diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 0c9b4113c2a..2c715aa9fd6 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -297,7 +297,7 @@ class BookKeeping extends CommonObject $sql .= " AND fk_doc = ".((int) $this->fk_doc); if (!empty($conf->global->ACCOUNTANCY_ENABLE_FKDOCDET)) { // DO NOT USE THIS IN PRODUCTION. This will generate a lot of trouble into reports and will corrupt database (by generating duplicate entries. - $sql .= " AND fk_docdet = ".$this->fk_docdet; // This field can be 0 if record is for several lines + $sql .= " AND fk_docdet = ".((int) $this->fk_docdet); // This field can be 0 if record is for several lines } $sql .= " AND numero_compte = '".$this->db->escape($this->numero_compte)."'"; $sql .= " AND label_operation = '".$this->db->escape($this->label_operation)."'"; diff --git a/htdocs/adherents/class/adherentstats.class.php b/htdocs/adherents/class/adherentstats.class.php index 489ed20d6c2..e777108c491 100644 --- a/htdocs/adherents/class/adherentstats.class.php +++ b/htdocs/adherents/class/adherentstats.class.php @@ -70,7 +70,7 @@ class AdherentStats extends Stats $this->where .= " m.statut != -1"; $this->where .= " AND p.fk_adherent = m.rowid AND m.entity IN (".getEntity('adherent').")"; - //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id; + //if (!$user->rights->societe->client->voir && !$user->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .((int) $user->id); if ($this->memberid) { $this->where .= " AND m.rowid = ".((int) $this->memberid); } diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index db3c45a0776..1ea8564808e 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -564,8 +564,8 @@ $sql = "SELECT rowid as rowid, module, label, type_template, lang, fk_user, priv $sql .= " FROM ".MAIN_DB_PREFIX."c_email_templates"; $sql .= " WHERE entity IN (".getEntity('email_template').")"; if (!$user->admin) { - $sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".$user->id."))"; // Show only public and private to me - $sql .= " AND (active = 1 OR fk_user = ".$user->id.")"; // Show only active or owned by me + $sql .= " AND (private = 0 OR (private = 1 AND fk_user = ".((int) $user->id)."))"; // Show only public and private to me + $sql .= " AND (active = 1 OR fk_user = ".((int) $user->id).")"; // Show only active or owned by me } if (empty($conf->global->MAIN_MULTILANGS)) { $sql .= " AND (lang = '".$db->escape($langs->defaultlang)."' OR lang IS NULL OR lang = '')"; diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index fccea96e5ad..3ddfaa4d92b 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -540,7 +540,7 @@ class Categorie extends CommonObject $sql .= ", visible = ".(int) $this->visible; $sql .= ", fk_parent = ".(int) $this->fk_parent; $sql .= ", fk_user_modif = ".(int) $user->id; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::update", LOG_DEBUG); if ($this->db->query($sql)) { @@ -686,7 +686,7 @@ class Categorie extends CommonObject if ($this->db->query($sql)) { if (!empty($conf->global->CATEGORIE_RECURSIV_ADD)) { $sql = 'SELECT fk_parent FROM '.MAIN_DB_PREFIX.'categorie'; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog(get_class($this)."::add_type", LOG_DEBUG); $resql = $this->db->query($sql); @@ -774,7 +774,7 @@ class Categorie extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); - $sql .= " WHERE fk_categorie = ".$this->id; + $sql .= " WHERE fk_categorie = ".((int) $this->id); $sql .= " AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $obj->id); dol_syslog(get_class($this).'::del_type', LOG_DEBUG); @@ -826,11 +826,11 @@ class Categorie extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type])." as c"; $sql .= ", ".MAIN_DB_PREFIX.(empty($this->MAP_OBJ_TABLE[$type]) ? $type : $this->MAP_OBJ_TABLE[$type])." as o"; $sql .= " WHERE o.entity IN (".getEntity($obj->element).")"; - $sql .= " AND c.fk_categorie = ".$this->id; + $sql .= " AND c.fk_categorie = ".((int) $this->id); $sql .= " AND c.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = o.rowid"; // Protection for external users if (($type == 'customer' || $type == 'supplier') && $user->socid > 0) { - $sql .= " AND o.rowid = ".$user->socid; + $sql .= " AND o.rowid = ".((int) $user->socid); } if ($limit > 0 || $offset > 0) { $sql .= $this->db->plimit($limit + 1, $offset); @@ -870,7 +870,7 @@ class Categorie extends CommonObject public function containsObject($type, $object_id) { $sql = "SELECT COUNT(*) as nb FROM ".MAIN_DB_PREFIX."categorie_".(empty($this->MAP_CAT_TABLE[$type]) ? $type : $this->MAP_CAT_TABLE[$type]); - $sql .= " WHERE fk_categorie = ".$this->id." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id); + $sql .= " WHERE fk_categorie = ".((int) $this->id)." AND fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".((int) $object_id); dol_syslog(get_class($this)."::containsObject", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { @@ -1501,7 +1501,7 @@ class Categorie extends CommonObject $sql .= " WHERE ct.fk_categorie = c.rowid AND ct.fk_".(empty($this->MAP_CAT_FK[$type]) ? $type : $this->MAP_CAT_FK[$type])." = ".(int) $id; // This seems useless because the table already contains id of category of 1 unique type. So commented. // So now it works also with external added categories. - //$sql .= " AND c.type = ".$this->MAP_ID[$type]; + //$sql .= " AND c.type = ".((int) $this->MAP_ID[$type]); $sql .= " AND c.entity IN (".getEntity('category').")"; $res = $this->db->query($sql); @@ -1796,7 +1796,7 @@ class Categorie extends CommonObject foreach ($langs_available as $key => $value) { $sql = "SELECT rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang"; - $sql .= " WHERE fk_category=".$this->id; + $sql .= " WHERE fk_category=".((int) $this->id); $sql .= " AND lang = '".$this->db->escape($key)."'"; $result = $this->db->query($sql); @@ -1806,10 +1806,10 @@ class Categorie extends CommonObject $sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang"; $sql2 .= " SET label='".$this->db->escape($this->label)."',"; $sql2 .= " description='".$this->db->escape($this->description)."'"; - $sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)"; - $sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->label); + $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->label); $sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')"; } dol_syslog(get_class($this).'::setMultiLangs', LOG_DEBUG); @@ -1822,10 +1822,10 @@ class Categorie extends CommonObject $sql2 = "UPDATE ".MAIN_DB_PREFIX."categorie_lang"; $sql2 .= " SET label='".$this->db->escape($this->multilangs["$key"]["label"])."',"; $sql2 .= " description='".$this->db->escape($this->multilangs["$key"]["description"])."'"; - $sql2 .= " WHERE fk_category=".$this->id." AND lang='".$this->db->escape($key)."'"; + $sql2 .= " WHERE fk_category=".((int) $this->id)." AND lang='".$this->db->escape($key)."'"; } else { $sql2 = "INSERT INTO ".MAIN_DB_PREFIX."categorie_lang (fk_category, lang, label, description)"; - $sql2 .= " VALUES(".$this->id.",'".$key."','".$this->db->escape($this->multilangs["$key"]["label"]); + $sql2 .= " VALUES(".$this->id.",'".$this->db->escape($key)."','".$this->db->escape($this->multilangs["$key"]["label"]); $sql2 .= "','".$this->db->escape($this->multilangs["$key"]["description"])."')"; } @@ -1864,7 +1864,7 @@ class Categorie extends CommonObject $sql = "SELECT lang, label, description"; $sql .= " FROM ".MAIN_DB_PREFIX."categorie_lang"; - $sql .= " WHERE fk_category=".$this->id; + $sql .= " WHERE fk_category=".((int) $this->id); $result = $this->db->query($sql); if ($result) { diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index c6c0d277edd..94c512675ef 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -919,7 +919,7 @@ class ActionComm extends CommonObject // phpcs:enable $sql = "SELECT fk_actioncomm, element_type, fk_element, answer_status, mandatory, transparency"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm_resources"; - $sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".$this->id; + $sql .= " WHERE element_type = 'user' AND fk_actioncomm = ".((int) $this->id); $resql2 = $this->db->query($sql); if ($resql2) { @@ -1320,7 +1320,7 @@ class ActionComm extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; } if (!$user->rights->agenda->allactions->read) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".$user->id; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".((int) $user->id); } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid"; $sql .= " WHERE 1 = 1"; @@ -1329,13 +1329,13 @@ class ActionComm extends CommonObject } $sql .= " AND a.entity IN (".getEntity('agenda').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($user->socid) { - $sql .= " AND a.fk_soc = ".$user->socid; + $sql .= " AND a.fk_soc = ".((int) $user->socid); } if (!$user->rights->agenda->allactions->read) { - $sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id; + $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id); $sql .= " OR ar.fk_element = ".$user->id; // Added by PV $sql .= ")"; } diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index c87af9558e8..9b9525925c5 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -689,7 +689,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.$socid; diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index 9c587a934e2..8dd8c1b9f58 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -447,7 +447,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php index b39d6c3141d..b1fecbf6475 100644 --- a/htdocs/comm/action/pertype.php +++ b/htdocs/comm/action/pertype.php @@ -558,7 +558,7 @@ if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.((int) $socid); diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index 10d9871c4c9..413de33db1f 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -579,7 +579,7 @@ if ($pid) { $sql .= " AND a.fk_project = ".((int) $pid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($socid > 0) { $sql .= ' AND a.fk_soc = '.((int) $socid); diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index fefee1c07dd..015e06df36a 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -826,7 +826,7 @@ if ($object->id > 0) { $sql .= ", p.datep as dp, p.fin_validite as date_limit"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."c_propalst as c"; $sql .= " WHERE p.fk_soc = s.rowid AND p.fk_statut = c.id"; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND p.entity IN (".getEntity('propal').")"; $sql .= " ORDER BY p.datep DESC"; @@ -891,7 +891,7 @@ if ($object->id > 0) { $sql .= ", c.facture as billed"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c"; $sql .= " WHERE c.fk_soc = s.rowid "; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND c.entity IN (".getEntity('commande').')'; $sql .= " ORDER BY c.date_commande DESC"; @@ -907,7 +907,7 @@ if ($object->id > 0) { $sql2 .= ' FROM '.MAIN_DB_PREFIX.'societe as s'; $sql2 .= ', '.MAIN_DB_PREFIX.'commande as c'; $sql2 .= ' WHERE c.fk_soc = s.rowid'; - $sql2 .= ' AND s.rowid = '.$object->id; + $sql2 .= ' AND s.rowid = '.((int) $object->id); // Show orders with status validated, shipping started and delivered (well any order we can bill) $sql2 .= " AND ((c.fk_statut IN (1,2)) OR (c.fk_statut = 3 AND c.facture = 0))"; @@ -967,7 +967,7 @@ if ($object->id > 0) { $sql .= ', s.nom'; $sql .= ', s.rowid as socid'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."expedition as e"; - $sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE e.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND e.entity IN (".getEntity('expedition').")"; $sql .= ' GROUP BY e.rowid'; $sql .= ', e.ref'; @@ -1032,7 +1032,7 @@ if ($object->id > 0) { $sql = "SELECT s.nom, s.rowid, c.rowid as id, c.ref as ref, c.statut as contract_status, c.datec as dc, c.date_contrat as dcon, c.ref_customer as refcus, c.ref_supplier as refsup"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c"; $sql .= " WHERE c.fk_soc = s.rowid "; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND c.entity IN (".getEntity('contract').")"; $sql .= " ORDER BY c.datec DESC"; @@ -1106,7 +1106,7 @@ if ($object->id > 0) { $sql = "SELECT s.nom, s.rowid, f.rowid as id, f.ref, f.fk_statut, f.duree as duration, f.datei as startdate"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as f"; $sql .= " WHERE f.fk_soc = s.rowid"; - $sql .= " AND s.rowid = ".$object->id; + $sql .= " AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('intervention').")"; $sql .= " ORDER BY f.tms DESC"; @@ -1171,7 +1171,7 @@ if ($object->id > 0) { $sql .= ', f.suspended as suspended'; $sql .= ', s.nom, s.rowid as socid'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_rec as f"; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= ' GROUP BY f.rowid, f.titre, f.total_ht, f.total_tva, f.total_ttc,'; $sql .= ' f.date_last_gen, f.datec, f.frequency, f.unit_frequency,'; @@ -1263,7 +1263,7 @@ if ($object->id > 0) { $sql .= ', SUM(pf.amount) as am'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiement_facture as pf ON f.rowid=pf.fk_facture'; - $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql .= " WHERE f.fk_soc = s.rowid AND s.rowid = ".((int) $object->id); $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= ' GROUP BY f.rowid, f.ref, f.type, f.total_ht, f.total_tva, f.total_ttc,'; $sql .= ' f.datef, f.datec, f.paye, f.fk_statut,'; diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 1d74cba61cd..52f6e675c5f 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -90,7 +90,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc"; $sql .= " WHERE s.fk_stcomm = st.id"; $sql .= " AND p.entity IN (".getEntity('socpeople').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($type == "c") { $sql .= " AND s.client IN (1, 3)"; diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index 2fafb5636e2..0087c68bb08 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -130,7 +130,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = ".Propal::STATUS_DRAFT; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -227,7 +227,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa $sql .= " AND p.fk_statut = ".SupplierProposal::STATUS_DRAFT; $sql .= " AND p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -323,7 +323,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $sql .= " AND c.fk_statut = ".Commande::STATUS_DRAFT; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -420,10 +420,10 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " AND cf.fk_statut = ".CommandeFournisseur::STATUS_DRAFT; $sql .= " AND cf.