diff --git a/htdocs/categories/categorie.php b/htdocs/categories/categorie.php index 08e57cabd05..611291556bd 100644 --- a/htdocs/categories/categorie.php +++ b/htdocs/categories/categorie.php @@ -2,7 +2,7 @@ /* Copyright (C) 2001-2007 Rodolphe Quiedeville * Copyright (C) 2005 Brice Davoleau * Copyright (C) 2005-2007 Regis Houssin - * Copyright (C) 2006-2007 Laurent Destailleur + * Copyright (C) 2006-2008 Laurent Destailleur * Copyright (C) 2007 Patrick Raguin * * This program is free software; you can redistribute it and/or modify @@ -36,20 +36,17 @@ $mesg=isset($_GET["mesg"])?'
'.$_GET["mesg"].'
':''; if ($_REQUEST["socid"]) { - if ($_REQUEST["typeid"] == 1) $type = 'fournisseur'; - if ($_REQUEST["typeid"] == 2) $type = 'societe'; + if ($_REQUEST["typeid"] == 1) { $type = 'fournisseur'; $socid = isset($_REQUEST["socid"])?$_REQUEST["socid"]:''; } + if ($_REQUEST["typeid"] == 2) { $type = 'societe'; $socid = isset($_REQUEST["socid"])?$_REQUEST["socid"]:''; } $objectid = isset($_REQUEST["socid"])?$_REQUEST["socid"]:''; } else if ($_REQUEST["id"] || $_REQUEST["ref"]) { $type = 'produit'; } -else -{ - accessforbidden(); -} // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, $type, $objectid); diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 73de43f2222..2b9b24e1e38 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -40,6 +40,7 @@ $page = isset($_GET["page"])?$_GET["page"]:$_POST["page"]; // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,'',1); if ($page == -1) { $page = 0 ; } diff --git a/htdocs/comm/adresse_livraison.php b/htdocs/comm/adresse_livraison.php index 39453c422a9..5ef626fb1ec 100644 --- a/htdocs/comm/adresse_livraison.php +++ b/htdocs/comm/adresse_livraison.php @@ -39,6 +39,7 @@ $socid = isset($_GET["socid"])?$_GET["socid"]:''; if (! $socid && ($_REQUEST["action"] != 'create' && $_REQUEST["action"] != 'add' && $_REQUEST["action"] != 'update')) accessforbidden(); // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe', $socid); diff --git a/htdocs/comm/clients.php b/htdocs/comm/clients.php index 4aa19dddb77..3d8e738f891 100644 --- a/htdocs/comm/clients.php +++ b/htdocs/comm/clients.php @@ -28,6 +28,7 @@ require("./pre.inc.php"); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,'',1); $page=$_GET["page"]; diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 7538626e181..6c81405ba85 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -42,6 +42,7 @@ $type=$_GET["type"]; // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,'',1); diff --git a/htdocs/comm/fiche.php b/htdocs/comm/fiche.php index 89a9447de4c..9a262679e63 100644 --- a/htdocs/comm/fiche.php +++ b/htdocs/comm/fiche.php @@ -43,6 +43,7 @@ if ($conf->fichinter->enabled) $langs->load("interventions"); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,'',1); $sortorder=$_GET["sortorder"]; diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php index 4dfc9fbe8bb..2486aa76cce 100644 --- a/htdocs/comm/propal.php +++ b/htdocs/comm/propal.php @@ -64,6 +64,7 @@ else if (isset($_GET["propalid"]) && $_GET["propalid"] > 0) $module='propale'; $dbtable='propal'; } +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, $module, $objectid, $dbtable); // Nombre de ligne pour choix de produit/service predefinis diff --git a/htdocs/comm/propal/aideremise.php b/htdocs/comm/propal/aideremise.php index 62bf3ac8ae3..a61dcec701c 100644 --- a/htdocs/comm/propal/aideremise.php +++ b/htdocs/comm/propal/aideremise.php @@ -30,6 +30,7 @@ include_once(DOL_DOCUMENT_ROOT."