am�lioration de la s�curit�

2006-03-10 17:32:47 +00:00
parent 8bb656a475
commit 1df49664a3
5 changed files with 107 additions and 4 deletions
--- a/htdocs/docsoc.php
+++ b/htdocs/docsoc.php
@@ -34,7 +34,30 @@ $langs->load('other');


 $mesg = "";
-$socid=$_GET["socid"];
+
+// S<>curit<69> acc<63>s client
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+
+if ($socid == '') accessforbidden();
+
+if ($user->societe_id > 0)
+{
+    $action = '';
+    $socid = $user->societe_id;
+}
+
+// Protection restriction commercial
+if (!$user->rights->commercial->client->voir && $socidp && !$user->societe_id > 0)
+{
+        $sql = "SELECT sc.fk_soc, s.client";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
+        $sql .= " WHERE fk_soc = ".$socidp." AND fk_user = ".$user->id." AND s.client = 1";
+
+        if ( $db->query($sql) )
+        {
+          if ( $db->num_rows() == 0) accessforbidden();
+        }
+}


 /*