From a5e3adc6f1453a3719fa0aeda7a8e01fe2ffb5cc Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 29 Jul 2019 10:51:17 +0200 Subject: [PATCH] Fix travis --- htdocs/bom/class/bom.class.php | 4 ++-- htdocs/comm/propal/class/propal.class.php | 4 ++-- htdocs/commande/class/commande.class.php | 4 ++-- htdocs/compta/facture/class/facture.class.php | 4 ++-- htdocs/contrat/class/contrat.class.php | 4 ++-- htdocs/expedition/class/expedition.class.php | 4 ++-- htdocs/expensereport/class/expensereport.class.php | 4 ++-- htdocs/fichinter/class/fichinter.class.php | 4 ++-- htdocs/fourn/class/fournisseur.commande.class.php | 4 ++-- htdocs/fourn/class/fournisseur.facture.class.php | 4 ++-- htdocs/livraison/class/livraison.class.php | 4 ++-- htdocs/reception/class/reception.class.php | 4 ++-- htdocs/supplier_proposal/class/supplier_proposal.class.php | 4 ++-- 13 files changed, 26 insertions(+), 26 deletions(-) diff --git a/htdocs/bom/class/bom.class.php b/htdocs/bom/class/bom.class.php index dd861d5dc4767..40b4e89dfc5c5 100644 --- a/htdocs/bom/class/bom.class.php +++ b/htdocs/bom/class/bom.class.php @@ -584,8 +584,8 @@ public function valid($user, $notrigger = 0) if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index - $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'bom/".$this->newref."'"; - $sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'bom/".$this->ref."' and entity = ".$conf->entity; + $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'bom/".$this->db->escape($this->newref)."'"; + $sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'bom/".$this->db->escape($this->ref)."' and entity = ".$conf->entity; $resql = $this->db->query($sql); if (! $resql) { $error++; $this->error = $this->db->lasterror(); } diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index 5de2c9b23f540..d957235d9674c 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -1809,8 +1809,8 @@ public function valid($user, $notrigger = 0) if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index - $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'propale/".$this->newref."'"; - $sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'propale/".$this->ref."' and entity = ".$conf->entity; + $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'propale/".$this->db->escape($this->newref)."'"; + $sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'propale/".$this->db->escape($this-ref)."' and entity = ".$conf->entity; $resql = $this->db->query($sql); if (! $resql) { $error++; $this->error = $this->db->lasterror(); } diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index d0e0addbc94c0..15156688603cc 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -425,8 +425,8 @@ public function valid($user, $idwarehouse = 0, $notrigger = 0) if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index - $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'commande/".$this->newref."'"; - $sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'commande/".$this->ref."' and entity = ".$conf->entity; + $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'commande/".$this->db->escape($this->newref)."'"; + $sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'commande/".$this->db->escape($this-ref)."' and entity = ".$conf->entity; $resql = $this->db->query($sql); if (! $resql) { $error++; $this->error = $this->db->lasterror(); } diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 2a9a4f5686d3a..216282d369ebb 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -2419,8 +2419,8 @@ public function validate($user, $force_number = '', $idwarehouse = 0, $notrigger if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index - $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'facture/".$this->newref."'"; - $sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'facture/".$this->ref."' and entity = ".$conf->entity; + $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'facture/".$this->db->escape($this->newref)."'"; + $sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'facture/".$this->db->escape($this-ref)."' and entity = ".$conf->entity; $resql = $this->db->query($sql); if (! $resql) { $error++; $this->error = $this->db->lasterror(); } diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index 0b08d3723da9c..bfc18faf12353 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -487,8 +487,8 @@ public function validate(User $user, $force_number = '', $notrigger = 0) if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index - $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'contract/".$this->newref."'"; - $sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'contract/".$this->ref."' and entity = ".$conf->entity; + $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'contract/".$this->db->escape($this->newref)."'"; + $sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'contract/".$this->db->escape($this-ref)."' and entity = ".$conf->entity; $resql = $this->db->query($sql); if (! $resql) { $error++; $this->error = $this->db->lasterror(); } diff --git a/htdocs/expedition/class/expedition.class.php b/htdocs/expedition/class/expedition.class.php index 37f191a0ab043..3205a245285b3 100644 --- a/htdocs/expedition/class/expedition.class.php +++ b/htdocs/expedition/class/expedition.class.php @@ -814,8 +814,8 @@ public function valid($user, $notrigger = 0) if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index - $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'expedition/sending/".$this->newref."'"; - $sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'expedition/sending/".$this->ref."' and entity = ".$conf->entity; + $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'expedition/sending/".$this->db->escape($this->newref)."'"; + $sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'expedition/sending/".$this->db->escape($this-ref)."' and entity = ".$conf->entity; $resql = $this->db->query($sql); if (! $resql) { $error++; $this->error = $this->db->lasterror(); } diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php index 2d9795e6f597d..63b0b798a298e 100644 --- a/htdocs/expensereport/class/expensereport.class.php +++ b/htdocs/expensereport/class/expensereport.class.php @@ -1152,8 +1152,8 @@ public function setValidate($fuser, $notrigger = 0) require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; // Now we rename also files into index - $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'expensereport/".