/propal.class.php"); $propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; // Security cehck +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'propale', $propalid, 'propal'); diff --git a/htdocs/comm/propal/apercu.php b/htdocs/comm/propal/apercu.php index 3ca7cbde8cb..60cddea65dc 100644 --- a/htdocs/comm/propal/apercu.php +++ b/htdocs/comm/propal/apercu.php @@ -40,6 +40,7 @@ $langs->load('compta'); $propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'propale', $propalid, 'propal'); diff --git a/htdocs/comm/propal/contact.php b/htdocs/comm/propal/contact.php index 18709b645b4..01036115c27 100644 --- a/htdocs/comm/propal/contact.php +++ b/htdocs/comm/propal/contact.php @@ -37,6 +37,7 @@ $langs->load("companies"); $propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'propale', $propalid, 'propal'); diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index 74e9366df3a..bf9bdc0887c 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -39,6 +39,7 @@ $action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action' $propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'propale', $propalid, 'propal'); diff --git a/htdocs/comm/propal/info.php b/htdocs/comm/propal/info.php index 52fecfd981a..2de1e4a5fb6 100644 --- a/htdocs/comm/propal/info.php +++ b/htdocs/comm/propal/info.php @@ -35,6 +35,7 @@ $langs->load('compta'); $propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'propale', $propalid, 'propal'); diff --git a/htdocs/comm/propal/note.php b/htdocs/comm/propal/note.php index f1fa6103d85..f59add5c70f 100644 --- a/htdocs/comm/propal/note.php +++ b/htdocs/comm/propal/note.php @@ -37,6 +37,7 @@ $langs->load('bills'); $propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'propale', $propalid, 'propal'); diff --git a/htdocs/comm/prospect/fiche.php b/htdocs/comm/prospect/fiche.php index 9fbdd666e38..cd94d224f01 100644 --- a/htdocs/comm/prospect/fiche.php +++ b/htdocs/comm/prospect/fiche.php @@ -37,6 +37,7 @@ $langs->load('propal'); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,'',1); diff --git a/htdocs/comm/prospect/prospects.php b/htdocs/comm/prospect/prospects.php index 6c58ebfeedf..e3092e0fea0 100644 --- a/htdocs/comm/prospect/prospects.php +++ b/htdocs/comm/prospect/prospects.php @@ -34,6 +34,7 @@ $langs->load("propal"); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,'',1); $socname=isset($_GET["socname"])?$_GET["socname"]:$_POST["socname"]; diff --git a/htdocs/commande/contact.php b/htdocs/commande/contact.php index bfdfad072b7..38f2fa9fb91 100644 --- a/htdocs/commande/contact.php +++ b/htdocs/commande/contact.php @@ -37,6 +37,7 @@ $langs->load("companies"); $commandeid = isset($_GET["id"])?$_GET["id"]:''; // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'commande', $commandeid); diff --git a/htdocs/commande/liste.php b/htdocs/commande/liste.php index 68c5e2b2a4e..3618de5e868 100644 --- a/htdocs/commande/liste.php +++ b/htdocs/commande/liste.php @@ -42,6 +42,7 @@ $sall=isset($_GET['sall'])?$_GET['sall']:$_POST['sall']; // Security check $orderid = isset($_GET["orderid"])?$_GET["orderid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'commande', $orderid,'',1); diff --git a/htdocs/compta/commande/liste.php b/htdocs/compta/commande/liste.php index a795f037db6..21275b1414b 100644 --- a/htdocs/compta/commande/liste.php +++ b/htdocs/compta/commande/liste.php @@ -44,6 +44,7 @@ $offset = $limit * $_GET["page"] ; // Security check $orderid = isset($_GET["orderid"])?$_GET["orderid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'commande',$orderid,'',1); diff --git a/htdocs/compta/deplacement/fiche.php b/htdocs/compta/deplacement/fiche.php index 49a12dde51b..6cced25e651 100644 --- a/htdocs/compta/deplacement/fiche.php +++ b/htdocs/compta/deplacement/fiche.php @@ -29,6 +29,7 @@ $langs->load("trips"); // Security check $id=isset($_GET["id"])?