diff --git a/app/controller/perso.php b/app/controller/perso.php
index 5bc3e9085e8039682b8b3224007c9df61227b381..92a7e29ce11f8e972735a1a90bd8acb5e4179b55 100644
--- a/app/controller/perso.php
+++ b/app/controller/perso.php
@@ -46,7 +46,7 @@ class Perso extends Controller
$db = $f3->get('DB');
$user = $f3->get('container')['user_finder']->findById($f3->get('SESSION.id'));
$f3->set('infos', $user);
- $result = $db->query("SELECT id, pdf, decimale FROM dons WHERE user_id='".$user['id']."' and pdf!='' ");
+ $result = $db->query("SELECT id, pdf, decimale FROM dons WHERE user_id='".\Utils::asl($user['id'])."' and pdf!='' ");
$pdfs = array();
foreach ($result->fetchAll(\PDO::FETCH_ASSOC) as $row) {
$pdfs[$row['pdf']] = $row;
@@ -220,7 +220,7 @@ class Perso extends Controller
$hash = hash('sha256', $f3->get('password'));
// On recherche le montant cumulé jusqu'à présent. On fait la somme depuis le
// premier janvier 2013 en se basant sur l'adresse mail
- $res = $db->query("SELECT sum(dons.somme) as somme FROM dons INNER JOIN users WHERE dons.user_id = users.id AND users.email='".$f3->get('email')."' and dons.status in (1, 4, 102) and dons.datec>'2013-01-01';");
+ $res = $db->query("SELECT sum(dons.somme) as somme FROM dons INNER JOIN users WHERE dons.user_id = users.id AND users.email='".\Utils::asl($f3->get('email'))."' and dons.status in (1, 4, 102) and dons.datec>'2013-01-01';");
$total = $res->fetch(\PDO::FETCH_ASSOC);
$total = (int) $total['somme'];
// Création de l'utilisateur
@@ -250,7 +250,7 @@ class Perso extends Controller
$hash = hash('sha256', $f3->get('password'));
$sql .= ", hash='".$hash."'";
}
- $sql .= " WHERE id='".$f3->get('SESSION.id')."'";
+ $sql .= " WHERE id='".\Utils::asl($f3->get('SESSION.id'))."'";
$db->query($sql);
}
} else {
@@ -405,7 +405,7 @@ class Perso extends Controller
FROM dons
INNER JOIN users ON users.id = dons.user_id
LEFT OUTER JOIN adresses ON adresses.user_id = users.id
- WHERE users.id=".$f3->get('SESSION.id')." AND dons.id=".\Utils::asl($id).";";
+ WHERE users.id='".\Utils::asl($f3->get('SESSION.id'))."' AND dons.id='".\Utils::asl($id)."';";
$result = $db->query($query);
$logger->write($query);
$don = $result->fetch(\PDO::FETCH_ASSOC);
@@ -494,7 +494,7 @@ class Perso extends Controller
$f3->reroute('/login');
}
$db = $f3->get('DB');
- $result = $db->query("SELECT identifier, user_id from identifiers where identifier like '".$params['id']."' and user_id='".\Utils::asl($f3->get('SESSION.id'))."'");
+ $result = $db->query("SELECT identifier, user_id from identifiers where identifier like '".\Utils::asl($params['id'])."' and user_id='".\Utils::asl($f3->get('SESSION.id'))."'");
$result = $result->fetch(\PDO::FETCH_ASSOC);
if ($result) {
$identifier = $result['identifier'];
@@ -526,8 +526,8 @@ class Perso extends Controller
status = '103',
datec = NOW(),
somme = 0,
- user_id = '".$user_id."',
- identifier = '".$identifier."',
+ user_id = '".\Utils::asl($user_id)."',
+ identifier = '".\Utils::asl($identifier)."',
cumul = 0;");
$f3->push('SESSION.message', _("Don récurrent supprimé."));
$f3->reroute('/perso');