Skip to content

Commit

Permalink
Fix #9205 quote in Label/number on supplier payment
Browse files Browse the repository at this point in the history 
# Fix #9205 #9205
the num_paiement wasn't escaped, not sure it's an real issue but it was reported here
https://www.dolibarr.fr/forum/8-mise-a-jour/62340-message-erreur-suite-mise-a-jour#99408
  • Loading branch information
@delcroip @eldy
delcroip authored and eldy committed Aug 13, 2018
1 parent 577d2d7 commit 3b92660
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion htdocs/fourn/class/paiementfourn.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ function create($user, $closepaidinvoices=0)
$sql = 'INSERT INTO '.MAIN_DB_PREFIX.'paiementfourn (';
$sql.= 'ref, entity, datec, datep, amount, multicurrency_amount, fk_paiement, num_paiement, note, fk_user_author, fk_bank)';
$sql.= " VALUES ('".$this->db->escape($ref)."', ".$conf->entity.", '".$this->db->idate($now)."',";
$sql.= " '".$this->db->idate($this->datepaye)."', '".$total."', '".$mtotal."', ".$this->paiementid.", '".$this->num_paiement."', '".$this->db->escape($this->note)."', ".$user->id.", 0)";
$sql.= " '".$this->db->idate($this->datepaye)."', '".$total."', '".$mtotal."', ".$this->paiementid.", '".$this->db->escape($this->num_paiement)."', '".$this->db->escape($this->note)."', ".$user->id.", 0)";

$resql = $this->db->query($sql);
if ($resql)
Expand Down

0 comments on commit 3b92660

Please sign in to comment.