SQL issue in security.lib.php file

In security.lib.php page line number 520 in dolibarr version 6.0.5 query needed fk_soc field in societe table which is not present. Is it a bug?

$sql = “SELECT sc.fk_soc”;
$sql.= " FROM “.MAIN_DB_PREFIX.$dbtablename.” as dbt";
$sql.= “, “.MAIN_DB_PREFIX.“societe as s”;
$sql.= “, “.MAIN_DB_PREFIX.“societe_commerciaux as sc”;
$sql.= " WHERE dbt.”.$dbt_select.” = “.$objectid;
$sql.= " AND sc.fk_soc = dbt.”.$dbt_keyfield;
$sql.= " AND dbt.”.$dbt_keyfield.” = s.rowid";
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
$sql.= " AND sc.fk_user = ".$user->id;

Hi,

It is very old, any reason why you haven’t update it ?

And for Version 6, at least do the upgrade to V 6.0.8

Hi ksar,

Thanks for your reply. Sorry for my late. I hope you are doing good.

First of all i have resolved the issue by correcting from latest version.

Second is i can’t upgrade the Dolibarr version right now because i have modified lots of it’s core code so if i will go to upgrade then it will need extensive effort to merge old code into new one again. Which can’t possible now.

I think i am able to understand you.

I have rectified the issue by changing the parameter value in fourn/card.php in this function.

$result = restrictedArea($user, ‘societe&fournisseur’, $id, ‘&societe’, ‘’, ‘rowid’);