New: Super clean of permissions checks

2008-02-25 20:03:21 +00:00 · 2008-02-25 20:03:21 +00:00 · 646a6307f0
commit 646a6307f0
parent e9aed4f921
70 changed files with 78 additions and 19 deletions
--- a/htdocs/categories/categorie.php
+++ b/htdocs/categories/categorie.php
@ -2,7 +2,7 @@
 /* Copyright (C) 2001-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2005      Brice Davoleau       <brice.davoleau@gmail.com>
 * Copyright (C) 2005-2007 Regis Houssin        <regis@dolibarr.fr>
- * Copyright (C) 2006-2007 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2006-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2007      Patrick Raguin  		  <patrick.raguin@gmail.com>
 *
 * This program is free software; you can redistribute it and/or modify
@ -36,20 +36,17 @@ $mesg=isset($_GET["mesg"])?'<div class="ok">'.$_GET["mesg"].'</div>':'';

 if ($_REQUEST["socid"])
 {
-	if ($_REQUEST["typeid"] == 1) $type = 'fournisseur';
-	if ($_REQUEST["typeid"] == 2) $type = 'societe';
+	if ($_REQUEST["typeid"] == 1) { $type = 'fournisseur'; $socid = isset($_REQUEST["socid"])?$_REQUEST["socid"]:''; }
+	if ($_REQUEST["typeid"] == 2) { $type = 'societe'; $socid = isset($_REQUEST["socid"])?$_REQUEST["socid"]:''; }
 	$objectid = isset($_REQUEST["socid"])?$_REQUEST["socid"]:'';
 }
 else if ($_REQUEST["id"] || $_REQUEST["ref"])
 {
 	$type = 'produit';
 }
-else
-{
-	accessforbidden();
-}

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, $type, $objectid);


--- a/htdocs/comm/action/index.php
+++ b/htdocs/comm/action/index.php
@ -40,6 +40,7 @@ $page = isset($_GET["page"])?$_GET["page"]:$_POST["page"];

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe',$socid,'',1);

 if ($page == -1) { $page = 0 ; }
--- a/htdocs/comm/adresse_livraison.php
+++ b/htdocs/comm/adresse_livraison.php
@ -39,6 +39,7 @@ $socid = isset($_GET["socid"])?$_GET["socid"]:'';
 if (! $socid && ($_REQUEST["action"] != 'create' && $_REQUEST["action"] != 'add' && $_REQUEST["action"] != 'update')) accessforbidden();

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe', $socid);


--- a/htdocs/comm/clients.php
+++ b/htdocs/comm/clients.php
@ -28,6 +28,7 @@ require("./pre.inc.php");

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe',$socid,'',1);

 $page=$_GET["page"];
--- a/htdocs/comm/contact.php
+++ b/htdocs/comm/contact.php
@ -42,6 +42,7 @@ $type=$_GET["type"];

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe',$socid,'',1);


--- a/htdocs/comm/fiche.php
+++ b/htdocs/comm/fiche.php
@ -43,6 +43,7 @@ if ($conf->fichinter->enabled) $langs->load("interventions");

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe',$socid,'',1);

 $sortorder=$_GET["sortorder"];
--- a/htdocs/comm/propal.php
+++ b/htdocs/comm/propal.php
@ -64,6 +64,7 @@ else if (isset($_GET["propalid"]) &&  $_GET["propalid"] > 0)
 	$module='propale';
 	$dbtable='propal';
 }
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, $module, $objectid, $dbtable);

 // Nombre de ligne pour choix de produit/service predefinis
--- a/htdocs/comm/propal/aideremise.php
+++ b/htdocs/comm/propal/aideremise.php
@ -30,6 +30,7 @@ include_once(DOL_DOCUMENT_ROOT."/propal.class.php");
 $propalid = isset($_GET["propalid"])?$_GET["propalid"]:'';

 // Security cehck
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'propale', $propalid, 'propal');


--- a/htdocs/comm/propal/apercu.php
+++ b/htdocs/comm/propal/apercu.php
@ -40,6 +40,7 @@ $langs->load('compta');
 $propalid = isset($_GET["propalid"])?$_GET["propalid"]:'';

