lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Missing permission check

Browse Source
This commit is contained in:
Laurent Destailleur 2012-06-05 23:12:40 +02:00
parent eb3484d6b6
commit 5ab3512914
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
htdocs/compta/bank/ligne.php
View File

@ -75,7 +75,7 @@ if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->ban
}
}
if ($action == 'class')
if ($user->rights->banque->modifier && $action == 'class')
{
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".$_POST["cat1"];
if (! $db->query($sql))
@ -90,7 +90,7 @@ if ($action == 'class')
}
}
if ($action == "update")
if ($user->rights->banque->modifier && $action == "update")
{
$error=0;
@ -584,8 +584,11 @@ print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="class">';
print '<input type="hidden" name="orig_account" value="'.$orig_account.'">';
print '<tr class="liste_titre"><td>'.$langs->trans("Rubriques").'</td><td colspan="2">';
print '<select class="flat" name="cat1">'.$options.'</select>&nbsp;';
print '<input type="submit" class="button" value="'.$langs->trans("Add").'"></td>';
if ($user->rights->banque->modifier)
{
print '<select class="flat" name="cat1">'.$options.'</select>&nbsp;';
print '<input type="submit" class="button" value="'.$langs->trans("Add").'"></td>';
}
print "</tr>";
print "</form>";