$_GET["id"]:$_POST["id"]; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'deplacement', $id,'',1); diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php index 8bf8e5c781c..842cec4c828 100644 --- a/htdocs/compta/deplacement/index.php +++ b/htdocs/compta/deplacement/index.php @@ -33,6 +33,7 @@ $langs->load("users"); $langs->load("trips"); // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'deplacement','','',1); diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php index 3a94394eac0..f012cd1e692 100644 --- a/htdocs/compta/facture/contact.php +++ b/htdocs/compta/facture/contact.php @@ -35,6 +35,7 @@ $langs->load("companies"); $facid = isset($_GET["facid"])?$_GET["facid"]:''; // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'facture', $facid); diff --git a/htdocs/compta/facture/impayees.php b/htdocs/compta/facture/impayees.php index 47dd9986d28..d6e1b36960f 100644 --- a/htdocs/compta/facture/impayees.php +++ b/htdocs/compta/facture/impayees.php @@ -36,6 +36,7 @@ $langs->load("bills"); // Security check $facid = isset($_GET["facid"])?$_GET["facid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'facture',$facid,'',1); diff --git a/htdocs/compta/fiche.php b/htdocs/compta/fiche.php index 6d743339d6c..c87c7bac14e 100644 --- a/htdocs/compta/fiche.php +++ b/htdocs/compta/fiche.php @@ -35,6 +35,7 @@ if ($conf->projet->enabled) $langs->load("projects"); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,'',1); diff --git a/htdocs/compta/paiement/cheque/fiche.php b/htdocs/compta/paiement/cheque/fiche.php index 1f3b4a84370..a0b194f30fe 100644 --- a/htdocs/compta/paiement/cheque/fiche.php +++ b/htdocs/compta/paiement/cheque/fiche.php @@ -35,6 +35,7 @@ $langs->load('banks'); $langs->load('companies'); // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'banque', '','',0); $mesg=''; diff --git a/htdocs/compta/paiement/cheque/index.php b/htdocs/compta/paiement/cheque/index.php index 744a747c581..c3e6621dae7 100644 --- a/htdocs/compta/paiement/cheque/index.php +++ b/htdocs/compta/paiement/cheque/index.php @@ -31,6 +31,7 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/account.class.php'); $langs->load("banks"); // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'banque', '','',1); diff --git a/htdocs/compta/paiement/cheque/liste.php b/htdocs/compta/paiement/cheque/liste.php index bcb46a88ec5..174be64db03 100644 --- a/htdocs/compta/paiement/cheque/liste.php +++ b/htdocs/compta/paiement/cheque/liste.php @@ -31,6 +31,7 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/account.class.php'); $langs->load("bills"); // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'banque', '','',1); $page=$_GET["page"]; diff --git a/htdocs/compta/paiement/liste.php b/htdocs/compta/paiement/liste.php index 58cd8896881..d658972d70c 100644 --- a/htdocs/compta/paiement/liste.php +++ b/htdocs/compta/paiement/liste.php @@ -35,6 +35,7 @@ $langs->load("bills"); // Security check $facid = isset($_GET["facid"])?$_GET["facid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'facture',$facid,'',1); diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php index 42565e974f0..71c19388fcb 100644 --- a/htdocs/compta/prelevement/demandes.php +++ b/htdocs/compta/prelevement/demandes.php @@ -34,6 +34,7 @@ $langs->load("widthdrawals"); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement','','',1); diff --git a/htdocs/compta/prelevement/index.php b/htdocs/compta/prelevement/index.php index bb49bcb1e59..f4031862c6b 100644 --- a/htdocs/compta/prelevement/index.php +++ b/htdocs/compta/prelevement/index.php @@ -34,6 +34,7 @@ $langs->load("withdrawals"); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement','','',1); diff --git a/htdocs/compta/propal.php b/htdocs/compta/propal.php index 3d986a940ad..51c65a5dd67 100644 --- a/htdocs/compta/propal.php +++ b/htdocs/compta/propal.php @@ -64,6 +64,7 @@ else if (! empty($_GET["propalid"])) } // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, $module, $objectid, $dbtable); diff --git a/htdocs/contact/exportimport.php b/htdocs/contact/exportimport.php index bd8638bd72c..c8f9756c5e8 100644 --- a/htdocs/contact/exportimport.php +++ b/htdocs/contact/exportimport.php @@ -34,6 +34,7 @@ $langs->load("companies"); // Security check $contactid = isset($_GET["id"])?