Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix escaping

Browse Source
This commit is contained in:
Laurent Destailleur 2020-09-20 02:30:53 +02:00
parent fa86b62198
commit f57b4fd2fd
19 changed files with 74 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/debugbar/class/TraceableDB.php
View File

@ -46,7 +46,7 @@ class TraceableDB extends DoliDB
public function __construct($db)
{
$this->db = $db;
$this->type = $db->type;
$this->type = $this->db->type;
$this->queries = array();
}

2
htdocs/don/admin/donation.php
View File

@ -196,7 +196,7 @@ $type = 'donation';
$def = array();
$sql = "SELECT nom";
$sql .= " FROM ".MAIN_DB_PREFIX."document_model";
$sql .= " WHERE type = '".$type."'";
$sql .= " WHERE type = '".$db->escape($type)."'";
$resql = $db->query($sql);
if ($resql)
{

2
htdocs/ecm/class/ecmfiles.class.php
View File

@ -242,7 +242,7 @@ class EcmFiles extends CommonObject
$sql .= 'src_object_type,';
$sql .= 'src_object_id';
$sql .= ') VALUES (';
$sql .= " '".$ref."', ";
$sql .= " '".$this->db->escape($ref)."', ";
$sql .= ' '.(!isset($this->label) ? 'NULL' : "'".$this->db->escape($this->label)."'").',';
$sql .= ' '.(!isset($this->share) ? 'NULL' : "'".$this->db->escape($this->share)."'").',';
$sql .= ' '.$this->entity.',';

2
htdocs/expedition/class/expedition.class.php
View File

@ -702,7 +702,7 @@ class Expedition extends CommonObject
// Validate
$sql = "UPDATE ".MAIN_DB_PREFIX."expedition SET";
$sql .= " ref='".$numref."'";
$sql .= " ref='".$this->db->escape($numref)."'";
$sql .= ", fk_statut = 1";
$sql .= ", date_valid = '".$this->db->idate($now)."'";
$sql .= ", fk_user_valid = ".$user->id;

