Skip to content

Commit

Permalink
Fix sql injection
Browse files Browse the repository at this point in the history
  • Loading branch information
@eldy
eldy committed Jun 18, 2017
1 parent 8debefa commit f3a5975
Showing 1 changed file with 61 additions and 61 deletions.
122 changes: 61 additions & 61 deletions htdocs/comm/propal/list.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@
}
}

$object = new Propal($db); // To be passed as parameter of executeHooks that need
$object = new Propal($db); // To be passed as parameter of executeHooks that need


/*
Expand Down Expand Up @@ -273,25 +273,25 @@
$sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
}
if ($search_town) $sql.= natural_search('s.town', $search_town);
if ($search_zip) $sql.= natural_search("s.zip",$search_zip);
if ($search_state) $sql.= natural_search("state.nom",$search_state);
if ($search_country) $sql .= " AND s.fk_pays IN (".$search_country.')';
if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$search_type_thirdparty.')';
if ($search_ref) $sql .= natural_search('p.ref', $search_ref);
if ($search_zip) $sql.= natural_search("s.zip", $search_zip);
if ($search_state) $sql.= natural_search("state.nom", $search_state);
if ($search_country) $sql .= " AND s.fk_pays IN (".$db->escape($search_country).')';
if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$db->escape($search_type_thirdparty).')';
if ($search_ref) $sql .= natural_search('p.ref', $search_ref);
if ($search_refcustomer) $sql .= natural_search('p.ref_client', $search_refcustomer);
if ($search_societe) $sql .= natural_search('s.nom', $search_societe);
if ($search_login) $sql.= " AND u.login LIKE '%".$db->escape(trim($search_login))."%'";
if ($search_societe) $sql .= natural_search('s.nom', $search_societe);
if ($search_login) $sql .= natural_search("u.login", $search_login);
if ($search_montant_ht != '') $sql.= natural_search("p.total_ht", $search_montant_ht, 1);
if ($search_montant_vat != '') $sql.= natural_search("p.tva", $search_montant_vat, 1);
if ($search_montant_ttc != '') $sql.= natural_search("p.total", $search_montant_ttc, 1);
if ($sall) {
$sql .= natural_search(array_keys($fieldstosearchall), $sall);
}
if ($search_product_category > 0) $sql.=" AND cp.fk_categorie = ".$search_product_category;
if ($search_product_category > 0) $sql.=" AND cp.fk_categorie = ".$db->escape($search_product_category);
if ($socid > 0) $sql.= ' AND s.rowid = '.$socid;
if ($viewstatut != '' && $viewstatut != '-1')
{
$sql.= ' AND p.fk_statut IN ('.$viewstatut.')';
$sql.= ' AND p.fk_statut IN ('.$db->escape($viewstatut).')';
}
if ($month > 0)
{
Expand All @@ -300,16 +300,16 @@
else if ($year > 0 && ! empty($day))
$sql.= " AND p.datep BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $month, $day, $year))."' AND '".$db->idate(dol_mktime(23, 59, 59, $month, $day, $year))."'";
else
$sql.= " AND date_format(p.datep, '%m') = '".$month."'";
$sql.= " AND date_format(p.datep, '%m') = '".$db->escape($month)."'";
}
else if ($year > 0)
{
$sql.= " AND p.datep BETWEEN '".$db->idate(dol_get_first_day($year,1,false))."' AND '".$db->idate(dol_get_last_day($year,12,false))."'";
}
if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$search_sale;
if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$db->escape($search_sale);
if ($search_user > 0)
{
$sql.= " AND c.fk_c_type_contact = tc.rowid AND tc.element='propal' AND tc.source='internal' AND c.element_id = p.rowid AND c.fk_socpeople = ".$search_user;
$sql.= " AND c.fk_c_type_contact = tc.rowid AND tc.element='propal' AND tc.source='internal' AND c.element_id = p.rowid AND c.fk_socpeople = ".$db->escape($search_user);
}
// Add where from extra fields
foreach ($search_array_options as $key => $val)
Expand Down Expand Up @@ -357,12 +357,12 @@
else
{
$title = $langs->trans('ListOfProposals');
}
}

$num = $db->num_rows($resql);

$arrayofselected=is_array($toselect)?$toselect:array();

$param='&viewstatut='.$viewstatut;
if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
Expand All @@ -386,7 +386,7 @@
$tmpkey=preg_replace('/search_options_/','',$key);
if ($val != '') $param.='&search_options_'.$tmpkey.'='.urlencode($val);
}

