lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Security check

Browse Source
This commit is contained in:
Laurent Destailleur 2008-02-24 13:18:40 +00:00
parent ec536cb582
commit 99297fea62
31 changed files with 148 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/categories/categorie.php
View File

@ -49,8 +49,8 @@ else
accessforbidden();
}
// Securite d'acces client et commerciaux
$objectid = restrictedArea($user, $type, $objectid);
// Security check
$result = restrictedArea($user, $type, $objectid);

10
htdocs/comm/adresse_livraison.php
View File

@ -16,16 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/comm/adresse_livraison.php
\ingroup societe
\brief Onglet adresse de livraison d'un client
\version $Revision$
\version $Id$
*/
require("pre.inc.php");
@ -41,8 +38,9 @@ $originid = isset($_GET["originid"])?$_GET["originid"]:'';
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
if (! $socid && ($_REQUEST["action"] != 'create' && $_REQUEST["action"] != 'add' && $_REQUEST["action"] != 'update')) accessforbidden();
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'societe', $socid);
// Security check
$result = restrictedArea($user, 'societe', $socid);
/*
* Actions

9
htdocs/comm/clients.php
View File

@ -15,22 +15,19 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/comm/clients.php
\ingroup commercial, societe
\brief Liste des clients
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'societe','','',1);
// Security check
$result = restrictedArea($user, 'societe','','',1);
$page=$_GET["page"];
$sortorder=$_GET["sortorder"];

15
htdocs/comm/contact.php
View File

@ -16,16 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/comm/contact.php
\ingroup commercial
\brief Liste des contacts
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@ -44,12 +41,16 @@ $offset = $limit * $page ;
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$type=$_GET["type"];
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'societe');
// Security check
$result = restrictedArea($user, 'societe');
/*
* View
*/
llxHeader('','Contacts');
if ($type == "c")
{
$label = $langs->trans("Customers");

2
htdocs/comm/fiche.php
View File

@ -43,7 +43,7 @@ if ($conf->fichinter->enabled) $langs->load("interventions");
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
// Securite d'acces client et commerciaux
// Security check
$result = restrictedArea($user, 'societe', $socid);
$sortorder=$_GET["sortorder"];

15
htdocs/comm/propal.php
View File

@ -19,14 +19,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/comm/propal.php
\ingroup propale
\brief Page liste des propales (vision commercial)
\file htdocs/comm/propal.php
\ingroup propale
\brief Page liste des propales (vision commercial)
\version $Id$
*/
require("./pre.inc.php");
@ -51,7 +50,7 @@ if (isset($_GET["msg"])) { $mesg=urldecode($_GET["mesg"]); }
$year=isset($_GET["year"])?$_GET["year"]:"";
$month=isset($_GET["month"])?$_GET["month"]:"";
// Sécurité accés client
// Security check
$module='propale';
if (isset($_GET["socid"]))
{
@ -65,9 +64,7 @@ else if (isset($_GET["propalid"]) && $_GET["propalid"] > 0)
$module='propale';
$dbtable='propal';
}
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, $module, $objectid, $dbtable);
$result = restrictedArea($user, $module, $objectid, $dbtable);
// Nombre de ligne pour choix de produit/service predefinis
$NBLINES=4;

15
htdocs/comm/propal/aideremise.php
View File

@ -15,16 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*
*/
/**
\file htdocs/comm/propal/aideremise.php
\ingroup propale
\brief Page de simulation des remises
\version $Id$
*/
require("./pre.inc.php");
@ -32,8 +29,8 @@ include_once(DOL_DOCUMENT_ROOT."/propal.class.php");
$propalid = isset($_GET["propalid"])?$_GET["propalid"]:'';
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'propale', $propalid, 'propal');
// Security cehck
$result = restrictedArea($user, 'propale', $propalid, 'propal');
/******************************************************************************/
@ -42,11 +39,13 @@ $socid = restrictedArea($user, 'propale', $propalid, 'propal');
llxHeader();
/******************************************************************************/
/* Fin des Actions */
/* View */
/******************************************************************************/
llxHeader();
/*
*
* Mode fiche

13
htdocs/comm/propal/apercu.php
View File

@ -17,15 +17,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/comm/propal/apercu.php
\ingroup propal
\brief Page de l'onglet aperçu d'une propal
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@ -41,8 +39,13 @@ $langs->load('compta');
$propalid = isset($_GET["propalid"])?$_GET["propalid"]:'';
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'propale', $propalid, 'propal');
// Security check
$result = restrictedArea($user, 'propale', $propalid, 'propal');
/*
* View
*/
llxHeader();