30
htdocs/expensereport/class/expensereport.class.php
View File

@ -461,7 +461,7 @@ class ExpenseReport extends CommonObject
$sql .= " , date_fin = '".$this->db->idate($this->date_fin)."'";
if ($userofexpensereport && is_object($userofexpensereport))
{
$sql .= " , fk_user_author = ".($userofexpensereport->id > 0 ? "'".$userofexpensereport->id."'" : "null"); // Note fk_user_author is not the 'author' but the guy the expense report is for.
$sql .= " , fk_user_author = ".($userofexpensereport->id > 0 ? $userofexpensereport->id : "null"); // Note fk_user_author is not the 'author' but the guy the expense report is for.
}
$sql .= " , fk_user_validator = ".($this->fk_user_validator > 0 ? $this->fk_user_validator : "null");
$sql .= " , fk_user_valid = ".($this->fk_user_valid > 0 ? $this->fk_user_valid : "null");
@ -845,24 +845,24 @@ class ExpenseReport extends CommonObject
$sql .= " WHERE de.fk_projet = ".$projectid;
dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);
$result = $db->query($sql);
$result = $this->db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$num = $this->db->num_rows($result);
$i = 0;
$total_HT = 0;
$total_TTC = 0;
while ($i < $num)
{
$objp = $db->fetch_object($result);
$objp = $this->db->fetch_object($result);
$sql2 = "SELECT d.rowid, d.fk_user_author, d.ref, d.fk_statut";
$sql2 .= " FROM ".MAIN_DB_PREFIX."expensereport as d";
$sql2 .= " WHERE d.rowid = '".$objp->fk_expensereport."'";
$sql2 .= " WHERE d.rowid = ".((int) $objp->fk_expensereport);
$result2 = $db->query($sql2);
$obj = $db->fetch_object($result2);
$result2 = $this->db->query($sql2);
$obj = $this->db->fetch_object($result2);
$objp->fk_user_author = $obj->fk_user_author;
$objp->ref = $obj->ref;
@ -871,7 +871,7 @@ class ExpenseReport extends CommonObject
$total_HT = $total_HT + $objp->total_ht;
$total_TTC = $total_TTC + $objp->total_ttc;
$author = new User($db);
$author = new User($this->db);
$author->fetch($objp->fk_user_author);
print '<tr>';
@ -920,7 +920,7 @@ class ExpenseReport extends CommonObject
print '<td>&nbsp;</td>';
print '</tr>';
} else {
$this->error = $db->lasterror();
$this->error = $this->db->lasterror();
return -1;
}
}
@ -1130,7 +1130,7 @@ class ExpenseReport extends CommonObject
// Validate
$sql = "UPDATE ".MAIN_DB_PREFIX.$this->table_element;
$sql .= " SET ref = '".$num."',";
$sql .= " SET ref = '".$this->db->escape($num)."',";
$sql .= " fk_statut = ".self::STATUS_VALIDATED.",";
$sql .= " date_valid='".$this->db->idate($this->date_valid)."',";
$sql .= " fk_user_valid = ".$user->id;
@ -2354,7 +2354,7 @@ class ExpenseReport extends CommonObject
$type = 'expense_report';
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$type."' AND ab.fk_doc = ".$this->id;
$sql = " SELECT COUNT(ab.rowid) as nb FROM ".MAIN_DB_PREFIX."accounting_bookkeeping as ab WHERE ab.doc_type='".$this->db->escape($type)."' AND ab.fk_doc = ".$this->id;
$resql = $this->db->query($sql);
if ($resql)
{
@ -2740,7 +2740,7 @@ function select_expensereport_statut($selected = '', $htmlname = 'fk_statut', $u
{
global $db, $langs;
$tmpep = new ExpenseReport($db);
$tmpep = new ExpenseReport($this->db);
print '<select class="flat" name="'.$htmlname.'">';
if ($useempty) print '<option value="-1">&nbsp;</option>';
@ -2787,15 +2787,15 @@ function select_type_fees_id($selected = '', $htmlname = 'type', $showempty = 0,
$sql = "SELECT c.id, c.code, c.label as type FROM ".MAIN_DB_PREFIX."c_type_fees as c";
if ($active >= 0) $sql .= " WHERE c.active = ".$active;
$sql .= " ORDER BY c.label ASC";
$resql = $db->query($sql);
$resql = $this->db->query($sql);
if ($resql)
{
$num = $db->num_rows($resql);
$num = $this->db->num_rows($resql);
$i = 0;
while ($i < $num)
{
$obj = $db->fetch_object($resql);
$obj = $this->db->fetch_object($resql);
$out .= '<option value="'.$obj->id.'"';
if ($obj->code == $selected || $obj->id == $selected) $out .= ' selected';
$out .= '>';

4
htdocs/expensereport/class/expensereportstats.class.php
View File

@ -136,7 +136,7 @@ class ExpenseReportStats extends Stats
{
$sql = "SELECT date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%m') as dm, sum(".$this->field.")";
$sql .= " FROM ".$this->from;
$sql .= " WHERE date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%Y') = '".$year."'";
$sql .= " WHERE date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%Y') = '".$this->db->escape($year)."'";
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
@ -156,7 +156,7 @@ class ExpenseReportStats extends Stats
{
$sql = "SELECT date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%m') as dm, avg(".$this->field.")";
$sql .= " FROM ".$this->from;
$sql .= " WHERE date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%Y') = '".$year."'";
$sql .= " WHERE date_format(".$this->db->ifsql('e.'.$this->datetouse.' IS NULL', 'e.date_create', 'e.'.$this->datetouse).",'%Y') = '".$this->db->escape($year)."'";
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');

10
htdocs/exports/class/export.class.php
View File

@ -338,7 +338,7 @@ class Export
}
break;
default:
dol_syslog("Error we try to forge an sql export request with a condition on a field with type '".$InfoFieldList[0]."' (defined into module descriptor) but this type is unknown/not supported. It looks like a bug into module descriptor.", LOG_ERR);
dol_syslog("Error we try to forge an sql export request with a condition on a field with type ".$InfoFieldList[0]." (defined into module descriptor) but this type is unknown/not supported. It looks like a bug into module descriptor.", LOG_ERR);
}
return $szFilterQuery;
@ -705,10 +705,10 @@ class Export
$sql .= 'filter';
$sql .= ') VALUES (';
$sql .= "'".$this->db->escape($this->model_name)."',";
$sql .= "'".$this->db->escape($this->datatoexport)."',";
$sql .= "'".$this->db->escape($this->hexa)."',";
$sql .= "'".$user->id."',";
$sql .= "'".$this->db->escape($this->hexafiltervalue)."'";
$sql .= " '".$this->db->escape($this->datatoexport)."',";
$sql .= " '".$this->db->escape($this->hexa)."',";
$sql .= ' '.($user->id > 0 ? $user->id : 'null').",";
$sql .= " '".$this->db->escape($this->hexafiltervalue)."'";
$sql .= ")";
dol_syslog(get_class($this)."::create", LOG_DEBUG);

