From 2bf2faef723198b26bf492e2bc3e45048d8824d1 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@inodbox.com>
Date: Sat, 22 Oct 2022 09:22:12 +0200
Subject: [PATCH] FIX avoid access forbidden with numeric ref

---
 htdocs/core/lib/security.lib.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 1d3f013e9f3..798ba265643 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -289,6 +289,11 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
 		return 1;
 	}
 
+	// To avoid access forbidden with numeric ref
+	if ($dbt_select != 'rowid' && $dbt_select != 'id') {
+		$objectid = "'".$objectid."'";
+	}
+
 	// Features/modules to check
 	$featuresarray = array($features);
 	if (preg_match('/&/', $features)) {