$this->newref."'"; - $sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'expensereport/".$this->ref."' and entity = ".$conf->entity; + $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'expensereport/".$this->db->escape($this->newref)."'"; + $sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'expensereport/".$this->db->escape($this-ref)."' and entity = ".$conf->entity; $resql = $this->db->query($sql); if (! $resql) { $error++; $this->error = $this->db->lasterror(); } diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index ce066fc8c1197..c987e6ffc58c0 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -577,8 +577,8 @@ public function setValid($user, $notrigger = 0) require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; // Now we rename also files into index - $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'ficheinter/".$this->newref."'"; - $sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'ficheinter/".$this->ref."' and entity = ".$conf->entity; + $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'ficheinter/".$this->db->escape($this->newref)."'"; + $sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'ficheinter/".$this->db->escape($this-ref)."' and entity = ".$conf->entity; $resql = $this->db->query($sql); if (! $resql) { $error++; $this->error = $this->db->lasterror(); } diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index b32e90c311df8..c85bfaaf2d34a 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -552,8 +552,8 @@ public function valid($user, $idwarehouse = 0, $notrigger = 0) if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index - $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'fournisseur/commande/".$this->newref."'"; - $sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'fournisseur/commande/".$this->ref."' and entity = ".$conf->entity; + $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'fournisseur/commande/".$this->db->escape($this->newref)."'"; + $sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'fournisseur/commande/".$this->db->escape($this-ref)."' and entity = ".$conf->entity; $resql = $this->db->query($sql); if (! $resql) { $error++; $this->error = $this->db->lasterror(); } diff --git a/htdocs/fourn/class/fournisseur.facture.class.php b/htdocs/fourn/class/fournisseur.facture.class.php index b13925bf29dd8..31780d33ed51b 100644 --- a/htdocs/fourn/class/fournisseur.facture.class.php +++ b/htdocs/fourn/class/fournisseur.facture.class.php @@ -1420,8 +1420,8 @@ public function validate($user, $force_number = '', $idwarehouse = 0, $notrigger if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index - $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'fournisseur/facture/".get_exdir($this->id, 2, 0, 0, $this, 'invoice_supplier').$this->newref."'"; - $sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'fournisseur/facture/".get_exdir($this->id, 2, 0, 0, $this, 'invoice_supplier').$this->ref."' and entity = ".$conf->entity; + $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'fournisseur/facture/".get_exdir($this->id, 2, 0, 0, $this, 'invoice_supplier').$this->db->escape($this->newref)."'"; + $sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'fournisseur/facture/".get_exdir($this->id, 2, 0, 0, $this, 'invoice_supplier').$this->db->escape($this-ref)."' and entity = ".$conf->entity; $resql = $this->db->query($sql); if (! $resql) { $error++; $this->error = $this->db->lasterror(); } diff --git a/htdocs/livraison/class/livraison.class.php b/htdocs/livraison/class/livraison.class.php index f24a2aee71335..88cf4e1355abd 100644 --- a/htdocs/livraison/class/livraison.class.php +++ b/htdocs/livraison/class/livraison.class.php @@ -442,8 +442,8 @@ public function valid($user) if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index - $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'expedition/receipt/".$this->newref."'"; - $sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'expedition/receipt/".$this->ref."' and entity = ".$conf->entity; + $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'expedition/receipt/".$this->db->escape($this->newref)."'"; + $sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'expedition/receipt/".$this->db->escape($this-ref)."' and entity = ".$conf->entity; $resql = $this->db->query($sql); if (! $resql) { $error++; $this->error = $this->db->lasterror(); } diff --git a/htdocs/reception/class/reception.class.php b/htdocs/reception/class/reception.class.php index 84f95e40b9a56..e89eb2c595b0f 100644 --- a/htdocs/reception/class/reception.class.php +++ b/htdocs/reception/class/reception.class.php @@ -644,8 +644,8 @@ public function valid($user, $notrigger = 0) if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index - $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'reception/".$this->newref."'"; - $sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'reception/".$this->ref."' and entity = ".$conf->entity; + $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'reception/".$this->db->escape($this->newref)."'"; + $sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'reception/".$this->db->escape($this-ref)."' and entity = ".$conf->entity; $resql = $this->db->query($sql); if (! $resql) { $error++; $this->error = $this->db->lasterror(); } diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index 786485ad6ddf4..cb4f774a9510d 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -1485,8 +1485,8 @@ public function valid($user, $notrigger = 0) if (preg_match('/^[\(]?PROV/i', $this->ref)) { // Now we rename also files into index - $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->newref."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'supplier_proposal/".$this->newref."'"; - $sql.= " WHERE filename LIKE '".$this->ref."%' AND filepath = 'supplier_proposal/".$this->ref."' and entity = ".$conf->entity; + $sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref)+1).")), filepath = 'supplier_proposal/".$this->db->escape($this->newref)."'"; + $sql.= " WHERE filename LIKE '".$this->db->escape($this-ref)."%' AND filepath = 'supplier_proposal/".$this->db->escape($this-ref)."' and entity = ".$conf->entity; $resql = $this->db->query($sql); if (! $resql) { $error++; $this->error = $this->db->lasterror(); }