2
htdocs/exports/export.php
View File

@ -1060,7 +1060,7 @@ if ($step == 4 && $datatoexport)
// List of existing export profils
$sql = "SELECT rowid, label";
$sql .= " FROM ".MAIN_DB_PREFIX."export_model";
$sql .= " WHERE type = '".$datatoexport."'";
$sql .= " WHERE type = '".$db->escape($datatoexport)."'";
if (empty($conf->global->EXPORTS_SHARE_MODELS))$sql .= " AND fk_user=".$user->id;
$sql .= " ORDER BY rowid";
$resql = $db->query($sql);

2
htdocs/fichinter/class/fichinter.class.php
View File

@ -1132,7 +1132,7 @@ class Fichinter extends CommonObject
if ($user->rights->ficheinter->creer)
{
$sql = "UPDATE ".MAIN_DB_PREFIX."fichinter ";
$sql .= " SET fk_contrat = '".$contractid."'";
$sql .= " SET fk_contrat = ".((int) $contractid);
$sql .= " WHERE rowid = ".$this->id;
if ($this->db->query($sql))

2
htdocs/fichinter/class/fichinterrec.class.php
View File

@ -168,7 +168,7 @@ class FichinterRec extends Fichinter
$sql .= ", ".(!empty($this->description) ? ("'".$this->db->escape($this->description)."'") : "null");
$sql .= ", ".(!empty($fichintsrc->note_private) ? ("'".$this->db->escape($fichintsrc->note_private)."'") : "null");
$sql .= ", ".(!empty($fichintsrc->note_public) ? ("'".$this->db->escape($fichintsrc->note_public)."'") : "null");
$sql .= ", '".$user->id."'";
$sql .= ", ".$user->id;
// si c'est la même société on conserve les liens vers le projet et le contrat
if ($this->socid == $fichintsrc->socid) {
$sql .= ", ".(!empty($fichintsrc->fk_project) ? $fichintsrc->fk_project : "null");

2
htdocs/fichinter/stats/index.php
View File

@ -70,7 +70,7 @@ print load_fiche_titre($title, '', 'intervention');
dol_mkdir($dir);
$stats = new FichinterStats($db, $socid, $mode, ($userid > 0 ? $userid : 0));
if ($object_status != '' && $object_status > -1) $stats->where .= ' AND c.fk_statut IN ('.$this->db->sanitize($db->escape($object_status)).')';
if ($object_status != '' && $object_status > -1) $stats->where .= ' AND c.fk_statut IN ('.$db->sanitize($db->escape($object_status)).')';
// Build graphic number of object
$data = $stats->getNbByMonthWithPrevYear($endyear, $startyear);

