lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix 6962 wrong permission check

Browse Source
This commit is contained in:
atm-ph 2017-06-11 12:59:54 +02:00
parent 0eab5768f7
commit 5157981751
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/expedition/card.php
View File

@ -73,7 +73,12 @@ $ref=GETPOST('ref','alpha');
// Security check
$socid='';
if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user, $origin, $origin_id);
if ($origin == 'expedition') $result=restrictedArea($user, $origin, $id);
else {
$result=restrictedArea($user, 'expedition');
if (empty($user->rights->{$origin}->lire) && empty($user->rights->{$origin}->read)) accessforbidden();
}
$action = GETPOST('action','alpha');
$confirm = GETPOST('confirm','alpha');