_rec as f";
$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id;
$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= ' GROUP BY f.rowid, f.titre, f.total_ht, f.total_tva, f.total_ttc,';
$sql .= ' f.date_last_gen, f.datec, f.frequency, f.unit_frequency,';
@ -1263,7 +1263,7 @@ if ($object->id > 0) {
$sql .= ', SUM(pf.amount) as am';
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f";
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiement_facture as pf ON f.rowid=pf.fk_facture';
$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id;
$sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id);
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= ' GROUP BY f.rowid, f.ref, f.type, f.total_ht, f.total_tva, f.total_ttc,';
$sql .= ' f.datef, f.datec, f.paye, f.fk_statut,';

2
htdocs/comm/contact.php
View File

@ -90,7 +90,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc";
$sql .= " WHERE s.fk_stcomm = st.id";
$sql .= " AND p.entity IN (".getEntity('socpeople').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($type == "c") {
$sql .= " AND s.client IN (1, 3)";

20
htdocs/comm/index.php
View File

@ -130,7 +130,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = ".Propal::STATUS_DRAFT;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -227,7 +227,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa
$sql .= " AND p.fk_statut = ".SupplierProposal::STATUS_DRAFT;
$sql .= " AND p.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -323,7 +323,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
$sql .= " AND c.fk_statut = ".Commande::STATUS_DRAFT;
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
@ -420,10 +420,10 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$sql .= " AND cf.fk_statut = ".CommandeFournisseur::STATUS_DRAFT;
$sql .= " AND cf.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND cf.fk_soc = ".$socid;
$sql .= " AND cf.fk_soc = ".((int) $socid);
}
$resql = $db->query($sql);
@ -517,7 +517,7 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) {
$sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")";
$sql .= " AND s.client IN (".Societe::CUSTOMER.", ".Societe::PROSPECT.", ".Societe::CUSTOMER_AND_PROSPECT.")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = $socid";
@ -613,7 +613,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S
$sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")";
$sql .= " AND s.fournisseur = ".Societe::SUPPLIER;
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -719,7 +719,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.fk_product = p.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -794,7 +794,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) {
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -910,7 +910,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) {
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_SHIPMENTONPROCESS.")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);

6
htdocs/comm/mailing/cibles.php
View File

@ -60,7 +60,7 @@ $search_lastname = GETPOST("search_lastname", 'alphanohtml');
$search_firstname = GETPOST("search_firstname", 'alphanohtml');
$search_email = GETPOST("search_email", 'alphanohtml');
$search_other = GETPOST("search_other", 'alphanohtml');
$search_dest_status = GETPOST('search_dest_status', 'alphanohtml');
$search_dest_status = GETPOST('search_dest_status', 'int');
// Search modules dirs
$modulesdir = dolGetModulesDirs('/mailings');
@ -473,7 +473,7 @@ if ($object->fetch($id) >= 0) {
$asearchcriteriahasbeenset++;
}
if ($search_dest_status != '' && $search_dest_status >= -1) {
$sql .= " AND mc.statut=".$db->escape($search_dest_status)." ";
$sql .= " AND mc.statut = ".((int) $search_dest_status);
$asearchcriteriahasbeenset++;
}
$sql .= $db->order($sortfield, $sortorder);
@ -539,6 +539,8 @@ if ($object->fetch($id) >= 0) {
}
$morehtmlcenter .= ' &nbsp; <a class="reposition" href="'.$_SERVER["PHP_SELF"].'?exportcsv=1&id='.$object->id.'">'.$langs->trans("Download").'</a>';
$massactionbutton = '';
print_barre_liste($langs->trans("MailSelectedRecipients"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $morehtmlcenter, $num, $nbtotalofrecords, 'generic', 0, '', '', $limit);
print '</form>';

8
htdocs/comm/propal/class/propal.class.php
View File

@ -2780,7 +2780,7 @@ class Propal extends CommonObject
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = c.id";
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -3285,7 +3285,7 @@ class Propal extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."propal as p";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." p.entity IN (".getEntity('propal').")";
@ -3296,7 +3296,7 @@ class Propal extends CommonObject
$sql .= " AND p.fk_statut = ".self::STATUS_SIGNED;
}
if ($user->socid) {
$sql .= " AND p.fk_soc = ".$user->socid;
$sql .= " AND p.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@ -3462,7 +3462,7 @@ class Propal extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." p.entity IN (".getEntity('propal').")";

4
htdocs/comm/propal/class/propalestats.class.php
View File

@ -94,10 +94,10 @@ class PropaleStats extends Stats
//$this->where.= " AND p.fk_soc = s.rowid AND p.entity = ".$conf->entity;
$this->where .= ($this->where ? ' AND ' : '')."p.entity IN (".getEntity('propal').")";
if (!$user->rights->societe->client->voir && !$this->socid) {
$this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($this->socid) {
$this->where .= " AND p.fk_soc = ".$this->socid;
$this->where .= " AND p.fk_soc = ".((int) $this->socid);
}
if ($this->userid > 0) {
$this->where .= ' AND fk_user_author = '.((int) $this->userid);

10
htdocs/comm/propal/index.php
View File

@ -85,7 +85,7 @@ if (!empty($conf->propal->enabled)) {
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut =".Propal::STATUS_DRAFT;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND p.fk_soc = ".((int) $socid);
@ -163,7 +163,7 @@ if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.tms DESC";
$sql .= $db->plimit($max, 0);
@ -236,7 +236,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) {
$sql .= " AND p.entity IN (".getEntity($propalstatic->element).")";
$sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -319,7 +319,7 @@ if (! empty($conf->propal->enabled))
$sql.= " AND c.entity = ".$conf->entity;
$sql.= " AND c.fk_statut = 1";
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
$sql.= " ORDER BY c.rowid DESC";
$resql=$db->query($sql);
@ -394,7 +394,7 @@ if (! empty($conf->propal->enabled))
$sql.= " AND c.entity = ".$conf->entity;
$sql.= " AND c.fk_statut = 2 ";
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
$sql.= " ORDER BY c.rowid DESC";
$resql=$db->query($sql);

2
htdocs/comm/propal/list.php
View File

@ -520,7 +520,7 @@ if ($search_user > 0) {
$sql .= ' WHERE p.fk_soc = s.rowid';
$sql .= ' AND p.entity IN ('.getEntity('propal').')';
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_town) {

8
htdocs/commande/class/commande.class.php
View File

@ -2688,7 +2688,7 @@ class Commande extends CommonOrder
$sql .= " WHERE c.entity IN (".getEntity('commande').")";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -3507,14 +3507,14 @@ class Commande extends CommonOrder
$sql .= " FROM ".MAIN_DB_PREFIX."commande as c";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." c.entity IN (".getEntity('commande').")";
//$sql.= " AND c.fk_statut IN (1,2,3) AND c.facture = 0";
$sql .= " AND ((c.fk_statut IN (".self::STATUS_VALIDATED.",".self::STATUS_SHIPMENTONPROCESS.")) OR (c.fk_statut = ".self::STATUS_CLOSED." AND c.facture = 0))"; // If status is 2 and facture=1, it must be selected
if ($user->socid) {
$sql .= " AND c.fk_soc = ".$user->socid;
$sql .= " AND c.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@ -3917,7 +3917,7 @@ class Commande extends CommonOrder
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." co.entity IN (".getEntity('commande').")";