22
htdocs/fourn/class/fournisseur.commande.class.php
View File

@ -1297,7 +1297,7 @@ class CommandeFournisseur extends CommonOrder
$sql .= ", ".$user->id;
$sql .= ", ".self::STATUS_DRAFT;
$sql .= ", ".$this->db->escape($this->source);
$sql .= ", '".$conf->global->COMMANDE_SUPPLIER_ADDON_PDF."'";
$sql .= ", '".$this->db->escape($conf->global->COMMANDE_SUPPLIER_ADDON_PDF)."'";
$sql .= ", ".($this->mode_reglement_id > 0 ? $this->mode_reglement_id : 'null');
$sql .= ", ".($this->cond_reglement_id > 0 ? $this->cond_reglement_id : 'null');
$sql .= ", ".($this->fk_account > 0 ? $this->fk_account : 'NULL');
@ -1843,7 +1843,7 @@ class CommandeFournisseur extends CommonOrder
$sql = "INSERT INTO ".MAIN_DB_PREFIX."commande_fournisseur_dispatch";
$sql .= " (fk_commande, fk_product, qty, fk_entrepot, fk_user, datec, fk_commandefourndet, status, comment, eatby, sellby, batch) VALUES";
$sql .= " ('".$this->id."','".$product."','".$qty."',".($entrepot > 0 ? "'".$entrepot."'" : "null").",'".$user->id."','".$this->db->idate($now)."','".$fk_commandefourndet."', ".$dispatchstatus.", '".$this->db->escape($comment)."', ";
$sql .= ($eatby ? "'".$this->db->idate($eatby)."'" : "null").", ".($sellby ? "'".$this->db->idate($sellby)."'" : "null").", ".($batch ? "'".$batch."'" : "null");
$sql .= ($eatby ? "'".$this->db->idate($eatby)."'" : "null").", ".($sellby ? "'".$this->db->idate($sellby)."'" : "null").", ".($batch ? "'".$this->db->escape($batch)."'" : "null");
$sql .= ")";
dol_syslog(get_class($this)."::dispatchProduct", LOG_DEBUG);
@ -2414,10 +2414,10 @@ class CommandeFournisseur extends CommonOrder
$sql = "INSERT INTO ".MAIN_DB_PREFIX."commande_fournisseurdet";
$sql .= " (fk_commande, label, description, fk_product, price, qty, tva_tx, localtax1_tx, localtax2_tx, remise_percent, subprice, remise, ref)";
$sql .= " VALUES (".$idc.", '".$this->db->escape($label)."','".$this->db->escape($comclient->lines[$i]->desc)."'";
$sql .= ",".$comclient->lines[$i]->fk_product.",'".price2num($comclient->lines[$i]->price)."'";
$sql .= ", '".$comclient->lines[$i]->qty."', ".$comclient->lines[$i]->tva_tx.", ".$comclient->lines[$i]->localtax1_tx.", ".$comclient->lines[$i]->localtax2_tx.", ".$comclient->lines[$i]->remise_percent;
$sql .= ", '".price2num($comclient->lines[$i]->subprice)."','0','".$ref."');";
$sql .= " VALUES (".$idc.", '".$this->db->escape($label)."', ".$this->db->escape($comclient->lines[$i]->desc);
$sql .= ",".$comclient->lines[$i]->fk_product.", ".price2num($comclient->lines[$i]->price);
$sql .= ", ".$comclient->lines[$i]->qty.", ".$comclient->lines[$i]->tva_tx.", ".$comclient->lines[$i]->localtax1_tx.", ".$comclient->lines[$i]->localtax2_tx.", ".$comclient->lines[$i]->remise_percent;
$sql .= ", '".price2num($comclient->lines[$i]->subprice)."','0', '".$this->db->escape($ref)."');";
if ($this->db->query($sql))
{
$this->update_price();
@ -2927,14 +2927,14 @@ class CommandeFournisseur extends CommonOrder
{
$sql = "SELECT rowid, code, libelle as label";
$sql .= " FROM ".MAIN_DB_PREFIX.'c_input_method';
$sql .= " WHERE active=1 AND rowid = ".$db->escape($this->methode_commande_id);
$sql .= " WHERE active=1 AND rowid = ".$this->db->escape($this->methode_commande_id);
$resql = $db->query($sql);
$resql = $this->db->query($sql);
if ($resql)
{
if ($db->num_rows($resql))
if ($this->db->num_rows($resql))
{
$obj = $db->fetch_object($resql);
$obj = $this->db->fetch_object($resql);
$string = $langs->trans($obj->code);
if ($string == $obj->code)
@ -2943,7 +2943,7 @@ class CommandeFournisseur extends CommonOrder
}
return $string;
}
} else dol_print_error($db);
} else dol_print_error($this->db);
}
return '';

9
htdocs/fourn/class/fournisseur.facture.class.php
View File

@ -2392,7 +2392,6 @@ class FactureFournisseur extends CommonInvoice
return $numref;
} else {
$this->error = $obj->error;
//dol_print_error($db,get_class($this)."::getNextNumRef ".$obj->error);
return false;
}
}
@ -2714,15 +2713,13 @@ class FactureFournisseur extends CommonInvoice
*/
public function isCreditNoteUsed()
{
global $db;
$isUsed = false;
$sql = "SELECT fk_invoice_supplier FROM ".MAIN_DB_PREFIX."societe_remise_except WHERE fk_invoice_supplier_source=".$this->id;
$resql = $db->query($sql);
$resql = $this->db->query($sql);
if (!empty($resql)) {
$obj = $db->fetch_object($resql);
if (!empty($obj->fk_invoice_supplier))$isUsed = true;
$obj = $this->db->fetch_object($resql);
if (!empty($obj->fk_invoice_supplier)) $isUsed = true;
}
return $isUsed;

