diff --git a/ChangeLog b/ChangeLog index 442d632d6da..589b1c9ca1e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -189,6 +189,8 @@ Fix: Warning into bank conciliation feature. Fix: Bad get of localtaxes into contracts add lines. Fix: Add a limit into list to avoid browser to hang when database is too large. Fix: [ bug #1212 ] 'jqueryFileTree.php' directory traversal vulnerability +Fix: Agenda and Banks module were not working with multicompany module +Fix: [ bug #1317 ] Removing a category does not remove all child categories ***** ChangeLog for 3.4.2 compared to 3.4.1 ***** Fix: field's problem into company's page (RIB). diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 2727bca7164..fbb9400acff 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -312,7 +312,7 @@ $sql.= ' FROM ('.MAIN_DB_PREFIX.'c_actioncomm as ca,'; $sql.= " ".MAIN_DB_PREFIX."actioncomm as a)"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; $sql.= ' WHERE a.fk_action = ca.id'; -$sql.= ' AND a.entity IN ('.getEntity().')'; +$sql.= ' AND a.entity IN ('.getEntity('agenda', 1).')'; if ($actioncode) $sql.=" AND ca.code='".$db->escape($actioncode)."'"; if ($pid) $sql.=" AND a.fk_project=".$db->escape($pid); if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND (a.fk_soc IS NULL OR sc.fk_user = " .$user->id . ")"; diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index b9dcda4b55a..ca1df463c1c 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -133,7 +133,7 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature // More parameters $params = explode('&', $dbtablename); $dbtablename=(! empty($params[0]) ? $params[0] : ''); - $sharedelement=(! empty($params[1]) ? $params[1] : ''); + $sharedelement=(! empty($params[1]) ? $params[1] : $dbtablename); $listofmodules=explode(',',$conf->global->MAIN_MODULES_FOR_EXTERNAL);