From 67377f7729d988111e9364aae22df5a60656c919 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Fri, 1 May 2009 10:24:32 +0000
Subject: [PATCH] Fix: security check in user/group

---
 htdocs/user/fiche.php       | 2 +-
 htdocs/user/group/fiche.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php
index 9e2424baea1..f1d243d5514 100644
--- a/htdocs/user/fiche.php
+++ b/htdocs/user/fiche.php
@@ -52,7 +52,7 @@ if ($_GET["id"])
 }
 
 // Security check
-$result = restrictedArea($user, 'user',$_GET["id"]);
+$result = restrictedArea($user, 'user', $_GET["id"], '', 'user');
 if ($user->id <> $_GET["id"] && ! $canreadperms) accessforbidden();
 
 $langs->load("users");
diff --git a/htdocs/user/group/fiche.php b/htdocs/user/group/fiche.php
index a38ad674077..92b603df0ab 100644
--- a/htdocs/user/group/fiche.php
+++ b/htdocs/user/group/fiche.php
@@ -37,7 +37,7 @@ $langs->load("users");
 $langs->load("other");
 
 // Security check
-$result = restrictedArea($user, 'usergroup',$_GET["id"]);
+$result = restrictedArea($user, 'user', $_GET["id"], '', 'user');
 
 $action=isset($_GET["action"])?$_GET["action"]:$_POST["action"];