6
htdocs/commande/class/commandestats.class.php
View File

@ -94,13 +94,13 @@ class CommandeStats extends Stats
$this->where .= ($this->where ? ' AND ' : '').'c.entity IN ('.getEntity('commande').')';
if (!$user->rights->societe->client->voir && !$this->socid) {
$this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($this->socid) {
$this->where .= " AND c.fk_soc = ".$this->socid;
$this->where .= " AND c.fk_soc = ".((int) $this->socid);
}
if ($this->userid > 0) {
$this->where .= ' AND c.fk_user_author = '.$this->userid;
$this->where .= ' AND c.fk_user_author = '.((int) $this->userid);
}
if ($typentid) {

2
htdocs/commande/customer.php
View File

@ -87,7 +87,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE s.fk_stcomm = st.id AND c.fk_soc = s.rowid";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (GETPOST("search_nom")) {
$sql .= natural_search("s.nom", GETPOST("search_nom"));

8
htdocs/commande/index.php
View File

@ -101,7 +101,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $db->query($sql);
@ -169,7 +169,7 @@ if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.tms DESC";
$sql .= $db->plimit($max, 0);
@ -253,7 +253,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.rowid DESC";
@ -342,7 +342,7 @@ if (!empty($conf->commande->enabled)) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.rowid DESC";

4
htdocs/commande/list.php
View File

@ -479,7 +479,7 @@ if ($socid > 0) {
$sql .= ' AND s.rowid = '.((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_ref) {
$sql .= natural_search('c.ref', $search_ref);
@ -558,7 +558,7 @@ if ($search_sale > 0) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale);
}
if ($search_user > 0) {
$sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".$search_user;
$sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".((int) $search_user);
}
if ($search_total_ht != '') {
$sql .= natural_search('c.total_ht', $search_total_ht, 1);

4
htdocs/compta/bank/class/account.class.php
View File

@ -1992,7 +1992,7 @@ class AccountLine extends CommonObject
// Protection to avoid any delete of accounted lines. Protection on by default
if (empty($conf->global->BANK_ALLOW_TRANSACTION_DELETION_EVEN_IF_IN_ACCOUNTING)) {
$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id;
$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);
@ -2379,7 +2379,7 @@ class AccountLine extends CommonObject
$result .= yn($this->rappro);
}
if ($option == 'showall' || $option == 'showconciliatedandaccounted') {
$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id;
$sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

14
htdocs/compta/bank/releve.php
View File

@ -116,7 +116,7 @@ if ($_GET["rel"] == 'prev') {
$sql = "SELECT DISTINCT(b.num_releve) as num";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve < '".$db->escape($numref)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$sql .= " ORDER BY b.num_releve DESC";
dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG);
@ -134,7 +134,7 @@ if ($_GET["rel"] == 'prev') {
$sql = "SELECT DISTINCT(b.num_releve) as num";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve > '".$db->escape($numref)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$sql .= " ORDER BY b.num_releve ASC";
dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG);
@ -165,7 +165,7 @@ $sql .= " WHERE b.num_releve='".$db->escape($numref)."'";
if (empty($numref)) {
$sql .= " OR b.num_releve is null";
}
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$sql .= " AND b.fk_account = ba.rowid";
$sql .= $db->order("b.datev, b.datec", "ASC"); // We add date of creation to have correct order when everything is done the same day
@ -340,7 +340,7 @@ if (empty($numref)) {
$sql = "SELECT sum(b.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve < '".$db->escape($objp->numr)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
@ -353,7 +353,7 @@ if (empty($numref)) {
$sql = "SELECT sum(b.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve = '".$db->escape($objp->numr)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
$obj = $db->fetch_object($resql);
@ -421,7 +421,7 @@ if (empty($numref)) {
$sql = "SELECT sum(b.amount) as amount";
$sql .= " FROM ".MAIN_DB_PREFIX."bank as b";
$sql .= " WHERE b.num_releve < '".$db->escape($numref)."'";
$sql .= " AND b.fk_account = ".$object->id;
$sql .= " AND b.fk_account = ".((int) $object->id);
$resql = $db->query($sql);
if ($resql) {
@ -605,7 +605,7 @@ if (empty($numref)) {
$sql .= " FROM ".MAIN_DB_PREFIX."bank_categ as ct";
$sql .= ", ".MAIN_DB_PREFIX."bank_class as cl";
$sql .= " WHERE ct.rowid = cl.fk_categ";
$sql .= " AND ct.entity = ".$conf->entity;
$sql .= " AND ct.entity = ".((int) $conf->entity);
$sql .= " AND cl.lineid = ".((int) $objp->rowid);
$resc = $db->query($sql);

6
htdocs/compta/cashcontrol/report.php
View File

@ -115,9 +115,9 @@ elseif ($syear && $smonth && ! $sday) $sql.= " AND dateo BETWEEN '".$db->idate(d
elseif ($syear && $smonth && $sday) $sql.= " AND dateo BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $smonth, $sday, $syear))."' AND '".$db->idate(dol_mktime(23, 59, 59, $smonth, $sday, $syear))."'";
else dol_print_error('', 'Year not defined');
// Define filter on bank account
$sql.=" AND (b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CASH;
$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CB;
$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE;
$sql.=" AND (b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CASH);
$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CB);
$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE);
$sql.=")";
*/
$sql = "SELECT f.rowid as facid, f.ref, f.datef as do, pf.amount as amount, b.fk_account as bankid, cp.code";

2
htdocs/compta/clients.php
View File

@ -104,7 +104,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE s.fk_stcomm = st.id AND s.client in (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (dol_strlen($stcomm)) {
$sql .= " AND s.fk_stcomm=".((int) $stcomm);

2
htdocs/compta/deplacement/index.php
View File

@ -159,7 +159,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme
$sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')';
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND d.fk_soc = ".((int) $socid);

2
htdocs/compta/deplacement/list.php
View File

@ -105,7 +105,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme
$sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')';
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (sc.fk_user = ".$user->id." OR d.fk_soc IS NULL) ";
$sql .= " AND (sc.fk_user = ".((int) $user->id)." OR d.fk_soc IS NULL) ";
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);

8
htdocs/compta/facture/class/facture.class.php
View File

@ -4042,7 +4042,7 @@ class Facture extends CommonInvoice
$sql .= " WHERE f.entity IN (".getEntity('invoice').")";
$sql .= " AND f.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -4233,14 +4233,14 @@ class Facture extends CommonInvoice
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON f.fk_soc = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." f.paye=0";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND f.fk_statut = ".self::STATUS_VALIDATED;
if ($user->socid) {
$sql .= " AND f.fk_soc = ".$user->socid;
$sql .= " AND f.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@ -4480,7 +4480,7 @@ class Facture extends CommonInvoice
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." f.entity IN (".getEntity('invoice').")";

6
htdocs/compta/facture/class/facturestats.class.php
View File

@ -86,16 +86,16 @@ class FactureStats extends Stats
$this->where = " f.fk_statut >= 0";
$this->where .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$this->socid) {
$this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($mode == 'customer') {
$this->where .= " AND (f.fk_statut <> 3 OR f.close_code <> 'replaced')"; // Exclude replaced invoices as they are duplicated (we count closed invoices for other reasons)
}
if ($this->socid) {
$this->where .= " AND f.fk_soc = ".$this->socid;
$this->where .= " AND f.fk_soc = ".((int) $this->socid);
}
if ($this->userid > 0) {
$this->where .= ' AND f.fk_user_author = '.$this->userid;
$this->where .= ' AND f.fk_user_author = '.((int) $this->userid);
}
if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) {
$this->where .= " AND f.type IN (0,1,2,5)";

