FIX Security access problem with external users on projects/tasks

2026-02-13 03:12:35 +01:00 · 2017-01-12 15:23:30 +01:00
parent 8d5c853267
commit f185a09693
18 changed files with 26 additions and 21 deletions
--- a/htdocs/projet/tasks/task.php
+++ b/htdocs/projet/tasks/task.php
@@ -47,7 +47,7 @@ $planned_workload=((GETPOST('planned_workloadhour')!='' && GETPOST('planned_work

 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 if (! $user->rights->projet->lire) accessforbidden();

 // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array