am�lioration de la s�curit�

2006-03-10 17:13:31 +00:00 · 2006-03-10 17:13:31 +00:00 · 9352e6d5c7
commit 9352e6d5c7
parent 82e4d84b5e
1 changed files with 4 additions and 3 deletions
--- a/htdocs/projet/facture.php
+++ b/htdocs/projet/facture.php
@ -49,18 +49,19 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; }

 if ($projetid == '') accessforbidden();

-
 if ($user->societe_id > 0) 
 {
  $socidp = $user->societe_id;
 }

 // Protection restriction commercial
-if (!$user->rights->commercial->client->voir && $projetid && !$user->societe_id > 0)
+if ($projetid)
 {
        $sql = "SELECT sc.fk_soc, p.rowid, p.fk_soc";
        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."projet as p";
-        $sql .= " WHERE p.rowid = ".$projetid." AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id;
+        $sql .= " WHERE p.rowid = ".$projetid;
+        if (!$user->rights->commercial->client->voir) $sql .= " AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id;
+        if ($socidp) $sql .= " AND p.fk_soc = ".$socidp;

        if ( $db->query($sql) )
        {