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { - $sql .= " AND cf.fk_soc = ".$socid; + $sql .= " AND cf.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -517,7 +517,7 @@ if (!empty($conf->societe->enabled) && $user->rights->societe->lire) { $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; $sql .= " AND s.client IN (".Societe::CUSTOMER.", ".Societe::PROSPECT.", ".Societe::CUSTOMER_AND_PROSPECT.")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = $socid"; @@ -613,7 +613,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; $sql .= " AND s.fournisseur = ".Societe::SUPPLIER; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -719,7 +719,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire && 0) { // T $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.fk_product = p.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -794,7 +794,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propal->lire) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -910,7 +910,7 @@ if (!empty($conf->commande->enabled) && $user->rights->commande->lire) { $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_SHIPMENTONPROCESS.")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 3f2cfc2974c..08ab8b6c8d7 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -60,7 +60,7 @@ $search_lastname = GETPOST("search_lastname", 'alphanohtml'); $search_firstname = GETPOST("search_firstname", 'alphanohtml'); $search_email = GETPOST("search_email", 'alphanohtml'); $search_other = GETPOST("search_other", 'alphanohtml'); -$search_dest_status = GETPOST('search_dest_status', 'alphanohtml'); +$search_dest_status = GETPOST('search_dest_status', 'int'); // Search modules dirs $modulesdir = dolGetModulesDirs('/mailings'); @@ -473,7 +473,7 @@ if ($object->fetch($id) >= 0) { $asearchcriteriahasbeenset++; } if ($search_dest_status != '' && $search_dest_status >= -1) { - $sql .= " AND mc.statut=".$db->escape($search_dest_status)." "; + $sql .= " AND mc.statut = ".((int) $search_dest_status); $asearchcriteriahasbeenset++; } $sql .= $db->order($sortfield, $sortorder); @@ -539,6 +539,8 @@ if ($object->fetch($id) >= 0) { } $morehtmlcenter .= '   id.'">'.$langs->trans("Download").''; + $massactionbutton = ''; + print_barre_liste($langs->trans("MailSelectedRecipients"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $morehtmlcenter, $num, $nbtotalofrecords, 'generic', 0, '', '', $limit); print ''; diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 3bc30d7d729..0f73746b03a 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -2780,7 +2780,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = c.id"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -3285,7 +3285,7 @@ class Propal extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."propal as p"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." p.entity IN (".getEntity('propal').")"; @@ -3296,7 +3296,7 @@ class Propal extends CommonObject $sql .= " AND p.fk_statut = ".self::STATUS_SIGNED; } if ($user->socid) { - $sql .= " AND p.fk_soc = ".$user->socid; + $sql .= " AND p.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -3462,7 +3462,7 @@ class Propal extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." p.entity IN (".getEntity('propal').")"; diff --git a/htdocs/comm/propal/class/propalestats.class.php b/htdocs/comm/propal/class/propalestats.class.php index a06945a09a6..181e5b545f8 100644 --- a/htdocs/comm/propal/class/propalestats.class.php +++ b/htdocs/comm/propal/class/propalestats.class.php @@ -94,10 +94,10 @@ class PropaleStats extends Stats //$this->where.= " AND p.fk_soc = s.rowid AND p.entity = ".$conf->entity; $this->where .= ($this->where ? ' AND ' : '')."p.entity IN (".getEntity('propal').")"; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { - $this->where .= " AND p.fk_soc = ".$this->socid; + $this->where .= " AND p.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { $this->where .= ' AND fk_user_author = '.((int) $this->userid); diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index 7ff3e405499..e080e36b49c 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -85,7 +85,7 @@ if (!empty($conf->propal->enabled)) { $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut =".Propal::STATUS_DRAFT; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND p.fk_soc = ".((int) $socid); @@ -163,7 +163,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -236,7 +236,7 @@ if (!empty($conf->propal->enabled) && $user->rights->propale->lire) { $sql .= " AND p.entity IN (".getEntity($propalstatic->element).")"; $sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -319,7 +319,7 @@ if (! empty($conf->propal->enabled)) $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 1"; if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); - if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); $sql.= " ORDER BY c.rowid DESC"; $resql=$db->query($sql); @@ -394,7 +394,7 @@ if (! empty($conf->propal->enabled)) $sql.= " AND c.entity = ".$conf->entity; $sql.= " AND c.fk_statut = 2 "; if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); - if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); $sql.= " ORDER BY c.rowid DESC"; $resql=$db->query($sql); diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index fda7b76ed91..75b5f5eb633 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -520,7 +520,7 @@ if ($search_user > 0) { $sql .= ' WHERE p.fk_soc = s.rowid'; $sql .= ' AND p.entity IN ('.getEntity('propal').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_town) { diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index 65b446727e5..f2feb3ed444 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -2688,7 +2688,7 @@ class Commande extends CommonOrder $sql .= " WHERE c.entity IN (".getEntity('commande').")"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -3507,14 +3507,14 @@ class Commande extends CommonOrder $sql .= " FROM ".MAIN_DB_PREFIX."commande as c"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." c.entity IN (".getEntity('commande').")"; //$sql.= " AND c.fk_statut IN (1,2,3) AND c.facture = 0"; $sql .= " AND ((c.fk_statut IN (".self::STATUS_VALIDATED.",".self::STATUS_SHIPMENTONPROCESS.")) OR (c.fk_statut = ".self::STATUS_CLOSED." AND c.facture = 0))"; // If status is 2 and facture=1, it must be selected if ($user->socid) { - $sql .= " AND c.fk_soc = ".$user->socid; + $sql .= " AND c.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -3917,7 +3917,7 @@ class Commande extends CommonOrder $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." co.entity IN (".getEntity('commande').")"; diff --git a/htdocs/commande/class/commandestats.class.php b/htdocs/commande/class/commandestats.class.php index 6bd6067dcf7..8ac89d5a18f 100644 --- a/htdocs/commande/class/commandestats.class.php +++ b/htdocs/commande/class/commandestats.class.php @@ -94,13 +94,13 @@ class CommandeStats extends Stats $this->where .= ($this->where ? ' AND ' : '').'c.entity IN ('.getEntity('commande').')'; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } if ($typentid) { diff --git a/htdocs/commande/customer.php b/htdocs/commande/customer.php index 62f8c4772f6..3ecaa0fbee1 100644 --- a/htdocs/commande/customer.php +++ b/htdocs/commande/customer.php @@ -87,7 +87,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.fk_stcomm = st.id AND c.fk_soc = s.rowid"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (GETPOST("search_nom")) { $sql .= natural_search("s.nom", GETPOST("search_nom")); diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php index 73f40668cea..f7dee2b4062 100644 --- a/htdocs/commande/index.php +++ b/htdocs/commande/index.php @@ -101,7 +101,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -169,7 +169,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -253,7 +253,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid DESC"; @@ -342,7 +342,7 @@ if (!empty($conf->commande->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid DESC"; diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index 73413d1070f..0404c6a595c 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -479,7 +479,7 @@ if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_ref) { $sql .= natural_search('c.ref', $search_ref); @@ -558,7 +558,7 @@ if ($search_sale > 0) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $search_sale); } if ($search_user > 0) { - $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".$search_user; + $sql .= " AND ec.fk_c_type_contact = tc.rowid AND tc.element='commande' AND tc.source='internal' AND ec.element_id = c.rowid AND ec.fk_socpeople = ".((int) $search_user); } if ($search_total_ht != '') { $sql .= natural_search('c.total_ht', $search_total_ht, 1); diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index ed61da3592e..c3628e12b7c 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -1992,7 +1992,7 @@ class AccountLine extends CommonObject // Protection to avoid any delete of accounted lines. Protection on by default if (empty($conf->global->BANK_ALLOW_TRANSACTION_DELETION_EVEN_IF_IN_ACCOUNTING)) { - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); @@ -2379,7 +2379,7 @@ class AccountLine extends CommonObject $result .= yn($this->rappro); } if ($option == 'showall' || $option == 'showconciliatedandaccounted') { - $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".$this->id; + $sql = "SELECT COUNT(rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping WHERE doc_type = 'bank' AND fk_doc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index 167c809a8b1..97184c1b8eb 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -116,7 +116,7 @@ if ($_GET["rel"] == 'prev') { $sql = "SELECT DISTINCT(b.num_releve) as num"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " ORDER BY b.num_releve DESC"; dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG); @@ -134,7 +134,7 @@ if ($_GET["rel"] == 'prev') { $sql = "SELECT DISTINCT(b.num_releve) as num"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve > '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " ORDER BY b.num_releve ASC"; dol_syslog("htdocs/compta/bank/releve.php", LOG_DEBUG); @@ -165,7 +165,7 @@ $sql .= " WHERE b.num_releve='".$db->escape($numref)."'"; if (empty($numref)) { $sql .= " OR b.num_releve is null"; } -$sql .= " AND b.fk_account = ".$object->id; +$sql .= " AND b.fk_account = ".((int) $object->id); $sql .= " AND b.fk_account = ba.rowid"; $sql .= $db->order("b.datev, b.datec", "ASC"); // We add date of creation to have correct order when everything is done the same day @@ -340,7 +340,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($objp->numr)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -353,7 +353,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve = '".$db->escape($objp->numr)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); @@ -421,7 +421,7 @@ if (empty($numref)) { $sql = "SELECT sum(b.amount) as amount"; $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql .= " WHERE b.num_releve < '".$db->escape($numref)."'"; - $sql .= " AND b.fk_account = ".$object->id; + $sql .= " AND b.fk_account = ".((int) $object->id); $resql = $db->query($sql); if ($resql) { @@ -605,7 +605,7 @@ if (empty($numref)) { $sql .= " FROM ".MAIN_DB_PREFIX."bank_categ as ct"; $sql .= ", ".MAIN_DB_PREFIX."bank_class as cl"; $sql .= " WHERE ct.rowid = cl.fk_categ"; - $sql .= " AND ct.entity = ".$conf->entity; + $sql .= " AND ct.entity = ".((int) $conf->entity); $sql .= " AND cl.lineid = ".((int) $objp->rowid); $resc = $db->query($sql); diff --git a/htdocs/compta/cashcontrol/report.php b/htdocs/compta/cashcontrol/report.php index 0bc18e31bde..af61af5e836 100644 --- a/htdocs/compta/cashcontrol/report.php +++ b/htdocs/compta/cashcontrol/report.php @@ -115,9 +115,9 @@ elseif ($syear && $smonth && ! $sday) $sql.= " AND dateo BETWEEN '".$db->idate(d elseif ($syear && $smonth && $sday) $sql.= " AND dateo BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $smonth, $sday, $syear))."' AND '".$db->idate(dol_mktime(23, 59, 59, $smonth, $sday, $syear))."'"; else dol_print_error('', 'Year not defined'); // Define filter on bank account -$sql.=" AND (b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CASH; -$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CB; -$sql.=" OR b.fk_account=".$conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE; +$sql.=" AND (b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CASH); +$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CB); +$sql.=" OR b.fk_account = ".((int) $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE); $sql.=")"; */ $sql = "SELECT f.rowid as facid, f.ref, f.datef as do, pf.amount as amount, b.fk_account as bankid, cp.code"; diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php index b0a4716b7e1..504e5638abc 100644 --- a/htdocs/compta/clients.php +++ b/htdocs/compta/clients.php @@ -104,7 +104,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.fk_stcomm = st.id AND s.client in (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (dol_strlen($stcomm)) { $sql .= " AND s.fk_stcomm=".((int) $stcomm); diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php index 547f0676b7b..12351032b53 100644 --- a/htdocs/compta/deplacement/index.php +++ b/htdocs/compta/deplacement/index.php @@ -159,7 +159,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND d.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/deplacement/list.php b/htdocs/compta/deplacement/list.php index 61d30ea1345..428eacbc93a 100644 --- a/htdocs/compta/deplacement/list.php +++ b/htdocs/compta/deplacement/list.php @@ -105,7 +105,7 @@ if (empty($user->rights->deplacement->readall) && empty($user->rights->deplaceme $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id." OR d.fk_soc IS NULL) "; + $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR d.fk_soc IS NULL) "; } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 9cbfb33e5bd..d0d14b02abb 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -4042,7 +4042,7 @@ class Facture extends CommonInvoice $sql .= " WHERE f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -4233,14 +4233,14 @@ class Facture extends CommonInvoice $sql .= " FROM ".MAIN_DB_PREFIX."facture as f"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON f.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." f.paye=0"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.fk_statut = ".self::STATUS_VALIDATED; if ($user->socid) { - $sql .= " AND f.fk_soc = ".$user->socid; + $sql .= " AND f.