Fix: security with multi-company

2009-05-04 10:46:53 +00:00 · 2009-05-04 10:46:53 +00:00 · 524f01348c
commit 524f01348c
parent d144a2af4d
15 changed files with 15 additions and 30 deletions
--- a/htdocs/product/barcode.php
+++ b/htdocs/product/barcode.php
@ -37,9 +37,8 @@ $langs->load("bills");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

--- a/htdocs/product/document.php
+++ b/htdocs/product/document.php
@ -42,9 +42,8 @@ $action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action'
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

--- a/htdocs/product/fournisseurs.php
+++ b/htdocs/product/fournisseurs.php
@ -39,9 +39,8 @@ $langs->load("bills");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

--- a/htdocs/product/photos.php
+++ b/htdocs/product/photos.php
@ -38,9 +38,8 @@ $langs->load("bills");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

--- a/htdocs/product/price.php
+++ b/htdocs/product/price.php
@ -38,9 +38,8 @@ $langs->load("bills");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

--- a/htdocs/product/sousproduits/fiche.php
+++ b/htdocs/product/sousproduits/fiche.php
@ -39,9 +39,8 @@ $langs->load("products");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

--- a/htdocs/product/stats/commande.php
+++ b/htdocs/product/stats/commande.php
@ -39,9 +39,8 @@ $langs->load("companies");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

--- a/htdocs/product/stats/commande_fournisseur.php
+++ b/htdocs/product/stats/commande_fournisseur.php
@ -39,9 +39,8 @@ $langs->load("companies");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

--- a/htdocs/product/stats/contrat.php
+++ b/htdocs/product/stats/contrat.php
@ -38,9 +38,8 @@ $langs->load("companies");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

--- a/htdocs/product/stats/facture.php
+++ b/htdocs/product/stats/facture.php
@ -39,9 +39,8 @@ $langs->load("products");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

--- a/htdocs/product/stats/facture_fournisseur.php
+++ b/htdocs/product/stats/facture_fournisseur.php
@ -40,9 +40,8 @@ $langs->load("companies");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

--- a/htdocs/product/stats/fiche.php
+++ b/htdocs/product/stats/fiche.php
@ -42,9 +42,8 @@ $mode=isset($_GET["mode"])?$_GET["mode"]:'byunit';
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

--- a/htdocs/product/stats/propal.php
+++ b/htdocs/product/stats/propal.php
@ -38,9 +38,8 @@ $langs->load("companies");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

--- a/htdocs/product/stock/product.php
+++ b/htdocs/product/stock/product.php
@ -40,9 +40,8 @@ $langs->load("bills");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

--- a/htdocs/product/traduction.php
+++ b/htdocs/product/traduction.php
@ -39,9 +39,8 @@ $langs->load("bills");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);