9
htdocs/comm/propal/contact.php
View File

@ -15,15 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/comm/propal/contact.php
\ingroup propal
\brief Onglet de gestion des contacts de propal
\version $Revision$
\version $Id$
*/
require ("./pre.inc.php");
@ -38,8 +36,9 @@ $langs->load("companies");
$propalid = isset($_GET["propalid"])?$_GET["propalid"]:'';
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'propale', $propalid, 'propal');
// Security check
$result = restrictedArea($user, 'propale', $propalid, 'propal');
/*
* Ajout d'un nouveau contact

8
htdocs/comm/propal/document.php
View File

@ -17,15 +17,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/comm/propal/document.php
\ingroup propale
\brief Page de gestion des documents attachées à une proposition commerciale
\version $Revision$
\version $Id$
*/
require('./pre.inc.php');
@ -40,8 +38,8 @@ $action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action'
$propalid = isset($_GET["propalid"])?$_GET["propalid"]:'';
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'propale', $propalid, 'propal');
// Security check
$result = restrictedArea($user, 'propale', $propalid, 'propal');
/*

9
htdocs/comm/propal/info.php
View File

@ -16,16 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/comm/propal/info.php
\ingroup propale
\brief Page d'affichage des infos d'une proposition commerciale
\version $Revision$
\version $Id$
*/
require('./pre.inc.php');
@ -37,8 +34,8 @@ $langs->load('compta');
$propalid = isset($_GET["propalid"])?$_GET["propalid"]:'';
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'propale', $propalid, 'propal');
// Security check
$result = restrictedArea($user, 'propale', $propalid, 'propal');
/*

11
htdocs/comm/propal/note.php
View File

@ -17,16 +17,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/comm/propal/note.php
\ingroup propale
\brief Fiche d'information sur une proposition commerciale
\version $Revision$
\version $Id$
*/
require('./pre.inc.php');
@ -39,8 +36,10 @@ $langs->load('bills');
$propalid = isset($_GET["propalid"])?$_GET["propalid"]:'';
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'propale', $propalid, 'propal');
// Security check
$result = restrictedArea($user, 'propale', $propalid, 'propal');
/******************************************************************************/
/* Actions */

10
htdocs/commande/contact.php
View File

@ -15,16 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/commande/contact.php
\ingroup commande
\brief Onglet de gestion des contacts de commande
\version $Revision$
\version $Id$
*/
require ("./pre.inc.php");
@ -39,8 +36,9 @@ $langs->load("companies");
$commandeid = isset($_GET["id"])?$_GET["id"]:'';
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'commande', $commandeid);
// Security check
$result = restrictedArea($user, 'commande', $commandeid);
/*
* Ajout d'un nouveau contact

9
htdocs/compta/facture/contact.php
View File

@ -15,15 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/compta/facture/contact.php
\ingroup facture
\brief Onglet de gestion des contacts des factures
\version $Revision$
\version $Id$
*/
require ("./pre.inc.php");
@ -36,8 +34,9 @@ $langs->load("companies");
$facid = isset($_GET["facid"])?$_GET["facid"]:'';
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'facture', $facid);
// Security check
$result = restrictedArea($user, 'facture', $facid);
/*
* Ajout d'un nouveau contact

13
htdocs/compta/propal.php
View File

@ -17,14 +17,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/compta/propal.php
\ingroup propale
\brief Page liste des propales (vision compta)
\file htdocs/compta/propal.php
\ingroup propale
\brief Page liste des propales (vision compta)
\version $Id$
*/
require("./pre.inc.php");
@ -64,8 +63,8 @@ else if (! empty($_GET["propalid"]))
$dbtable='propal';
}
// S<EFBFBD>curit<EFBFBD> d'acc<63>s client et commerciaux
$socid = restrictedArea($user, $module, $objectid, $dbtable);
// Security check
$result = restrictedArea($user, $module, $objectid, $dbtable);

10
htdocs/contrat/contact.php
View File

@ -15,16 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/contrat/contact.php
\ingroup contrat
\brief Onglet de gestion des contacts des contrats
\version $Revision$
\version $Id$
*/
require ("./pre.inc.php");
@ -38,8 +35,9 @@ $langs->load("companies");
$contratid = isset($_GET["id"])?$_GET["id"]:'';
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'contrat', $contratid);
// Security check
$result = restrictedArea($user, 'contrat', $contratid);
/*
* Ajout d'un nouveau contact