2
htdocs/compta/facture/list.php
View File

@ -555,7 +555,7 @@ $sql .= $hookmanager->resPrint;
$sql .= ' WHERE f.fk_soc = s.rowid';
$sql .= ' AND f.entity IN ('.getEntity('invoice').')';
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".((int) $search_product_category);

6
htdocs/compta/index.php
View File

@ -135,7 +135,7 @@ if (!empty($conf->facture->enabled) && !empty($user->rights->facture->lire)) {
$sql .= " WHERE s.rowid = f.fk_soc";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
@ -280,7 +280,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$sql .= " WHERE s.rowid = ff.fk_soc";
$sql .= " AND ff.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND ff.fk_soc = ".((int) $socid);
@ -592,7 +592,7 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);

14
htdocs/compta/paiement/cheque/class/remisecheque.class.php
View File

@ -290,7 +290,7 @@ class RemiseCheque extends CommonObject
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$resql = $this->db->query($sql);
@ -344,7 +344,7 @@ class RemiseCheque extends CommonObject
if ($this->errno == 0 && $numref) {
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET statut = 1, ref = '".$this->db->escape($numref)."'";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$sql .= " AND statut = 0";
@ -585,7 +585,7 @@ class RemiseCheque extends CommonObject
$sql .= ", ".MAIN_DB_PREFIX."bordereau_cheque as bc";
$sql .= " WHERE b.fk_account = ba.rowid";
$sql .= " AND b.fk_bordereau = bc.rowid";
$sql .= " AND bc.rowid = ".$this->id;
$sql .= " AND bc.rowid = ".((int) $this->id);
$sql .= " AND bc.entity = ".$conf->entity;
$sql .= " ORDER BY b.dateo ASC, b.rowid ASC";
@ -661,7 +661,7 @@ class RemiseCheque extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET amount = ".price2num($total);
$sql .= ", nbcheque = ".((int) $nb);
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
$sql .= " AND entity = ".$conf->entity;
$resql = $this->db->query($sql);
@ -851,7 +851,7 @@ class RemiseCheque extends CommonObject
if ($user->rights->banque->cheque) {
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET date_bordereau = ".($date ? "'".$this->db->idate($date)."'" : 'null');
$sql .= " WHERE rowid = ".$this->id;
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog("RemiseCheque::set_date", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -880,8 +880,8 @@ class RemiseCheque extends CommonObject
// phpcs:enable
if ($user->rights->banque->cheque) {
$sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque";
$sql .= " SET ref = '".$ref."'";
$sql .= " WHERE rowid = ".$this->id;
$sql .= " SET ref = '".$this->db->escape($ref)."'";
$sql .= " WHERE rowid = ".((int) $this->id);
dol_syslog("RemiseCheque::set_number", LOG_DEBUG);
$resql = $this->db->query($sql);

2
htdocs/compta/paiement/class/paiement.class.php
View File

@ -800,7 +800,7 @@ class Paiement extends CommonObject
$sql = "UPDATE ".MAIN_DB_PREFIX.'bank';
$sql .= " SET dateo = '".$this->db->idate($date)."', datev = '".$this->db->idate($date)."'";
$sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".$this->id.")";
$sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".((int) $this->id).")";
$sql .= " AND rappro = 0";
$result = $this->db->query($sql);

2
htdocs/compta/paiement/list.php
View File

@ -197,7 +197,7 @@ if (GETPOST("orphelins", "alpha")) {
}
$sql .= " WHERE p.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
$sql .= " AND f.fk_soc = ".((int) $socid);

2
htdocs/compta/paymentbybanktransfer/index.php
View File

@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0";
$sql .= " AND pfd.ext_payment_id IS NULL";
$sql .= " AND pfd.fk_facture_fourn = f.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);

2
htdocs/compta/prelevement/class/bonprelevement.class.php
View File

@ -646,7 +646,7 @@ class BonPrelevement extends CommonObject
$sql .= " , ".MAIN_DB_PREFIX."prelevement_facture as pf";
$sql .= " WHERE pf.fk_prelevement_lignes = pl.rowid";
$sql .= " AND pl.fk_prelevement_bons = p.rowid";
$sql .= " AND p.rowid = ".$this->id;
$sql .= " AND p.rowid = ".((int) $this->id);
$sql .= " AND p.entity = ".$conf->entity;
if ($amounts) {
if ($this->type == 'bank-transfer') {

2
htdocs/compta/prelevement/demandes.php
View File

@ -138,7 +138,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " WHERE s.rowid = f.fk_soc";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);

2
htdocs/compta/prelevement/index.php
View File

@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0";
$sql .= " AND pfd.ext_payment_id IS NULL";
$sql .= " AND pfd.fk_facture = f.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);

4
htdocs/compta/resultat/clientfourn.php
View File

@ -614,9 +614,9 @@ if ($modecompta == 'BOOKKEEPING') {
}
}
$sql .= " AND f.entity = ".$conf->entity;
$sql .= " AND f.entity = ".((int) $conf->entity);
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " GROUP BY name, socid";
$sql .= $db->order($sortfield, $sortorder);

2
htdocs/compta/sociales/class/paymentsocialcontribution.class.php
View File

@ -777,7 +777,7 @@ class PaymentSocialContribution extends CommonObject
$type = 'bank';
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->bank_line;
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->bank_line);
$resql = $this->db->query($sql);
if ($resql) {
$obj = $this->db->fetch_object($resql);

