diff --git a/htdocs/lib/functions2.lib.php b/htdocs/lib/functions2.lib.php
index 58f4b2e8f9b..47c2698cb26 100644
--- a/htdocs/lib/functions2.lib.php
+++ b/htdocs/lib/functions2.lib.php
@@ -423,8 +423,8 @@ function get_next_value($db,$mask,$table,$field,$where='',$objsoc='',$date='',$m
if ($maskraz > 12) return 'ErrorBadMaskBadRazMonth';
// Define reg
- if ($maskraz > 1 && ! preg_match('/^(.*)\{(y+)\}\{(m+)\}/i',$maskwithonlyymcode,$reg)) return 'ErrorCantUseRazInStartedYearIfNoYearMonthInMask';
- if ($maskraz <= 1 && ! preg_match('/^(.*)\{(y+)\}/i',$maskwithonlyymcode,$reg)) return 'ErrorCantUseRazIfNoYearInMask';
+ if ($maskraz > 1 && ! preg_match('/^(.*)\{(y)+\}\{(m)+\}/i',$maskwithonlyymcode,$reg) && ! preg_match('/^(.*)\{(m)+\}\{(y)+\}/i',$maskwithonlyymcode,$reg)) return 'ErrorCantUseRazInStartedYearIfNoYearMonthInMask';
+ if ($maskraz <= 1 && ! preg_match('/^(.*)\{(y)+\}/i',$maskwithonlyymcode,$reg)) return 'ErrorCantUseRazIfNoYearInMask';
//print "x".$maskwithonlyymcode." ".$maskraz;
// Define $yearcomp and $monthcomp (that will be use in the select where to search max number)
@@ -448,7 +448,7 @@ function get_next_value($db,$mask,$table,$field,$where='',$objsoc='',$date='',$m
$sqlwhere.=') )';
}
}
- //print "masktri=".$masktri." maskcounter=".$maskcounter." maskraz=".$maskraz." maskoffset=".$maskoffset."
\n";
+ //print "masktri=".$masktri." maskcounter=".$maskcounter." maskraz=".$maskraz." maskoffset=".$maskoffset." yearcomp=".$yearcomp."
\n";
// Define $sqlstring
$posnumstart=strpos($maskwithnocode,$maskcounter); // Pos of counter in final string (from 0 to ...)
@@ -931,7 +931,7 @@ function dol_set_user_param($db, $conf, &$user, $tab)
{
$sql = "INSERT INTO ".MAIN_DB_PREFIX."user_param(fk_user,entity,param,value)";
$sql.= " VALUES (".$user->id.",".$conf->entity.",";
- $sql.= " '".$key."','".addslashes($value)."');";
+ $sql.= " '".$key."','".$db->escape($value)."');";
dol_syslog("functions2.lib::dol_set_user_param sql=".$sql, LOG_DEBUG);
$result=$db->query($sql);