From b8bd5cd0ee40e493bee08bc0bc48cc6afce2ca5f Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 1 Mar 2021 23:08:03 +0100
Subject: [PATCH] FIX Protection to avoid #16504

---
 htdocs/product/class/product.class.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index 3be810a2e8e..188bcbfd355 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -4374,6 +4374,10 @@ class Product extends CommonObject
 	{
 		global $alreadyfound;
 
+		if (empty($id)) {
+			return array();
+		}
+
 		$sql = "SELECT p.rowid, p.ref, p.label as label, p.fk_product_type,";
 		$sql .= " pa.qty as qty, pa.fk_product_fils as id, pa.incdec";
 		$sql .= " FROM ".MAIN_DB_PREFIX."product as p,";
@@ -4387,7 +4391,8 @@ class Product extends CommonObject
 		if ($level == 1) { $alreadyfound = array($id=>1); // We init array of found object to start of tree, so if we found it later (should not happened), we stop immediatly
 		}
 		// Protection against infinite loop
-		if ($level > 30) { return array();
+		if ($level > 30) {
+			return array();
 		}
 
 		$res = $this->db->query($sql);