4
htdocs/fourn/class/fournisseur.product.class.php
View File

@ -349,8 +349,8 @@ class ProductFournisseur extends Product
// TODO Add localtax1 and localtax2
//$sql.= " localtax1_tx=".($localtax1>=0?$localtax1:'NULL').",";
//$sql.= " localtax2_tx=".($localtax2>=0?$localtax2:'NULL').",";
//$sql.= " localtax1_type=".($localtaxtype1!=''?"'".$localtaxtype1."'":"'0'").",";
//$sql.= " localtax2_type=".($localtaxtype2!=''?"'".$localtaxtype2."'":"'0'").",";
//$sql.= " localtax1_type=".($localtaxtype1!=''?"'".$this->db->escape($localtaxtype1)."'":"'0'").",";
//$sql.= " localtax2_type=".($localtaxtype2!=''?"'".$this->db->escape($localtaxtype2)."'":"'0'").",";
$sql .= " default_vat_code=".($newdefaultvatcode ? "'".$this->db->escape($newdefaultvatcode)."'" : "null").",";
$sql .= " info_bits = ".$newnpr.",";
$sql .= " charges = ".$charges.","; // deprecated

4
htdocs/fourn/commande/list.php
View File

@ -294,9 +294,9 @@ if (empty($reshook))
$sql .= ", targettype";
$sql .= ") VALUES (";
$sql .= $id_order;
$sql .= ", '".$object->origin."'";
$sql .= ", '".$db->escape($object->origin)."'";
$sql .= ", ".$object->id;
$sql .= ", '".$object->element."'";
$sql .= ", '".$db->escape($object->element)."'";
$sql .= ")";
if (!$db->query($sql))

10
htdocs/fourn/facture/impayees.php
View File

@ -116,26 +116,26 @@ if ($user->rights->fournisseur->facture->lire)
if ($search_ref)
{
$sql .= " AND f.ref LIKE '%".$search_ref."%'";
$sql .= " AND f.ref LIKE '%".$db->escape($search_ref)."%'";
}
if ($search_ref_supplier)
{
$sql .= " AND f.ref_supplier LIKE '%".$search_ref_supplier."%'";
$sql .= " AND f.ref_supplier LIKE '%".$db->escape($search_ref_supplier)."%'";
}
if ($search_company)
{
$sql .= " AND s.nom LIKE '%".$search_company."%'";
$sql .= " AND s.nom LIKE '%".$db->escape($search_company)."%'";
}
if ($search_amount_no_tax)
{
$sql .= " AND f.total_ht = '".$search_amount_no_tax."'";
$sql .= " AND f.total_ht = '".$db->escape($search_amount_no_tax)."'";
}
if ($search_amount_all_tax)
{
$sql .= " AND f.total_ttc = '".$search_amount_all_tax."'";
$sql .= " AND f.total_ttc = '".$db->escape($search_amount_all_tax)."'";
}
if (dol_strlen(GETPOST('sf_re')) > 0)

