diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php
index c79f67de19555a03333fb719ddd36f6578cfb81e..38a8f9839038223c382920abb35033379f0be134 100644
--- a/htdocs/commande/class/commande.class.php
+++ b/htdocs/commande/class/commande.class.php
@@ -9,7 +9,7 @@
* Copyright (C) 2012 Cedric Salvador <csalvador@gpcsolutions.fr>
* Copyright (C) 2013 Florian Henry <florian.henry@open-concept.pro>
* Copyright (C) 2014-2015 Marcos GarcĂa <marcosgdf@gmail.com>
- * Copyright (C) 2016 Ferran Marcet <fmarcet@2byte.es>
+ * Copyright (C) 2016-2017 Ferran Marcet <fmarcet@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -136,6 +136,7 @@ class Commande extends CommonOrder
public $linked_objects=array();
public $user_author_id;
+ public $user_valid;
/**
* @var OrderLine[]
@@ -1542,7 +1543,7 @@ class Commande extends CommonOrder
// Check parameters
if (empty($id) && empty($ref) && empty($ref_ext) && empty($ref_int)) return -1;
- $sql = 'SELECT c.rowid, c.date_creation, c.ref, c.fk_soc, c.fk_user_author, c.fk_statut';
+ $sql = 'SELECT c.rowid, c.date_creation, c.ref, c.fk_soc, c.fk_user_author, c.fk_user_valid, c.fk_statut';
$sql.= ', c.amount_ht, c.total_ht, c.total_ttc, c.tva as total_tva, c.localtax1 as total_localtax1, c.localtax2 as total_localtax2, c.fk_cond_reglement, c.fk_mode_reglement, c.fk_availability, c.fk_input_reason';
$sql.= ', c.fk_account';
$sql.= ', c.date_commande';
@@ -1586,6 +1587,7 @@ class Commande extends CommonOrder
$this->socid = $obj->fk_soc;
$this->statut = $obj->fk_statut;
$this->user_author_id = $obj->fk_user_author;
+ $this->user_valid = $obj->fk_user_valid;
$this->total_ht = $obj->total_ht;
$this->total_tva = $obj->total_tva;
$this->total_localtax1 = $obj->total_localtax1;
@@ -3004,8 +3006,8 @@ class Commande extends CommonOrder
$sql.= " total_ht=".(isset($this->total_ht)?$this->total_ht:"null").",";
$sql.= " total_ttc=".(isset($this->total_ttc)?$this->total_ttc:"null").",";
$sql.= " fk_statut=".(isset($this->statut)?$this->statut:"null").",";
- $sql.= " fk_user_author=".(isset($this->user_author)?$this->user_author:"null").",";
- $sql.= " fk_user_valid=".(isset($this->fk_user_valid)?$this->fk_user_valid:"null").",";
+ $sql.= " fk_user_author=".(isset($this->user_author_id)?$this->user_author_id:"null").",";
+ $sql.= " fk_user_valid=".(isset($this->user_valid)?$this->user_valid:"null").",";
$sql.= " fk_projet=".(isset($this->fk_project)?$this->fk_project:"null").",";
$sql.= " fk_cond_reglement=".(isset($this->cond_reglement_id)?$this->cond_reglement_id:"null").",";
$sql.= " fk_mode_reglement=".(isset($this->mode_reglement_id)?$this->mode_reglement_id:"null").",";
diff --git a/htdocs/core/class/translate.class.php b/htdocs/core/class/translate.class.php
index e5a93d59c6daa2433e500d2279b3202710783393..e355e8c19a129cb5fdf17c7bccc035a7816fb84d 100644
--- a/htdocs/core/class/translate.class.php
+++ b/htdocs/core/class/translate.class.php
@@ -443,7 +443,7 @@ class Translate
if (! $found)
{
// Overwrite translation with database read
- $sql="SELECT transkey, transvalue FROM ".MAIN_DB_PREFIX."overwrite_trans where lang='".$this->defaultlang."'";
+ $sql="SELECT transkey, transvalue FROM ".MAIN_DB_PREFIX."overwrite_trans where lang='".$db->escape($this->defaultlang)."'";
$resql=$db->query($sql);
if ($resql)