1 年之前 · 2f1eecd709
--- a/htdocs/core/class/cunits.class.php
+++ b/htdocs/core/class/cunits.class.php
@@ -117,14 +117,14 @@ class CUnits // extends CommonObject
 
				 		$sql .= "code,";
			
 
				 		$sql .= "label,";
			
 
				 		$sql .= "short_label,";
			
 
				-		$sql .= "unit_type";
			
 
				+		$sql .= "unit_type,";
			
 
				 		$sql .= "scale";
			
 
				 		$sql .= ") VALUES (";
			
 
				 		$sql .= " ".(!isset($this->id) ? 'NULL' : "'".$this->db->escape($this->id)."'").",";
			
 
				 		$sql .= " ".(!isset($this->code) ? 'NULL' : "'".$this->db->escape($this->code)."'").",";
			
 
				 		$sql .= " ".(!isset($this->label) ? 'NULL' : "'".$this->db->escape($this->label)."'").",";
			
 
				 		$sql .= " ".(!isset($this->short_label) ? 'NULL' : "'".$this->db->escape($this->short_label)."'").",";
			
 
				-		$sql .= " ".(!isset($this->unit_type) ? 'NULL' : "'".$this->db->escape($this->unit_type)."'");
			
 
				+		$sql .= " ".(!isset($this->unit_type) ? 'NULL' : "'".$this->db->escape($this->unit_type)."'").",";
			
 
				 		$sql .= " ".(!isset($this->scale) ? 'NULL' : "'".$this->db->escape($this->scale)."'");
			
 
				 		$sql .= ")";
			
 
				 
			
--- a/htdocs/core/modules/barcode/mod_barcode_product_standard.php
+++ b/htdocs/core/modules/barcode/mod_barcode_product_standard.php
@@ -294,6 +294,8 @@ class mod_barcode_product_standard extends ModeleNumRefBarCode
 
				 		// phpcs:enable
			
 
				 		$sql = "SELECT barcode FROM ".MAIN_DB_PREFIX."product";
			
 
				 		$sql .= " WHERE barcode = '".$db->escape($code)."'";
			
 
				+		$sql .= " AND entity IN (".getEntity('product').")";
			
 
				+
			
 
				 		if ($product->id > 0) {
			
 
				 			$sql .= " AND rowid <> ".$product->id;
			
 
				 		}
			
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -2077,8 +2077,20 @@ function top_menu($head, $title = '', $target = '', $disablejs = 0, $disablehead
 
				 
			
 
				 			if (isset($_POST) && is_array($_POST)) {
			
 
				 				foreach ($_POST as $key => $value) {
			
 
				-					if ($key !== 'action' && $key !== 'password' && !is_array($value)) {
			
 
				-						$qs .= '&'.$key.'='.urlencode($value);
			
 
				+					$key = preg_replace('/[^a-z0-9_\-\[\]]/i', '', $key);
			
 
				+					if (in_array($key, array('action', 'massaction', 'password'))) {
			
 
				+						continue;
			
 
				+					}
			
 
				+					if (!is_array($value)) {
			
 
				+						if ($value !== '') {
			
 
				+							$qs .= '&'.$key.'='.urlencode($value);
			
 
				+						}
			
 
				+					} else {
			
 
				+						foreach ($value as $value2) {
			
 
				+							if (($value2 !== '') && (!is_array($value2))) {
			
 
				+								$qs .= '&'.$key.'[]='.urlencode($value2);
			
 
				+							}
			
 
				+						}
			
 
				 					}
			
 
				 				}
			
 
				 			}