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'propale', $propalid, 'propal');


--- a/htdocs/comm/propal/contact.php
+++ b/htdocs/comm/propal/contact.php
@ -37,6 +37,7 @@ $langs->load("companies");
 $propalid = isset($_GET["propalid"])?$_GET["propalid"]:'';

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'propale', $propalid, 'propal');


--- a/htdocs/comm/propal/document.php
+++ b/htdocs/comm/propal/document.php
@ -39,6 +39,7 @@ $action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action'
 $propalid = isset($_GET["propalid"])?$_GET["propalid"]:'';

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'propale', $propalid, 'propal');


--- a/htdocs/comm/propal/info.php
+++ b/htdocs/comm/propal/info.php
@ -35,6 +35,7 @@ $langs->load('compta');
 $propalid = isset($_GET["propalid"])?$_GET["propalid"]:'';

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'propale', $propalid, 'propal');


--- a/htdocs/comm/propal/note.php
+++ b/htdocs/comm/propal/note.php
@ -37,6 +37,7 @@ $langs->load('bills');
 $propalid = isset($_GET["propalid"])?$_GET["propalid"]:'';

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'propale', $propalid, 'propal');


--- a/htdocs/comm/prospect/fiche.php
+++ b/htdocs/comm/prospect/fiche.php
@ -37,6 +37,7 @@ $langs->load('propal');

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe',$socid,'',1);


--- a/htdocs/comm/prospect/prospects.php
+++ b/htdocs/comm/prospect/prospects.php
@ -34,6 +34,7 @@ $langs->load("propal");

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe',$socid,'',1);

 $socname=isset($_GET["socname"])?$_GET["socname"]:$_POST["socname"];
--- a/htdocs/commande/contact.php
+++ b/htdocs/commande/contact.php
@ -37,6 +37,7 @@ $langs->load("companies");
 $commandeid = isset($_GET["id"])?$_GET["id"]:'';

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'commande', $commandeid);


--- a/htdocs/commande/liste.php
+++ b/htdocs/commande/liste.php
@ -42,6 +42,7 @@ $sall=isset($_GET['sall'])?$_GET['sall']:$_POST['sall'];

 // Security check
 $orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'commande', $orderid,'',1);


--- a/htdocs/compta/commande/liste.php
+++ b/htdocs/compta/commande/liste.php
@ -44,6 +44,7 @@ $offset = $limit * $_GET["page"] ;

 // Security check
 $orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'commande',$orderid,'',1);


--- a/htdocs/compta/deplacement/fiche.php
+++ b/htdocs/compta/deplacement/fiche.php
@ -29,6 +29,7 @@ $langs->load("trips");

 // Security check
 $id=isset($_GET["id"])?$_GET["id"]:$_POST["id"];
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'deplacement', $id,'',1);


--- a/htdocs/compta/deplacement/index.php
+++ b/htdocs/compta/deplacement/index.php
@ -33,6 +33,7 @@ $langs->load("users");
 $langs->load("trips");

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'deplacement','','',1);


--- a/htdocs/compta/facture/contact.php
+++ b/htdocs/compta/facture/contact.php
@ -35,6 +35,7 @@ $langs->load("companies");
 $facid = isset($_GET["facid"])?$_GET["facid"]:'';

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'facture', $facid);


--- a/htdocs/compta/facture/impayees.php
+++ b/htdocs/compta/facture/impayees.php
@ -36,6 +36,7 @@ $langs->load("bills");

 // Security check
 $facid = isset($_GET["facid"])?$_GET["facid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'facture',$facid,'',1);


--- a/htdocs/compta/fiche.php
+++ b/htdocs/compta/fiche.php
@ -35,6 +35,7 @@ if ($conf->projet->enabled)  $langs->load("projects");

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe',$socid,'',1);


--- a/htdocs/compta/paiement/cheque/fiche.php
+++ b/htdocs/compta/paiement/cheque/fiche.php
@ -35,6 +35,7 @@ $langs->load('banks');
 $langs->load('companies');