2
htdocs/contrat/fiche.php
View File

@ -37,7 +37,7 @@ $langs->load("bills");
$langs->load("products");
// Security check
restrictedArea($user,'contrat',$contratid,'contrat');
$result=restrictedArea($user,'contrat',$contratid,'contrat');

8
htdocs/docsoc.php
View File

@ -16,15 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/docsoc.php
\brief Fichier onglet documents li<EFBFBD>s <EFBFBD> la soci<EFBFBD>t<EFBFBD>
\ingroup societe
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@ -42,8 +40,8 @@ $sortfield=$_GET["sortfield"];
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
// S<EFBFBD>curit<EFBFBD> d'acc<63>s client et commerciaux
$socid = restrictedArea($user, 'societe', $socid);
// Security check
$result = restrictedArea($user, 'societe', $socid);
/*
* Actions

9
htdocs/fichinter/contact.php
View File

@ -15,15 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/fichinter/contact.php
\ingroup fichinter
\brief Onglet de gestion des contacts de fiche d'intervention
\version $Revision$
\version $Id$
*/
require ("./pre.inc.php");
@ -37,8 +35,9 @@ $langs->load("companies");
$fichinterid = isset($_GET["id"])?$_GET["id"]:'';
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');
// Security check
$result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');
/*
* Ajout d'un nouveau contact

15
htdocs/fichinter/fiche.php
View File

@ -16,15 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/fichinter/fiche.php
\brief Fichier fiche intervention
\ingroup ficheinter
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@ -41,12 +39,8 @@ if (defined("FICHEINTER_ADDON") && is_readable(DOL_DOCUMENT_ROOT ."/includes/mod
$langs->load("companies");
$langs->load("interventions");
// Get parameters
$fichinterid = isset($_GET["id"])?$_GET["id"]:'';
// Securite d'acces client et commerciaux
$socid = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');
//Recupere le resultat de la recherche Ajax
//Todo: voir pour le supprimer par la suite
if ($conf->use_javascript_ajax && $conf->global->COMPANY_USE_SEARCH_TO_SELECT && $_POST['socid_id'])
@ -54,6 +48,11 @@ if ($conf->use_javascript_ajax && $conf->global->COMPANY_USE_SEARCH_TO_SELECT &&
$_POST['socid'] = $_POST['socid_id'];
}
// Security check
$result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');
/*
* Traitements des actions
*/

20
htdocs/fichinter/info.php
View File

@ -14,16 +14,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/fichinter/info.php
\ingroup fichinter
\brief Page d'affichage des infos d'une fiche d'intervention
\version $Revision$
\file htdocs/fichinter/info.php
\ingroup fichinter
\brief Page d'affichage des infos d'une fiche d'intervention
\version $Id$
*/
require('./pre.inc.php');
@ -34,14 +31,13 @@ $langs->load('companies');
$fichinterid = isset($_GET["id"])?$_GET["id"]:'';
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');
// Security check
$result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');
/*
*
*
*/
* View
*/
llxHeader();

10
htdocs/fichinter/note.php
View File

@ -14,16 +14,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/fichinter/note.php
\ingroup fichinter
\brief Fiche d'information sur une fiche d'intervention
\version $Revision$
\version $Id$
*/
require('./pre.inc.php');
@ -34,8 +31,9 @@ $langs->load('companies');
$fichinterid = isset($_GET["id"])?$_GET["id"]:'';
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');
// Security check
$result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');
/******************************************************************************/
/* Actions */