// List of mass actions available
$arrayofmassactions = array(
'presend'=>$langs->trans("SendByMail"),
Expand All @@ -395,7 +395,7 @@
if ($user->rights->propal->supprimer) $arrayofmassactions['delete']=$langs->trans("Delete");
if ($massaction == 'presend') $arrayofmassactions=array();
$massactionbutton=$form->selectMassAction('', $arrayofmassactions);

// Lignes des champs de filtre
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
Expand All @@ -406,11 +406,11 @@
print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';

print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_commercial.png', 0, '', '', $limit);

if ($massaction == 'presend')
{
$langs->load("mails");

if (! GETPOST('cancel'))
{
$objecttmp=new Propal($db);
Expand All @@ -429,17 +429,17 @@
}
}
}

print '<input type="hidden" name="massaction" value="confirm_presend">';

include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);

dol_fiche_head(null, '', '');

$topicmail="SendSupplierProposalRef";
$modelmail="supplier_proposal_send";

// Cree l'objet formulaire mail
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
Expand Down Expand Up @@ -492,25 +492,25 @@
$formmail->substit['__REFCLIENT__']='__REFCLIENT__'; // We want to keep the tag
$formmail->substit['__PERSONALIZED__']='';
$formmail->substit['__CONTACTCIVNAME__']='';

// Tableau des parametres complementaires du post
$formmail->param['action']=$action;
$formmail->param['models']=$modelmail;
$formmail->param['models_id']=GETPOST('modelmailselected','int');
$formmail->param['id']=join(',',$arrayofselected);
//$formmail->param['returnurl']=$_SERVER["PHP_SELF"].'?id='.$object->id;

print $formmail->get_form();

dol_fiche_end();
}

if ($sall)
{
foreach($fieldstosearchall as $key => $val) $fieldstosearchall[$key]=$langs->trans($val);
print $langs->trans("FilterOnInto", $sall) . join(', ',$fieldstosearchall);
}

$i = 0;

$moreforfilter='';
Expand Down Expand Up @@ -546,7 +546,7 @@
$reshook=$hookmanager->executeHooks('printFieldPreListTitle',$parameters); // Note that $action and $object may have been modified by hook
if (empty($reshook)) $moreforfilter .= $hookmanager->resPrint;
else $moreforfilter = $hookmanager->resPrint;

if (! empty($moreforfilter))
{
print '<div class="liste_titre liste_titre_bydiv centpercent">';
Expand All @@ -556,10 +556,10 @@

$varpage=empty($contextpage)?$_SERVER["PHP_SELF"]:$contextpage;
$selectedfields=$form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields

print '<div class="div-table-responsive">';
print '<table class="tagtable liste'.($moreforfilter?" listwithfilterbefore":"").'">'."\n";

// Fields title
print '<tr class="liste_titre">';
if (! empty($arrayfields['p.ref']['checked'])) print_liste_field_titre($arrayfields['p.ref']['label'],$_SERVER["PHP_SELF"],'p.ref','',$param,'',$sortfield,$sortorder);
Expand All @@ -579,9 +579,9 @@
// Extra fields
if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
{
foreach($extrafields->attribute_label as $key => $val)
foreach($extrafields->attribute_label as $key => $val)
{
if (! empty($arrayfields["ef.".$key]['checked']))
if (! empty($arrayfields["ef.".$key]['checked']))
{
$align=$extrafields->getAlignFlag($key);
print_liste_field_titre($extralabels[$key],$_SERVER["PHP_SELF"],"ef.".$key,"",$param,($align?'align="'.$align.'"':''),$sortfield,$sortorder);
Expand All @@ -597,9 +597,9 @@
if (! empty($arrayfields['p.fk_statut']['checked'])) print_liste_field_titre($arrayfields['p.fk_statut']['label'],$_SERVER["PHP_SELF"],"p.fk_statut","",$param,'align="right"',$sortfield,$sortorder);
print_liste_field_titre($selectedfields, $_SERVER["PHP_SELF"],"",'','','align="right"',$sortfield,$sortorder,'maxwidthsearch ');
print '</tr>'."\n";

print '<tr class="liste_titre">';
if (! empty($arrayfields['p.ref']['checked']))
if (! empty($arrayfields['p.ref']['checked']))
{
print '<td class="liste_titre">';
print '<input class="flat" size="6" type="text" name="search_ref" value="'.$search_ref.'">';
Expand Down Expand Up @@ -641,7 +641,7 @@
print '</td>';
}
// Date
if (! empty($arrayfields['p.date']['checked']))
if (! empty($arrayfields['p.date']['checked']))
{
print '<td class="liste_titre" colspan="1" align="center">';
//print $langs->trans('Month').': ';
Expand All @@ -653,7 +653,7 @@
print '</td>';
}
// Date end
if (! empty($arrayfields['p.fin_validite']['checked']))
if (! empty($arrayfields['p.fin_validite']['checked']))
{
print '<td class="liste_titre" colspan="1">&nbsp;</td>';
}
Expand Down Expand Up @@ -736,7 +736,7 @@
$searchpitco=$form->showFilterAndCheckAddButtons($massactionbutton?1:0, 'checkforselect', 1);
print $searchpitco;
print '</td>';

print "</tr>\n";