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'banque', '','',0);

 $mesg='';
--- a/htdocs/compta/paiement/cheque/index.php
+++ b/htdocs/compta/paiement/cheque/index.php
@ -31,6 +31,7 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/account.class.php');
 $langs->load("banks");

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'banque', '','',1);


--- a/htdocs/compta/paiement/cheque/liste.php
+++ b/htdocs/compta/paiement/cheque/liste.php
@ -31,6 +31,7 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/account.class.php');
 $langs->load("bills");

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'banque', '','',1);

 $page=$_GET["page"];
--- a/htdocs/compta/paiement/liste.php
+++ b/htdocs/compta/paiement/liste.php
@ -35,6 +35,7 @@ $langs->load("bills");

 // Security check
 $facid = isset($_GET["facid"])?$_GET["facid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'facture',$facid,'',1);


--- a/htdocs/compta/prelevement/demandes.php
+++ b/htdocs/compta/prelevement/demandes.php
@ -34,6 +34,7 @@ $langs->load("widthdrawals");

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'prelevement','','',1);


--- a/htdocs/compta/prelevement/index.php
+++ b/htdocs/compta/prelevement/index.php
@ -34,6 +34,7 @@ $langs->load("withdrawals");

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'prelevement','','',1);


--- a/htdocs/compta/propal.php
+++ b/htdocs/compta/propal.php
@ -64,6 +64,7 @@ else if (! empty($_GET["propalid"]))
 }

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, $module, $objectid, $dbtable);


--- a/htdocs/contact/exportimport.php
+++ b/htdocs/contact/exportimport.php
@ -34,6 +34,7 @@ $langs->load("companies");

 // Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact',$contactid,'',1);


--- a/htdocs/contact/fiche.php
+++ b/htdocs/contact/fiche.php
@ -40,6 +40,7 @@ $socid=$_GET["socid"]?$_GET["socid"]:$_POST["socid"];

 // Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact', $contactid,'socpeople',0);


--- a/htdocs/contact/index.php
+++ b/htdocs/contact/index.php
@ -33,6 +33,7 @@ $langs->load("suppliers");

 // Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact', $contactid,'',1);

 $search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"];
--- a/htdocs/contact/info.php
+++ b/htdocs/contact/info.php
@ -34,6 +34,7 @@ $langs->load("companies");

 // Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact',$contactid,'',1);


--- a/htdocs/contact/ldap.php
+++ b/htdocs/contact/ldap.php
@ -35,6 +35,7 @@ $langs->load("admin");

 // Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact',$contactid,'',1);


--- a/htdocs/contact/perso.php
+++ b/htdocs/contact/perso.php
@ -32,6 +32,7 @@ $langs->load("companies");

 // Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact',$contactid,'',1);


--- a/htdocs/contrat/contact.php
+++ b/htdocs/contrat/contact.php
@ -36,6 +36,7 @@ $langs->load("companies");
 $contratid = isset($_GET["id"])?$_GET["id"]:'';

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contrat', $contratid);


--- a/htdocs/contrat/fiche.php
+++ b/htdocs/contrat/fiche.php
@ -37,6 +37,7 @@ $langs->load("bills");
 $langs->load("products");

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'contrat',$contratid,'contrat');


--- a/htdocs/contrat/index.php
+++ b/htdocs/contrat/index.php
@ -40,6 +40,7 @@ $statut=isset($_GET["statut"])?$_GET["statut"]:1;

 // Security check
 $contratid = isset($_GET["id"])?$_GET["id"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contrat',$contratid,'',1);

 $staticcontrat=new Contrat($db);
--- a/htdocs/contrat/info.php
+++ b/htdocs/contrat/info.php
@ -14,15 +14,13 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
 */

 /**
        \file       htdocs/contrat/info.php
        \ingroup    contrat
 		\brief      Page des informations d'un contrat
-		\version    $Revision$
+		\version    $Id$
 */

 require("./pre.inc.php");
@ -33,6 +31,7 @@ $langs->load("contracts");

