4 years ago · 14baec95dc
--- a/htdocs/core/lib/invoice2.lib.php
+++ b/htdocs/core/lib/invoice2.lib.php
@@ -43,7 +43,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/pdf.lib.php';
 
				  * @param	int			$regenerate				''=Use existing PDF files, 'nameofpdf'=Regenerate all PDF files using the template
			
 
				  * @param	string		$filesuffix				Suffix to add into file name of generated PDF
			
 
				  * @param	string		$paymentbankid			Only if payment on this bank account id
			
 
				- * @param	array		$thirdpartiesid			List of thirdparties id when using filter excludethirdpartiesid	or onlythirdpartiesid
			
 
				+ * @param	array		$thirdpartiesid			List of thirdparties id when using filter=excludethirdpartiesid	or filter=onlythirdpartiesid
			
 
				  * @param	string		$fileprefix				Prefix to add into filename of generated PDF
			
 
				  * @return	int									Error code
			
 
				  */
			
--- a/scripts/accountancy/export-thirdpartyaccount.php
+++ b/scripts/accountancy/export-thirdpartyaccount.php
@@ -138,8 +138,8 @@ if (!empty($date_start) && !empty($date_end)) {
 
				 	$sql .= " AND f.datec >= '".$db->idate($date_start)."' AND f.datec <= '".$db->idate($date_end)."'";
			
 
				 }
			
 
				 $sql .= " AND f.entity IN (".getEntity('invoice', 0).")";
			
 
				-if ($socid) {
			
 
				-	$sql .= " AND f.fk_soc = ".$socid;
			
 
				+if ($socid > 0) {
			
 
				+	$sql .= " AND f.fk_soc = ".((int) $socid);
			
 
				 }
			
 
				 $sql .= " GROUP BY name";
			
 
				 $sql .= ")";
			
@@ -154,8 +154,8 @@ if (!empty($date_start) && !empty($date_end)) {
 
				 	$sql .= " AND ff.datec >= '".$db->idate($date_start)."' AND ff.datec <= '".$db->idate($date_end)."'";
			
 
				 }
			
 
				 $sql .= " AND ff.entity = ".$conf->entity;
			
 
				-if ($socid) {
			
 
				-	$sql .= " AND f.fk_soc = ".$socid;
			
 
				+if ($socid > 0) {
			
 
				+	$sql .= " AND f.fk_soc = ".((int) $socid);
			
 
				 }
			
 
				 $sql .= " GROUP BY name";
			
 
				 $sql .= ")";
			
--- a/scripts/bank/export-bank-receipts.php
+++ b/scripts/bank/export-bank-receipts.php
@@ -168,9 +168,9 @@ $sql .= " b.amount, b.label, b.rappro, b.num_releve, b.num_chq, b.fk_type,";
 
				 $sql .= " ba.rowid as bankid, ba.ref as bankref, ba.label as banklabel";
			
 
				 $sql .= " FROM ".MAIN_DB_PREFIX."bank_account as ba";
			
 
				 $sql .= ", ".MAIN_DB_PREFIX."bank as b";
			
 
				-$sql .= " WHERE b.fk_account = ".$acct->id;
			
 
				+$sql .= " WHERE b.fk_account = ".((int) $acct->id);
			
 
				 if ($listofnum) {
			
 
				-	$sql .= " AND b.num_releve IN (".$listofnum.")";
			
 
				+	$sql .= " AND b.num_releve IN (".$db->sanitize($listofnum, 1).")";
			
 
				 }
			
 
				 if (!isset($num)) {
			
 
				 	$sql .= " OR b.num_releve is null";
			
--- a/scripts/contracts/email_expire_services_to_representatives.php
+++ b/scripts/contracts/email_expire_services_to_representatives.php
@@ -93,6 +93,7 @@ if ($resql) {
 
				 	$num = $db->num_rows($resql);
			
 
				 	$i = 0;
			
 
				 	$oldemail = 'none';
			
 
				+	$oldsalerepresentative = '';
			
 
				 	$olduid = 0;
			
 
				 	$oldlang = '';
			
 
				 	$total = 0;
			
--- a/scripts/emailings/mailing-send.php
+++ b/scripts/emailings/mailing-send.php
@@ -25,7 +25,6 @@
 
				  * \ingroup mailing
			
 
				  * \brief 	Script to send a prepared and validated emaling from command line
			
 
				  */
			
 
				-
			
 
				 if (!defined('NOSESSION')) {
			
 
				 	define('NOSESSION', '1');
			
 
				 }
			
@@ -98,7 +97,7 @@ $sql = "SELECT m.rowid";
 
				 $sql .= " FROM ".MAIN_DB_PREFIX."mailing as m";
			
 
				 $sql .= " WHERE m.statut IN (1,2)";
			
 
				 if ($id != 'all') {
			
 
				-	$sql .= " AND m.rowid= ".$id;
			
 
				+	$sql .= " AND m.rowid= ".((int) $id);
			
 
				 	$sql .= " LIMIT 1";
			
 
				 }
			
 
				 
