Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 09:38:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix missing security restiction test

Browse Source
This commit is contained in:
Laurent Destailleur
2018-03-20 11:45:57 +01:00
parent 896a1cbc24
commit 8214e7bb42
2 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
htdocs/holiday/list.php
View File

@@ -48,6 +48,15 @@ $contextpage= GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'myobjectl
$backtopage = GETPOST('backtopage','alpha'); // Go back to a dedicated page $backtopage = GETPOST('backtopage','alpha'); // Go back to a dedicated page
$optioncss = GETPOST('optioncss','aZ'); // Option for the css output (always '' except when 'print') $optioncss = GETPOST('optioncss','aZ'); // Option for the css output (always '' except when 'print')
// Security check
$socid=0;
if ($user->societe_id > 0) // Protection if external user
{
//$socid = $user->societe_id;
accessforbidden();
}
$result = restrictedArea($user, 'holiday', $id, '');
// Load variable for pagination // Load variable for pagination
$limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit; $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
$sortfield = GETPOST('sortfield','alpha'); $sortfield = GETPOST('sortfield','alpha');

6
htdocs/modulebuilder/template/myobject_list.php
View File

@@ -95,14 +95,14 @@ $search_array_options=$extrafields->getOptionalsFromPost($extralabels,'','search
if (! $sortfield) $sortfield="t.".key($object->fields); // Set here default search field. By default 1st field in definition. if (! $sortfield) $sortfield="t.".key($object->fields); // Set here default search field. By default 1st field in definition.
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
// Protection if external user // Security check
$socid=0; $socid=0;
if ($user->societe_id > 0) if ($user->societe_id > 0) // Protection if external user
{ {
//$socid = $user->societe_id; //$socid = $user->societe_id;
accessforbidden(); accessforbidden();
} }
//$result = restrictedArea($user, 'mymodule', $id,''); //$result = restrictedArea($user, 'mymodule', $id, '');
// Initialize array of search criterias // Initialize array of search criterias
$search_all=trim(GETPOST("search_all",'alpha')); $search_all=trim(GETPOST("search_all",'alpha'));