add escape

2022-09-21 16:11:18 +02:00 · 2022-09-21 16:11:18 +02:00 · 64c92cc66d
commit 64c92cc66d
parent 8f29d5c0eb
1 changed files with 2 additions and 2 deletions
--- a/htdocs/mrp/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/mrp/tpl/linkedobjectblock.tpl.php
@ -65,8 +65,8 @@ foreach ($TMoChilds as $key => $objectlink) {
 	echo '<td class="linkedcol-action right">';

 	// we want to make the link via element_element for delete action
-	$sql = ' Select rowid from ' . MAIN_DB_PREFIX . 'element_element';
-	$sql .= ' WHERE  fk_source = '. (int) $object->id . ' and fk_target = "' . $key .'"';
+	$sql = " Select rowid from " . MAIN_DB_PREFIX . "element_element";
+	$sql .= " WHERE  fk_source = ". (int) $object->id . " and fk_target = '" . dol_escape_htmltag($key) ."'";

 	$resql = $db->query($sql);
 	$k = 0;