lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: wrong method

Browse Source
This commit is contained in:
Regis Houssin 2012-10-20 11:10:36 +02:00
parent 033e9066fb
commit 97245d36aa
2 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
htdocs/user/class/user.class.php
View File

@ -303,7 +303,7 @@ class User extends CommonObject
// les caracteristiques (module, perms et subperms) de ce droit.
$sql = "SELECT module, perms, subperms";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def";
$sql.= " WHERE id = '".$this->escape($rid)."'";
$sql.= " WHERE id = '".$this->db->escape($rid)."'";
$sql.= " AND entity = ".$entity;
$result=$this->db->query($sql);
@ -319,7 +319,7 @@ class User extends CommonObject
}
// Where pour la liste des droits a ajouter
$whereforadd="id=".$this->escape($rid);
$whereforadd="id=".$this->db->escape($rid);
// Ajout des droits induits
if (! empty($subperms)) $whereforadd.=" OR (module='$module' AND perms='$perms' AND (subperms='lire' OR subperms='read'))";
else if (! empty($perms)) $whereforadd.=" OR (module='$module' AND (perms='lire' OR perms='read') AND subperms IS NULL)";
@ -328,8 +328,8 @@ class User extends CommonObject
// On a pas demande un droit en particulier mais une liste de droits
// sur la base d'un nom de module de de perms
// Where pour la liste des droits a ajouter
if (! empty($allmodule)) $whereforadd="module='".$this->escape($allmodule)."'";
if (! empty($allperms)) $whereforadd=" AND perms='".$this->escape($allperms)."'";
if (! empty($allmodule)) $whereforadd="module='".$this->db->escape($allmodule)."'";
if (! empty($allperms)) $whereforadd=" AND perms='".$this->db->escape($allperms)."'";
}
// Ajout des droits trouves grace au critere whereforadd
@ -403,7 +403,7 @@ class User extends CommonObject
// les caracteristiques module, perms et subperms de ce droit.
$sql = "SELECT module, perms, subperms";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def";
$sql.= " WHERE id = '".$this->escape($rid)."'";
$sql.= " WHERE id = '".$this->db->escape($rid)."'";
$sql.= " AND entity = ".$entity;
$result=$this->db->query($sql);
@ -419,7 +419,7 @@ class User extends CommonObject
}
// Where pour la liste des droits a supprimer
$wherefordel="id=".$this->escape($rid);
$wherefordel="id=".$this->db->escape($rid);
// Suppression des droits induits
if ($subperms=='lire' || $subperms=='read') $wherefordel.=" OR (module='$module' AND perms='$perms' AND subperms IS NOT NULL)";
if ($perms=='lire' || $perms=='read') $wherefordel.=" OR (module='$module')";
@ -427,8 +427,8 @@ class User extends CommonObject
else {
// On a demande suppression d'un droit sur la base d'un nom de module ou perms
// Where pour la liste des droits a supprimer
if (! empty($allmodule)) $wherefordel="module='".$this->escape($allmodule)."'";
if (! empty($allperms)) $wherefordel=" AND perms='".$this->escape($allperms)."'";
if (! empty($allmodule)) $wherefordel="module='".$this->db->escape($allmodule)."'";
if (! empty($allperms)) $wherefordel=" AND perms='".$this->db->escape($allperms)."'";
}
// Suppression des droits selon critere defini dans wherefordel

16
htdocs/user/class/usergroup.class.php
View File

@ -245,7 +245,7 @@ class UserGroup extends CommonObject
// les caracteristiques (module, perms et subperms) de ce droit.
$sql = "SELECT module, perms, subperms";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def";
$sql.= " WHERE id = '".$this->escape($rid)."'";
$sql.= " WHERE id = '".$this->db->escape($rid)."'";
$sql.= " AND entity = ".$conf->entity;
$result=$this->db->query($sql);
@ -261,7 +261,7 @@ class UserGroup extends CommonObject
}
// Where pour la liste des droits a ajouter
$whereforadd="id=".$this->escape($rid);
$whereforadd="id=".$this->db->escape($rid);
// Ajout des droits induits
if ($subperms) $whereforadd.=" OR (module='$module' AND perms='$perms' AND (subperms='lire' OR subperms='read'))";
else if ($perms) $whereforadd.=" OR (module='$module' AND (perms='lire' OR perms='read') AND subperms IS NULL)";
@ -272,8 +272,8 @@ class UserGroup extends CommonObject
}
else {
// Where pour la liste des droits a ajouter
if (! empty($allmodule)) $whereforadd="module='".$this->escape($allmodule)."'";
if (! empty($allperms)) $whereforadd=" AND perms='".$this->escape($allperms)."'";
if (! empty($allmodule)) $whereforadd="module='".$this->db->escape($allmodule)."'";
if (! empty($allperms)) $whereforadd=" AND perms='".$this->db->escape($allperms)."'";
}
// Ajout des droits de la liste whereforadd
@ -345,7 +345,7 @@ class UserGroup extends CommonObject
// les caracteristiques module, perms et subperms de ce droit.
$sql = "SELECT module, perms, subperms";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def";
$sql.= " WHERE id = '".$this->escape($rid)."'";
$sql.= " WHERE id = '".$this->db->escape($rid)."'";
$sql.= " AND entity = ".$conf->entity;
$result=$this->db->query($sql);
@ -361,7 +361,7 @@ class UserGroup extends CommonObject
}
// Where pour la liste des droits a supprimer
$wherefordel="id=".$this->escape($rid);
$wherefordel="id=".$this->db->escape($rid);
// Suppression des droits induits
if ($subperms=='lire' || $subperms=='read') $wherefordel.=" OR (module='$module' AND perms='$perms' AND subperms IS NOT NULL)";
if ($perms=='lire' || $perms=='read') $wherefordel.=" OR (module='$module')";
@ -372,8 +372,8 @@ class UserGroup extends CommonObject
}
else {
// Where pour la liste des droits a supprimer
if (! empty($allmodule)) $wherefordel="module='".$this->escape($allmodule)."'";
if (! empty($allperms)) $wherefordel=" AND perms='".$this->escape($allperms)."'";
if (! empty($allmodule)) $wherefordel="module='".$this->db->escape($allmodule)."'";
if (! empty($allperms)) $wherefordel=" AND perms='".$this->db->escape($allperms)."'";
}
// Suppression des droits de la liste wherefordel