22
htdocs/holiday/class/holiday.class.php
View File

@ -1302,8 +1302,8 @@ class Holiday extends CommonObject
{
$sql = "UPDATE ".MAIN_DB_PREFIX."holiday_config SET";
$sql .= " value = '".$value."'";
$sql .= " WHERE name = '".$name."'";
$sql .= " value = '".$this->db->escape($value)."'";
$sql .= " WHERE name = '".$this->db->escape($name)."'";
dol_syslog(get_class($this).'::updateConfCP name='.$name.'', LOG_DEBUG);
$result = $this->db->query($sql);
@ -1498,7 +1498,7 @@ class Holiday extends CommonObject
$sql = "SELECT value";
$sql .= " FROM ".MAIN_DB_PREFIX."holiday_config";
$sql .= " WHERE name = '".$name."'";
$sql .= " WHERE name = '".$this->db->escape($name)."'";
$result = $this->db->query($sql);
@ -1522,7 +1522,7 @@ class Holiday extends CommonObject
*/
public function createCPusers($single = false, $userid = '')
{
// Si c'est l'ensemble des utilisateurs à ajouter
// do we have to add balance for all users ?
if (!$single)
{
dol_syslog(get_class($this).'::createCPusers');
@ -1532,7 +1532,7 @@ class Holiday extends CommonObject
{
$sql = "INSERT INTO ".MAIN_DB_PREFIX."holiday_users";
$sql .= " (fk_user, nb_holiday)";
$sql .= " VALUES ('".$users['rowid']."','0')";
$sql .= " VALUES (".((int) $users['rowid'])."', '0')";
$resql = $this->db->query($sql);
if (!$resql) dol_print_error($this->db);
@ -1540,7 +1540,7 @@ class Holiday extends CommonObject
} else {
$sql = "INSERT INTO ".MAIN_DB_PREFIX."holiday_users";
$sql .= " (fk_user, nb_holiday)";
$sql .= " VALUES ('".$userid."','0')";
$sql .= " VALUES (".((int) $userid)."', '0')";
$resql = $this->db->query($sql);
if (!$resql) dol_print_error($this->db);
@ -1557,7 +1557,7 @@ class Holiday extends CommonObject
{
$sql = "DELETE FROM ".MAIN_DB_PREFIX."holiday_users";
$sql .= " WHERE fk_user = '".$user_id."'";
$sql .= " WHERE fk_user = ".((int) $user_id);
$this->db->query($sql);
}
@ -1925,11 +1925,11 @@ class Holiday extends CommonObject
$sql .= "fk_type";
$sql .= ") VALUES (";
$sql .= " '".$this->db->idate(dol_now())."',";
$sql .= " '".$fk_user_action."',";
$sql .= " '".$fk_user_update."',";
$sql .= " '".$this->db->escape($fk_user_action)."',";
$sql .= " '".$this->db->escape($fk_user_update)."',";
$sql .= " '".$this->db->escape($label)."',";
$sql .= " '".$prev_solde."',";
$sql .= " '".$new_solde."',";
$sql .= " '".$this->db->escape($prev_solde)."',";
$sql .= " '".$this->db->escape($new_solde)."',";
$sql .= " ".$fk_type;
$sql .= ")";

2
htdocs/holiday/list.php
View File

@ -311,7 +311,7 @@ if (!empty($search_valideur) && $search_valideur != -1) {
}
// Type
if (!empty($search_type) && $search_type != -1) {
$sql .= ' AND cp.fk_type IN ('.$this->db->sanitize($db->escape($search_type)).')';
$sql .= ' AND cp.fk_type IN ('.$db->sanitize($db->escape($search_type)).')';
}
// Status
if (!empty($search_status) && $search_status != -1) {

13
test/phpunit/CodingPhpTest.php
View File

@ -152,7 +152,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
$db=$this->savdb;
include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname');
$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT.'/holiday', 'files', 1, '\.php', null, 'fullname');
//$filesarray = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, '\.php', null, 'fullname');
foreach ($filesarray as $key => $file)
@ -170,7 +170,7 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
|| preg_match('/boxes\/box_/', $file['relativename'])
|| preg_match('/modules\/.*\/doc\/(doc|pdf)_/', $file['relativename'])
|| preg_match('/modules\/(import|mailings|printing)\//', $file['relativename'])
|| in_array($file['name'], array('modules_boxes.php', 'rapport.pdf.php'))) {
|| in_array($file['name'], array('modules_boxes.php', 'rapport.pdf.php', 'TraceableDB.php'))) {
if (! in_array($file['name'], array(
'api.class.php',
'commonobject.class.php',
@ -182,7 +182,11 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
'translate.class.php',
'utils.class.php',
'modules_product.class.php',
'modules_societe.class.php'
'modules_societe.class.php',
'TraceableDB.php',
'expeditionbatch.class.php',
'expensereport_ik.class.php',
'expensereport_rule.class.php'
))) {
// Must must not found $db->
$ok=true;
@ -200,7 +204,8 @@ class CodingPhpTest extends PHPUnit\Framework\TestCase
}
} else {
if (! in_array($file['name'], array(
'extrafieldsinexport.inc.php'
'extrafieldsinexport.inc.php',
'DolQueryCollector.php'
))) {
// Must must not found $this->db->
$ok=true;