From 418bd481f3a37dcf16b6d47ddf9facbe35ac6e6b Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 7 Jun 2022 09:48:20 +0200
Subject: [PATCH] FIX #21128

---
 htdocs/admin/dict.php | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php
index 796e64223c4..8fd4feffcf4 100644
--- a/htdocs/admin/dict.php
+++ b/htdocs/admin/dict.php
@@ -846,12 +846,15 @@ if (empty($reshook)) {
 			$_POST["code"] = preg_replace('/[^a-zA-Z0-9\-\+]/', '', GETPOST("code"));
 		}
 
+		$tablename = $tabname[$id];
+		$tablename = preg_replace('/^'.preg_quote(MAIN_DB_PREFIX, '/').'/', '', $tablename);
+
 		// If check ok and action add, add the line
 		if ($ok && GETPOST('actionadd')) {
 			if ($tabrowid[$id]) {
 				// Get free id for insert
 				$newid = 0;
-				$sql = "SELECT MAX(".$tabrowid[$id].") as newid FROM ".MAIN_DB_PREFIX.$tabname[$id];
+				$sql = "SELECT MAX(".$tabrowid[$id].") as newid FROM ".MAIN_DB_PREFIX.$tablename;
 				$result = $db->query($sql);
 				if ($result) {
 					$obj = $db->fetch_object($result);
@@ -862,7 +865,7 @@ if (empty($reshook)) {
 			}
 
 			// Add new entry
-			$sql = "INSERT INTO ".MAIN_DB_PREFIX.$tabname[$id]." (";
+			$sql = "INSERT INTO ".MAIN_DB_PREFIX.$tablename." (";
 			// List of fields
 			if ($tabrowid[$id] && !in_array($tabrowid[$id], $listfieldinsert)) {
 				$sql .= $tabrowid[$id].",";
@@ -887,7 +890,7 @@ if (empty($reshook)) {
 				} elseif ($value == 'taux' || $value == 'localtax1') {
 					$_POST[$keycode] = price2num(GETPOST($keycode), 8);	// Note that localtax2 can be a list of rates separated by coma like X:Y:Z
 				} elseif ($value == 'entity') {
-					$_POST[$keycode] = getEntity($tabname[$id]);
+					$_POST[$keycode] = getEntity($tablename);
 				}
 
 				if ($i) {
@@ -938,7 +941,7 @@ if (empty($reshook)) {
 			}
 
 			// Modify entry
-			$sql = "UPDATE ".MAIN_DB_PREFIX.$tabname[$id]." SET ";
+			$sql = "UPDATE ".MAIN_DB_PREFIX.$tablename." SET ";
 			// Modifie valeur des champs
 			if ($tabrowid[$id] && !in_array($tabrowid[$id], $listfieldmodify)) {
 				$sql .= $tabrowid[$id]."=";
@@ -956,7 +959,7 @@ if (empty($reshook)) {
 				} elseif ($field == 'taux' || $field == 'localtax1') {
 					$_POST[$keycode] = price2num(GETPOST($keycode), 8);	// Note that localtax2 can be a list of rates separated by coma like X:Y:Z
 				} elseif ($field == 'entity') {
-					$_POST[$keycode] = getEntity($tabname[$id]);
+					$_POST[$keycode] = getEntity($tablename);
 				}
 
 				if ($i) {
@@ -983,7 +986,7 @@ if (empty($reshook)) {
 				$sql .= " WHERE ".$rowidcol." = ".((int) $rowid);
 			}
 			if (in_array('entity', $listfieldmodify)) {
-				$sql .= " AND entity = ".((int) getEntity($tabname[$id], 0));
+				$sql .= " AND entity = ".((int) getEntity($tablename, 0));
 			}
 
 			dol_syslog("actionmodify", LOG_DEBUG);
@@ -1002,7 +1005,10 @@ if (empty($reshook)) {
 			$rowidcol = "rowid";
 		}
 
-		$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tabname[$id]." WHERE ".$rowidcol." = '".$db->escape($rowid)."'".($entity != '' ? " AND entity = ".(int) $entity : '');
+		$tablename = $tabname[$id];
+		$tablename = preg_replace('/^'.preg_quote(MAIN_DB_PREFIX, '/').'/', '', $tablename);
+
+		$sql = "DELETE FROM ".MAIN_DB_PREFIX.$tablename." WHERE ".$rowidcol." = '".$db->escape($rowid)."'".($entity != '' ? " AND entity = ".(int) $entity : '');
 
 		dol_syslog("delete", LOG_DEBUG);
 		$result = $db->query($sql);