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -4480,7 +4480,7 @@ class Facture extends CommonInvoice $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." f.entity IN (".getEntity('invoice').")"; diff --git a/htdocs/compta/facture/class/facturestats.class.php b/htdocs/compta/facture/class/facturestats.class.php index e6547cc9f89..96c8e88b97e 100644 --- a/htdocs/compta/facture/class/facturestats.class.php +++ b/htdocs/compta/facture/class/facturestats.class.php @@ -86,16 +86,16 @@ class FactureStats extends Stats $this->where = " f.fk_statut >= 0"; $this->where .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($mode == 'customer') { $this->where .= " AND (f.fk_statut <> 3 OR f.close_code <> 'replaced')"; // Exclude replaced invoices as they are duplicated (we count closed invoices for other reasons) } if ($this->socid) { - $this->where .= " AND f.fk_soc = ".$this->socid; + $this->where .= " AND f.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND f.fk_user_author = '.$this->userid; + $this->where .= ' AND f.fk_user_author = '.((int) $this->userid); } if (!empty($conf->global->FACTURE_DEPOSITS_ARE_JUST_PAYMENTS)) { $this->where .= " AND f.type IN (0,1,2,5)"; diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index f25b2b05975..ccee2403e79 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -555,7 +555,7 @@ $sql .= $hookmanager->resPrint; $sql .= ' WHERE f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_product_category > 0) { $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index b1ad18e6461..ca7cd08a6fe 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -135,7 +135,7 @@ if (!empty($conf->facture->enabled) && !empty($user->rights->facture->lire)) { $sql .= " WHERE s.rowid = f.fk_soc"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); @@ -280,7 +280,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " WHERE s.rowid = ff.fk_soc"; $sql .= " AND ff.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND ff.fk_soc = ".((int) $socid); @@ -592,7 +592,7 @@ if (!empty($conf->facture->enabled) && !empty($conf->commande->enabled) && $user $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/paiement/cheque/class/remisecheque.class.php b/htdocs/compta/paiement/cheque/class/remisecheque.class.php index 0c05a1bc03a..683b2fd0423 100644 --- a/htdocs/compta/paiement/cheque/class/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/class/remisecheque.class.php @@ -290,7 +290,7 @@ class RemiseCheque extends CommonObject $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -344,7 +344,7 @@ class RemiseCheque extends CommonObject if ($this->errno == 0 && $numref) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET statut = 1, ref = '".$this->db->escape($numref)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $sql .= " AND statut = 0"; @@ -585,7 +585,7 @@ class RemiseCheque extends CommonObject $sql .= ", ".MAIN_DB_PREFIX."bordereau_cheque as bc"; $sql .= " WHERE b.fk_account = ba.rowid"; $sql .= " AND b.fk_bordereau = bc.rowid"; - $sql .= " AND bc.rowid = ".$this->id; + $sql .= " AND bc.rowid = ".((int) $this->id); $sql .= " AND bc.entity = ".$conf->entity; $sql .= " ORDER BY b.dateo ASC, b.rowid ASC"; @@ -661,7 +661,7 @@ class RemiseCheque extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET amount = ".price2num($total); $sql .= ", nbcheque = ".((int) $nb); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); $sql .= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); @@ -851,7 +851,7 @@ class RemiseCheque extends CommonObject if ($user->rights->banque->cheque) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; $sql .= " SET date_bordereau = ".($date ? "'".$this->db->idate($date)."'" : 'null'); - $sql .= " WHERE rowid = ".$this->id; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("RemiseCheque::set_date", LOG_DEBUG); $resql = $this->db->query($sql); @@ -880,8 +880,8 @@ class RemiseCheque extends CommonObject // phpcs:enable if ($user->rights->banque->cheque) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql .= " SET ref = '".$ref."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " SET ref = '".$this->db->escape($ref)."'"; + $sql .= " WHERE rowid = ".((int) $this->id); dol_syslog("RemiseCheque::set_number", LOG_DEBUG); $resql = $this->db->query($sql); diff --git a/htdocs/compta/paiement/class/paiement.class.php b/htdocs/compta/paiement/class/paiement.class.php index f31d66a2f6d..971400afa5e 100644 --- a/htdocs/compta/paiement/class/paiement.class.php +++ b/htdocs/compta/paiement/class/paiement.class.php @@ -800,7 +800,7 @@ class Paiement extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX.'bank'; $sql .= " SET dateo = '".$this->db->idate($date)."', datev = '".$this->db->idate($date)."'"; - $sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".$this->id.")"; + $sql .= " WHERE rowid IN (SELECT fk_bank FROM ".MAIN_DB_PREFIX."bank_url WHERE type = '".$this->db->escape($type)."' AND url_id = ".((int) $this->id).")"; $sql .= " AND rappro = 0"; $result = $this->db->query($sql); diff --git a/htdocs/compta/paiement/list.php b/htdocs/compta/paiement/list.php index 1e99cf8676f..5f2d4d9a2cd 100644 --- a/htdocs/compta/paiement/list.php +++ b/htdocs/compta/paiement/list.php @@ -197,7 +197,7 @@ if (GETPOST("orphelins", "alpha")) { } $sql .= " WHERE p.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/paymentbybanktransfer/index.php b/htdocs/compta/paymentbybanktransfer/index.php index 5d76ae4d8b4..25763dd8339 100644 --- a/htdocs/compta/paymentbybanktransfer/index.php +++ b/htdocs/compta/paymentbybanktransfer/index.php @@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; $sql .= " AND pfd.fk_facture_fourn = f.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php index 1b6afa3cffe..d9f93dd0a08 100644 --- a/htdocs/compta/prelevement/class/bonprelevement.class.php +++ b/htdocs/compta/prelevement/class/bonprelevement.class.php @@ -646,7 +646,7 @@ class BonPrelevement extends CommonObject $sql .= " , ".MAIN_DB_PREFIX."prelevement_facture as pf"; $sql .= " WHERE pf.fk_prelevement_lignes = pl.rowid"; $sql .= " AND pl.fk_prelevement_bons = p.rowid"; - $sql .= " AND p.rowid = ".$this->id; + $sql .= " AND p.rowid = ".((int) $this->id); $sql .= " AND p.entity = ".$conf->entity; if ($amounts) { if ($this->type == 'bank-transfer') { diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php index 266097f7a2d..0230e4cb726 100644 --- a/htdocs/compta/prelevement/demandes.php +++ b/htdocs/compta/prelevement/demandes.php @@ -138,7 +138,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= " WHERE s.rowid = f.fk_soc"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/prelevement/index.php b/htdocs/compta/prelevement/index.php index 11c38bbb044..c0f89a7e046 100644 --- a/htdocs/compta/prelevement/index.php +++ b/htdocs/compta/prelevement/index.php @@ -112,7 +112,7 @@ $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; $sql .= " AND pfd.fk_facture = f.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index 5aca25466a3..f2f192271ac 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -614,9 +614,9 @@ if ($modecompta == 'BOOKKEEPING') { } } - $sql .= " AND f.entity = ".$conf->entity; + $sql .= " AND f.entity = ".((int) $conf->entity); if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " GROUP BY name, socid"; $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php index 48ba4b06d30..fa95b08faca 100644 --- a/htdocs/compta/sociales/class/paymentsocialcontribution.class.php +++ b/htdocs/compta/sociales/class/paymentsocialcontribution.class.php @@ -777,7 +777,7 @@ class PaymentSocialContribution extends CommonObject $type = 'bank'; - $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->bank_line; + $sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".((int) $this->bank_line); $resql = $this->db->query($sql); if ($resql) { $obj = $this->db->fetch_object($resql); diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 165a7bf7bc3..83bc4202b9d 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -385,13 +385,13 @@ class Contact extends CommonObject if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= ", ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= ' '.$clause.' sp.entity IN ('.getEntity($this->element).')'; - $sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".$user->id."))"; + $sql .= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".((int) $user->id)."))"; if ($user->socid > 0) { - $sql .= " AND sp.fk_soc = ".$user->socid; + $sql .= " AND sp.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -1068,7 +1068,7 @@ class Contact extends CommonObject // Search Dolibarr user linked to this contact $sql = "SELECT u.rowid "; $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; - $sql .= " WHERE u.fk_socpeople = ".$this->id; + $sql .= " WHERE u.fk_socpeople = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -1091,7 +1091,7 @@ class Contact extends CommonObject if ($user) { $sql = "SELECT fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."user_alert"; - $sql .= " WHERE fk_user = ".$user->id." AND fk_contact = ".$this->db->escape($id); + $sql .= " WHERE fk_user = ".((int) $user->id)." AND fk_contact = ".((int) $id); $resql = $this->db->query($sql); if ($resql) { @@ -1162,7 +1162,7 @@ class Contact extends CommonObject $sql = "SELECT tc.element, count(ec.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as tc"; $sql .= " WHERE ec.fk_c_type_contact = tc.rowid"; - $sql .= " AND fk_socpeople = ".$this->id; + $sql .= " AND fk_socpeople = ".((int) $this->id); $sql .= " AND tc.source = 'external'"; $sql .= " GROUP BY tc.element"; @@ -1211,7 +1211,7 @@ class Contact extends CommonObject $sql = "SELECT ec.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."element_contact ec,"; $sql .= " ".MAIN_DB_PREFIX."c_type_contact tc"; - $sql .= " WHERE ec.fk_socpeople=".$this->id; + $sql .= " WHERE ec.fk_socpeople=".((int) $this->id); $sql .= " AND ec.fk_c_type_contact=tc.rowid"; $sql .= " AND tc.source='external'"; dol_syslog(__METHOD__, LOG_DEBUG); @@ -1242,7 +1242,7 @@ class Contact extends CommonObject if (!$error) { // Remove Roles - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1254,7 +1254,7 @@ class Contact extends CommonObject if (!$error) { // Remove Roles - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1266,7 +1266,7 @@ class Contact extends CommonObject if (!$error) { // Remove category - $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".$this->id; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."categorie_contact WHERE fk_socpeople = ".((int) $this->id); dol_syslog(__METHOD__, LOG_DEBUG); $resql = $this->db->query($sql); if (!$resql) { @@ -1727,7 +1727,7 @@ class Contact extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."societe_contacts as sc, ".MAIN_DB_PREFIX."c_type_contact as tc"; $sql .= " WHERE tc.rowid = sc.fk_c_type_contact"; $sql .= " AND tc.source = 'external' AND tc.active=1"; - $sql .= " AND sc.fk_socpeople = ".$this->id; + $sql .= " AND sc.fk_socpeople = ".((int) $this->id); $sql .= " AND sc.entity IN (".getEntity('societe').')'; $resql = $this->db->query($sql); @@ -2040,7 +2040,7 @@ class Contact extends CommonObject $obj = $this->db->fetch_object($resql); $noemail = $obj->nb; if (empty($noemail)) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".$this->db->escape(getEntity('mailing', 0)).", '".$this->db->idate(dol_now())."')"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe(email, entity, date_creat) VALUES ('".$this->db->escape($this->email)."', ".getEntity('mailing', 0).", '".$this->db->idate(dol_now())."')"; $resql = $this->db->query($sql); if (!$resql) { $error++; @@ -2054,7 +2054,7 @@ class Contact extends CommonObject $this->errors[] = $this->error; } } else { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity = ".$this->db->escape(getEntity('mailing', 0)); + $sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_unsubscribe WHERE email = '".$this->db->escape($this->email)."' AND entity IN (".getEntity('mailing', 0).")"; $resql = $this->db->query($sql); if (!$resql) { $error++; diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index e5a9ab3f0d6..a63a1bf7e49 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -389,7 +389,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= ' WHERE p.entity IN ('.getEntity('socpeople').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND (sc.fk_user = ".$user->id." OR p.fk_soc IS NULL)"; + $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR p.fk_soc IS NULL)"; } if (!empty($userid)) { // propre au commercial $sql .= " AND p.fk_user_creat=".((int) $userid); @@ -403,13 +403,13 @@ if ($search_stcomm != '' && $search_stcomm != -2) { // Filter to exclude not owned private contacts if ($search_priv != '0' && $search_priv != '1') { - $sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".$user->id."))"; + $sql .= " AND (p.priv='0' OR (p.priv='1' AND p.fk_user_creat=".((int) $user->id)."))"; } else { if ($search_priv == '0') { $sql .= " AND p.priv='0'"; } if ($search_priv == '1') { - $sql .= " AND (p.priv='1' AND p.fk_user_creat=".$user->id.")"; + $sql .= " AND (p.priv='1' AND p.fk_user_creat=".((int) $user->id).")"; } } diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 5436c55faeb..a0016f3fe47 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -1150,11 +1150,11 @@ class Contrat extends CommonObject /* $sql = "DELETE cdl"; $sql.= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd"; - $sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id; + $sql.= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id); */ $sql = "SELECT cdl.rowid as cdlrowid "; $sql .= " FROM ".MAIN_DB_PREFIX."contratdet_log as cdl, ".MAIN_DB_PREFIX."contratdet as cd"; - $sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".$this->id; + $sql .= " WHERE cdl.fk_contratdet=cd.rowid AND cd.fk_contrat=".((int) $this->id); dol_syslog(get_class($this)."::delete contratdet_log", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1201,7 +1201,7 @@ class Contrat extends CommonObject if (!$error) { // Delete contratdet $sql = "DELETE FROM ".MAIN_DB_PREFIX."contratdet"; - $sql .= " WHERE fk_contrat=".$this->id; + $sql .= " WHERE fk_contrat=".((int) $this->id); dol_syslog(get_class($this)."::delete contratdet", LOG_DEBUG); $resql = $this->db->query($sql); @@ -1213,7 +1213,7 @@ class Contrat extends CommonObject // Delete llx_ecm_files if (!$error) { - $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".$this->id; + $sql = 'DELETE FROM '.MAIN_DB_PREFIX."ecm_files WHERE src_object_type = '".