30
htdocs/lib/functions.inc.php
View File

@ -1232,7 +1232,7 @@ function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list
global $db;
// Clean parameters
if (!$modulename)
if (! $modulename)
{
$modulename = 'societe';
$list = 1;
@ -1240,20 +1240,25 @@ function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list
$objectid = 0;
$socid = 0;
$nocreate = 0;
// Check permission from module
if (! $user->rights->$modulename->lire)
// Check read permission from module
$readok=1;
if ($modulename == 'societe')
{
accessforbidden();
if (! $user->rights->societe->lire && ! $user->rights->fournisseur->lire) $readok=0;
}
else if (!$user->rights->$modulename->creer)
else
{
$nocreate = 1;
if ($_GET["action"] == 'create' || $_POST["action"] == 'create')
{
accessforbidden();
}
if (! $user->rights->$modulename->lire) $readok=0;
}
if (! $readok) accessforbidden();
// Check write permission from module
$createok=1;
if ($_GET["action"] == 'create' || $_POST["action"] == 'create')
{
if (! $user->rights->$modulename->creer) $createok=0;
if (! $createok) accessforbidden();
}
// Check permission from company affiliation
@ -1298,7 +1303,8 @@ function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list
}
}
}
else if ((!$objectid && $list==0) && $nocreate == 1)
// If access to create or modify
if (! $objectid && ! $list && ! $createok)
{
accessforbidden();
}

10
htdocs/projet/commandes.php
View File

@ -16,16 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/projet/commandes.php
\ingroup projet commande
\brief Page des commandes par projet
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@ -44,8 +41,9 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; }
if ($projetid == '') accessforbidden();
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'projet', $projetid);
// Security check
$result = restrictedArea($user, 'projet', $projetid);
llxHeader("","../");

11
htdocs/projet/facture.php
View File

@ -16,16 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/projet/facture.php
\ingroup projet facture
\brief Page des factures par projet
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@ -44,8 +41,10 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; }
if ($projetid == '') accessforbidden();
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'projet', $projetid);
// Security check
$result = restrictedArea($user, 'projet', $projetid);
llxHeader("","../");

12
htdocs/projet/fiche.php
View File

@ -16,15 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/projet/fiche.php
\ingroup projet
\brief Fiche projet
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@ -38,10 +36,14 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; }
if ($projetid == '' && ($_GET['action'] != "create" && $_POST['action'] != "add" && $_POST["action"] != "update" && !$_POST["cancel"])) accessforbidden();
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'projet', $projetid);
// Security check
$result = restrictedArea($user, 'projet', $projetid);
/*
* Actions
*/
if ($_POST["action"] == 'add' && $user->rights->projet->creer)
{
$pro = new Project($db);

11
htdocs/projet/propal.php
View File

@ -16,16 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/projet/propal.php
\ingroup projet propale
\brief Page des propositions commerciales par projet
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@ -44,8 +41,10 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; }
if ($projetid == '') accessforbidden();
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'projet', $projetid);
// Security check
$result = restrictedArea($user, 'projet', $projetid);
llxHeader("","../");

8
htdocs/projet/tasks/fiche.php
View File

@ -16,15 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/projet/tasks/fiche.php
\ingroup projet
\brief Fiche taches d'un projet
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@ -38,8 +36,8 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; }
if ($projetid == '') accessforbidden();
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'projet', $projetid);
// Security check
$result = restrictedArea($user, 'projet', $projetid);
Function PLines(&$inc, $parent, $lines, &$level, $tasksrole)

6
htdocs/soc.php
View File

@ -18,15 +18,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/soc.php
\ingroup societe
\brief Onglet societe d'une societe
\version $Revision$
\version $Id$
*/
require("pre.inc.php");
@ -38,7 +36,7 @@ $langs->load("bills");
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
// Sécurité d'accès client et commerciaux
// Security check
$result = restrictedArea($user, 'societe', $socid);
// Initialisation de l'objet Societe

7
htdocs/societe.php
View File

@ -32,11 +32,8 @@ $langs->load("companies");
$langs->load("customers");
$langs->load("suppliers");
// Sécurité d'accès client et commerciaux
if (! $user->rights->societe->lire && ! $user->rights->fournisseur->lire) accessforbidden();
$socid = restrictedArea($user, 'societe','','',1);
//print 'socid '.$socid;
// Security check
$result = restrictedArea($user, 'societe','','',1);
$search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"];
$search_ville=isset($_GET["search_ville"])?$_GET["search_ville"]:$_POST["search_ville"];

9
htdocs/socnote.php
View File

@ -16,16 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/socnote.php
\brief Fichier onglet notes liées à la société
\ingroup societe
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@ -38,8 +35,8 @@ $langs->load("companies");
// Protection quand utilisateur externe
$socid = isset($_GET["socid"])?$_GET["socid"]:$_POST["socid"];
// Sécurité d'accès client et commerciaux
$socid = restrictedArea($user, 'societe', $socid);
// Security check
$result = restrictedArea($user, 'societe', $socid);
if ($_POST["action"] == 'add')
{