From fb8c93a69ded1430d62baedf987707be0cec45a5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 4 Jul 2019 16:00:14 +0200 Subject: [PATCH] FIX Bad sql request --- htdocs/core/lib/files.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index f4a25334e00..3e9b2ba8797 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2568,7 +2568,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity, $accessallowed=1; } $original_file=$conf->fournisseur->facture->dir_output.'/'.$original_file; - $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture_fourn WHERE facnumber='".$db->escape($refname)."' AND entity=".$conf->entity; + $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture_fourn WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; } // Wrapping pour les rapport de paiements elseif ($modulepart == 'supplier_payment')