From 899f4df9ed92a284f857579ed27c805ad57e0d4b Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Fri, 3 Aug 2012 11:56:42 +0200
Subject: [PATCH] Fix: [bug #478] Can access pages belonging to disabled
 modules

---
 htdocs/compta/journal/purchasesjournal.php | 13 +++++++------
 htdocs/compta/journal/sellsjournal.php     | 13 +++++++------
 htdocs/product/admin/product.php           |  3 ++-
 3 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/htdocs/compta/journal/purchasesjournal.php b/htdocs/compta/journal/purchasesjournal.php
index 8b9ba496dad..08414dccbb9 100755
--- a/htdocs/compta/journal/purchasesjournal.php
+++ b/htdocs/compta/journal/purchasesjournal.php
@@ -1,7 +1,8 @@
 <?php
-/* Copyright (C) 2007-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2007-2010 Jean Heimburger  <jean@tiaris.info>
- * Copyright (C) 2011	   Juanjo Menent    <jmenent@2byte.es>
+/* Copyright (C) 2007-2010	Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2007-2010	Jean Heimburger		<jean@tiaris.info>
+ * Copyright (C) 2011		Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2012		Regis Houssin		<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -33,9 +34,9 @@ $langs->load("compta");
 
 // Protection if external user
 if ($user->societe_id > 0)
-{
 	accessforbidden();
-}
+
+$result = restrictedArea($user, 'societe&facture');
 
 
 /*******************************************************************
@@ -216,4 +217,4 @@ print "</table>";
 llxFooter();
 
 $db->close();
-?>
\ No newline at end of file
+?>
diff --git a/htdocs/compta/journal/sellsjournal.php b/htdocs/compta/journal/sellsjournal.php
index 1a0e273776a..54763392ef7 100755
--- a/htdocs/compta/journal/sellsjournal.php
+++ b/htdocs/compta/journal/sellsjournal.php
@@ -1,7 +1,8 @@
 <?php
-/* Copyright (C) 2007-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2007-2010 Jean Heimburger  <jean@tiaris.info>
- * Copyright (C) 2011	   Juanjo Menent    <jmenent@2byte.es>
+/* Copyright (C) 2007-2010	Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2007-2010	Jean Heimburger		<jean@tiaris.info>
+ * Copyright (C) 2011		Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2012		Regis Houssin		<regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -34,9 +35,9 @@ $langs->load("compta");
 
 // Protection if external user
 if ($user->societe_id > 0)
-{
 	accessforbidden();
-}
+
+$result = restrictedArea($user, 'societe&facture');
 
 
 /*******************************************************************
@@ -209,4 +210,4 @@ print "</table>";
 // End of page
 $db->close();
 llxFooter();
-?>
\ No newline at end of file
+?>
diff --git a/htdocs/product/admin/product.php b/htdocs/product/admin/product.php
index 3df46970edc..def73f8b66f 100644
--- a/htdocs/product/admin/product.php
+++ b/htdocs/product/admin/product.php
@@ -36,7 +36,8 @@ $langs->load("admin");
 $langs->load("products");
 
 // Security check
-if (! $user->admin) accessforbidden();
+if (! $user->admin || empty($conf->product->enabled))
+	accessforbidden();
 
 $action = GETPOST('action','alpha');
 $value = GETPOST('value','alpha');