$_GET["id"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contact',$contactid,'',1); diff --git a/htdocs/contact/fiche.php b/htdocs/contact/fiche.php index 45e35348a10..f5bad6db542 100644 --- a/htdocs/contact/fiche.php +++ b/htdocs/contact/fiche.php @@ -40,6 +40,7 @@ $socid=$_GET["socid"]?$_GET["socid"]:$_POST["socid"]; // Security check $contactid = isset($_GET["id"])?$_GET["id"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contact', $contactid,'socpeople',0); diff --git a/htdocs/contact/index.php b/htdocs/contact/index.php index 17f0ea57e58..2aa05c15899 100644 --- a/htdocs/contact/index.php +++ b/htdocs/contact/index.php @@ -33,6 +33,7 @@ $langs->load("suppliers"); // Security check $contactid = isset($_GET["id"])?$_GET["id"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contact', $contactid,'',1); $search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"]; diff --git a/htdocs/contact/info.php b/htdocs/contact/info.php index efbd7647c74..cffef5b9471 100644 --- a/htdocs/contact/info.php +++ b/htdocs/contact/info.php @@ -34,6 +34,7 @@ $langs->load("companies"); // Security check $contactid = isset($_GET["id"])?$_GET["id"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contact',$contactid,'',1); diff --git a/htdocs/contact/ldap.php b/htdocs/contact/ldap.php index 91de26bd3d9..7d954fbba14 100644 --- a/htdocs/contact/ldap.php +++ b/htdocs/contact/ldap.php @@ -35,6 +35,7 @@ $langs->load("admin"); // Security check $contactid = isset($_GET["id"])?$_GET["id"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contact',$contactid,'',1); diff --git a/htdocs/contact/perso.php b/htdocs/contact/perso.php index e3802b1f964..16a4b1f3f7b 100644 --- a/htdocs/contact/perso.php +++ b/htdocs/contact/perso.php @@ -32,6 +32,7 @@ $langs->load("companies"); // Security check $contactid = isset($_GET["id"])?$_GET["id"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contact',$contactid,'',1); diff --git a/htdocs/contrat/contact.php b/htdocs/contrat/contact.php index 4e1c84fd1c1..cf9d924da2c 100644 --- a/htdocs/contrat/contact.php +++ b/htdocs/contrat/contact.php @@ -36,6 +36,7 @@ $langs->load("companies"); $contratid = isset($_GET["id"])?$_GET["id"]:''; // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contrat', $contratid); diff --git a/htdocs/contrat/fiche.php b/htdocs/contrat/fiche.php index f3f953a7dfb..ef858c1db26 100644 --- a/htdocs/contrat/fiche.php +++ b/htdocs/contrat/fiche.php @@ -37,6 +37,7 @@ $langs->load("bills"); $langs->load("products"); // Security check +if ($user->societe_id) $socid=$user->societe_id; $result=restrictedArea($user,'contrat',$contratid,'contrat'); diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index d785e27fa54..1c782b8a766 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -40,6 +40,7 @@ $statut=isset($_GET["statut"])?$_GET["statut"]:1; // Security check $contratid = isset($_GET["id"])?$_GET["id"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contrat',$contratid,'',1); $staticcontrat=new Contrat($db); diff --git a/htdocs/contrat/info.php b/htdocs/contrat/info.php index 01a2e5f970d..c138c0ce472 100644 --- a/htdocs/contrat/info.php +++ b/htdocs/contrat/info.php @@ -14,15 +14,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ */ /** \file htdocs/contrat/info.php \ingroup contrat \brief Page des informations d'un contrat - \version $Revision$ + \version $Id$ */ require("./pre.inc.php"); @@ -33,6 +31,7 @@ $langs->load("contracts"); // Security check $contratid = isset($_GET["id"])?