$this->db->escape($this->table_element.(empty($this->module) ? '' : '@'.$this->module))."' AND src_object_id = ".((int) $this->id); $resql = $this->db->query($sql); if (!$resql) { $this->error = $this->db->lasterror(); @@ -2105,7 +2105,7 @@ class Contrat extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."contratdet as cd"; $sql .= " WHERE fk_contrat =".$this->id; if ($status >= 0) { - $sql .= " AND statut = ".$status; + $sql .= " AND statut = ".((int) $status); } dol_syslog(get_class($this)."::array_detail()", LOG_DEBUG); @@ -2205,12 +2205,12 @@ class Contrat extends CommonObject //$sql.= " AND cd.date_fin_validite < '".$this->db->idate($datetouse)."'"; } $sql .= " AND c.fk_soc = s.rowid"; - $sql .= " AND c.entity = ".$conf->entity; + $sql .= " AND c.entity = ".((int) $conf->entity); if ($user->socid) { - $sql .= " AND c.fk_soc = ".$user->socid; + $sql .= " AND c.fk_soc = ".((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $this->db->query($sql); @@ -2279,7 +2279,7 @@ class Contrat extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." c.entity = ".$conf->entity; diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index a5e3da943b7..cc3bc87ca54 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -102,7 +102,7 @@ if ($user->socid) { $sql .= ' AND c.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cd.statut"; $resql = $db->query($sql); @@ -139,7 +139,7 @@ if ($user->socid) { $sql .= ' AND c.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cd.statut"; $resql = $db->query($sql); @@ -247,7 +247,7 @@ if (!empty($conf->contrat->enabled) && $user->rights->contrat->lire) { $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND c.statut = 0"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -320,7 +320,7 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND c.statut > 0"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -395,7 +395,7 @@ $sql .= " WHERE c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -477,7 +477,7 @@ $sql .= " AND cd.statut = 0"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -559,7 +559,7 @@ $sql .= " AND cd.date_fin_validite < '".$db->idate($now)."'"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index a744b2c1bf7..2438505a13c 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -271,7 +271,7 @@ if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= dolSqlDateFilter('c.date_contrat', $day, $month, $year); if ($search_name) { diff --git a/htdocs/contrat/services_list.php b/htdocs/contrat/services_list.php index 5a93f3fde33..d6aec7155d6 100644 --- a/htdocs/contrat/services_list.php +++ b/htdocs/contrat/services_list.php @@ -262,7 +262,7 @@ if ($search_product_category > 0) { } $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($mode == "0") { $sql .= " AND cd.statut = 0"; diff --git a/htdocs/core/boxes/box_actions.php b/htdocs/core/boxes/box_actions.php index 121137fd1a6..64a2314560c 100644 --- a/htdocs/core/boxes/box_actions.php +++ b/htdocs/core/boxes/box_actions.php @@ -100,13 +100,13 @@ class box_actions extends ModeleBoxes $sql .= " AND a.entity IN (".getEntity('actioncomm').")"; $sql .= " AND a.percent >= 0 AND a.percent < 100"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".$user->id.")"; + $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!$user->rights->agenda->allactions->read) { - $sql .= " AND (a.fk_user_author = ".$user->id." OR a.fk_user_action = ".$user->id." OR a.fk_user_done = ".$user->id.")"; + $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id).")"; } $sql .= " ORDER BY a.datec DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_activity.php b/htdocs/core/boxes/box_activity.php index 18c1f28c590..a858111d76d 100644 --- a/htdocs/core/boxes/box_activity.php +++ b/htdocs/core/boxes/box_activity.php @@ -120,10 +120,10 @@ class box_activity extends ModeleBoxes $sql .= " WHERE p.entity IN (".getEntity('propal').")"; $sql .= " AND p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND p.datep >= '".$this->db->idate($tmpdate)."'"; $sql .= " AND p.date_cloture IS NULL"; // just unclosed @@ -210,10 +210,10 @@ class box_activity extends ModeleBoxes $sql .= " WHERE c.entity IN (".getEntity('commande').")"; $sql .= " AND c.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND c.date_commande >= '".$this->db->idate($tmpdate)."'"; $sql .= " GROUP BY c.fk_statut"; @@ -297,10 +297,10 @@ class box_activity extends ModeleBoxes $sql .= ")"; $sql .= " WHERE f.entity IN (".getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.datef >= '".$this->db->idate($tmpdate)."' AND f.paye=1"; diff --git a/htdocs/core/boxes/box_clients.php b/htdocs/core/boxes/box_clients.php index 3c83d7521f2..995f017f5f1 100644 --- a/htdocs/core/boxes/box_clients.php +++ b/htdocs/core/boxes/box_clients.php @@ -98,10 +98,10 @@ class box_clients extends ModeleBoxes $sql .= " WHERE s.client IN (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_commandes.php b/htdocs/core/boxes/box_commandes.php index 6583673f8ca..4d47f703fff 100644 --- a/htdocs/core/boxes/box_commandes.php +++ b/htdocs/core/boxes/box_commandes.php @@ -110,10 +110,10 @@ class box_commandes extends ModeleBoxes $sql .= " AND c.fk_statut = 1"; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_contacts.php b/htdocs/core/boxes/box_contacts.php index fada6a93bfd..6aefc1f2d74 100644 --- a/htdocs/core/boxes/box_contacts.php +++ b/htdocs/core/boxes/box_contacts.php @@ -98,10 +98,10 @@ class box_contacts extends ModeleBoxes } $sql .= " WHERE sp.entity IN (".getEntity('socpeople').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND sp.fk_soc = ".$user->socid; + $sql .= " AND sp.fk_soc = ".((int) $user->socid); } $sql .= " ORDER BY sp.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_contracts.php b/htdocs/core/boxes/box_contracts.php index 9d7b625db91..9bb794b94fa 100644 --- a/htdocs/core/boxes/box_contracts.php +++ b/htdocs/core/boxes/box_contracts.php @@ -92,10 +92,10 @@ class box_contracts extends ModeleBoxes $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (! empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_contrat DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_customers_outstanding_bill_reached.php b/htdocs/core/boxes/box_customers_outstanding_bill_reached.php index d0117526515..b61fe66f064 100644 --- a/htdocs/core/boxes/box_customers_outstanding_bill_reached.php +++ b/htdocs/core/boxes/box_customers_outstanding_bill_reached.php @@ -99,7 +99,7 @@ class box_customers_outstanding_bill_reached extends ModeleBoxes $sql .= " WHERE s.client IN (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { $sql .= " AND s.rowid = $user->socid"; diff --git a/htdocs/core/boxes/box_factures.php b/htdocs/core/boxes/box_factures.php index 12382ccb583..6bdeabda212 100644 --- a/htdocs/core/boxes/box_factures.php +++ b/htdocs/core/boxes/box_factures.php @@ -107,10 +107,10 @@ class box_factures extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY f.datef DESC, f.ref DESC "; diff --git a/htdocs/core/boxes/box_factures_fourn.php b/htdocs/core/boxes/box_factures_fourn.php index a5d63c7b9c3..70640efeb78 100644 --- a/htdocs/core/boxes/box_factures_fourn.php +++ b/htdocs/core/boxes/box_factures_fourn.php @@ -106,10 +106,10 @@ class box_factures_fourn extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY f.datef DESC, f.ref DESC "; diff --git a/htdocs/core/boxes/box_factures_fourn_imp.php b/htdocs/core/boxes/box_factures_fourn_imp.php index 9c35055011d..fac13c654a4 100644 --- a/htdocs/core/boxes/box_factures_fourn_imp.php +++ b/htdocs/core/boxes/box_factures_fourn_imp.php @@ -102,10 +102,10 @@ class box_factures_fourn_imp extends ModeleBoxes $sql .= " AND f.paye = 0"; $sql .= " AND fk_statut = 1"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY datelimite DESC, f.ref_supplier DESC "; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_factures_imp.php b/htdocs/core/boxes/box_factures_imp.php index 400ae910749..3b6e857b058 100644 --- a/htdocs/core/boxes/box_factures_imp.php +++ b/htdocs/core/boxes/box_factures_imp.php @@ -110,10 +110,10 @@ class box_factures_imp extends ModeleBoxes $sql .= " AND f.paye = 0"; $sql .= " AND fk_statut = 1"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " GROUP BY s.rowid, s.nom, s.name_alias, s.code_client, s.code_compta, s.client, s.logo, s.email, s.entity, s.tva_intra, s.siren, s.siret, s.ape, s.idprof4, s.idprof5, s.idprof6,"; $sql .= " f.ref, f.date_lim_reglement,"; diff --git a/htdocs/core/boxes/box_ficheinter.php b/htdocs/core/boxes/box_ficheinter.php index 7179be0cfbb..3b62361343a 100644 --- a/htdocs/core/boxes/box_ficheinter.php +++ b/htdocs/core/boxes/box_ficheinter.php @@ -96,10 +96,10 @@ class box_ficheinter extends ModeleBoxes $sql .= " WHERE f.fk_soc = s.rowid "; $sql .= " AND f.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY f.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_fournisseurs.php b/htdocs/core/boxes/box_fournisseurs.php index b0d5a0774fc..c0516c1cf4c 100644 --- a/htdocs/core/boxes/box_fournisseurs.php +++ b/htdocs/core/boxes/box_fournisseurs.php @@ -93,10 +93,10 @@ class box_fournisseurs extends ModeleBoxes $sql .= " WHERE s.fournisseur = 1"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC "; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_propales.php b/htdocs/core/boxes/box_propales.php index 9c6376351e7..6599116a980 100644 --- a/htdocs/core/boxes/box_propales.php +++ b/htdocs/core/boxes/box_propales.php @@ -96,10 +96,10 @@ class box_propales extends ModeleBoxes $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY p.datep DESC, p.ref DESC "; diff --git a/htdocs/core/boxes/box_prospect.php b/htdocs/core/boxes/box_prospect.php index 7489cc997ea..06d42e34b18 100644 --- a/htdocs/core/boxes/box_prospect.php +++ b/htdocs/core/boxes/box_prospect.php @@ -99,10 +99,10 @@ class box_prospect extends ModeleBoxes $sql .= " WHERE s.client IN (2, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= " ORDER BY s.tms DESC"; $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_services_contracts.php b/htdocs/core/boxes/box_services_contracts.php index 98e2b82bb37..320932a0c6f 100644 --- a/htdocs/core/boxes/box_services_contracts.php +++ b/htdocs/core/boxes/box_services_contracts.php @@ -96,12 +96,12 @@ class box_services_contracts extends ModeleBoxes $sql .= " INNER JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contrat"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= ")"; $sql .= " WHERE c.entity = ".$conf->entity; if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } $sql .= $this->db->order("c.tms", "DESC"); $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_services_expired.php b/htdocs/core/boxes/box_services_expired.php index 75cc1cde413..95086cdf2a3 100644 --- a/htdocs/core/boxes/box_services_expired.php +++ b/htdocs/core/boxes/box_services_expired.php @@ -96,7 +96,7 @@ class box_services_expired extends ModeleBoxes $sql .= ' AND c.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY c.rowid, c.ref, c.statut, c.date_contrat, c.ref_customer, c.ref_supplier, s.nom, s.rowid"; $sql .= ", s.email, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur"; diff --git a/htdocs/core/boxes/box_shipments.php b/htdocs/core/boxes/box_shipments.php index abb639ddb94..2b6adfe3bdc 100644 --- a/htdocs/core/boxes/box_shipments.php +++ b/htdocs/core/boxes/box_shipments.php @@ -109,10 +109,10 @@ class box_shipments extends ModeleBoxes $sql .= " AND e.fk_statut = 1"; } if ($user->socid > 0) { - $sql.= " AND s.rowid = ".$user->socid; + $sql.= " AND s.rowid = ".((int) $user->socid); } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } else { $sql .= " ORDER BY e.date_delivery, e.ref DESC "; } diff --git a/htdocs/core/boxes/box_supplier_orders.php b/htdocs/core/boxes/box_supplier_orders.php index 0c2b97ce6b5..b3451d9b6c3 100644 --- a/htdocs/core/boxes/box_supplier_orders.php +++ b/htdocs/core/boxes/box_supplier_orders.php @@ -98,10 +98,10 @@ class box_supplier_orders extends ModeleBoxes $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC "; diff --git a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php index 04dabbd0ff3..8125a848fd0 100644 --- a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php +++ b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php @@ -99,10 +99,10 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; $sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if (!empty($conf->global->MAIN_LASTBOX_ON_OBJECT_DATE)) { $sql .= " ORDER BY c.date_commande DESC, c.ref DESC"; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index c42e1b1b4f4..bed73be9d46 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1983,7 +1983,7 @@ abstract class CommonObject /** * Load properties id_previous and id_next by comparing $fieldid with $this->ref * - * @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')" + * @param string $filter Optional filter. Example: " AND (t.field1 = 'aa' OR t.field2 = 'bb')". Do not allow user input data here. * @param string $fieldid Name of field to use for the select MAX and MIN * @param int $nodbprefix Do not include DB prefix to forge table name * @return int <0 if KO, >0 if OK @@ -2032,10 +2032,10 @@ abstract class CommonObject } $sql .= " WHERE te.".$fieldid." < '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists) if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)'; + $sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)'; } if (!empty($filter)) { if (!preg_match('/^\s*AND/i', $filter)) { @@ -2102,10 +2102,10 @@ abstract class CommonObject } $sql .= " WHERE te.".$fieldid." > '".$this->db->escape($fieldid == 'rowid' ? $this->id : $this->ref)."'"; // ->ref must always be defined (set to id if field does not exists) if ($restrictiononfksoc == 1 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($restrictiononfksoc == 2 && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND (sc.fk_user = ".$user->id.' OR te.fk_soc IS NULL)'; + $sql .= " AND (sc.fk_user = ".((int) $user->id).' OR te.fk_soc IS NULL)'; } if (!empty($filter)) { if (!preg_match('/^\s*AND/i', $filter)) { diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 2aa829f4090..46658851179 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -488,7 +488,7 @@ class DiscountAbsolute * * @param Societe $company Object third party for filter * @param User $user Filtre sur un user auteur des remises - * @param string $filter Filtre autre + * @param string $filter Filter other. Warning: Do not use a user input value here. * @param int $maxvalue Filter on max value for discount * @param int $discount_type 0 => customer discount, 1 => supplier discount * @param int $multicurrency Return multicurrency_amount instead of amount @@ -503,17 +503,17 @@ class DiscountAbsolute $sql = "SELECT SUM(rc.amount_ttc) as amount, SUM(rc.multicurrency_amount_ttc) as multicurrency_amount"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_remise_except as rc"; $sql .