|
|
@@ -182,7 +182,7 @@ class User extends CommonObject
|
|
|
|
|
|
if ($sid) // permet une recherche du user par son SID ActiveDirectory ou Samba
|
|
|
{
|
|
|
- $sql.= " AND (u.ldap_sid = '".$sid."' OR u.login = '".$this->db->escape($login)."') LIMIT 1";
|
|
|
+ $sql.= " AND (u.ldap_sid = '".$this->db->escape($sid)."' OR u.login = '".$this->db->escape($login)."') LIMIT 1";
|
|
|
}
|
|
|
else if ($login)
|
|
|
{
|
|
|
@@ -845,7 +845,7 @@ class User extends CommonObject
|
|
|
else
|
|
|
{
|
|
|
$sql = "INSERT INTO ".MAIN_DB_PREFIX."user (datec,login,ldap_sid,entity)";
|
|
|
- $sql.= " VALUES('".$this->db->idate($this->datec)."','".$this->db->escape($this->login)."','".$this->ldap_sid."',".$this->db->escape($this->entity).")";
|
|
|
+ $sql.= " VALUES('".$this->db->idate($this->datec)."','".$this->db->escape($this->login)."','".$this->db->escape($this->ldap_sid)."',".$this->db->escape($this->entity).")";
|
|
|
$result=$this->db->query($sql);
|
|
|
|
|
|
dol_syslog(get_class($this)."::create", LOG_DEBUG);
|
Laurent Destailleur