$_GET["id"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contrat',$contratid,'',1); diff --git a/htdocs/contrat/liste.php b/htdocs/contrat/liste.php index 89cbf02bbd9..a26001b2907 100644 --- a/htdocs/contrat/liste.php +++ b/htdocs/contrat/liste.php @@ -49,6 +49,7 @@ if (! $sortorder) $sortorder="DESC"; // Security check $contratid = isset($_GET["id"])?$_GET["id"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contrat', $contratid,'',1); $staticcontrat=new Contrat($db); diff --git a/htdocs/contrat/note.php b/htdocs/contrat/note.php index 2925a948050..b62610374dc 100644 --- a/htdocs/contrat/note.php +++ b/htdocs/contrat/note.php @@ -38,6 +38,7 @@ $langs->load("contracts"); // Security check $contactid = isset($_GET["id"])?$_GET["id"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contact',$contactid,'',1); diff --git a/htdocs/contrat/services.php b/htdocs/contrat/services.php index 71fbab96d4a..2a00ac4ac78 100644 --- a/htdocs/contrat/services.php +++ b/htdocs/contrat/services.php @@ -50,6 +50,7 @@ $socid=$_GET["socid"]; // Security check $contratid = isset($_GET["id"])?$_GET["id"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contrat',$contratid,'',1); diff --git a/htdocs/docsoc.php b/htdocs/docsoc.php index f8fcabe5e67..e14a6552ede 100644 --- a/htdocs/docsoc.php +++ b/htdocs/docsoc.php @@ -34,13 +34,14 @@ $langs->load('other'); $mesg = ""; -$socid = isset($_GET["socid"])?$_GET["socid"]:''; $sortorder=$_GET["sortorder"]; $sortfield=$_GET["sortfield"]; if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="name"; // Security check +$socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe', $socid); /* diff --git a/htdocs/expedition/liste.php b/htdocs/expedition/liste.php index 5afa63f4442..e40352039a7 100644 --- a/htdocs/expedition/liste.php +++ b/htdocs/expedition/liste.php @@ -16,15 +16,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ */ /** \file htdocs/expedition/liste.php \ingroup expedition \brief Page de la liste des expéditions/livraisons + \version $Id$ */ require("./pre.inc.php"); @@ -33,6 +31,7 @@ $langs->load('companies'); // Security check $expeditionid = isset($_GET["id"])?$_GET["id"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'expedition',$expeditionid,'',1); diff --git a/htdocs/fichinter/contact.php b/htdocs/fichinter/contact.php index c929f66064a..778aa4e10d7 100644 --- a/htdocs/fichinter/contact.php +++ b/htdocs/fichinter/contact.php @@ -36,6 +36,7 @@ $langs->load("companies"); $fichinterid = isset($_GET["id"])?$_GET["id"]:''; // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter'); diff --git a/htdocs/fichinter/fiche.php b/htdocs/fichinter/fiche.php index 8e558409d15..d913058610b 100644 --- a/htdocs/fichinter/fiche.php +++ b/htdocs/fichinter/fiche.php @@ -49,6 +49,7 @@ if ($conf->use_javascript_ajax && $conf->global->COMPANY_USE_SEARCH_TO_SELECT && } // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter'); diff --git a/htdocs/fichinter/index.php b/htdocs/fichinter/index.php index 4929a045e09..063fa7a46aa 100644 --- a/htdocs/fichinter/index.php +++ b/htdocs/fichinter/index.php @@ -39,6 +39,7 @@ $page=$_GET["page"]?$_GET["page"]:$_POST["page"]; // Security check $fichinterid = isset($_GET["id"])?$_GET["id"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'ficheinter', $fichinterid,'',1); if (! $sortorder) $sortorder="DESC"; diff --git a/htdocs/fichinter/info.php b/htdocs/fichinter/info.php index 1b6725a0660..0a1288f175f 100644 --- a/htdocs/fichinter/info.php +++ b/htdocs/fichinter/info.php @@ -32,6 +32,7 @@ $langs->load('companies'); $fichinterid = isset($_GET["id"])?