From 9334cf8fd189e31509452f8d1b9483b7e3bbf367 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 19 Dec 2015 18:03:08 +0100
Subject: [PATCH] FIX #4243 sql injection
---
htdocs/core/class/html.form.class.php | 12 ++++++------
htdocs/product/ajax/products.php | 2 +-
htdocs/product/class/product.class.php | 2 +-
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 902fff35bcb..10db9442ca6 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -1399,13 +1399,13 @@ class Form
foreach ($scrit as $crit)
{
if ($i > 0) $sql.=" AND ";
- $sql.="(p.ref LIKE '".$prefix.$crit."%' OR p.label LIKE '".$prefix.$crit."%'";
- if (! empty($conf->global->MAIN_MULTILANGS)) $sql.=" OR pl.label LIKE '".$prefix.$crit."%'";
+ $sql.="(p.ref LIKE '".$db->escape($prefix.$crit)."%' OR p.label LIKE '".$db->escape($prefix.$crit)."%'";
+ if (! empty($conf->global->MAIN_MULTILANGS)) $sql.=" OR pl.label LIKE '".$db->escape($prefix.$crit)."%'";
$sql.=")";
$i++;
}
if (count($scrit) > 1) $sql.=")";
- if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '".$prefix.$filterkey."%'";
+ if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '".$db->escape($prefix.$filterkey)."%'";
$sql.=')';
}
$sql.= $db->order("p.ref");
@@ -1750,7 +1750,7 @@ class Form
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON pfp.fk_soc = s.rowid";
$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
$sql.= " AND p.tobuy = 1";
- if (strval($filtertype) != '') $sql.=" AND p.fk_product_type=".$filtertype;
+ if (strval($filtertype) != '') $sql.=" AND p.fk_product_type=".$this->db->escape($filtertype);
if (! empty($filtre)) $sql.=" ".$filtre;
// Add criteria on ref/label
if ($filterkey != '')
@@ -1764,11 +1764,11 @@ class Form
foreach ($scrit as $crit)
{
if ($i > 0) $sql.=" AND ";
- $sql.="(pfp.ref_fourn LIKE '".$prefix.$crit."%' OR p.ref LIKE '".$prefix.$crit."%' OR p.label LIKE '".$prefix.$crit."%')";
+ $sql.="(pfp.ref_fourn LIKE '".$this->db->escape($prefix.$crit)."%' OR p.ref LIKE '".$this->db->escape($prefix.$crit)."%' OR p.label LIKE '".$this->db->escape($prefix.$crit)."%')";
$i++;
}
if (count($scrit) > 1) $sql.=")";
- if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '".$prefix.$filterkey."%'";
+ if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '".$this->db->escape($prefix.$filterkey)."%'";
$sql.=')';
}
$sql.= " ORDER BY pfp.ref_fourn DESC, pfp.quantity ASC";
diff --git a/htdocs/product/ajax/products.php b/htdocs/product/ajax/products.php
index 61a1c3bff73..c8f78a11c42 100644
--- a/htdocs/product/ajax/products.php
+++ b/htdocs/product/ajax/products.php
@@ -169,7 +169,7 @@ if (! empty($action) && $action == 'fetch' && ! empty($id)) {
$match = preg_grep('/(' . $htmlname . '[0-9]+)/', array_keys($_GET));
sort($match);
- $idprod = (! empty($match [0]) ? $match [0] : '');
+ $idprod = (! empty($match[0]) ? $match[0] : '');
if (! GETPOST($htmlname) && ! GETPOST($idprod))
return;
diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index 22dde9accc7..72f826d546f 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -2863,7 +2863,7 @@ class Product extends CommonObject
{
global $langs;
$langs->load('products');
- if ($conf->productbatch->enabled) $langs->load("productbatch");
+ if (! empty($conf->productbatch->enabled)) $langs->load("productbatch");
if ($type == 2)
{
--
GitLab