Fix: problem with specific numbering module

Dolibarr · Mar 9, 2011 · 8b1b3ef · 8b1b3ef
1 parent fe212f7
commit 8b1b3ef
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/htdocs/lib/functions2.lib.php b/htdocs/lib/functions2.lib.php
@@ -423,8 +423,8 @@ function get_next_value($db,$mask,$table,$field,$where='',$objsoc='',$date='',$m
         if ($maskraz > 12) return 'ErrorBadMaskBadRazMonth';
 
         // Define reg
-        if ($maskraz > 1 && ! preg_match('/^(.*)\{(y+)\}\{(m+)\}/i',$maskwithonlyymcode,$reg)) return 'ErrorCantUseRazInStartedYearIfNoYearMonthInMask';
-        if ($maskraz <= 1 && ! preg_match('/^(.*)\{(y+)\}/i',$maskwithonlyymcode,$reg)) return 'ErrorCantUseRazIfNoYearInMask';
+        if ($maskraz > 1 && ! preg_match('/^(.*)\{(y)+\}\{(m)+\}/i',$maskwithonlyymcode,$reg) && ! preg_match('/^(.*)\{(m)+\}\{(y)+\}/i',$maskwithonlyymcode,$reg)) return 'ErrorCantUseRazInStartedYearIfNoYearMonthInMask';
+        if ($maskraz <= 1 && ! preg_match('/^(.*)\{(y)+\}/i',$maskwithonlyymcode,$reg)) return 'ErrorCantUseRazIfNoYearInMask';
         //print "x".$maskwithonlyymcode." ".$maskraz;
 
         // Define $yearcomp and $monthcomp (that will be use in the select where to search max number)
@@ -448,7 +448,7 @@ function get_next_value($db,$mask,$table,$field,$where='',$objsoc='',$date='',$m
             $sqlwhere.=') )';
         }
     }
-    //print "masktri=".$masktri." maskcounter=".$maskcounter." maskraz=".$maskraz." maskoffset=".$maskoffset."<br>\n";
+    //print "masktri=".$masktri." maskcounter=".$maskcounter." maskraz=".$maskraz." maskoffset=".$maskoffset." yearcomp=".$yearcomp."<br>\n";
 
     // Define $sqlstring
     $posnumstart=strpos($maskwithnocode,$maskcounter);	// Pos of counter in final string (from 0 to ...)
@@ -931,7 +931,7 @@ function dol_set_user_param($db, $conf, &$user, $tab)
         {
             $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_param(fk_user,entity,param,value)";
             $sql.= " VALUES (".$user->id.",".$conf->entity.",";
-            $sql.= " '".$key."','".addslashes($value)."');";
+            $sql.= " '".$key."','".$db->escape($value)."');";
             dol_syslog("functions2.lib::dol_set_user_param sql=".$sql, LOG_DEBUG);
 
             $result=$db->query($sql);