From 2efea59614996ee0b2fc8561975ec5e4a20d90de Mon Sep 17 00:00:00 2001
From: Gauthier PC portable 024 <gauthier.verdol@atm-consulting.fr>
Date: Wed, 6 Oct 2021 17:47:27 +0200
Subject: [PATCH] FIX : db escape

---
 htdocs/hrm/class/skillrank.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/hrm/class/skillrank.class.php b/htdocs/hrm/class/skillrank.class.php
index f6696870194..87a7b38e6a4 100644
--- a/htdocs/hrm/class/skillrank.class.php
+++ b/htdocs/hrm/class/skillrank.class.php
@@ -217,7 +217,7 @@ class SkillRank extends CommonObject
 	{
 		global $langs;
 
-		$sqlfilter = 'fk_object='.$this->fk_object." AND objecttype='".$this->objecttype."' AND fk_skill = ".((int) $this->fk_skill);
+		$sqlfilter = 'fk_object='.$this->fk_object." AND objecttype='".$this->db->escape($this->objecttype)."' AND fk_skill = ".((int) $this->fk_skill);
 		$alreadyLinked = $this->fetchAll('ASC', 'rowid', 0, 0, array('customsql' => $sqlfilter));
 		if (!empty($alreadyLinked)) {
 			$this->error = $langs->trans('ErrSkillAlreadyAdded');