 // Security check
 $contratid = isset($_GET["id"])?$_GET["id"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contrat',$contratid,'',1);


--- a/htdocs/contrat/liste.php
+++ b/htdocs/contrat/liste.php
@ -49,6 +49,7 @@ if (! $sortorder) $sortorder="DESC";

 // Security check
 $contratid = isset($_GET["id"])?$_GET["id"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contrat', $contratid,'',1);

 $staticcontrat=new Contrat($db);
--- a/htdocs/contrat/note.php
+++ b/htdocs/contrat/note.php
@ -38,6 +38,7 @@ $langs->load("contracts");

 // Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact',$contactid,'',1);


--- a/htdocs/contrat/services.php
+++ b/htdocs/contrat/services.php
@ -50,6 +50,7 @@ $socid=$_GET["socid"];

 // Security check
 $contratid = isset($_GET["id"])?$_GET["id"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contrat',$contratid,'',1);


--- a/htdocs/docsoc.php
+++ b/htdocs/docsoc.php
@ -34,13 +34,14 @@ $langs->load('other');

 $mesg = "";

-$socid = isset($_GET["socid"])?$_GET["socid"]:'';
 $sortorder=$_GET["sortorder"];
 $sortfield=$_GET["sortfield"];
 if (! $sortorder) $sortorder="ASC";
 if (! $sortfield) $sortfield="name";

 // Security check
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe', $socid);

 /*
--- a/htdocs/expedition/liste.php
+++ b/htdocs/expedition/liste.php
@ -16,15 +16,13 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
- * $Source$
 */

 /**
        \file       htdocs/expedition/liste.php
        \ingroup    expedition
        \brief      Page de la liste des expéditions/livraisons
+		\version	$Id$
 */

 require("./pre.inc.php");
@ -33,6 +31,7 @@ $langs->load('companies');

 // Security check
 $expeditionid = isset($_GET["id"])?$_GET["id"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'expedition',$expeditionid,'',1);


--- a/htdocs/fichinter/contact.php
+++ b/htdocs/fichinter/contact.php
@ -36,6 +36,7 @@ $langs->load("companies");
 $fichinterid = isset($_GET["id"])?$_GET["id"]:'';

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');


--- a/htdocs/fichinter/fiche.php
+++ b/htdocs/fichinter/fiche.php
@ -49,6 +49,7 @@ if ($conf->use_javascript_ajax && $conf->global->COMPANY_USE_SEARCH_TO_SELECT &&
 }

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');


--- a/htdocs/fichinter/index.php
+++ b/htdocs/fichinter/index.php
@ -39,6 +39,7 @@ $page=$_GET["page"]?$_GET["page"]:$_POST["page"];

 // Security check
 $fichinterid = isset($_GET["id"])?$_GET["id"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'ficheinter', $fichinterid,'',1);

 if (! $sortorder) $sortorder="DESC";
--- a/htdocs/fichinter/info.php
+++ b/htdocs/fichinter/info.php
@ -32,6 +32,7 @@ $langs->load('companies');
 $fichinterid = isset($_GET["id"])?$_GET["id"]:'';

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');


--- a/htdocs/fichinter/note.php
+++ b/htdocs/fichinter/note.php
@ -32,6 +32,7 @@ $langs->load('companies');
 $fichinterid = isset($_GET["id"])?$_GET["id"]:'';

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');


--- a/htdocs/fourn/commande/index.php
+++ b/htdocs/fourn/commande/index.php
@ -29,6 +29,7 @@ require_once(DOL_DOCUMENT_ROOT."/contact.class.php");

 // Security check
 $orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'commande_fournisseur', $orderid,'',1);


--- a/htdocs/fourn/commande/liste.php
+++ b/htdocs/fourn/commande/liste.php
@ -35,6 +35,7 @@ $sortfield = $_GET["sortfield"];

 // Security check
 $orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'commande_fournisseur', $orderid,'',1);


--- a/htdocs/fourn/fiche-stats.php
+++ b/htdocs/fourn/fiche-stats.php
@ -38,6 +38,7 @@ $langs->load('commercial');