$_GET["id"]:''; // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter'); diff --git a/htdocs/fichinter/note.php b/htdocs/fichinter/note.php index 2051bf5b300..6ad31db484a 100644 --- a/htdocs/fichinter/note.php +++ b/htdocs/fichinter/note.php @@ -32,6 +32,7 @@ $langs->load('companies'); $fichinterid = isset($_GET["id"])?$_GET["id"]:''; // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter'); diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php index 6d32e31ccc8..f925c5fe807 100644 --- a/htdocs/fourn/commande/index.php +++ b/htdocs/fourn/commande/index.php @@ -29,6 +29,7 @@ require_once(DOL_DOCUMENT_ROOT."/contact.class.php"); // Security check $orderid = isset($_GET["orderid"])?$_GET["orderid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'commande_fournisseur', $orderid,'',1); diff --git a/htdocs/fourn/commande/liste.php b/htdocs/fourn/commande/liste.php index 71b11463651..30e2e1db775 100644 --- a/htdocs/fourn/commande/liste.php +++ b/htdocs/fourn/commande/liste.php @@ -35,6 +35,7 @@ $sortfield = $_GET["sortfield"]; // Security check $orderid = isset($_GET["orderid"])?$_GET["orderid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'commande_fournisseur', $orderid,'',1); diff --git a/htdocs/fourn/fiche-stats.php b/htdocs/fourn/fiche-stats.php index b305825917c..6a921452117 100644 --- a/htdocs/fourn/fiche-stats.php +++ b/htdocs/fourn/fiche-stats.php @@ -38,6 +38,7 @@ $langs->load('commercial'); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,'',1); diff --git a/htdocs/fourn/fiche.php b/htdocs/fourn/fiche.php index 0d51c72e7b5..b5ed16d3c81 100644 --- a/htdocs/fourn/fiche.php +++ b/htdocs/fourn/fiche.php @@ -38,6 +38,7 @@ $langs->load('commercial'); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,'',1); diff --git a/htdocs/fourn/index.php b/htdocs/fourn/index.php index dd069402a95..26b60a2e933 100644 --- a/htdocs/fourn/index.php +++ b/htdocs/fourn/index.php @@ -35,6 +35,7 @@ $langs->load("companies"); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,'',1); diff --git a/htdocs/fourn/liste.php b/htdocs/fourn/liste.php index 430aad9b685..4e2003cf5b3 100644 --- a/htdocs/fourn/liste.php +++ b/htdocs/fourn/liste.php @@ -46,6 +46,7 @@ $langs->load("companies"); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,'',1); diff --git a/htdocs/fourn/stats.php b/htdocs/fourn/stats.php index f5d64d28825..07f1169d948 100644 --- a/htdocs/fourn/stats.php +++ b/htdocs/fourn/stats.php @@ -42,6 +42,7 @@ $search_ville = isset($_GET["search_ville"])?$_GET["search_ville"]:''; // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,'',1); if ($page == -1) { $page = 0 ; } diff --git a/htdocs/projet/commandes.php b/htdocs/projet/commandes.php index 047367c00ee..d1391d72a07 100644 --- a/htdocs/projet/commandes.php +++ b/htdocs/projet/commandes.php @@ -42,6 +42,7 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; } if ($projetid == '') accessforbidden(); // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'projet', $projetid); diff --git a/htdocs/projet/facture.php b/htdocs/projet/facture.php index a83d81eee91..d400ace1af4 100644 --- a/htdocs/projet/facture.php +++ b/htdocs/projet/facture.php @@ -42,6 +42,7 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; } if ($projetid == '') accessforbidden(); // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'projet', $projetid); diff --git a/htdocs/projet/fiche.php b/htdocs/projet/fiche.php index 6fce51340ec..dfdb9005c53 100644 --- a/htdocs/projet/fiche.php +++ b/htdocs/projet/fiche.php @@ -37,6 +37,7 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; } if ($projetid == '' && ($_GET['action'] != "create" && $_POST['action'] != "add" && $_POST["action"] != "update" && !