Skip to content
Snippets Groups Projects
Commit 96b6f0d8 authored by Laurent Destailleur's avatar Laurent Destailleur
Browse files

Merge remote-tracking branch 'origin/3.6' into 3.7 

Conflicts:
	composer.json
	htdocs/product/ajax/products.php
	htdocs/product/class/product.class.php
parents 6ed87f43 67462a81
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
htdocs/core/class/html.form.class.php
+ 6
6
View file @ 96b6f0d8
...@@ -1579,13 +1579,13 @@ class Form ...@@ -1579,13 +1579,13 @@ class Form
foreach ($scrit as $crit) foreach ($scrit as $crit)
{ {
if ($i > 0) $sql.=" AND "; if ($i > 0) $sql.=" AND ";
$sql.="(p.ref LIKE '".$prefix.$crit."%' OR p.label LIKE '".$prefix.$crit."%'"; $sql.="(p.ref LIKE '".$db->escape($prefix.$crit)."%' OR p.label LIKE '".$db->escape($prefix.$crit)."%'";
if (! empty($conf->global->MAIN_MULTILANGS)) $sql.=" OR pl.label LIKE '".$prefix.$crit."%'"; if (! empty($conf->global->MAIN_MULTILANGS)) $sql.=" OR pl.label LIKE '".$db->escape($prefix.$crit)."%'";
$sql.=")"; $sql.=")";
$i++; $i++;
} }
if (count($scrit) > 1) $sql.=")"; if (count($scrit) > 1) $sql.=")";
if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '".$prefix.$filterkey."%'"; if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '".$db->escape($prefix.$filterkey)."%'";
$sql.=')'; $sql.=')';
} }
$sql.= $db->order("p.ref"); $sql.= $db->order("p.ref");
...@@ -1933,7 +1933,7 @@ class Form ...@@ -1933,7 +1933,7 @@ class Form
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON pfp.fk_soc = s.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON pfp.fk_soc = s.rowid";
$sql.= " WHERE p.entity IN (".getEntity('product', 1).")"; $sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
$sql.= " AND p.tobuy = 1"; $sql.= " AND p.tobuy = 1";
if (strval($filtertype) != '') $sql.=" AND p.fk_product_type=".$filtertype; if (strval($filtertype) != '') $sql.=" AND p.fk_product_type=".$this->db->escape($filtertype);
if (! empty($filtre)) $sql.=" ".$filtre; if (! empty($filtre)) $sql.=" ".$filtre;
// Add criteria on ref/label // Add criteria on ref/label
if ($filterkey != '') if ($filterkey != '')
...@@ -1947,11 +1947,11 @@ class Form ...@@ -1947,11 +1947,11 @@ class Form
foreach ($scrit as $crit) foreach ($scrit as $crit)
{ {
if ($i > 0) $sql.=" AND "; if ($i > 0) $sql.=" AND ";
$sql.="(pfp.ref_fourn LIKE '".$prefix.$crit."%' OR p.ref LIKE '".$prefix.$crit."%' OR p.label LIKE '".$prefix.$crit."%')"; $sql.="(pfp.ref_fourn LIKE '".$this->db->escape($prefix.$crit)."%' OR p.ref LIKE '".$this->db->escape($prefix.$crit)."%' OR p.label LIKE '".$this->db->escape($prefix.$crit)."%')";
$i++; $i++;
} }
if (count($scrit) > 1) $sql.=")"; if (count($scrit) > 1) $sql.=")";
if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '".$prefix.$filterkey."%'"; if (! empty($conf->barcode->enabled)) $sql.= " OR p.barcode LIKE '".$this->db->escape($prefix.$filterkey)."%'";
$sql.=')'; $sql.=')';
} }
$sql.= " ORDER BY pfp.ref_fourn DESC, pfp.quantity ASC"; $sql.= " ORDER BY pfp.ref_fourn DESC, pfp.quantity ASC";
......
htdocs/product/ajax/products.php
+ 2
1
View file @ 96b6f0d8
...@@ -169,6 +169,7 @@ if (! empty($action) && $action == 'fetch' && ! empty($id)) ...@@ -169,6 +169,7 @@ if (! empty($action) && $action == 'fetch' && ! empty($id))
$match = preg_grep('/(' . $htmlname . '[0-9]+)/', array_keys($_GET)); $match = preg_grep('/(' . $htmlname . '[0-9]+)/', array_keys($_GET));
sort($match); sort($match);
$idprod = (! empty($match[0]) ? $match[0] : ''); $idprod = (! empty($match[0]) ? $match[0] : '');
if (! GETPOST($htmlname) && ! GETPOST($idprod)) if (! GETPOST($htmlname) && ! GETPOST($idprod))
......
htdocs/product/class/product.class.php
+ 1
1
View file @ 96b6f0d8
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment