From 286854bf2ca0bdb8dc7f3edad4b79d000b71abf7 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Fri, 3 Aug 2012 11:56:42 +0200
Subject: [PATCH] Fix: [bug #478] Can access pages belonging to disabled
 modules

---
 htdocs/compta/journal/purchasesjournal.php | 11 ++++++-----
 htdocs/compta/journal/sellsjournal.php     | 11 ++++++-----
 htdocs/product/admin/product.php           |  3 ++-
 3 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/htdocs/compta/journal/purchasesjournal.php b/htdocs/compta/journal/purchasesjournal.php
index 7d92395b4af..ab3d5dcb2a1 100755
--- a/htdocs/compta/journal/purchasesjournal.php
+++ b/htdocs/compta/journal/purchasesjournal.php
@@ -1,7 +1,8 @@
 <?php
-/* Copyright (C) 2007-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2007-2010 Jean Heimburger  <jean@tiaris.info>
- * Copyright (C) 2011	   Juanjo Menent    <jmenent@2byte.es>
+/* Copyright (C) 2007-2010	Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2007-2010	Jean Heimburger		<jean@tiaris.info>
+ * Copyright (C) 2011		Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2012		Regis Houssin		<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -34,9 +35,9 @@ $langs->load("compta");
 
 // Protection if external user
 if ($user->societe_id > 0)
-{
 	accessforbidden();
-}
+
+$result = restrictedArea($user, 'societe&facture');
 
 
 /*
diff --git a/htdocs/compta/journal/sellsjournal.php b/htdocs/compta/journal/sellsjournal.php
index 36085033987..ea3e128c567 100755
--- a/htdocs/compta/journal/sellsjournal.php
+++ b/htdocs/compta/journal/sellsjournal.php
@@ -1,7 +1,8 @@
 <?php
-/* Copyright (C) 2007-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2007-2010 Jean Heimburger  <jean@tiaris.info>
- * Copyright (C) 2011	   Juanjo Menent    <jmenent@2byte.es>
+/* Copyright (C) 2007-2010	Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2007-2010	Jean Heimburger		<jean@tiaris.info>
+ * Copyright (C) 2011		Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2012		Regis Houssin		<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -35,9 +36,9 @@ $langs->load("compta");
 
 // Protection if external user
 if ($user->societe_id > 0)
-{
 	accessforbidden();
-}
+
+$result = restrictedArea($user, 'societe&facture');
 
 /*
  * Actions
diff --git a/htdocs/product/admin/product.php b/htdocs/product/admin/product.php
index 7340502119c..9c12199496c 100644
--- a/htdocs/product/admin/product.php
+++ b/htdocs/product/admin/product.php
@@ -36,7 +36,8 @@ $langs->load("admin");
 $langs->load("products");
 
 // Security check
-if (! $user->admin) accessforbidden();
+if (! $user->admin || empty($conf->product->enabled))
+	accessforbidden();
 
 $action = GETPOST('action','alpha');
 $value = GETPOST('value','alpha');