amlioration de la scurit

This commit is contained in:
Regis Houssin 2006-03-10 10:19:56 +00:00
parent f501321470
commit 83051a8c7c
2 changed files with 19 additions and 2 deletions

View File

@ -36,7 +36,7 @@ $langs->load('bills');
$langs->load('orders');
$langs->load('companies');
$socidp = isset($_GET["socid"])?$_GET["socid"]:'';
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
if ($socid == '') accessforbidden();

View File

@ -44,12 +44,29 @@ if (! $user->rights->societe->creer)
}
}
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
if ($socid == '') accessforbidden();
// Sécurité accés client
if ($user->societe_id > 0)
{
$_GET["action"] = '';
$_POST["action"] = '';
$_GET["socid"] = $user->societe_id;
$socid = $user->societe_id;
}
// Protection restriction commercial
if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
{
$sql = "SELECT sc.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE fk_soc = ".$socid." AND fk_user = ".$user->id;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
$soc = new Societe($db);