26
htdocs/contact/class/contact.class.php
View File

@ -385,13 +385,13 @@ class Contact extends CommonObject
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= ' '.$clause.' sp.entity IN ('.getEntity($this->element).')';
$sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".$user->id."))";
$sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".((int) $user->id)."))";
if ($user->socid > 0) {
$sql .= " AND sp.fk_soc = ".$user->socid;
$sql .= " AND sp.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);
@ -1068,7 +1068,7 @@ class Contact extends CommonObject
// Search Dolibarr user linked to this contact
$sql = "SELECT u.rowid ";
$sql .= " FROM ".MAIN_DB_PREFIX."user as u";
$sql .= " WHERE u.fk_socpeople = ".$this->id;
$sql .= " WHERE u.fk_socpeople = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@ -1091,7 +1091,7 @@ class Contact extends CommonObject
if ($user) {
$sql = "SELECT fk_user";
$sql .= " FROM ".MAIN_DB_PREFIX."user_alert";
$sql .= " WHERE fk_user = ".$user->id." AND fk_contact = ".$this->db->escape($id);
$sql .= " WHERE fk_user = ".((int) $user->id)." AND fk_contact = ".((int) $id);
$resql = $this->db->query($sql);
if ($resql) {
@ -1162,7 +1162,7 @@ class Contact extends CommonObject
$sql = "SELECT tc.element, count(ec.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as tc";
$sql .= " WHERE ec.fk_c_type_contact = tc.rowid";
$sql .= " AND fk_socpeople = ".$this->id;
$sql .= " AND fk_socpeople = ".((int) $this->id);
$sql .= " AND tc.source = 'external'";
$sql .= " GROUP BY tc.element";
@ -1211,7 +1211,7 @@ class Contact extends CommonObject
$sql = "SELECT ec.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."element_contact ec,";
$sql .= " ".MAIN_DB_PREFIX."c_type_contact tc";
$sql .= " WHERE ec.fk_socpeople=".$this->id;
$sql .= " WHERE ec.fk_socpeople=".((int) $this->id);
$sql .= " AND ec.fk_c_type_contact=tc.rowid";
$sql .= " AND tc.source='external'";
dol_syslog(__METHOD__, LOG_DEBUG);
@ -1242,7 +1242,7 @@ class Contact extends CommonObject
if (!$error) {
// Remove Roles
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1254,7 +1254,7 @@ class Contact extends CommonObject
if (!$error) {
// Remove Roles
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1266,7 +1266,7 @@ class Contact extends CommonObject
if (!$error) {
// Remove category
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".$this->id;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".((int) $this->id);
dol_syslog(__METHOD__, LOG_DEBUG);
$resql = $this->db->query($sql);
if (!$resql) {
@ -1727,7 +1727,7 @@ class Contact extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."societe_contacts as sc, ".MAIN_DB_PREFIX."c_type_contact as tc";
$sql .= " WHERE tc.rowid = sc.fk_c_type_contact";
$sql .= " AND tc.source = 'external' AND tc.active=1";
$sql .= " AND sc.fk_socpeople = ".$this->id;
$sql .= " AND sc.fk_socpeople = ".((int) $this->id);
$sql .= " AND sc.entity IN (".getEntity('societe').')';
$resql = $this->db->query($sql);
@ -2040,7 +2040,7 @@ class Contact extends CommonObject
$obj = $this->db->fetch_object($resql);
$noemail = $obj->nb;
if (empty($noemail)) {
$sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".$this->db->escape(getEntity('mailing', 0)).", '".$this->db->idate(dol_now())."')";
$sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".getEntity('mailing', 0).", '".$this->db->idate(dol_now())."')";
$resql = $this->db->query($sql);
if (!$resql) {
$error++;
@ -2054,7 +2054,7 @@ class Contact extends CommonObject
$this->errors[] = $this->error;
}
} else {
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity = ".$this->db->escape(getEntity('mailing', 0));
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity IN (".getEntity('mailing', 0).")";
$resql = $this->db->query($sql);
if (!$resql) {
$error++;

6
htdocs/contact/list.php
View File

@ -389,7 +389,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
}
$sql .= ' WHERE p.entity IN ('.getEntity('socpeople').')';
if (!$user->rights->societe->client->voir && !$socid) { //restriction
$sql .= " AND (sc.fk_user = ".$user->id." OR p.fk_soc IS NULL)";
$sql .= " AND (sc.fk_user = ".((int) $user->id)." OR p.fk_soc IS NULL)";
}
if (!empty($userid)) { // propre au commercial
$sql .= " AND p.fk_user_creat=".((int) $userid);
@ -403,13 +403,13 @@ if ($search_stcomm != '' && $search_stcomm != -2) {
// Filter to exclude not owned private contacts
if ($search_priv != '0' && $search_priv != '1') {
$sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".$user->id."))";
$sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".((int) $user->id)."))";
} else {
if ($search_priv == '0') {
$sql .= " AND p.priv='0'";
}
if ($search_priv == '1') {
$sql .= " AND (p.priv='1' AND p.fk_user_creat=".$user->id.")";
$sql .= " AND (p.priv='1' AND p.fk_user_creat=".((int) $user->id).")";
}
}

18
htdocs/contrat/class/contrat.class.php
View File

@ -1150,11 +1150,11 @@ class Contrat extends CommonObject
/*
$sql = "DELETE cdl";
$sql.= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd";
$sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id;
$sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id);
*/
$sql = "SELECT cdl.rowid as cdlrowid ";
$sql .= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd";
$sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id;
$sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id);
dol_syslog(get_class($this)."::delete contratdet_log", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -1201,7 +1201,7 @@ class Contrat extends CommonObject
if (!$error) {
// Delete contratdet
$sql = "DELETE FROM ".MAIN_DB_PREFIX."contratdet";
$sql .= " WHERE fk_contrat=".$this->id;
$sql .= " WHERE fk_contrat=".((int) $this->id);
dol_syslog(get_class($this)."::delete contratdet", LOG_DEBUG);
$resql = $this->db->query($sql);
@ -1213,7 +1213,7 @@ class Contrat extends CommonObject
// Delete llx_ecm_files
if (!$error) {
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id;
$sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id);
$resql = $this->db->query($sql);
if (!$resql) {
$this->error = $this->db->lasterror();
@ -2105,7 +2105,7 @@ class Contrat extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."contratdet as cd";
$sql .= " WHERE fk_contrat =".$this->id;
if ($status >= 0) {
$sql .= " AND statut = ".$status;
$sql .= " AND statut = ".((int) $status);
}
dol_syslog(get_class($this)."::array_detail()", LOG_DEBUG);
@ -2205,12 +2205,12 @@ class Contrat extends CommonObject
//$sql.= " AND cd.date_fin_validite < '".$this->db->idate($datetouse)."'";
}
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.entity = ".$conf->entity;
$sql .= " AND c.entity = ".((int) $conf->entity);
if ($user->socid) {
$sql .= " AND c.fk_soc = ".$user->socid;
$sql .= " AND c.fk_soc = ".((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $this->db->query($sql);
@ -2279,7 +2279,7 @@ class Contrat extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." c.entity = ".$conf->entity;

14
htdocs/contrat/index.php
View File

@ -102,7 +102,7 @@ if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY cd.statut";
$resql = $db->query($sql);
@ -139,7 +139,7 @@ if ($user->socid) {
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY cd.statut";
$resql = $db->query($sql);
@ -247,7 +247,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire) {
$sql .= " AND c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND c.statut = 0";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
@ -320,7 +320,7 @@ $sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND c.statut > 0";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -395,7 +395,7 @@ $sql .= " WHERE c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -477,7 +477,7 @@ $sql .= " AND cd.statut = 0";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -559,7 +559,7 @@ $sql .= " AND cd.date_fin_validite < '".$db->idate($now)."'";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);

2
htdocs/contrat/list.php
View File

@ -271,7 +271,7 @@ if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= dolSqlDateFilter('c.date_contrat', $day, $month, $year);
if ($search_name) {

2
htdocs/contrat/services_list.php
View File

@ -262,7 +262,7 @@ if ($search_product_category > 0) {
}
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($mode == "0") {
$sql .= " AND cd.statut = 0";

6
htdocs/core/boxes/box_actions.php
View File

@ -100,13 +100,13 @@ class box_actions extends ModeleBoxes
$sql .= " AND a.entity IN (".getEntity('actioncomm').")";
$sql .= " AND a.percent >= 0 AND a.percent < 100";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")";
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!$user->rights->agenda->allactions->read) {
$sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id.")";
$sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id).")";
}
$sql .= " ORDER BY a.datec DESC";
$sql .= $this->db->plimit($max, 0);