$_POST["cancel"])) accessforbidden(); // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'projet', $projetid); diff --git a/htdocs/projet/propal.php b/htdocs/projet/propal.php index 90875952425..fe9829f1388 100644 --- a/htdocs/projet/propal.php +++ b/htdocs/projet/propal.php @@ -42,6 +42,7 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; } if ($projetid == '') accessforbidden(); // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'projet', $projetid); diff --git a/htdocs/projet/tasks/fiche.php b/htdocs/projet/tasks/fiche.php index e132e943d3b..d3b71e05e93 100644 --- a/htdocs/projet/tasks/fiche.php +++ b/htdocs/projet/tasks/fiche.php @@ -37,6 +37,7 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; } if ($projetid == '') accessforbidden(); // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'projet', $projetid); diff --git a/htdocs/soc.php b/htdocs/soc.php index e2c97b8295f..f5a80a80652 100644 --- a/htdocs/soc.php +++ b/htdocs/soc.php @@ -34,9 +34,9 @@ $langs->load("companies"); $langs->load("commercial"); $langs->load("bills"); -$socid = isset($_GET["socid"])?$_GET["socid"]:''; - // Security check +$socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe', $socid); // Initialisation de l'objet Societe diff --git a/htdocs/societe.php b/htdocs/societe.php index 3f6bbb0e3ff..595ee0cf442 100644 --- a/htdocs/societe.php +++ b/htdocs/societe.php @@ -33,6 +33,7 @@ $langs->load("customers"); $langs->load("suppliers"); // Security check +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe','','',1); $search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"]; diff --git a/htdocs/societe/commerciaux.php b/htdocs/societe/commerciaux.php index 76aeeb302b3..53bbb7cdbfe 100644 --- a/htdocs/societe/commerciaux.php +++ b/htdocs/societe/commerciaux.php @@ -35,6 +35,7 @@ $langs->load("banks"); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe','','',1); diff --git a/htdocs/societe/info.php b/htdocs/societe/info.php index d7e601ce703..29ea57ee5bd 100644 --- a/htdocs/societe/info.php +++ b/htdocs/societe/info.php @@ -32,6 +32,7 @@ $langs->load("other"); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe','','',1); diff --git a/htdocs/societe/lien.php b/htdocs/societe/lien.php index 331079afef8..48ce4f7cdcc 100644 --- a/htdocs/societe/lien.php +++ b/htdocs/societe/lien.php @@ -34,6 +34,7 @@ $langs->load("banks"); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe','','',1); diff --git a/htdocs/societe/notify/fiche.php b/htdocs/societe/notify/fiche.php index 11c34ab9130..23a5661913d 100644 --- a/htdocs/societe/notify/fiche.php +++ b/htdocs/societe/notify/fiche.php @@ -33,6 +33,7 @@ $langs->load("mails"); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe','','',1); $sortorder=$_GET["sortorder"]; diff --git a/htdocs/societe/rib.php b/htdocs/societe/rib.php index 2d059864db0..55f49cde692 100644 --- a/htdocs/societe/rib.php +++ b/htdocs/societe/rib.php @@ -34,6 +34,7 @@ $langs->load("banks"); // Security check $socid = isset($_GET["socid"])?$_GET["socid"]:''; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe','','',1); $soc = new Societe($db); diff --git a/htdocs/socnote.php b/htdocs/socnote.php index 638e8ebcb9d..7021168de05 100644 --- a/htdocs/socnote.php +++ b/htdocs/socnote.php @@ -32,10 +32,9 @@ $action = isset($_GET["action"])?$_GET["action"]:$_POST["action"]; $langs->load("companies"); -// Protection quand utilisateur externe -$socid = isset($_GET["socid"])?$_GET["socid"]:$_POST["socid"]; - // Security check +$socid = isset($_GET["socid"])?$_GET["socid"]:$_POST["socid"]; +if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe', $socid); if ($_POST["action"] == 'add')