Fix travis

htdocs/bom/class/bom.class.php

@@ -584,8 +584,8 @@ public function valid($user, $notrigger = 0)
 	        if (preg_match('/^[\(]?PROV/i', $this->ref))
 	        {
 	        	// Now we rename also files into index
-	        	$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'bom/".$this->newref."'";
-	        	$sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'bom/".$this->ref."' and entity = ".$conf->entity;
+	        	$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'bom/".$this->db->escape($this->newref)."'";
+	        	$sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'bom/".$this->db->escape($this->ref)."' and entity = ".$conf->entity;
 	        	$resql = $this->db->query($sql);
 	        	if (! $resql) { $error++; $this->error = $this->db->lasterror(); }
 

htdocs/comm/propal/class/propal.class.php

@@ -1809,8 +1809,8 @@ public function valid($user, $notrigger = 0)
 			if (preg_match('/^[\(]?PROV/i', $this->ref))
 			{
 				// Now we rename also files into index
-				$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'propale/".$this->newref."'";
-				$sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'propale/".$this->ref."' and entity = ".$conf->entity;
+				$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'propale/".$this->db->escape($this->newref)."'";
+				$sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'propale/".$this->db->escape($this-ref)."' and entity = ".$conf->entity;
 				$resql = $this->db->query($sql);
 				if (! $resql) { $error++; $this->error = $this->db->lasterror(); }
 

htdocs/commande/class/commande.class.php

@@ -425,8 +425,8 @@ public function valid($user, $idwarehouse = 0, $notrigger = 0)
 			if (preg_match('/^[\(]?PROV/i', $this->ref))
 			{
 				// Now we rename also files into index
-				$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'commande/".$this->newref."'";
-				$sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'commande/".$this->ref."' and entity = ".$conf->entity;
+				$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'commande/".$this->db->escape($this->newref)."'";
+				$sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'commande/".$this->db->escape($this-ref)."' and entity = ".$conf->entity;
 				$resql = $this->db->query($sql);
 				if (! $resql) { $error++; $this->error = $this->db->lasterror(); }
 

htdocs/compta/facture/class/facture.class.php

@@ -2419,8 +2419,8 @@ public function validate($user, $force_number = '', $idwarehouse = 0, $notrigger
 				if (preg_match('/^[\(]?PROV/i', $this->ref))
 				{
 					// Now we rename also files into index
-					$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'facture/".$this->newref."'";
-					$sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'facture/".$this->ref."' and entity = ".$conf->entity;
+					$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'facture/".$this->db->escape($this->newref)."'";
+					$sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'facture/".$this->db->escape($this-ref)."' and entity = ".$conf->entity;
 					$resql = $this->db->query($sql);
 					if (! $resql) { $error++; $this->error = $this->db->lasterror(); }
 

htdocs/contrat/class/contrat.class.php

@@ -487,8 +487,8 @@ public function validate(User $user, $force_number = '', $notrigger = 0)
 				if (preg_match('/^[\(]?PROV/i', $this->ref))
 				{
 					// Now we rename also files into index
-					$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'contract/".$this->newref."'";
-					$sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'contract/".$this->ref."' and entity = ".$conf->entity;
+					$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'contract/".$this->db->escape($this->newref)."'";
+					$sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'contract/".$this->db->escape($this-ref)."' and entity = ".$conf->entity;
 					$resql = $this->db->query($sql);
 					if (! $resql) { $error++; $this->error = $this->db->lasterror(); }
 

htdocs/expedition/class/expedition.class.php

@@ -814,8 +814,8 @@ public function valid($user, $notrigger = 0)
 			if (preg_match('/^[\(]?PROV/i', $this->ref))
 			{
 				// Now we rename also files into index
-				$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'expedition/sending/".$this->newref."'";
-				$sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'expedition/sending/".$this->ref."' and entity = ".$conf->entity;
+				$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'expedition/sending/".$this->db->escape($this->newref)."'";
+				$sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'expedition/sending/".$this->db->escape($this-ref)."' and entity = ".$conf->entity;
 				$resql = $this->db->query($sql);
 				if (! $resql) { $error++; $this->error = $this->db->lasterror(); }
 

htdocs/expensereport/class/expensereport.class.php

@@ -1152,8 +1152,8 @@ public function setValidate($fuser, $notrigger = 0)
 			    	require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 
 			    	// Now we rename also files into index
-			    	$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'expensereport/".$this->newref."'";
-			    	$sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'expensereport/".$this->ref."' and entity = ".$conf->entity;
+			    	$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'expensereport/".$this->db->escape($this->newref)."'";
+			    	$sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'expensereport/".$this->db->escape($this-ref)."' and entity = ".$conf->entity;
 					$resql = $this->db->query($sql);
 					if (! $resql) { $error++; $this->error = $this->db->lasterror(); }
 

