lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: security in tab category

Browse Source
This commit is contained in:
Regis Houssin 2009-04-30 12:52:04 +00:00
parent ab65d529d6
commit 265ea1dbc8
3 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/categories/categorie.php
View File

@ -39,17 +39,19 @@ if ($_REQUEST["socid"])
{
if ($_REQUEST["typeid"] == 1) { $type = 'fournisseur'; $socid = isset($_REQUEST["socid"])?$_REQUEST["socid"]:''; }
if ($_REQUEST["typeid"] == 2) { $type = 'societe'; $socid = isset($_REQUEST["socid"])?$_REQUEST["socid"]:''; }
$objecttype = 'societe';
$objectid = isset($_REQUEST["socid"])?$_REQUEST["socid"]:'';
}
else if ($_REQUEST["id"] || $_REQUEST["ref"])
{
$type = 'produit';
$objecttype = 'produit';
$dbtablename = 'product';
}
// Security check
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, $type, $objectid, $dbtablename);
$result = restrictedArea($user, $objecttype, $objectid, $dbtablename);

2
htdocs/lib/company.lib.php
View File

@ -76,7 +76,7 @@ function societe_prepare_head($objsoc)
//show categorie tab
if ($conf->categorie->enabled)
{
$head[$h][0] = DOL_URL_ROOT.'/categories/categorie.php?type=2&socid='.$objsoc->id;
$head[$h][0] = DOL_URL_ROOT.'/categories/categorie.php?socid='.$objsoc->id;
$head[$h][1] = $langs->trans('Categories');
$head[$h][2] = 'category';
$h++;

10
htdocs/livraison/fiche.php
View File

@ -255,9 +255,9 @@ if ($_GET["action"] == 'create')
{
print '<tr class="liste_titre">';
print '<td width="54%">'.$langs->trans("Description").'</td>';
print '<td align="center">Quan. command<EFBFBD>e</td>';
print '<td align="center">Quan. livr<EFBFBD>e</td>';
print '<td align="center">Quan. <EFBFBD> livrer</td>';
print '<td align="center">Quan. commandee</td>';
print '<td align="center">Quan. livree</td>';
print '<td align="center">Quan. a livrer</td>';
if ($conf->stock->enabled)
{
print '<td width="12%" align="center">'.$langs->trans("Stock").'</td>';
@ -300,9 +300,9 @@ if ($_GET["action"] == 'create')
if ($conf->stock->enabled)
{
$stock = $product->stock_entrepot[$_GET["entrepot_id"]];
$stock+=0; // Convertit en num<EFBFBD>rique
$stock+=0; // Convertit en numerique
// Quantit<EFBFBD> <20> livrer
// Quantite a livrer
print '<td align="center">';
print '<input name="idl'.$i.'" type="hidden" value="'.$ligne->id.'">';
print '<input name="qtyl'.$i.'" type="text" size="6" value="'.min($quantite_a_livrer, $stock).'">';