			
@@ -144,7 +143,7 @@ if ($resql) {
 
				 			} elseif ($conf->global->MAILING_LIMIT_SENDBYCLI > 0 && $max > 0) {
			
 
				 				$sql2 .= " LIMIT ".min($conf->global->MAILING_LIMIT_SENDBYCLI, $max);
			
 
				 			} elseif ($max > 0) {
			
 
				-				$sql2 .= " LIMIT ".$max;
			
 
				+				$sql2 .= " LIMIT ".((int) $max);
			
 
				 			}
			
 
				 
			
 
				 			$resql2 = $db->query($sql2);
			
@@ -386,7 +385,7 @@ if ($resql) {
 
				 					$statut = 3;
			
 
				 				}
			
 
				 
			
 
				-				$sqlenddate = "UPDATE ".MAIN_DB_PREFIX."mailing SET statut=".$statut." WHERE rowid=".$id;
			
 
				+				$sqlenddate = "UPDATE ".MAIN_DB_PREFIX."mailing SET statut=".((int) $statut)." WHERE rowid=".((int) $id);
			
 
				 
			
 
				 				dol_syslog("update global status", LOG_DEBUG);
			
 
				 				print "Update status of emailing id ".$id." to ".$statut."\n";
			
--- a/scripts/emailings/reset-invalid-emails.php
+++ b/scripts/emailings/reset-invalid-emails.php
@@ -111,7 +111,7 @@ while ($tmp != null) {
 
				 
			
 
				 	if ($type == 'all' || $type == 'users') {
			
 
				 		// Loop on each record and update the email to null if email into $groupofemails
			
 
				-		$sql = $sql_base."user as u SET u.email = NULL WHERE u.email IN (".$emailsin.");";
			
 
				+		$sql = $sql_base."user as u SET u.email = NULL WHERE u.email IN (".$db->sanitize($emailsin, 1).");";
			
 
				 		print "Try to update users, ";
			
 
				 		$resql = $db->query($sql);
			
 
				 		if (!$resql) {
			
@@ -122,7 +122,7 @@ while ($tmp != null) {
 
				 
			
 
				 	if ($type == 'all' || $type == 'thirdparties') {
			
 
				 		// Loop on each record and update the email to null if email into $groupofemails
			
 
				-		$sql = $sql_base."societe as s SET s.email = NULL WHERE s.email IN (".$emailsin.");";
			
 
				+		$sql = $sql_base."societe as s SET s.email = NULL WHERE s.email IN (".$db->sanitize($emailsin, 1).");";
			
 
				 		print "Try to update thirdparties, ";
			
 
				 		$resql = $db->query($sql);
			
 
				 		if (!$resql) {
			
@@ -134,7 +134,7 @@ while ($tmp != null) {
 
				 	if ($type == 'all' || $type == 'contacts') {
			
 
				 		// Loop on each record and update the email to null if email into $groupofemails
			
 
				 
			
 
				-		$sql = $sql_base."socpeople as s SET s.email = NULL WHERE s.email IN (".$emailsin.");";
			
 
				+		$sql = $sql_base."socpeople as s SET s.email = NULL WHERE s.email IN (".$db->sanitize($emailsin, 1).");";
			
 
				 		print "Try to update contacts, ";
			
 
				 		$resql = $db->query($sql);
			
 
				 		if (!$resql) {
			
@@ -146,7 +146,7 @@ while ($tmp != null) {
 
				 	if ($type == 'all' || $type == 'members') {
			
 
				 		// Loop on each record and update the email to null if email into $groupofemails
			
 
				 
			
 
				-		$sql = $sql_base."adherent as a SET a.email = NULL WHERE a.email IN (".$emailsin.");";
			
 
				+		$sql = $sql_base."adherent as a SET a.email = NULL WHERE a.email IN (".$db->sanitize($emailsin, 1).");";
			
 
				 		print "Try to update members, ";
			
 
				 		$resql = $db->query($sql);
			
 
				 		if (!$resql) {
			
--- a/scripts/product/regenerate_thumbs.php
+++ b/scripts/product/regenerate_thumbs.php
@@ -1,7 +1,6 @@
 
				 #!/usr/bin/env php
			
 
				 <?php
			
 
				-/*
			
 
				- * Copyright (C) 2007-2016 Laurent Destailleur <eldy@users.sourceforge.net>
			
 
				+/* Copyright (C) 2007-2016 Laurent Destailleur <eldy@users.sourceforge.net>
			
 
				  * Copyright (C) 2015 Jean Heimburger <http://tiaris.eu>
			
 
				  *
			
 
				  * This program is free software; you can redistribute it and/or modify
			
--- a/scripts/withdrawals/build_withdrawal_file.php
+++ b/scripts/withdrawals/build_withdrawal_file.php
@@ -1,7 +1,6 @@
 
				 #!/usr/bin/env php
			
 
				 <?php
			
 
				-/*
			
 
				- * Copyright (C) 2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
			
 
				+/* Copyright (C) 2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
			
 
				  * Copyright (C) 2005-2010 Laurent Destailleur <eldy@users.sourceforge.net>
			
 
				  *
			
 
				  * This program is free software; you can redistribute it and/or modify