12
htdocs/core/boxes/box_activity.php
View File

@ -120,10 +120,10 @@ class box_activity extends ModeleBoxes
$sql .= " WHERE p.entity IN (".getEntity('propal').")";
$sql .= " AND p.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " AND p.datep >= '".$this->db->idate($tmpdate)."'";
$sql .= " AND p.date_cloture IS NULL"; // just unclosed
@ -210,10 +210,10 @@ class box_activity extends ModeleBoxes
$sql .= " WHERE c.entity IN (".getEntity('commande').")";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " AND c.date_commande >= '".$this->db->idate($tmpdate)."'";
$sql .= " GROUP BY c.fk_statut";
@ -297,10 +297,10 @@ class box_activity extends ModeleBoxes
$sql .= ")";
$sql .= " WHERE f.entity IN (".getEntity('invoice').')';
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.datef >= '".$this->db->idate($tmpdate)."' AND f.paye=1";

4
htdocs/core/boxes/box_clients.php
View File

@ -98,10 +98,10 @@ class box_clients extends ModeleBoxes
$sql .= " WHERE s.client IN (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY s.tms DESC";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_commandes.php
View File

@ -110,10 +110,10 @@ class box_commandes extends ModeleBoxes
$sql .= " AND c.fk_statut = 1";
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_commande DESC, c.ref DESC ";

4
htdocs/core/boxes/box_contacts.php
View File

@ -98,10 +98,10 @@ class box_contacts extends ModeleBoxes
}
$sql .= " WHERE sp.entity IN (".getEntity('socpeople').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND sp.fk_soc = ".$user->socid;
$sql .= " AND sp.fk_soc = ".((int) $user->socid);
}
$sql .= " ORDER BY sp.tms DESC";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_contracts.php
View File

@ -92,10 +92,10 @@ class box_contracts extends ModeleBoxes
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (! empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_contrat DESC, c.ref DESC ";

2
htdocs/core/boxes/box_customers_outstanding_bill_reached.php
View File

@ -99,7 +99,7 @@ class box_customers_outstanding_bill_reached extends ModeleBoxes
$sql .= " WHERE s.client IN (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = $user->socid";

4
htdocs/core/boxes/box_factures.php
View File

@ -107,10 +107,10 @@ class box_factures extends ModeleBoxes
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY f.datef DESC, f.ref DESC ";

4
htdocs/core/boxes/box_factures_fourn.php
View File

@ -106,10 +106,10 @@ class box_factures_fourn extends ModeleBoxes
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND f.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY f.datef DESC, f.ref DESC ";

4
htdocs/core/boxes/box_factures_fourn_imp.php
View File

@ -102,10 +102,10 @@ class box_factures_fourn_imp extends ModeleBoxes
$sql .= " AND f.paye = 0";
$sql .= " AND fk_statut = 1";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY datelimite DESC, f.ref_supplier DESC ";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_factures_imp.php
View File

@ -110,10 +110,10 @@ class box_factures_imp extends ModeleBoxes
$sql .= " AND f.paye = 0";
$sql .= " AND fk_statut = 1";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " GROUP BY s.rowid, s.nom, s.name_alias, s.code_client, s.code_compta, s.client, s.logo, s.email, s.entity, s.tva_intra, s.siren, s.siret, s.ape, s.idprof4, s.idprof5, s.idprof6,";
$sql .= " f.ref, f.date_lim_reglement,";

4
htdocs/core/boxes/box_ficheinter.php
View File

@ -96,10 +96,10 @@ class box_ficheinter extends ModeleBoxes
$sql .= " WHERE f.fk_soc = s.rowid ";
$sql .= " AND f.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY f.tms DESC";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_fournisseurs.php
View File

@ -93,10 +93,10 @@ class box_fournisseurs extends ModeleBoxes
$sql .= " WHERE s.fournisseur = 1";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY s.tms DESC ";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_propales.php
View File

@ -96,10 +96,10 @@ class box_propales extends ModeleBoxes
$sql .= " WHERE p.fk_soc = s.rowid";
$sql .= " AND p.entity IN (".getEntity('propal').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY p.datep DESC, p.ref DESC ";

4
htdocs/core/boxes/box_prospect.php
View File

@ -99,10 +99,10 @@ class box_prospect extends ModeleBoxes
$sql .= " WHERE s.client IN (2, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= " ORDER BY s.tms DESC";
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_services_contracts.php
View File

@ -96,12 +96,12 @@ class box_services_contracts extends ModeleBoxes
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contrat";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= ")";
$sql .= " WHERE c.entity = ".$conf->entity;
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
$sql .= $this->db->order("c.tms", "DESC");
$sql .= $this->db->plimit($max, 0);

2
htdocs/core/boxes/box_services_expired.php
View File

@ -96,7 +96,7 @@ class box_services_expired extends ModeleBoxes
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY c.rowid, c.ref, c.statut, c.date_contrat, c.ref_customer, c.ref_supplier, s.nom, s.rowid";
$sql .= ", s.email, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur";

4
htdocs/core/boxes/box_shipments.php
View File

@ -109,10 +109,10 @@ class box_shipments extends ModeleBoxes
$sql .= " AND e.fk_statut = 1";
}
if ($user->socid > 0) {
$sql.= " AND s.rowid = ".$user->socid;
$sql.= " AND s.rowid = ".((int) $user->socid);
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
} else {
$sql .= " ORDER BY e.date_delivery, e.ref DESC ";
}

4
htdocs/core/boxes/box_supplier_orders.php
View File

@ -98,10 +98,10 @@ class box_supplier_orders extends ModeleBoxes
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('supplier_order').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_commande DESC, c.ref DESC ";

4
htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
View File

@ -99,10 +99,10 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes
$sql .= " AND c.entity IN (".getEntity('supplier_order').")";
$sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) {
$sql .= " ORDER BY c.date_commande DESC, c.ref DESC";

10
htdocs/core/class/commonobject.class.php
View File

@ -1983,7 +1983,7 @@ abstract class CommonObject
/**
* Load properties id_previous and id_next by comparing $fieldid with $this->ref
*
* @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')"
* @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')". Do not allow user input data here.
* @param string $fieldid Name of field to use for the select MAX and MIN
* @param int $nodbprefix Do not include DB prefix to forge table name
* @return int <0 if KO, >0 if OK
@ -2032,10 +2032,10 @@ abstract class CommonObject
}
$sql .= " WHERE te.".$fieldid." < '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists)
if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)';
$sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)';
}
if (!empty($filter)) {
if (!preg_match('/^\s*AND/i', $filter)) {
@ -2102,10 +2102,10 @@ abstract class CommonObject
}
$sql .= " WHERE te.".$fieldid." > '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists)
if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)';
$sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)';
}
if (!empty($filter)) {
if (!preg_match('/^\s*AND/i', $filter)) {

