lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX : db escape

Browse Source
This commit is contained in:
Gauthier PC portable 024 2021-10-06 17:47:27 +02:00
parent a271bb8316
commit 2efea59614
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/hrm/class/skillrank.class.php
View File

@ -217,7 +217,7 @@ class SkillRank extends CommonObject
{
global $langs;
$sqlfilter = 'fk_object='.$this->fk_object." AND objecttype='".$this->objecttype."' AND fk_skill = ".((int) $this->fk_skill);
$sqlfilter = 'fk_object='.$this->fk_object." AND objecttype='".$this->db->escape($this->objecttype)."' AND fk_skill = ".((int) $this->fk_skill);
$alreadyLinked = $this->fetchAll('ASC', 'rowid', 0, 0, array('customsql' => $sqlfilter));
if (!empty($alreadyLinked)) {
$this->error = $langs->trans('ErrSkillAlreadyAdded');