Fix: security

2009-07-09 15:37:27 +00:00 · 2009-07-09 15:37:27 +00:00 · 8c68711e02
commit 8c68711e02
parent 6d4d493c36
4 changed files with 7 additions and 12 deletions
--- a/htdocs/fourn/facture/contact.php
+++ b/htdocs/fourn/facture/contact.php
@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2005      Patrick Rouillon     <patrick@rouillon.net>
 * Copyright (C) 2005-2009 Destailleur Laurent  <eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -37,7 +38,7 @@ $facid = isset($_GET["facid"])?$_GET["facid"]:'';

 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'fournisseur', $facid, '', 'facture');
+$result = restrictedArea($user, 'fournisseur', $facid, 'facture_fourn', 'facture');


 /*
--- a/htdocs/fourn/facture/document.php
+++ b/htdocs/fourn/facture/document.php
@ -32,8 +32,6 @@ require_once(DOL_DOCUMENT_ROOT.'/lib/fourn.lib.php');
 require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/html.formfile.class.php");

-if (!$user->rights->fournisseur->facture->lire) accessforbidden();
-
 $langs->load('bills');
 $langs->load('other');
 $langs->load("companies");
@ -43,7 +41,7 @@ $action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action'

 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'fournisseur', $facid, '', 'facture');
+$result = restrictedArea($user, 'fournisseur', $facid, 'facture_fourn', 'facture');

 // Get parameters
 $page=$_GET["page"];
--- a/htdocs/fourn/facture/info.php
+++ b/htdocs/fourn/facture/info.php
@ -29,15 +29,13 @@ require('./pre.inc.php');
 require_once(DOL_DOCUMENT_ROOT."/lib/functions2.lib.php");
 require_once(DOL_DOCUMENT_ROOT.'/lib/fourn.lib.php');

-if (!$user->rights->fournisseur->facture->lire) accessforbidden();
-
 $langs->load('bills');

 $facid = isset($_GET["facid"])?$_GET["facid"]:'';

 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'fournisseur', $facid, '', 'facture');
+$result = restrictedArea($user, 'fournisseur', $facid, 'facture_fourn', 'facture');

 llxHeader();

--- a/htdocs/fourn/facture/note.php
+++ b/htdocs/fourn/facture/note.php
@ -28,8 +28,6 @@
 require("./pre.inc.php");
 require_once(DOL_DOCUMENT_ROOT.'/lib/fourn.lib.php');

-if (!$user->rights->fournisseur->facture->lire) accessforbidden();
-
 $langs->load('bills');
 $langs->load("companies");

@ -38,7 +36,7 @@ $action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action'

 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'fournisseur', $facid, '', 'facture');
+$result = restrictedArea($user, 'fournisseur', $facid, 'facture_fourn', 'facture');

 $fac = new FactureFournisseur($db);
 $fac->fetch($_GET["facid"]);
@ -109,7 +107,7 @@ if ($_GET["facid"])
 	print '<tr><td nowrap="nowrap">'.$langs->trans("RefSupplier").'</td><td colspan="3">'.$fac->ref_supplier.'</td>';
 	print "</tr>\n";

-    // Société
+    // Soci<EFBFBD>t<EFBFBD>
    print '<tr><td>'.$langs->trans('Company').'</td><td colspan="3">'.$fac->fournisseur->getNomUrl(1).'</td></tr>';

 	// Note publique
@ -130,7 +128,7 @@ if ($_GET["facid"])
    }
 	print "</td></tr>";

-	// Note privée
+	// Note priv<EFBFBD>e
 	if (! $user->societe_id)
 	{
 	    print '<tr><td valign="top">'.$langs->trans("NotePrivate").' :</td>';