8
htdocs/core/class/discount.class.php
View File

@ -488,7 +488,7 @@ class DiscountAbsolute
*
* @param Societe $company Object third party for filter
* @param User $user Filtre sur un user auteur des remises
* @param string $filter Filtre autre
* @param string $filter Filter other. Warning: Do not use a user input value here.
* @param int $maxvalue Filter on max value for discount
* @param int $discount_type 0 => customer discount, 1 => supplier discount
* @param int $multicurrency Return multicurrency_amount instead of amount
@ -503,17 +503,17 @@ class DiscountAbsolute
$sql = "SELECT SUM(rc.amount_ttc) as amount, SUM(rc.multicurrency_amount_ttc) as multicurrency_amount";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc";
$sql .= " WHERE rc.entity = ".$conf->entity;
$sql .= " AND rc.discount_type=".intval($discount_type);
$sql .= " AND rc.discount_type=".((int) $discount_type);
if (!empty($discount_type)) {
$sql .= " AND (rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_line IS NULL)"; // Available from supplier
} else {
$sql .= " AND (rc.fk_facture IS NULL AND rc.fk_facture_line IS NULL)"; // Available to customer
}
if (is_object($company)) {
$sql .= " AND rc.fk_soc = ".$company->id;
$sql .= " AND rc.fk_soc = ".((int) $company->id);
}
if (is_object($user)) {
$sql .= " AND rc.fk_user = ".$user->id;
$sql .= " AND rc.fk_user = ".((int) $user->id);
}
if ($filter) {
$sql .= ' AND ('.$filter.')';

10
htdocs/core/class/html.form.class.php
View File

@ -1347,13 +1347,13 @@ class Form
}
$sql .= " WHERE s.entity IN (".getEntity('societe').")";
if (!empty($user->socid)) {
$sql .= " AND s.rowid = ".$user->socid;
$sql .= " AND s.rowid = ".((int) $user->socid);
}
if ($filter) {
$sql .= " AND (".$filter.")";
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (!empty($conf->global->COMPANY_HIDE_INACTIVE_IN_COMBOBOX)) {
$sql .= " AND s.status <> 0";
@ -6794,9 +6794,9 @@ class Form
}
if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) {
if ($objecttmp->element == 'societe') {
$sql .= " AND t.rowid = ".$user->socid;
$sql .= " AND t.rowid = ".((int) $user->socid);
} else {
$sql .= " AND t.fk_soc = ".$user->socid;
$sql .= " AND t.fk_soc = ".((int) $user->socid);
}
}
if ($searchkey != '') {
@ -6804,7 +6804,7 @@ class Form
}
if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') {
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
}
if ($objecttmp->filter) { // Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')"

6
htdocs/core/class/html.formmail.class.php
View File

@ -1276,7 +1276,7 @@ class FormMail extends Form
$sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql .= " WHERE (type_template='".$db->escape($type_template)."' OR type_template='all')";
$sql .= " AND entity IN (".getEntity('c_email_templates').")";
$sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // Get all public or private owned
$sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // Get all public or private owned
if ($active >= 0) {
$sql .= " AND active = ".((int) $active);
}
@ -1399,7 +1399,7 @@ class FormMail extends Form
$sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql .= " WHERE type_template='".$this->db->escape($type_template)."'";
$sql .= " AND entity IN (".getEntity('c_email_templates').")";
$sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".$user->id.")";
$sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".((int) $user->id).")";
if (is_object($outputlangs)) {
$sql .= " AND (lang = '".$this->db->escape($outputlangs->defaultlang)."' OR lang IS NULL OR lang = '')";
}
@ -1435,7 +1435,7 @@ class FormMail extends Form
$sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql .= " WHERE type_template IN ('".$this->db->escape($type_template)."', 'all')";
$sql .= " AND entity IN (".getEntity('c_email_templates').")";
$sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // See all public templates or templates I own.
$sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // See all public templates or templates I own.
if ($active >= 0) {
$sql .= " AND active = ".((int) $active);
}

2
htdocs/core/class/html.formother.class.php
View File

@ -497,7 +497,7 @@ class FormOther
$sql_usr .= " AND u.rowid = ".$user->id;
}
if (!empty($user->socid)) {
$sql_usr .= " AND u.fk_soc = ".$user->socid;
$sql_usr .= " AND u.fk_soc = ".((int) $user->socid);
}
//Add hook to filter on user (for exemple on usergroup define in custom modules)

4
htdocs/core/lib/agenda.lib.php
View File

@ -168,7 +168,7 @@ function show_array_actions_to_do($max = 5)
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
$sql .= " AND ((a.percent >= 0 AND a.percent < 100) OR (a.percent = -1 AND a.datep2 > '".$db->idate($now)."'))";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -284,7 +284,7 @@ function show_array_last_actions_done($max = 5)
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
$sql .= " AND (a.percent >= 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);

18
htdocs/core/lib/company.lib.php
View File

@ -1489,46 +1489,46 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
if ($force_filter_contact === false) {
if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur')) && $filterobj->id) {
$sql .= " AND a.fk_soc = ".$filterobj->id;
$sql .= " AND a.fk_soc = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Dolresource') {
/* Nothing */
} elseif (is_object($filterobj) && get_class($filterobj) == 'Project' && $filterobj->id) {
$sql .= " AND a.fk_project = ".$filterobj->id;
$sql .= " AND a.fk_project = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') {
$sql .= " AND a.fk_element = m.rowid AND a.elementtype = 'member'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'order_supplier'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Product') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'product'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Ticket') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'ticket'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'BOM') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'bom'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Contrat') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'contract'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && is_array($filterobj->fields) && is_array($filterobj->fields['rowid']) && is_array($filterobj->fields['ref']) && $filterobj->table_element && $filterobj->element) {
// Generic case
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? '@'.$module : '')."'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
}
}

16
htdocs/core/lib/invoice.lib.php
View File

@ -242,7 +242,7 @@ function getCustomerInvoicePieChart($socid = 0)
$sql .= ' AND f.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY f.fk_statut";
@ -362,7 +362,7 @@ function getPurchaseInvoicePieChart($socid = 0)
$sql .= ' AND f.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY f.fk_statut";
@ -600,7 +600,7 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0)
$sql .= " WHERE s.rowid = f.fk_soc AND f.fk_statut = ".Facture::STATUS_DRAFT;
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -743,7 +743,7 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0)
$sql .= " WHERE s.rowid = f.fk_soc AND f.fk_statut = ".FactureFournisseur::STATUS_DRAFT;
$sql .= " AND f.entity IN (".getEntity('invoice').')';
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
@ -867,7 +867,7 @@ function getCustomerInvoiceLatestEditTable($maxCount = 5, $socid = 0)
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY f.tms DESC";
$sql .= $db->plimit($maxCount, 0);
@ -969,7 +969,7 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0)
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY f.tms DESC";
$sql .= $db->plimit($maxCount, 0);
@ -1079,7 +1079,7 @@ function getCustomerInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0)
$sql .= " WHERE s.rowid = f.fk_soc AND f.paye = 0 AND f.fk_statut = ".Facture::STATUS_VALIDATED;
$sql .= " AND f.entity IN (".getEntity('invoice').')';
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
@ -1267,7 +1267,7 @@ function getPurchaseInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0)
$sql .= " AND ff.paye = 0";
$sql .= " AND ff.fk_statut = ".FactureFournisseur::STATUS_VALIDATED;
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND ff.fk_soc = ".((int) $socid);

2
htdocs/core/lib/order.lib.php
View File

@ -208,7 +208,7 @@ function getCustomerOrderPieChart($socid = 0)
$sql .= ' AND c.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY c.fk_statut";

2
htdocs/core/lib/propal.lib.php
View File

@ -187,7 +187,7 @@ function getCustomerProposalPieChart($socid = 0)
$sql .= ' AND p.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND p.fk_statut IN (".$db->sanitize(implode(" ,", $listofstatus)).")";
$sql .= " GROUP BY p.fk_statut";