= " WHERE rc.entity = ".$conf->entity; - $sql .= " AND rc.discount_type=".intval($discount_type); + $sql .= " AND rc.discount_type=".((int) $discount_type); if (!empty($discount_type)) { $sql .= " AND (rc.fk_invoice_supplier IS NULL AND rc.fk_invoice_supplier_line IS NULL)"; // Available from supplier } else { $sql .= " AND (rc.fk_facture IS NULL AND rc.fk_facture_line IS NULL)"; // Available to customer } if (is_object($company)) { - $sql .= " AND rc.fk_soc = ".$company->id; + $sql .= " AND rc.fk_soc = ".((int) $company->id); } if (is_object($user)) { - $sql .= " AND rc.fk_user = ".$user->id; + $sql .= " AND rc.fk_user = ".((int) $user->id); } if ($filter) { $sql .= ' AND ('.$filter.')'; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 33d2f70caa4..19a53921819 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1347,13 +1347,13 @@ class Form } $sql .= " WHERE s.entity IN (".getEntity('societe').")"; if (!empty($user->socid)) { - $sql .= " AND s.rowid = ".$user->socid; + $sql .= " AND s.rowid = ".((int) $user->socid); } if ($filter) { $sql .= " AND (".$filter.")"; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($conf->global->COMPANY_HIDE_INACTIVE_IN_COMBOBOX)) { $sql .= " AND s.status <> 0"; @@ -6794,9 +6794,9 @@ class Form } if ($objecttmp->ismultientitymanaged == 1 && !empty($user->socid)) { if ($objecttmp->element == 'societe') { - $sql .= " AND t.rowid = ".$user->socid; + $sql .= " AND t.rowid = ".((int) $user->socid); } else { - $sql .= " AND t.fk_soc = ".$user->socid; + $sql .= " AND t.fk_soc = ".((int) $user->socid); } } if ($searchkey != '') { @@ -6804,7 +6804,7 @@ class Form } if ($objecttmp->ismultientitymanaged == 'fk_soc@societe') { if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } } if ($objecttmp->filter) { // Syntax example "(t.ref:like:'SO-%') and (t.date_creation:<:'20160101')" diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 9da814f3369..3dc2743adf1 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -1276,7 +1276,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE (type_template='".$db->escape($type_template)."' OR type_template='all')"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // Get all public or private owned + $sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // Get all public or private owned if ($active >= 0) { $sql .= " AND active = ".((int) $active); } @@ -1399,7 +1399,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE type_template='".$this->db->escape($type_template)."'"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".$user->id.")"; + $sql .= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".((int) $user->id).")"; if (is_object($outputlangs)) { $sql .= " AND (lang = '".$this->db->escape($outputlangs->defaultlang)."' OR lang IS NULL OR lang = '')"; } @@ -1435,7 +1435,7 @@ class FormMail extends Form $sql .= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql .= " WHERE type_template IN ('".$this->db->escape($type_template)."', 'all')"; $sql .= " AND entity IN (".getEntity('c_email_templates').")"; - $sql .= " AND (private = 0 OR fk_user = ".$user->id.")"; // See all public templates or templates I own. + $sql .= " AND (private = 0 OR fk_user = ".((int) $user->id).")"; // See all public templates or templates I own. if ($active >= 0) { $sql .= " AND active = ".((int) $active); } diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php index 991e3cb37cc..dbeef627375 100644 --- a/htdocs/core/class/html.formother.class.php +++ b/htdocs/core/class/html.formother.class.php @@ -497,7 +497,7 @@ class FormOther $sql_usr .= " AND u.rowid = ".$user->id; } if (!empty($user->socid)) { - $sql_usr .= " AND u.fk_soc = ".$user->socid; + $sql_usr .= " AND u.fk_soc = ".((int) $user->socid); } //Add hook to filter on user (for exemple on usergroup define in custom modules) diff --git a/htdocs/core/lib/agenda.lib.php b/htdocs/core/lib/agenda.lib.php index 9796c49cf59..048335201ee 100644 --- a/htdocs/core/lib/agenda.lib.php +++ b/htdocs/core/lib/agenda.lib.php @@ -168,7 +168,7 @@ function show_array_actions_to_do($max = 5) $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; $sql .= " AND ((a.percent >= 0 AND a.percent < 100) OR (a.percent = -1 AND a.datep2 > '".$db->idate($now)."'))"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -284,7 +284,7 @@ function show_array_last_actions_done($max = 5) $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; $sql .= " AND (a.percent >= 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index 0204fd28922..7ada15bcaeb 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -1489,46 +1489,46 @@ function show_actions_done($conf, $langs, $db, $filterobj, $objcon = '', $noprin $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; if ($force_filter_contact === false) { if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur')) && $filterobj->id) { - $sql .= " AND a.fk_soc = ".$filterobj->id; + $sql .= " AND a.fk_soc = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Dolresource') { /* Nothing */ } elseif (is_object($filterobj) && get_class($filterobj) == 'Project' && $filterobj->id) { - $sql .= " AND a.fk_project = ".$filterobj->id; + $sql .= " AND a.fk_project = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') { $sql .= " AND a.fk_element = m.rowid AND a.elementtype = 'member'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'order_supplier'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Product') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'product'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Ticket') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'ticket'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'BOM') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'bom'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Contrat') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'contract'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && is_array($filterobj->fields) && is_array($filterobj->fields['rowid']) && is_array($filterobj->fields['ref']) && $filterobj->table_element && $filterobj->element) { // Generic case $sql .= " AND a.fk_element = o.rowid AND a.elementtype = '".$db->escape($filterobj->element).($module ? '@'.$module : '')."'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } } diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php index 3838829f8cd..4be6aa8379e 100644 --- a/htdocs/core/lib/invoice.lib.php +++ b/htdocs/core/lib/invoice.lib.php @@ -242,7 +242,7 @@ function getCustomerInvoicePieChart($socid = 0) $sql .= ' AND f.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY f.fk_statut"; @@ -362,7 +362,7 @@ function getPurchaseInvoicePieChart($socid = 0) $sql .= ' AND f.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY f.fk_statut"; @@ -600,7 +600,7 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0) $sql .= " WHERE s.rowid = f.fk_soc AND f.fk_statut = ".Facture::STATUS_DRAFT; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -743,7 +743,7 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0) $sql .= " WHERE s.rowid = f.fk_soc AND f.fk_statut = ".FactureFournisseur::STATUS_DRAFT; $sql .= " AND f.entity IN (".getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); @@ -867,7 +867,7 @@ function getCustomerInvoiceLatestEditTable($maxCount = 5, $socid = 0) $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY f.tms DESC"; $sql .= $db->plimit($maxCount, 0); @@ -969,7 +969,7 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0) $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY f.tms DESC"; $sql .= $db->plimit($maxCount, 0); @@ -1079,7 +1079,7 @@ function getCustomerInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0) $sql .= " WHERE s.rowid = f.fk_soc AND f.paye = 0 AND f.fk_statut = ".Facture::STATUS_VALIDATED; $sql .= " AND f.entity IN (".getEntity('invoice').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); @@ -1267,7 +1267,7 @@ function getPurchaseInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0) $sql .= " AND ff.paye = 0"; $sql .= " AND ff.fk_statut = ".FactureFournisseur::STATUS_VALIDATED; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND ff.fk_soc = ".((int) $socid); diff --git a/htdocs/core/lib/order.lib.php b/htdocs/core/lib/order.lib.php index 7e02450160a..6dcb40e1cc7 100644 --- a/htdocs/core/lib/order.lib.php +++ b/htdocs/core/lib/order.lib.php @@ -208,7 +208,7 @@ function getCustomerOrderPieChart($socid = 0) $sql .= ' AND c.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY c.fk_statut"; diff --git a/htdocs/core/lib/propal.lib.php b/htdocs/core/lib/propal.lib.php index 38589c9e610..f7dc3970dcb 100644 --- a/htdocs/core/lib/propal.lib.php +++ b/htdocs/core/lib/propal.lib.php @@ -187,7 +187,7 @@ function getCustomerProposalPieChart($socid = 0) $sql .= ' AND p.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " AND p.fk_statut IN (".$db->sanitize(implode(" ,", $listofstatus)).")"; $sql .= " GROUP BY p.fk_statut"; diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index d64069aa923..318cebd0249 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -668,7 +668,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta $sql .= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= ", ".MAIN_DB_PREFIX."societe as s)"; $sql .= " WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).")"; - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); $sql .= " AND sc.fk_soc = s.rowid"; $sql .= " AND s.entity IN (".getEntity($sharedelement, 1).")"; } elseif (!empty($conf->multicompany->enabled)) { @@ -684,7 +684,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; - $sql .= " AND dbt.fk_soc = ".$user->socid; + $sql .= " AND dbt.fk_soc = ".((int) $user->socid); } elseif (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) { // If internal user: Check permission for internal users that are restricted on their objects $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; @@ -767,15 +767,15 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; $sql .= " AND sc.fk_soc = dbt.".$dbt_keyfield; - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } else { // On ticket, the thirdparty is not mandatory, so we need a special test to accept record with no thirdparties. $sql = "SELECT COUNT(dbt.".$dbt_select.") as nb"; $sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield." AND sc.fk_user = ".$user->id; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield." AND sc.fk_user = ".((int) $user->id); $sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")"; $sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; - $sql .= " AND (sc.fk_user = ".$user->id." OR sc.fk_user IS NULL)"; + $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR sc.fk_user IS NULL)"; } } elseif (!empty($conf->multicompany->enabled)) { // If multicompany and internal users with all permissions, check user is in correct entity diff --git a/htdocs/core/lib/ticket.lib.php b/htdocs/core/lib/ticket.lib.php index f2a6194ab06..c7eb8ed6cb0 100644 --- a/htdocs/core/lib/ticket.lib.php +++ b/htdocs/core/lib/ticket.lib.php @@ -369,38 +369,38 @@ function show_ticket_messaging($conf, $langs, $db, $filterobj, $objcon = '', $no $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; if ($force_filter_contact === false) { if (is_object($filterobj) && in_array(get_class($filterobj), array('Societe', 'Client', 'Fournisseur')) && $filterobj->id) { - $sql .= " AND a.fk_soc = ".$filterobj->id; + $sql .= " AND a.fk_soc = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Project' && $filterobj->id) { - $sql .= " AND a.fk_project = ".$filterobj->id; + $sql .= " AND a.fk_project = ".((int) $filterobj->id); } elseif (is_object($filterobj) && get_class($filterobj) == 'Adherent') { $sql .= " AND a.fk_element = m.rowid AND a.elementtype = 'member'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'CommandeFournisseur') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'order_supplier'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Product') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'product'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Ticket') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'ticket'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'BOM') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'bom'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } elseif (is_object($filterobj) && get_class($filterobj) == 'Contrat') { $sql .= " AND a.fk_element = o.rowid AND a.elementtype = 'contract'"; if ($filterobj->id) { - $sql .= " AND a.fk_element = ".$filterobj->id; + $sql .= " AND a.fk_element = ".((int) $filterobj->id); } } } diff --git a/htdocs/core/modules/rapport/pdf_paiement.class.php b/htdocs/core/modules/rapport/pdf_paiement.class.php index 9f85aca1aff..cfbddcd8206 100644 --- a/htdocs/core/modules/rapport/pdf_paiement.class.php +++ b/htdocs/core/modules/rapport/pdf_paiement.class.php @@ -206,7 +206,7 @@ class pdf_paiement $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($socid)) { $sql .= " AND s.rowid = ".((int) $socid); @@ -244,7 +244,7 @@ class pdf_paiement $sql .= " AND f.entity = ".$conf->entity; $sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($socid)) { $sql .= " AND s.rowid = ".$socid; diff --git a/htdocs/eventorganization/eventorganizationindex.php b/htdocs/eventorganization/eventorganizationindex.php index dc66f61daec..ebeaa11e659 100644 --- a/htdocs/eventorganization/eventorganizationindex.php +++ b/htdocs/eventorganization/eventorganizationindex.php @@ -84,7 +84,7 @@ if (! empty($conf->eventorganization->enabled) && $user->rights->eventorganizati $sql.= " AND c.fk_statut = 0"; $sql.= " AND c.entity IN (".getEntity('commande').")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; - if ($socid) $sql.= " AND c.fk_soc = ".$socid; + if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); $resql = $db->query($sql); if ($resql) diff --git a/htdocs/expedition/class/expeditionstats.class.php b/htdocs/expedition/class/expeditionstats.class.php index d25c7b52098..3c1bef04d09 100644 --- a/htdocs/expedition/class/expeditionstats.class.php +++ b/htdocs/expedition/class/expeditionstats.class.php @@ -74,7 +74,7 @@ class ExpeditionStats extends Stats //$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity; $this->where .