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe',$socid,'',1);


--- a/htdocs/fourn/fiche.php
+++ b/htdocs/fourn/fiche.php
@ -38,6 +38,7 @@ $langs->load('commercial');

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe',$socid,'',1);


--- a/htdocs/fourn/index.php
+++ b/htdocs/fourn/index.php
@ -35,6 +35,7 @@ $langs->load("companies");

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe',$socid,'',1);


--- a/htdocs/fourn/liste.php
+++ b/htdocs/fourn/liste.php
@ -46,6 +46,7 @@ $langs->load("companies");

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe',$socid,'',1);


--- a/htdocs/fourn/stats.php
+++ b/htdocs/fourn/stats.php
@ -42,6 +42,7 @@ $search_ville = isset($_GET["search_ville"])?$_GET["search_ville"]:'';

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe',$socid,'',1);

 if ($page == -1) { $page = 0 ; }
--- a/htdocs/projet/commandes.php
+++ b/htdocs/projet/commandes.php
@ -42,6 +42,7 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; }
 if ($projetid == '') accessforbidden();

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projetid);


--- a/htdocs/projet/facture.php
+++ b/htdocs/projet/facture.php
@ -42,6 +42,7 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; }
 if ($projetid == '') accessforbidden();

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projetid);


--- a/htdocs/projet/fiche.php
+++ b/htdocs/projet/fiche.php
@ -37,6 +37,7 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; }
 if ($projetid == '' && ($_GET['action'] != "create" && $_POST['action'] != "add" && $_POST["action"] != "update" && !$_POST["cancel"])) accessforbidden();

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projetid);


--- a/htdocs/projet/propal.php
+++ b/htdocs/projet/propal.php
@ -42,6 +42,7 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; }
 if ($projetid == '') accessforbidden();

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projetid);


--- a/htdocs/projet/tasks/fiche.php
+++ b/htdocs/projet/tasks/fiche.php
@ -37,6 +37,7 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; }
 if ($projetid == '') accessforbidden();

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projetid);


--- a/htdocs/soc.php
+++ b/htdocs/soc.php
@ -34,9 +34,9 @@ $langs->load("companies");
 $langs->load("commercial");
 $langs->load("bills");

-$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-
 // Security check
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe', $socid);

 // Initialisation de l'objet Societe
--- a/htdocs/societe.php
+++ b/htdocs/societe.php
@ -33,6 +33,7 @@ $langs->load("customers");
 $langs->load("suppliers");

 // Security check
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe','','',1);

 $search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"];
--- a/htdocs/societe/commerciaux.php
+++ b/htdocs/societe/commerciaux.php
@ -35,6 +35,7 @@ $langs->load("banks");

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe','','',1);


--- a/htdocs/societe/info.php
+++ b/htdocs/societe/info.php
@ -32,6 +32,7 @@ $langs->load("other");

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe','','',1);


--- a/htdocs/societe/lien.php
+++ b/htdocs/societe/lien.php
@ -34,6 +34,7 @@ $langs->load("banks");

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe','','',1);


--- a/htdocs/societe/notify/fiche.php
+++ b/htdocs/societe/notify/fiche.php
@ -33,6 +33,7 @@ $langs->load("mails");

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe','','',1);

 $sortorder=$_GET["sortorder"];
--- a/htdocs/societe/rib.php
+++ b/htdocs/societe/rib.php
@ -34,6 +34,7 @@ $langs->load("banks");

 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe','','',1);

 $soc = new Societe($db);
--- a/htdocs/socnote.php
+++ b/htdocs/socnote.php
@ -32,10 +32,9 @@ $action = isset($_GET["action"])?$_GET["action"]:$_POST["action"];

 $langs->load("companies");

-// Protection quand utilisateur externe
-$socid = isset($_GET["socid"])?$_GET["socid"]:$_POST["socid"];
-
 // Security check
+$socid = isset($_GET["socid"])?$_GET["socid"]:$_POST["socid"];
+if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe', $socid);

 if ($_POST["action"] == 'add')