10
htdocs/core/lib/security.lib.php
View File

@ -668,7 +668,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta
$sql .= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= ", ".MAIN_DB_PREFIX."societe as s)";
$sql .= " WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).")";
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
$sql .= " AND sc.fk_soc = s.rowid";
$sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")";
} elseif (!empty($conf->multicompany->enabled)) {
@ -684,7 +684,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
$sql .= " AND dbt.fk_soc = ".$user->socid;
$sql .= " AND dbt.fk_soc = ".((int) $user->socid);
} elseif (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
// If internal user: Check permission for internal users that are restricted on their objects
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
@ -767,15 +767,15 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta
$sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
$sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
$sql .= " AND sc.fk_soc = dbt.".$dbt_keyfield;
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
} else {
// On ticket, the thirdparty is not mandatory, so we need a special test to accept record with no thirdparties.
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield." AND sc.fk_user = ".$user->id;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield." AND sc.fk_user = ".((int) $user->id);
$sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
$sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
$sql .= " AND (sc.fk_user = ".$user->id." OR sc.fk_user IS NULL)";
$sql .= " AND (sc.fk_user = ".((int) $user->id)." OR sc.fk_user IS NULL)";
}
} elseif (!empty($conf->multicompany->enabled)) {
// If multicompany and internal users with all permissions, check user is in correct entity

16
htdocs/core/lib/ticket.lib.php
View File

@ -369,38 +369,38 @@ function show_ticket_messaging($conf, $langs, $db, $filterobj, $objcon = '', $no
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
if ($force_filter_contact === false) {
if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur')) && $filterobj->id) {
$sql .= " AND a.fk_soc = ".$filterobj->id;
$sql .= " AND a.fk_soc = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Project' && $filterobj->id) {
$sql .= " AND a.fk_project = ".$filterobj->id;
$sql .= " AND a.fk_project = ".((int) $filterobj->id);
} elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') {
$sql .= " AND a.fk_element = m.rowid AND a.elementtype = 'member'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'order_supplier'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Product') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'product'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Ticket') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'ticket'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'BOM') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'bom'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
} elseif (is_object($filterobj) && get_class($filterobj) == 'Contrat') {
$sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'contract'";
if ($filterobj->id) {
$sql .= " AND a.fk_element = ".$filterobj->id;
$sql .= " AND a.fk_element = ".((int) $filterobj->id);
}
}
}

4
htdocs/core/modules/rapport/pdf_paiement.class.php
View File

@ -206,7 +206,7 @@ class pdf_paiement
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (!empty($socid)) {
$sql .= " AND s.rowid = ".((int) $socid);
@ -244,7 +244,7 @@ class pdf_paiement
$sql .= " AND f.entity = ".$conf->entity;
$sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (!empty($socid)) {
$sql .= " AND s.rowid = ".$socid;

2
htdocs/eventorganization/eventorganizationindex.php
View File

@ -84,7 +84,7 @@ if (! empty($conf->eventorganization->enabled) && $user->rights->eventorganizati
$sql.= " AND c.fk_statut = 0";
$sql.= " AND c.entity IN (".getEntity('commande').")";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if ($socid) $sql.= " AND c.fk_soc = ".$socid;
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
$resql = $db->query($sql);
if ($resql)

2
htdocs/expedition/class/expeditionstats.class.php
View File

@ -74,7 +74,7 @@ class ExpeditionStats extends Stats
//$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity;
$this->where .= " AND c.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$this->socid) {
$this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($this->socid) {
$this->where .= " AND c.fk_soc = ".((int) $this->socid);

12
htdocs/expedition/index.php
View File

@ -68,13 +68,13 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande as c ON el.fk_source = c.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc";
$sql .= $clause." sc.fk_user = ".$user->id;
$sql .= $clause." sc.fk_user = ".((int) $user->id);
$clause = " AND ";
}
$sql .= $clause." e.fk_statut = ".Expedition::STATUS_DRAFT;
$sql .= " AND e.entity IN (".getEntity('expedition').")";
if ($socid) {
$sql .= " AND c.fk_soc = ".$socid;
$sql .= " AND c.fk_soc = ".((int) $socid);
}
$resql = $db->query($sql);
@ -143,11 +143,11 @@ if (!$user->rights->societe->client->voir && !$socid) {
}
$sql .= " WHERE e.entity IN (".getEntity('expedition').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND e.fk_statut = ".Expedition::STATUS_VALIDATED;
if ($socid) {
$sql .= " AND c.fk_soc = ".$socid;
$sql .= " AND c.fk_soc = ".((int) $socid);
}
$sql .= " ORDER BY e.date_delivery DESC";
$sql .= $db->plimit($max, 0);
@ -215,10 +215,10 @@ $sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('order').")";
$sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_ACCEPTED.")";
if ($socid > 0) {
$sql .= " AND c.fk_soc = ".$socid;
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.rowid ASC";

2
htdocs/expedition/list.php
View File

@ -289,7 +289,7 @@ if ($socid > 0) {
}
if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no permission to see all
$sql .= " AND e.fk_soc = sc.fk_soc";
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND e.fk_soc = ".((int) $socid);

2
htdocs/expensereport/class/expensereportstats.class.php
View File

@ -71,7 +71,7 @@ class ExpenseReportStats extends Stats
//$this->where.= " AND entity = ".$conf->entity;
if ($this->socid) {
$this->where .= " AND e.fk_soc = ".$this->socid;
$this->where .= " AND e.fk_soc = ".((int) $this->socid);
}
// Only me and subordinates

2
htdocs/fichinter/card-rec.php
View File

@ -774,7 +774,7 @@ if ($action == 'create') {
$sql .= " AND s.rowid = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_ref) {
$sql .= natural_search('f.titre', $search_ref);

2
htdocs/fichinter/class/fichinter.class.php
View File

@ -206,7 +206,7 @@ class Fichinter extends CommonObject
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON fi.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." fi.entity IN (".getEntity('intervention').")";

14
htdocs/fichinter/index.php
View File

@ -83,7 +83,7 @@ if ($user->socid) {
$sql .= ' AND f.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY f.fk_statut";
$resql = $db->query($sql);
@ -199,10 +199,10 @@ if (!empty($conf->ficheinter->enabled)) {
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.fk_statut = 0";
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $db->query($sql);
@ -249,10 +249,10 @@ $sql .= " WHERE f.entity IN (".getEntity('intervention').")";
$sql .= " AND f.fk_soc = s.rowid";
//$sql.= " AND c.fk_statut > 2";
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY f.tms DESC";
$sql .= $db->plimit($max, 0);
@ -322,10 +322,10 @@ if (!empty($conf->ficheinter->enabled)) {
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.fk_statut = 1";
if ($socid) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY f.rowid DESC";

2
htdocs/fichinter/list.php
View File

@ -286,7 +286,7 @@ if ($search_status != '' && $search_status >= 0) {
$sql .= ' AND f.fk_statut = '.urlencode($search_status);
}
if (!$user->rights->societe->client->voir && empty($socid)) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);