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { $this->where .= " AND c.fk_soc = ".((int) $this->socid); diff --git a/htdocs/expedition/index.php b/htdocs/expedition/index.php index defd1ddf9b4..173cc1889bc 100644 --- a/htdocs/expedition/index.php +++ b/htdocs/expedition/index.php @@ -68,13 +68,13 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande as c ON el.fk_source = c.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc"; if (!$user->rights->societe->client->voir && !$socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc"; - $sql .= $clause." sc.fk_user = ".$user->id; + $sql .= $clause." sc.fk_user = ".((int) $user->id); $clause = " AND "; } $sql .= $clause." e.fk_statut = ".Expedition::STATUS_DRAFT; $sql .= " AND e.entity IN (".getEntity('expedition').")"; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -143,11 +143,11 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= " WHERE e.entity IN (".getEntity('expedition').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND e.fk_statut = ".Expedition::STATUS_VALIDATED; if ($socid) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } $sql .= " ORDER BY e.date_delivery DESC"; $sql .= $db->plimit($max, 0); @@ -215,10 +215,10 @@ $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('order').")"; $sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_ACCEPTED.")"; if ($socid > 0) { - $sql .= " AND c.fk_soc = ".$socid; + $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid ASC"; diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index 5a110d33f2a..3661661d357 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -289,7 +289,7 @@ if ($socid > 0) { } if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no permission to see all $sql .= " AND e.fk_soc = sc.fk_soc"; - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND e.fk_soc = ".((int) $socid); diff --git a/htdocs/expensereport/class/expensereportstats.class.php b/htdocs/expensereport/class/expensereportstats.class.php index 8f3574f2952..13e7a44bc7f 100644 --- a/htdocs/expensereport/class/expensereportstats.class.php +++ b/htdocs/expensereport/class/expensereportstats.class.php @@ -71,7 +71,7 @@ class ExpenseReportStats extends Stats //$this->where.= " AND entity = ".$conf->entity; if ($this->socid) { - $this->where .= " AND e.fk_soc = ".$this->socid; + $this->where .= " AND e.fk_soc = ".((int) $this->socid); } // Only me and subordinates diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php index 44ff46b233c..260bff00016 100644 --- a/htdocs/fichinter/card-rec.php +++ b/htdocs/fichinter/card-rec.php @@ -774,7 +774,7 @@ if ($action == 'create') { $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_ref) { $sql .= natural_search('f.titre', $search_ref); diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index 0bb5d2522ab..a15ebfffeb8 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -206,7 +206,7 @@ class Fichinter extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON fi.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." fi.entity IN (".getEntity('intervention').")"; diff --git a/htdocs/fichinter/index.php b/htdocs/fichinter/index.php index 2d69046b4ba..8513238b385 100644 --- a/htdocs/fichinter/index.php +++ b/htdocs/fichinter/index.php @@ -83,7 +83,7 @@ if ($user->socid) { $sql .= ' AND f.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY f.fk_statut"; $resql = $db->query($sql); @@ -199,10 +199,10 @@ if (!empty($conf->ficheinter->enabled)) { $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.fk_statut = 0"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -249,10 +249,10 @@ $sql .= " WHERE f.entity IN (".getEntity('intervention').")"; $sql .= " AND f.fk_soc = s.rowid"; //$sql.= " AND c.fk_statut > 2"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY f.tms DESC"; $sql .= $db->plimit($max, 0); @@ -322,10 +322,10 @@ if (!empty($conf->ficheinter->enabled)) { $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.fk_statut = 1"; if ($socid) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY f.rowid DESC"; diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index 3f86fc18795..508eb984307 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -286,7 +286,7 @@ if ($search_status != '' && $search_status >= 0) { $sql .= ' AND f.fk_statut = '.urlencode($search_status); } if (!$user->rights->societe->client->voir && empty($socid)) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/fourn/class/fournisseur.class.php b/htdocs/fourn/class/fournisseur.class.php index 1ab1095a191..121e699757c 100644 --- a/htdocs/fourn/class/fournisseur.class.php +++ b/htdocs/fourn/class/fournisseur.class.php @@ -86,7 +86,7 @@ class Fournisseur extends Societe $sql = "SELECT count(pfp.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; $sql .= " WHERE pfp.entity = ".$conf->entity; - $sql .= " AND pfp.fk_soc = ".$this->id; + $sql .= " AND pfp.fk_soc = ".((int) $this->id); $resql = $this->db->query($sql); if ($resql) { @@ -115,7 +115,7 @@ class Fournisseur extends Societe $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." s.fournisseur = 1"; @@ -184,7 +184,7 @@ class Fournisseur extends Societe $sql .= " WHERE s.fournisseur = 1"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index c31071b0474..4605510d539 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -470,7 +470,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as l"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'product as p ON l.fk_product = p.rowid'; if (!empty($conf->global->PRODUCT_USE_SUPPLIER_PACKAGING)) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON l.fk_product = pfp.fk_product and l.ref = pfp.ref_fourn AND pfp.fk_soc = ".$this->socid; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON l.fk_product = pfp.fk_product and l.ref = pfp.ref_fourn AND pfp.fk_soc = ".((int) $this->socid); } $sql .= " WHERE l.fk_commande = ".$this->id; if ($only_product) { @@ -2958,7 +2958,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." co.entity = ".$conf->entity; @@ -2996,7 +2996,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as c"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." c.entity = ".$conf->entity; @@ -3006,7 +3006,7 @@ class CommandeFournisseur extends CommonOrder $sql .= " AND c.fk_statut IN (".self::STATUS_VALIDATED.", ".self::STATUS_ACCEPTED.")"; } if ($user->socid) { - $sql .= " AND c.fk_soc = ".$user->socid; + $sql .= " AND c.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index 049bcf89c8b..abb5b01fb2c 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -2314,7 +2314,7 @@ class FactureFournisseur extends CommonInvoice $sql .= " AND pf.fk_paiementfourn IS NULL"; // Aucun paiement deja fait $sql .= " AND ff.fk_statut IS NULL"; // Renvoi vrai si pas facture de remplacement if ($socid > 0) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " ORDER BY f.ref"; @@ -2362,7 +2362,7 @@ class FactureFournisseur extends CommonInvoice $sql .= " AND ff.type=".self::TYPE_REPLACEMENT.")"; $sql .= " AND f.type != ".self::TYPE_CREDIT_NOTE; // Type non 2 si facture non avoir if ($socid > 0) { - $sql .= " AND f.fk_soc = ".$socid; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " ORDER BY f.ref"; @@ -2414,7 +2414,7 @@ class FactureFournisseur extends CommonInvoice $sql .= ' AND ff.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND ff.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND ff.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $this->db->query($sql); @@ -2761,7 +2761,7 @@ class FactureFournisseur extends CommonInvoice $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." f.entity = ".$conf->entity; diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php index 1ea5db20b59..0717c0b74f4 100644 --- a/htdocs/fourn/commande/index.php +++ b/htdocs/fourn/commande/index.php @@ -76,7 +76,7 @@ if ($user->socid) { $sql .= ' AND cf.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cf.fk_statut"; @@ -186,7 +186,7 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -293,7 +293,7 @@ if (!empty($socid)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index d1946cc9b4c..be47df4631d 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -654,7 +654,7 @@ if ($socid > 0) { $sql .= " AND s.rowid = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_ref) { $sql .= natural_search('cf.ref', $search_ref); diff --git a/htdocs/fourn/contact.php b/htdocs/fourn/contact.php index 3196ffed7ac..9fd4dd30b26 100644 --- a/htdocs/fourn/contact.php +++ b/htdocs/fourn/contact.php @@ -76,7 +76,7 @@ $sql .= " AND s.fournisseur = 1"; $sql .= " AND s.rowid = p.fk_soc"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (dol_strlen($stcomm)) { diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 5e4cc3fc05e..f6052fceffe 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -475,7 +475,7 @@ $sql .= $hookmanager->resPrint; $sql .= ' WHERE f.fk_soc = s.rowid'; $sql .= ' AND f.entity IN ('.getEntity('facture_fourn').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_product_category > 0) { $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php index c7a2149c441..f0967453701 100644 --- a/htdocs/fourn/facture/paiement.php +++ b/htdocs/fourn/facture/paiement.php @@ -371,7 +371,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie $sql .= ' WHERE f.fk_soc = s.rowid'; $sql .= ' AND f.rowid = '.((int) $facid); if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/fourn/index.php b/htdocs/fourn/index.php index 8d124f46350..2b3017708dc 100644 --- a/htdocs/fourn/index.php +++ b/htdocs/fourn/index.php @@ -65,7 +65,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= " WHERE cf.fk_soc = s.rowid "; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND cf.entity = ".$conf->entity; $sql .= " GROUP BY cf.fk_statut"; @@ -111,12 +111,12 @@ if ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SU } $sql .= " WHERE cf.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND cf.entity = ".$conf->entity; $sql .= " AND cf.fk_statut = 0"; if ($socid) { - $sql .= " AND cf.fk_soc = ".$socid; + $sql .= " AND cf.fk_soc = ".((int) $socid); } $resql = $db->query($sql); @@ -167,7 +167,7 @@ if (((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_S } $sql .= " WHERE s.rowid = ff.fk_soc"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND ff.entity = ".$conf->entity; $sql .= " AND ff.fk_statut = 0"; @@ -240,7 +240,7 @@ $sql .= " WHERE s.fk_stcomm = st.id"; $sql .= " AND s.fournisseur = 1"; $sql .= " AND s.entity IN (".getEntity('societe').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/hrm/index.php b/htdocs/hrm/index.php index 8a294a47e2c..ca02c1d776a 100644 --- a/htdocs/hrm/index.php +++ b/htdocs/hrm/index.php @@ -344,7 +344,7 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme } $sql .= " WHERE rc.entity IN (".getEntity($staticrecruitmentcandidature->element).")"; if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND rp.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND rp.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND rp.fk_soc = $socid"; diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index a11de7c447e..6b0b9c69134 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -790,7 +790,7 @@ function migrate_paiements_orphelins_1($db, $langs, $conf) // On cherche facture sans lien paiement et du meme montant et pour meme societe. $sql = " SELECT distinct f.rowid from ".MAIN_DB_PREFIX."facture as f"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON f.rowid = pf.fk_facture"; - $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".$row[$i]['socid']." AND total_ttc = ".$row[$i]['pamount']; + $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".((int) $row[$i]['socid'])." AND total_ttc = ".$row[$i]['pamount']; $sql .= " AND pf.fk_facture IS NULL"; $sql .= " ORDER BY f.fk_statut"; //print $sql.'
'; @@ -901,7 +901,7 @@ function migrate_paiements_orphelins_2($db, $langs, $conf) // On cherche facture sans lien paiement et du meme montant et pour meme societe. $sql = " SELECT distinct f.rowid from ".MAIN_DB_PREFIX."facture as f"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON f.rowid = pf.fk_facture"; - $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".$row[$i]['socid']." AND total_ttc = ".$row[$i]['pamount']; + $sql .= " WHERE f.fk_statut in (2,3) AND fk_soc = ".((int) $row[$i]['socid'])." AND total_ttc = ".$row[$i]['pamount']; $sql .= " AND pf.fk_facture IS NULL"; $sql .= " ORDER BY f.fk_statut"; //print $sql.'
