Fix: security with multi-company

2009-05-04 08:48:49 +00:00 · 2009-05-04 08:48:49 +00:00 · 9037816c33
commit 9037816c33
parent 8b02eb1f3f
16 changed files with 16 additions and 16 deletions
--- a/htdocs/product/barcode.php
+++ b/htdocs/product/barcode.php
@ -37,7 +37,7 @@ $langs->load("bills");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/document.php
+++ b/htdocs/product/document.php
@ -42,7 +42,7 @@ $action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action'
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/fiche.php
+++ b/htdocs/product/fiche.php
@ -44,7 +44,7 @@ $langs->load("stocks");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/fournisseurs.php
+++ b/htdocs/product/fournisseurs.php
@ -39,7 +39,7 @@ $langs->load("bills");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/photos.php
+++ b/htdocs/product/photos.php
@ -38,7 +38,7 @@ $langs->load("bills");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/price.php
+++ b/htdocs/product/price.php
@ -38,7 +38,7 @@ $langs->load("bills");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/sousproduits/fiche.php
+++ b/htdocs/product/sousproduits/fiche.php
@ -39,7 +39,7 @@ $langs->load("products");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/stats/commande.php
+++ b/htdocs/product/stats/commande.php
@ -39,7 +39,7 @@ $langs->load("companies");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/stats/commande_fournisseur.php
+++ b/htdocs/product/stats/commande_fournisseur.php
@ -39,7 +39,7 @@ $langs->load("companies");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/stats/contrat.php
+++ b/htdocs/product/stats/contrat.php
@ -38,7 +38,7 @@ $langs->load("companies");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/stats/facture.php
+++ b/htdocs/product/stats/facture.php
@ -39,7 +39,7 @@ $langs->load("products");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/stats/facture_fournisseur.php
+++ b/htdocs/product/stats/facture_fournisseur.php
@ -40,7 +40,7 @@ $langs->load("companies");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/stats/fiche.php
+++ b/htdocs/product/stats/fiche.php
@ -42,7 +42,7 @@ $mode=isset($_GET["mode"])?$_GET["mode"]:'byunit';
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/stats/propal.php
+++ b/htdocs/product/stats/propal.php
@ -38,7 +38,7 @@ $langs->load("companies");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/stock/product.php
+++ b/htdocs/product/stock/product.php
@ -40,7 +40,7 @@ $langs->load("bills");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/product/traduction.php
+++ b/htdocs/product/traduction.php
@ -39,7 +39,7 @@ $langs->load("bills");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_REQUEST["ref"])?'ref':'rowid';
+	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }

 if ($user->societe_id) $socid=$user->societe_id;