6
htdocs/fourn/class/fournisseur.class.php
View File

@ -86,7 +86,7 @@ class Fournisseur extends Societe
$sql = "SELECT count(pfp.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
$sql .= " WHERE pfp.entity = ".$conf->entity;
$sql .= " AND pfp.fk_soc = ".$this->id;
$sql .= " AND pfp.fk_soc = ".((int) $this->id);
$resql = $this->db->query($sql);
if ($resql) {
@ -115,7 +115,7 @@ class Fournisseur extends Societe
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." s.fournisseur = 1";
@ -184,7 +184,7 @@ class Fournisseur extends Societe
$sql .= " WHERE s.fournisseur = 1";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $this->db->query($sql);

8
htdocs/fourn/class/fournisseur.commande.class.php
View File

@ -470,7 +470,7 @@ class CommandeFournisseur extends CommonOrder
$sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as l";
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid';
if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON l.fk_product = pfp.fk_product and l.ref = pfp.ref_fourn AND pfp.fk_soc = ".$this->socid;
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON l.fk_product = pfp.fk_product and l.ref = pfp.ref_fourn AND pfp.fk_soc = ".((int) $this->socid);
}
$sql .= " WHERE l.fk_commande = ".$this->id;
if ($only_product) {
@ -2958,7 +2958,7 @@ class CommandeFournisseur extends CommonOrder
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." co.entity = ".$conf->entity;
@ -2996,7 +2996,7 @@ class CommandeFournisseur extends CommonOrder
$sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as c";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." c.entity = ".$conf->entity;
@ -3006,7 +3006,7 @@ class CommandeFournisseur extends CommonOrder
$sql .= " AND c.fk_statut IN (".self::STATUS_VALIDATED.", ".self::STATUS_ACCEPTED.")";
}
if ($user->socid) {
$sql .= " AND c.fk_soc = ".$user->socid;
$sql .= " AND c.fk_soc = ".((int) $user->socid);
}
$resql = $this->db->query($sql);

8
htdocs/fourn/class/fournisseur.facture.class.php
View File

@ -2314,7 +2314,7 @@ class FactureFournisseur extends CommonInvoice
$sql .= " AND pf.fk_paiementfourn IS NULL"; // Aucun paiement deja fait
$sql .= " AND ff.fk_statut IS NULL"; // Renvoi vrai si pas facture de remplacement
if ($socid > 0) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " ORDER BY f.ref";
@ -2362,7 +2362,7 @@ class FactureFournisseur extends CommonInvoice
$sql .= " AND ff.type=".self::TYPE_REPLACEMENT.")";
$sql .= " AND f.type != ".self::TYPE_CREDIT_NOTE; // Type non 2 si facture non avoir
if ($socid > 0) {
$sql .= " AND f.fk_soc = ".$socid;
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " ORDER BY f.ref";
@ -2414,7 +2414,7 @@ class FactureFournisseur extends CommonInvoice
$sql .= ' AND ff.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " AND ff.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND ff.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $this->db->query($sql);
@ -2761,7 +2761,7 @@ class FactureFournisseur extends CommonInvoice
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".$user->id;
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." f.entity = ".$conf->entity;

6
htdocs/fourn/commande/index.php
View File

@ -76,7 +76,7 @@ if ($user->socid) {
$sql .= ' AND cf.fk_soc = '.$user->socid;
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY cf.fk_statut";
@ -186,7 +186,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $db->query($sql);
@ -293,7 +293,7 @@ if (!empty($socid)) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.tms DESC";
$sql .= $db->plimit($max, 0);

2
htdocs/fourn/commande/list.php
View File

@ -654,7 +654,7 @@ if ($socid > 0) {
$sql .= " AND s.rowid = ".((int) $socid);
}
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_ref) {
$sql .= natural_search('cf.ref', $search_ref);

2
htdocs/fourn/contact.php
View File

@ -76,7 +76,7 @@ $sql .= " AND s.fournisseur = 1";
$sql .= " AND s.rowid = p.fk_soc";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (dol_strlen($stcomm)) {

2
htdocs/fourn/facture/list.php
View File

@ -475,7 +475,7 @@ $sql .= $hookmanager->resPrint;
$sql .= ' WHERE f.fk_soc = s.rowid';
$sql .= ' AND f.entity IN ('.getEntity('facture_fourn').')';
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".((int) $search_product_category);

2
htdocs/fourn/facture/paiement.php
View File

@ -371,7 +371,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
$sql .= ' WHERE f.fk_soc = s.rowid';
$sql .= ' AND f.rowid = '.((int) $facid);
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$resql = $db->query($sql);
if ($resql) {

10
htdocs/fourn/index.php
View File

@ -65,7 +65,7 @@ if (!$user->rights->societe->client->voir && !$socid) {
}
$sql .= " WHERE cf.fk_soc = s.rowid ";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND cf.entity = ".$conf->entity;
$sql .= " GROUP BY cf.fk_statut";
@ -111,12 +111,12 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU
}
$sql .= " WHERE cf.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND cf.entity = ".$conf->entity;
$sql .= " AND cf.fk_statut = 0";
if ($socid) {
$sql .= " AND cf.fk_soc = ".$socid;
$sql .= " AND cf.fk_soc = ".((int) $socid);
}
$resql = $db->query($sql);
@ -167,7 +167,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S
}
$sql .= " WHERE s.rowid = ff.fk_soc";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND sc.fk_user = ".$user->id;
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND ff.entity = ".$conf->entity;
$sql .= " AND ff.fk_statut = 0";
@ -240,7 +240,7 @@ $sql .= " WHERE s.fk_stcomm = st.id";
$sql .= " AND s.fournisseur = 1";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->rights->societe->client->voir && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);

2
htdocs/hrm/index.php
View File

@ -344,7 +344,7 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme
}
$sql .= " WHERE rc.entity IN (".getEntity($staticrecruitmentcandidature->element).")";
if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) {
$sql .= " AND rp.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql .= " AND rp.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND rp.fk_soc = $socid";

4
htdocs/install/upgrade2.php
View File

@ -790,7 +790,7 @@ function migrate_paiements_orphelins_1($db, $langs, $conf)
// On cherche facture sans lien paiement et du meme montant et pour meme societe.
$sql = " SELECT distinct f.rowid from ".MAIN_DB_PREFIX."facture as f";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON f.rowid = pf.fk_facture";
$sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".$row[$i]['socid']." AND total_ttc = ".$row[$i]['pamount'];
$sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".((int) $row[$i]['socid'])." AND total_ttc = ".$row[$i]['pamount'];
$sql .= " AND pf.fk_facture IS NULL";
$sql .= " ORDER BY f.fk_statut";
//print $sql.'<br>';
@ -901,7 +901,7 @@ function migrate_paiements_orphelins_2($db, $langs, $conf)
// On cherche facture sans lien paiement et du meme montant et pour meme societe.
$sql = " SELECT distinct f.rowid from ".MAIN_DB_PREFIX."facture as f";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON f.rowid = pf.fk_facture";
$sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".$row[$i]['socid']." AND total_ttc = ".$row[$i]['pamount'];
$sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".((int) $row[$i]['socid'])." AND total_ttc = ".$row[$i]['pamount'];
$sql .= " AND pf.fk_facture IS NULL";
$sql .= " ORDER BY f.fk_statut";
//print $sql.'<br>';

Some files were not shown because too many files have changed in this diff Show More