'; diff --git a/htdocs/margin/customerMargins.php b/htdocs/margin/customerMargins.php index 7fed219ffcd..6861f67db0d 100644 --- a/htdocs/margin/customerMargins.php +++ b/htdocs/margin/customerMargins.php @@ -237,7 +237,7 @@ if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " AND f.fk_statut NOT IN (".$db->sanitize(implode(', ', $invoice_status_except_list)).")"; $sql .= ' AND s.entity IN ('.getEntity('societe').')'; diff --git a/htdocs/margin/tabs/productMargins.php b/htdocs/margin/tabs/productMargins.php index d2c9a1bca76..3b14f1db808 100644 --- a/htdocs/margin/tabs/productMargins.php +++ b/htdocs/margin/tabs/productMargins.php @@ -158,7 +158,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND d.fk_facture = f.rowid"; $sql .= " AND d.fk_product = ".((int) $object->id); if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($socid)) { $sql .= " AND f.fk_soc = $socid"; diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 28bf0288c7b..ae925e8824b 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -2647,7 +2647,7 @@ class Product extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."mrp_mo as c"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."mrp_production as mp ON mp.fk_mo=c.rowid"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= "INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=c.fk_soc AND sc.fk_user = ".$user->id; + $sql .= "INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=c.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " WHERE "; $sql .= " c.entity IN (".getEntity('mo').")"; @@ -2777,7 +2777,7 @@ class Product extends CommonObject $sql .= " AND p.entity IN (".getEntity('propal').")"; $sql .= " AND pd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND pr.fk_statut != 0"; if ($socid > 0) { @@ -2852,7 +2852,7 @@ class Product extends CommonObject $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; $sql .= " AND pd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND pr.fk_statut != 0"; if ($socid > 0) { @@ -2908,7 +2908,7 @@ class Product extends CommonObject $sql .= " AND c.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'commande').")"; $sql .= " AND cd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3010,7 +3010,7 @@ class Product extends CommonObject $sql .= " AND c.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'supplier_order').")"; $sql .= " AND cd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3072,7 +3072,7 @@ class Product extends CommonObject $sql .= " AND ed.fk_origin_line = cd.rowid"; $sql .= " AND cd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND e.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND e.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND e.fk_soc = ".((int) $socid); @@ -3153,7 +3153,7 @@ class Product extends CommonObject $sql .= " AND cf.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'supplier_order').")"; $sql .= " AND fd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND cf.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND cf.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND cf.fk_soc = ".((int) $socid); @@ -3209,7 +3209,7 @@ class Product extends CommonObject $sql .= " AND m.entity IN (".getEntity($forVirtualStock && !empty($conf->global->STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE) ? 'stock' : 'mrp').")"; $sql .= " AND mp.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid && !$forVirtualStock) { - $sql .= " AND m.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND m.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND m.fk_soc = ".((int) $socid); @@ -3303,7 +3303,7 @@ class Product extends CommonObject $sql .= " AND c.entity IN (".getEntity('contract').")"; $sql .= " AND cd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND c.statut != 0"; if ($socid > 0) { @@ -3377,7 +3377,7 @@ class Product extends CommonObject $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND fd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND f.fk_statut != 0"; if ($socid > 0) { @@ -3451,7 +3451,7 @@ class Product extends CommonObject $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; $sql .= " AND fd.fk_product = ".$this->id; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND f.fk_statut != 0"; if ($socid > 0) { @@ -3590,7 +3590,7 @@ class Product extends CommonObject $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND f.fk_soc = $socid"; @@ -3643,7 +3643,7 @@ class Product extends CommonObject $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND f.fk_soc = $socid"; @@ -3694,7 +3694,7 @@ class Product extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND p.fk_soc = ".((int) $socid); @@ -3746,7 +3746,7 @@ class Product extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND p.fk_soc = ".((int) $socid); @@ -3797,7 +3797,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('commande').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3848,7 +3848,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3902,7 +3902,7 @@ class Product extends CommonObject $sql .= " AND c.fk_soc = s.rowid"; if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); @@ -3955,7 +3955,7 @@ class Product extends CommonObject } if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND d.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND d.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND d.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php index f71c907a430..cb7c84fc863 100644 --- a/htdocs/product/stats/contrat.php +++ b/htdocs/product/stats/contrat.php @@ -144,7 +144,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND c.entity IN (".getEntity('contract').")"; $sql .= " AND cd.fk_product = ".((int) $product->id); if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php index b8a83e847c2..b3e5571ac5a 100644 --- a/htdocs/product/stats/facture.php +++ b/htdocs/product/stats/facture.php @@ -176,7 +176,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(f.datef) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/facture_fournisseur.php b/htdocs/product/stats/facture_fournisseur.php index 6eaf5a33e22..212674582f9 100644 --- a/htdocs/product/stats/facture_fournisseur.php +++ b/htdocs/product/stats/facture_fournisseur.php @@ -159,7 +159,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(f.datef) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php index f2a26d4af73..b83d0368b75 100644 --- a/htdocs/product/stats/propal.php +++ b/htdocs/product/stats/propal.php @@ -161,7 +161,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(p.datep) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND p.fk_soc = ".((int) $socid); diff --git a/htdocs/product/stats/supplier_proposal.php b/htdocs/product/stats/supplier_proposal.php index b30983bbda5..d583d58bff8 100644 --- a/htdocs/product/stats/supplier_proposal.php +++ b/htdocs/product/stats/supplier_proposal.php @@ -160,7 +160,7 @@ if ($id > 0 || !empty($ref)) { $sql .= ' AND YEAR(p.datep) IN ('.$db->sanitize($search_year).')'; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND p.fk_soc = ".((int) $socid); diff --git a/htdocs/projet/activity/index.php b/htdocs/projet/activity/index.php index 60484eb4f17..eb9985b4de5 100644 --- a/htdocs/projet/activity/index.php +++ b/htdocs/projet/activity/index.php @@ -124,7 +124,7 @@ $sql .= ", ".MAIN_DB_PREFIX."projet_task_time as tt"; $sql .= " WHERE t.fk_projet = p.rowid"; $sql .= " AND p.entity = ".$conf->entity; $sql .= " AND tt.fk_task = t.rowid"; -$sql .= " AND tt.fk_user = ".$user->id; +$sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND task_date BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $month, $day, $year))."' AND '".$db->idate(dol_mktime(23, 59, 59, $month, $day, $year))."'"; $sql .= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql .= " GROUP BY p.rowid, p.ref, p.title, p.public"; @@ -177,7 +177,7 @@ $sql .= ", ".MAIN_DB_PREFIX."projet_task_time as tt"; $sql .= " WHERE t.fk_projet = p.rowid"; $sql .= " AND p.entity = ".$conf->entity; $sql .= " AND tt.fk_task = t.rowid"; -$sql .= " AND tt.fk_user = ".$user->id; +$sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND task_date BETWEEN '".$db->idate(dol_time_plus_duree(dol_mktime(0, 0, 0, $month, $day, $year), -1, 'd'))."' AND '".$db->idate(dol_time_plus_duree(dol_mktime(23, 59, 59, $month, $day, $year), -1, 'd'))."'"; $sql .= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql .= " GROUP BY p.rowid, p.ref, p.title, p.public"; @@ -233,7 +233,7 @@ if ($db->type != 'pgsql') $sql.= " WHERE t.fk_projet = p.rowid"; $sql.= " AND p.entity = ".$conf->entity; $sql.= " AND tt.fk_task = t.rowid"; - $sql.= " AND tt.fk_user = ".$user->id; + $sql.= " AND tt.fk_user = ".((int) $user->id); $sql.= " AND task_date >= '".$db->idate(dol_get_first_day($year, $month)).'" AND ..."; $sql.= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql.= " GROUP BY p.rowid, p.ref, p.title"; @@ -289,7 +289,7 @@ if (!empty($conf->global->PROJECT_TASK_TIME_MONTH)) { $sql .= " WHERE t.fk_projet = p.rowid"; $sql .= " AND p.entity = ".$conf->entity; $sql .= " AND tt.fk_task = t.rowid"; - $sql .= " AND tt.fk_user = ".$user->id; + $sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND task_date BETWEEN '".$db->idate(dol_get_first_day($year, $month))."' AND '".$db->idate(dol_get_last_day($year, $month))."'"; $sql .= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql .= " GROUP BY p.rowid, p.ref, p.title, p.public"; @@ -335,7 +335,7 @@ if (!empty($conf->global->PROJECT_TASK_TIME_YEAR)) { $sql .= " WHERE t.fk_projet = p.rowid"; $sql .= " AND p.entity = ".$conf->entity; $sql .= " AND tt.fk_task = t.rowid"; - $sql .= " AND tt.fk_user = ".$user->id; + $sql .= " AND tt.fk_user = ".((int) $user->id); $sql .= " AND YEAR(task_date) = '".strftime("%Y", $now)."'"; $sql .= " AND p.rowid in (".$db->sanitize($projectsListId).")"; $sql .= " GROUP BY p.rowid, p.ref, p.title, p.public"; diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index a570e8ed7bb..3d5c89b9dc7 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -1407,9 +1407,9 @@ class Project extends CommonObject } $sql .= " WHERE p.entity IN (".getEntity('project').")"; // Internal users must see project he is contact to even if project linked to a third party he can't see. - //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; if ($socid > 0) { - $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } // Get id of types of contacts for projects (This list never contains a lot of elements) @@ -2025,7 +2025,7 @@ class Project extends CommonObject $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; } // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser - //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; // For external user, no check is done on company permission because readability is managed by public status of project and assignement. //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index 574fb534b2c..9a80eb060e9 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -2097,12 +2097,12 @@ class Task extends CommonObject $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; } // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser - //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; + //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; if ($socid) { $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id.") OR (s.rowid IS NULL))"; + $sql .= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))"; } $resql = $this->db->query($sql); diff --git a/htdocs/reception/class/receptionstats.class.php b/htdocs/reception/class/receptionstats.class.php index 3e28d96bc49..4055d5d5dfe 100644 --- a/htdocs/reception/class/receptionstats.class.php +++ b/htdocs/reception/class/receptionstats.class.php @@ -71,13 +71,13 @@ class ReceptionStats extends Stats //$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity; $this->where .= " AND c.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$this->socid) { - $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { - $this->where .= " AND c.fk_soc = ".$this->socid; + $this->where .= " AND c.fk_soc = ".((int) $this->socid); } if ($this->userid > 0) { - $this->where .= ' AND c.fk_user_author = '.$this->userid; + $this->where .= ' AND c.fk_user_author = '.((int) $this->userid); } } diff --git a/htdocs/reception/index.php b/htdocs/reception/index.php index 7cb26dee0ca..948489aa843 100644 --- a/htdocs/reception/index.php +++ b/htdocs/reception/index.php @@ -88,7 +88,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_fournisseur as c ON el.fk_source $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc"; if (!$user->rights->societe->client->voir && !$socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc"; - $sql .= $clause." sc.fk_user = ".$user->id; + $sql .= $clause." sc.fk_user = ".((int) $user->id); $clause = " AND "; } $sql .= $clause." e.fk_statut = 0"; @@ -156,7 +156,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= " WHERE e.entity IN (".getEntity('reception').")"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND e.fk_statut = 1"; if ($socid) { @@ -222,7 +222,7 @@ if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid ASC"; $resql = $db->query($sql); diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index a6ecd37cc6d..dd9f365c39a 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -451,7 +451,7 @@ if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no $sql .= " WHERE e.entity IN (".getEntity('reception').")"; if (!$user->rights->societe->client->voir && !$socid) { // Internal user with no permission to see all $sql .= " AND e.fk_soc = sc.fk_soc"; - $sql .= " AND sc.fk_user = ".$user->id; + $sql .= " AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND e.fk_soc = ".((int) $socid); diff --git a/htdocs/recruitment/recruitmentindex.php b/htdocs/recruitment/recruitmentindex.php index 6e9ee616327..8c3e2f236a5 100644 --- a/htdocs/recruitment/recruitmentindex.php +++ b/htdocs/recruitment/recruitmentindex.php @@ -336,7 +336,7 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme } $sql .= " WHERE s.entity IN (".getEntity($staticrecruitmentjobposition->element).")"; if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.fk_soc = $socid"; @@ -407,7 +407,7 @@ if (!empty($conf->recruitment->enabled) && $user->rights->recruitment->recruitme } $sql .= " WHERE rc.entity IN (".getEntity($staticrecruitmentjobposition->element).")"; if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.fk_soc = $socid"; diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php index eefb71b6772..91e8cbc290b 100644 --- a/htdocs/societe/class/client.class.php +++ b/htdocs/societe/class/client.class.php @@ -66,7 +66,7 @@ class Client extends Societe $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." s.client IN (1,2,3)"; diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index dc074c817f8..fa19b23e6cd 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -2306,7 +2306,7 @@ class Societe extends CommonObject $sql .= " WHERE entity in (0, ".$conf->entity.")"; } - $sql .= " AND u.rowid = sc.fk_user AND sc.fk_soc = ".$this->id; + $sql .= " AND u.rowid = sc.fk_user AND sc.fk_soc = ".((int) $this->id); if (empty($sortfield) && empty($sortorder)) { $sortfield = 'u.lastname,u.firstname'; $sortorder = 'ASC,ASC'; @@ -3034,7 +3034,7 @@ class Societe extends CommonObject { // phpcs:enable require_once DOL_DOCUMENT_ROOT.'/societe/class/companybankaccount.class.php'; - $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_rib WHERE type='ban' AND fk_soc = ".$this->id; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."societe_rib WHERE type='ban' AND fk_soc = ".((int) $this->id); $result = $this->db->query($sql); if (!$result) { $this->error++; diff --git a/htdocs/societe/index.php b/htdocs/societe/index.php index e7d3ba09db8..1433435a8e6 100644 --- a/htdocs/societe/index.php +++ b/htdocs/societe/index.php @@ -99,7 +99,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= ' WHERE s.entity IN ('.getEntity('societe').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { $sql .= " AND s.rowid = ".((int) $socid); @@ -273,7 +273,7 @@ if (!$user->rights->societe->client->voir && !$socid) { } $sql .= ' WHERE s.entity IN ('.getEntity('societe').')'; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index db1934bfc23..0b363f560f3 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -513,9 +513,9 @@ $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object); // Note that $action and $object may have been modified by hook $sql .