TODO security broken with Multicompany

2019-01-16 11:07:58 +01:00 · 2019-01-16 11:07:58 +01:00 · 24128ac28d
commit 24128ac28d
parent f51b4288da
1 changed files with 1 additions and 1 deletions
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@ -85,7 +85,7 @@ if ($user->societe_id > 0) $socid = $user->societe_id;
 $feature2='user';
 if ($user->id == $id) { $feature2=''; $canreaduser=1; } // A user can always read its own card

-if (! $canreaduser) {
+if (! $canreaduser) {	// TODO security broken with Multicompany
 	$result = restrictedArea($user, 'user', $id, 'user&user', $feature2);
 }