$now = dol_now();
Expand All @@ -747,16 +747,16 @@
{
$obj = $db->fetch_object($resql);
$var=!$var;

$objectstatic->id=$obj->rowid;
$objectstatic->ref=$obj->ref;

print '<tr '.$bc[$var].'>';

if (! empty($arrayfields['p.ref']['checked']))
{
print '<td class="nowrap">';

print '<table class="nobordernopadding"><tr class="nocellnopadd">';
// Picto + Ref
print '<td class="nobordernopadding nowrap">';
Expand Down Expand Up @@ -785,11 +785,11 @@
$urlsource=$_SERVER['PHP_SELF'].'?id='.$obj->rowid;
print $formfile->getDocumentsLink($objectstatic->element, $filename, $filedir);
print '</td></tr></table>';

print "</td>\n";
if (! $i) $totalarray['nbfield']++;
}

if (! empty($arrayfields['p.ref_client']['checked']))
{
// Customer ref
Expand All @@ -798,12 +798,12 @@
print '</td>';
if (! $i) $totalarray['nbfield']++;
}

$companystatic->id=$obj->socid;
$companystatic->name=$obj->name;
$companystatic->client=$obj->client;
$companystatic->code_client=$obj->code_client;

// Thirdparty
if (! empty($arrayfields['s.nom']['checked']))
{
Expand All @@ -812,7 +812,7 @@
print '</td>';
if (! $i) $totalarray['nbfield']++;
}

// Town
if (! empty($arrayfields['s.town']['checked']))
{
Expand Down Expand Up @@ -853,7 +853,7 @@
print '</td>';
if (! $i) $totalarray['nbfield']++;
}

// Date proposal
if (! empty($arrayfields['p.date']['checked']))
{
Expand All @@ -862,7 +862,7 @@
print "</td>\n";
if (! $i) $totalarray['nbfield']++;
}

// Date end validity
if (! empty($arrayfields['p.fin_validite']['checked']))
{
Expand All @@ -877,7 +877,7 @@
}
if (! $i) $totalarray['nbfield']++;
}

// Amount HT
if (! empty($arrayfields['p.total_ht']['checked']))
{
Expand All @@ -902,7 +902,7 @@
if (! $i) $totalarray['totalttcfield']=$totalarray['nbfield'];
$totalarray['totalttc'] += $obj->total_ttc;
}

$userstatic->id=$obj->fk_user_author;
$userstatic->login=$obj->login;

Expand All @@ -915,7 +915,7 @@
print "</td>\n";
if (! $i) $totalarray['nbfield']++;
}

// Extra fields
if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label))
{
Expand Down Expand Up @@ -1000,39 +1000,39 @@
else print '<td></td>';
}
print '</tr>';

}

$db->free($resql);

$parameters=array('arrayfields'=>$arrayfields, 'sql'=>$sql);
$reshook=$hookmanager->executeHooks('printFieldListFooter',$parameters); // Note that $action and $object may have been modified by hook
print $hookmanager->resPrint;

print '</table>'."\n";
print '</div>'."\n";

print '</form>'."\n";

if ($massaction == 'builddoc' || $action == 'remove_file' || $show_files)
{
/*
* Show list of available documents
*/
$urlsource=$_SERVER['PHP_SELF'].'?sortfield='.$sortfield.'&sortorder='.$sortorder;
$urlsource.=str_replace('&amp;','&',$param);

$filedir=$diroutputmassaction;
$genallowed=$user->rights->propal->lire;
$delallowed=$user->rights->propal->lire;

print $formfile->showdocuments('massfilesarea_proposals','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,'','');
}
else
{
print '<br><a name="show_files"></a><a href="'.$_SERVER["PHP_SELF"].'?show_files=1'.$param.'#show_files">'.$langs->trans("ShowTempMassFilesArea").'</a>';
}

}
else
{
Expand Down

0 comments on commit f3a5975

Please sign in to comment.