= $hookmanager->resPrint; $sql .= " WHERE s.entity IN (".getEntity('societe').")"; -//if (empty($user->rights->societe->client->voir) && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->societe->client->readallthirdparties_advance)) && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; +//if (empty($user->rights->societe->client->voir) && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->societe->client->readallthirdparties_advance)) && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); if (empty($user->rights->societe->client->voir) && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_sale && $search_sale != '-1' && $search_sale != '-2') { $sql .= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale diff --git a/htdocs/societe/paymentmodes.php b/htdocs/societe/paymentmodes.php index 97d92007885..873795c938e 100644 --- a/htdocs/societe/paymentmodes.php +++ b/htdocs/societe/paymentmodes.php @@ -516,7 +516,7 @@ if (empty($reshook)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_account WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; } else { $sql = 'SELECT rowid FROM '.MAIN_DB_PREFIX."societe_account"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".((int) $object->id)." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! } $resql = $db->query($sql); @@ -538,7 +538,7 @@ if (empty($reshook)) { } else { $sql = 'UPDATE '.MAIN_DB_PREFIX."societe_account"; $sql .= " SET key_account = '".$db->escape(GETPOST('key_account', 'alpha'))."', site_account = '".$db->escape($site_account)."'"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '' or site_account = '".$db->escape($site_account)."') AND fk_soc = ".((int) $object->id)." AND status = ".((int) $servicestatus)." AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! $resql = $db->query($sql); } } @@ -562,7 +562,7 @@ if (empty($reshook)) { if (empty($newsup)) { $sql = "DELETE FROM ".MAIN_DB_PREFIX."oauth_token WHERE fk_soc = ".$object->id." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; // TODO Add site and site_account on oauth_token table - //$sql = "DELETE FROM ".MAIN_DB_PREFIX."oauth_token WHERE site = 'stripe' AND (site_account IS NULL or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; + //$sql = "DELETE FROM ".MAIN_DB_PREFIX."oauth_token WHERE site = 'stripe' AND (site_account IS NULL or site_account = '".$db->escape($site_account)."') AND fk_soc = ".((int) $object->id)." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; } else { try { $stripesup = \Stripe\Account::retrieve($db->escape(GETPOST('key_account_supplier', 'alpha'))); @@ -570,7 +570,7 @@ if (empty($reshook)) { $tokenstring['type'] = $stripesup->type; $sql = "UPDATE ".MAIN_DB_PREFIX."oauth_token"; $sql .= " SET tokenstring = '".$db->escape(json_encode($tokenstring))."'"; - $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '".$db->escape($site_account)."') AND fk_soc = ".$object->id." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! + $sql .= " WHERE site = 'stripe' AND (site_account IS NULL or site_account = '".$db->escape($site_account)."') AND fk_soc = ".((int) $object->id)." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! // TODO Add site and site_account on oauth_token table $sql .= " WHERE fk_soc = ".$object->id." AND service = '".$db->escape($service)."' AND entity = ".$conf->entity; // Keep = here for entity. Only 1 record must be modified ! } catch (Exception $e) { diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 6d43222bcf2..bc44ad200d5 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1946,7 +1946,7 @@ class SupplierProposal extends CommonObject $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = c.id"; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); @@ -2220,7 +2220,7 @@ class SupplierProposal extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." p.entity IN (".getEntity('supplier_proposal').")"; @@ -2231,7 +2231,7 @@ class SupplierProposal extends CommonObject $sql .= " AND p.fk_statut = 2"; } if ($user->socid) { - $sql .= " AND p.fk_soc = ".$user->socid; + $sql .= " AND p.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -2377,7 +2377,7 @@ class SupplierProposal extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." p.entity IN (".getEntity('supplier_proposal').")"; diff --git a/htdocs/supplier_proposal/index.php b/htdocs/supplier_proposal/index.php index 85f5f96c1af..45501ed9b2b 100644 --- a/htdocs/supplier_proposal/index.php +++ b/htdocs/supplier_proposal/index.php @@ -75,7 +75,7 @@ if ($user->socid) { $sql .= ' AND p.fk_soc = '.$user->socid; } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " AND p.fk_statut IN (0,1,2,3,4)"; $sql .= " GROUP BY p.fk_statut"; @@ -176,7 +176,7 @@ if (!empty($conf->supplier_proposal->enabled)) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $resql = $db->query($sql); @@ -234,7 +234,7 @@ if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; $sql .= $db->plimit($max, 0); @@ -312,7 +312,7 @@ if (!empty($conf->supplier_proposal->enabled) && $user->rights->supplier_proposa $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; $sql .= " AND p.fk_statut = 1"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { $sql .= " AND s.rowid = ".((int) $socid); diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 3c89be6bfe4..97fa7fbd713 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -317,7 +317,7 @@ if ($search_user > 0) { $sql .= ' WHERE sp.fk_soc = s.rowid'; $sql .= ' AND sp.entity IN ('.getEntity('supplier_proposal').')'; if (!$user->rights->societe->client->voir && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_town) { $sql .= natural_search('s.town', $search_town); diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index d29a4913b6b..9d2a193cf8c 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -729,9 +729,9 @@ class Ticket extends CommonObject } } if (!$user->rights->societe->client->voir && !$user->socid) { - $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } elseif ($user->socid) { - $sql .= " AND t.fk_soc = ".$user->socid; + $sql .= " AND t.fk_soc = ".((int) $user->socid); } $sql .= " ORDER BY ".$sortfield.' '.$sortorder; @@ -2920,7 +2920,7 @@ class Ticket extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."ticket as p"; if ($conf->societe->enabled && !$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; } $sql .= $clause." p.entity IN (".getEntity('ticket').")"; @@ -2928,7 +2928,7 @@ class Ticket extends CommonObject $sql .= " AND p.fk_statut NOT IN (".Ticket::STATUS_CLOSED.", ".Ticket::STATUS_CANCELED.")"; } if ($user->socid) { - $sql .= " AND p.fk_soc = ".$user->socid; + $sql .= " AND p.fk_soc = ".((int) $user->socid); } $resql = $this->db->query($sql); @@ -2986,7 +2986,7 @@ class Ticket extends CommonObject $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; if (!$user->rights->societe->client->voir && !$user->socid) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".$user->id; + $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; } $sql .= " ".$clause." p.entity IN (".getEntity('ticket').")"; diff --git a/htdocs/ticket/class/ticketstats.class.php b/htdocs/ticket/class/ticketstats.class.php index 2bcd0fe89fc..9f8122b0b9a 100644 --- a/htdocs/ticket/class/ticketstats.class.php +++ b/htdocs/ticket/class/ticketstats.class.php @@ -64,7 +64,7 @@ class TicketStats extends Stats $this->where = " fk_statut > 0"; $this->where .= " AND entity = ".$conf->entity; if ($this->socid > 0) { - $this->where .= " AND fk_soc = ".$this->socid; + $this->where .= " AND fk_soc = ".((int) $this->socid); } if (is_array($this->userid) && count($this->userid) > 0) { $this->where .= ' AND fk_user_create IN ('.$this->db->sanitize(join(',', $this->userid)).')'; diff --git a/htdocs/ticket/index.php b/htdocs/ticket/index.php index c3027e5044b..1c565b79b45 100644 --- a/htdocs/ticket/index.php +++ b/htdocs/ticket/index.php @@ -324,7 +324,7 @@ if (!$user->rights->societe->client->voir && !$socid) { $sql .= ' WHERE t.entity IN ('.getEntity('ticket').')'; $sql .= " AND t.fk_statut=0"; if (!$user->rights->societe->client->voir && !$socid) { - $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid > 0) { diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 816d3dc3e27..4c253e4a4a8 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1030,7 +1030,7 @@ class User extends CommonObject $sql .= " AND r.entity = ".$conf->entity; } $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; - $sql .= " AND gu.fk_user = ".$this->id; + $sql .= " AND gu.fk_user = ".((int) $this->id); $sql .= " AND r.perms IS NOT NULL"; if ($moduletag) { $sql .= " AND r.module = '".$this->db->escape($moduletag)."'"; diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php index 73c9d817ae8..9bb8ab66c38 100644 --- a/htdocs/user/notify/card.php +++ b/htdocs/user/notify/card.php @@ -409,7 +409,7 @@ if ($result > 0) { $sql .= " ".MAIN_DB_PREFIX."notify as n"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as c ON n.fk_user = c.rowid"; $sql .= " WHERE a.rowid = n.fk_action"; - $sql .= " AND n.fk_user = ".$object->id; + $sql .= " AND n.fk_user = ".((int) $object->id); $sql .= $db->order($sortfield, $sortorder); // Count total nb of records diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 5e96a76119c..692b3dc08af 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -217,9 +217,9 @@ $permsgroupbyentity = array(); $sql = "SELECT DISTINCT gr.fk_id, gu.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."usergroup_rights as gr,"; $sql .= " ".MAIN_DB_PREFIX."usergroup_user as gu"; -$sql .= " WHERE gr.entity = ".$entity; +$sql .= " WHERE gr.entity = ".((int) $entity); $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; -$sql .= " AND gu.fk_user = ".$object->id; +$sql .= " AND gu.fk_user = ".((int) $object->id); dol_syslog("get user perms", LOG_DEBUG); $result = $db->query($sql); diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 37fc7eee703..6a3a0219119 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -225,7 +225,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Must must not found $db-> $ok=true; $matches=array(); - // Check string get_class... + // Check string $db-> inside a class.php file (it should be $this->db-> insto such classes) preg_match_all('/'.preg_quote('$db->', '/').'/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; @@ -243,7 +243,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Must must not found $this->db-> $ok=true; $matches=array(); - // Check string get_class... + // Check string $this->db-> into a non class.php file (it shoud be $db-> into such classes) preg_match_all('/'.preg_quote('$this->db->', '/').'/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; @@ -286,6 +286,25 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $ok=true; $matches=array(); + // Check sql string AND ... yyy = ".$xxx + // with xxx that is not 'thi' (for $this->db->sanitize) and 'db-' (for $db->sanitize). It means we forget a ' if string or an (int) if int when forging sql request. + preg_match_all('/AND.*([^\s][^\s][^\s])\s*=\s*"\s*\.\s*\$(...)/', $filecontent, $matches, PREG_SET_ORDER); + foreach ($matches as $key => $val) { + if ($val[1] == 'ity' && $val[2] == 'con') { + continue; + } + //if ($val[2] != 'thi' && $val[2] != 'db-') { + var_dump($matches); + $ok=false; + break; + //} + //if ($reg[0] != 'db') $ok=false; + } + //print __METHOD__." Result for checking we don't have non escaped string in sql requests for file ".$file."\n"; + $this->assertTrue($ok, 'Found non quoted or not casted var into sql request '.$file['relativename'].' - Bad.'); + //exit; + + // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/=\s*\'"\s*\.\s*\$this->(....)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { @@ -299,10 +318,10 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase $this->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file['relativename'].' - Bad.'); //exit; - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. - preg_match_all('/sql.+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); + // Check string sql|set...'".$yyy->xxx with xxx that is not 'escape', 'idate', .... It means we forget a db->escape when forging sql request. + preg_match_all('/(sql|SET).+\s*\'"\s*\.\s*\$(.........)/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { - if (! in_array($val[1], array('this->db-', 'this->esc', 'db->escap', 'dbsession', 'db->idate', 'excludeGr', 'includeGr'))) { + if (! in_array($val[2], array('this->db-', 'this->esc', 'db->escap', 'dbsession', 'db->idate', 'excludeGr', 'includeGr'))) { $ok=false; break; } @@ -341,7 +360,6 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test that output of $_SERVER\[\'QUERY_STRING\'\] is escaped. $ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/(..............)\$_SERVER\[\'QUERY_STRING\'\]/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($val[1] != 'scape_htmltag(' && $val[1] != 'ing_nohtmltag(' && $val[1] != 'dol_escape_js(') { @@ -355,7 +373,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test that first param of print_liste_field_titre is a translation key and not the translated value $ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. + // Check string ='print_liste_field_titre\(\$langs'. preg_match_all('/print_liste_field_titre\(\$langs/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false; @@ -367,8 +385,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test we don't have
$ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. - preg_match_all('/
/', $filecontent, $matches, PREG_SET_ORDER); + preg_match_all('//', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($file['name'] != 'functions.lib.php') { $ok=false; @@ -381,7 +398,6 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test we don't have name="token" value="'.$_SESSION['newtoken'], we must use name="token" value="'.newToken() instead. $ok=true; $matches=array(); - // Check string name="token" value="'.$_SESSINON preg_match_all('/name="token" value="\'\s*\.\s*\$_SESSION/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { if ($file['name'] != 'excludefile.php') { @@ -395,7 +411,6 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase // Test we don't have @var array( $ok=true; $matches=array(); - // Check string ='".$this->xxx with xxx that is not 'escape'. It means we forget a db->escape when forging sql request. preg_match_all('/@var\s+array\(/', $filecontent, $matches, PREG_SET_ORDER); foreach ($matches as $key => $val) { $ok=false;