htdocs/fichinter/class/fichinter.class.php

@@ -577,8 +577,8 @@ public function setValid($user, $notrigger = 0)
 					require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 
 					// Now we rename also files into index
-					$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'ficheinter/".$this->newref."'";
-					$sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'ficheinter/".$this->ref."' and entity = ".$conf->entity;
+					$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'ficheinter/".$this->db->escape($this->newref)."'";
+					$sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'ficheinter/".$this->db->escape($this-ref)."' and entity = ".$conf->entity;
 					$resql = $this->db->query($sql);
 					if (! $resql) { $error++; $this->error = $this->db->lasterror(); }
 

htdocs/fourn/class/fournisseur.commande.class.php

@@ -552,8 +552,8 @@ public function valid($user, $idwarehouse = 0, $notrigger = 0)
                 if (preg_match('/^[\(]?PROV/i', $this->ref))
                 {
                 	// Now we rename also files into index
-                	$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'fournisseur/commande/".$this->newref."'";
-                	$sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'fournisseur/commande/".$this->ref."' and entity = ".$conf->entity;
+                	$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'fournisseur/commande/".$this->db->escape($this->newref)."'";
+                	$sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'fournisseur/commande/".$this->db->escape($this-ref)."' and entity = ".$conf->entity;
                 	$resql = $this->db->query($sql);
                 	if (! $resql) { $error++; $this->error = $this->db->lasterror(); }
 

htdocs/fourn/class/fournisseur.facture.class.php

@@ -1420,8 +1420,8 @@ public function validate($user, $force_number = '', $idwarehouse = 0, $notrigger
             	if (preg_match('/^[\(]?PROV/i', $this->ref))
             	{
             		// Now we rename also files into index
-            		$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'fournisseur/facture/".get_exdir($this->id, 2, 0, 0, $this, 'invoice_supplier').$this->newref."'";
-            		$sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'fournisseur/facture/".get_exdir($this->id, 2, 0, 0, $this, 'invoice_supplier').$this->ref."' and entity = ".$conf->entity;
+            		$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'fournisseur/facture/".get_exdir($this->id, 2, 0, 0, $this, 'invoice_supplier').$this->db->escape($this->newref)."'";
+            		$sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'fournisseur/facture/".get_exdir($this->id, 2, 0, 0, $this, 'invoice_supplier').$this->db->escape($this-ref)."' and entity = ".$conf->entity;
             		$resql = $this->db->query($sql);
             		if (! $resql) { $error++; $this->error = $this->db->lasterror(); }
 

htdocs/livraison/class/livraison.class.php

@@ -442,8 +442,8 @@ public function valid($user)
 						if (preg_match('/^[\(]?PROV/i', $this->ref))
 						{
 							// Now we rename also files into index
-							$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'expedition/receipt/".$this->newref."'";
-							$sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'expedition/receipt/".$this->ref."' and entity = ".$conf->entity;
+							$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'expedition/receipt/".$this->db->escape($this->newref)."'";
+							$sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'expedition/receipt/".$this->db->escape($this-ref)."' and entity = ".$conf->entity;
 							$resql = $this->db->query($sql);
 							if (! $resql) { $error++; $this->error = $this->db->lasterror(); }
 

htdocs/reception/class/reception.class.php

@@ -644,8 +644,8 @@ public function valid($user, $notrigger = 0)
 			if (preg_match('/^[\(]?PROV/i', $this->ref))
 			{
 				// Now we rename also files into index
-				$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'reception/".$this->newref."'";
-				$sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'reception/".$this->ref."' and entity = ".$conf->entity;
+				$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'reception/".$this->db->escape($this->newref)."'";
+				$sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'reception/".$this->db->escape($this-ref)."' and entity = ".$conf->entity;
 				$resql = $this->db->query($sql);
 				if (! $resql) { $error++; $this->error = $this->db->lasterror(); }
 

htdocs/supplier_proposal/class/supplier_proposal.class.php

@@ -1485,8 +1485,8 @@ public function valid($user, $notrigger = 0)
                 if (preg_match('/^[\(]?PROV/i', $this->ref))
                 {
                 	// Now we rename also files into index
-                	$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'supplier_proposal/".$this->newref."'";
-                	$sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'supplier_proposal/".$this->ref."' and entity = ".$conf->entity;
+                	$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'supplier_proposal/".$this->db->escape($this->newref)."'";
+                	$sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'supplier_proposal/".$this->db->escape($this-ref)."' and entity = ".$conf->entity;
                 	$resql = $this->db->query($sql);
                 	if (! $resql) { $error++; $this->error = $this->db->lasterror(); }