From e3edb376209af4646fde5d05b654254936b831e9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 27 Sep 2019 11:39:02 +0200 Subject: [PATCH] Fix escape db --- htdocs/resource/class/dolresource.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/resource/class/dolresource.class.php b/htdocs/resource/class/dolresource.class.php index 2f45be04542..13cbf37c34a 100644 --- a/htdocs/resource/class/dolresource.class.php +++ b/htdocs/resource/class/dolresource.class.php @@ -849,7 +849,7 @@ class Dolresource extends CommonObject $sql.= ' FROM '.MAIN_DB_PREFIX.'element_resources'; $sql.= " WHERE element_id=".$element_id." AND element_type='".$this->db->escape($element)."'"; if($resource_type) - $sql.=" AND resource_type LIKE '%".$resource_type."%'"; + $sql.=" AND resource_type LIKE '%".$this->db->escape($resource_type)."%'"; $sql .= ' ORDER BY resource_type'; dol_syslog(get_class($this)."::getElementResources", LOG_DEBUG);