lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #17531 from daraelmin/daraelmin-patch-1

Browse Source 
Fix vulnerability - Wrong permission in adherent card
This commit is contained in:
Laurent Destailleur 2021-05-11 19:17:33 +02:00 committed by GitHub
commit 74de4edc42
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/adherents/card.php
View File

@ -1891,7 +1891,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
}*/
// Modify
if (!$user->rights->adherent->creer) {
if (!empty($user->rights->adherent->creer)) {
print '<a class="butAction" href="card.php?rowid='.$id.'&action=edit">'.$langs->trans("Modify").'</a>'."\n";
} else {
print '<span class="butActionRefused classfortooltip" title="'.dol_escape_htmltag($langs->trans("NotEnoughPermissions")).'">'.$langs->trans("Modify").'</span>'."\n";