From 99297fea6266ee999738da61726a55c366440300 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 24 Feb 2008 13:18:40 +0000 Subject: [PATCH] Fix: Security check --- htdocs/categories/categorie.php | 4 ++-- htdocs/comm/adresse_livraison.php | 10 ++++------ htdocs/comm/clients.php | 9 +++------ htdocs/comm/contact.php | 15 ++++++++------- htdocs/comm/fiche.php | 2 +- htdocs/comm/propal.php | 15 ++++++--------- htdocs/comm/propal/aideremise.php | 15 +++++++-------- htdocs/comm/propal/apercu.php | 13 ++++++++----- htdocs/comm/propal/contact.php | 9 ++++----- htdocs/comm/propal/document.php | 8 +++----- htdocs/comm/propal/info.php | 9 +++------ htdocs/comm/propal/note.php | 11 +++++------ htdocs/commande/contact.php | 10 ++++------ htdocs/compta/facture/contact.php | 9 ++++----- htdocs/compta/propal.php | 13 ++++++------- htdocs/contrat/contact.php | 10 ++++------ htdocs/contrat/fiche.php | 2 +- htdocs/docsoc.php | 8 +++----- htdocs/fichinter/contact.php | 9 ++++----- htdocs/fichinter/fiche.php | 15 +++++++-------- htdocs/fichinter/info.php | 20 ++++++++------------ htdocs/fichinter/note.php | 10 ++++------ htdocs/lib/functions.inc.php | 30 ++++++++++++++++++------------ htdocs/projet/commandes.php | 10 ++++------ htdocs/projet/facture.php | 11 +++++------ htdocs/projet/fiche.php | 12 +++++++----- htdocs/projet/propal.php | 11 +++++------ htdocs/projet/tasks/fiche.php | 8 +++----- htdocs/soc.php | 6 ++---- htdocs/societe.php | 7 ++----- htdocs/socnote.php | 9 +++------ 31 files changed, 148 insertions(+), 182 deletions(-) diff --git a/htdocs/categories/categorie.php b/htdocs/categories/categorie.php index fec1d836914..061b3d5e60a 100644 --- a/htdocs/categories/categorie.php +++ b/htdocs/categories/categorie.php @@ -49,8 +49,8 @@ else accessforbidden(); } -// Securite d'acces client et commerciaux -$objectid = restrictedArea($user, $type, $objectid); +// Security check +$result = restrictedArea($user, $type, $objectid); diff --git a/htdocs/comm/adresse_livraison.php b/htdocs/comm/adresse_livraison.php index 374fbfe0632..39453c422a9 100644 --- a/htdocs/comm/adresse_livraison.php +++ b/htdocs/comm/adresse_livraison.php @@ -16,16 +16,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ */ /** \file htdocs/comm/adresse_livraison.php \ingroup societe \brief Onglet adresse de livraison d'un client - \version $Revision$ + \version $Id$ */ require("pre.inc.php"); @@ -41,8 +38,9 @@ $originid = isset($_GET["originid"])?$_GET["originid"]:''; $socid = isset($_GET["socid"])?$_GET["socid"]:''; if (! $socid && ($_REQUEST["action"] != 'create' && $_REQUEST["action"] != 'add' && $_REQUEST["action"] != 'update')) accessforbidden(); -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'societe', $socid); +// Security check +$result = restrictedArea($user, 'societe', $socid); + /* * Actions diff --git a/htdocs/comm/clients.php b/htdocs/comm/clients.php index 37c6df415e9..6e39b03e240 100644 --- a/htdocs/comm/clients.php +++ b/htdocs/comm/clients.php @@ -15,22 +15,19 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ */ /** \file htdocs/comm/clients.php \ingroup commercial, societe \brief Liste des clients - \version $Revision$ + \version $Id$ */ require("./pre.inc.php"); -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'societe','','',1); +// Security check +$result = restrictedArea($user, 'societe','','',1); $page=$_GET["page"]; $sortorder=$_GET["sortorder"]; diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index a87478f1a78..37effe7f990 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -16,16 +16,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ */ /** \file htdocs/comm/contact.php \ingroup commercial \brief Liste des contacts - \version $Revision$ + \version $Id$ */ require("./pre.inc.php"); @@ -44,12 +41,16 @@ $offset = $limit * $page ; $socid = isset($_GET["socid"])?$_GET["socid"]:''; $type=$_GET["type"]; -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'societe'); +// Security check +$result = restrictedArea($user, 'societe'); + + +/* +* View +*/ llxHeader('','Contacts'); - if ($type == "c") { $label = $langs->trans("Customers"); diff --git a/htdocs/comm/fiche.php b/htdocs/comm/fiche.php index 73c2c3b37fd..1a77ee311d8 100644 --- a/htdocs/comm/fiche.php +++ b/htdocs/comm/fiche.php @@ -43,7 +43,7 @@ if ($conf->fichinter->enabled) $langs->load("interventions"); $socid = isset($_GET["socid"])?$_GET["socid"]:''; -// Securite d'acces client et commerciaux +// Security check $result = restrictedArea($user, 'societe', $socid); $sortorder=$_GET["sortorder"]; diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php index 57b62f2b6d8..e76782cf1b3 100644 --- a/htdocs/comm/propal.php +++ b/htdocs/comm/propal.php @@ -19,14 +19,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ */ /** - \file htdocs/comm/propal.php - \ingroup propale - \brief Page liste des propales (vision commercial) + \file htdocs/comm/propal.php + \ingroup propale + \brief Page liste des propales (vision commercial) + \version $Id$ */ require("./pre.inc.php"); @@ -51,7 +50,7 @@ if (isset($_GET["msg"])) { $mesg=urldecode($_GET["mesg"]); } $year=isset($_GET["year"])?$_GET["year"]:""; $month=isset($_GET["month"])?$_GET["month"]:""; -// Sécurité accés client +// Security check $module='propale'; if (isset($_GET["socid"])) { @@ -65,9 +64,7 @@ else if (isset($_GET["propalid"]) && $_GET["propalid"] > 0) $module='propale'; $dbtable='propal'; } - -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, $module, $objectid, $dbtable); +$result = restrictedArea($user, $module, $objectid, $dbtable); // Nombre de ligne pour choix de produit/service predefinis $NBLINES=4; diff --git a/htdocs/comm/propal/aideremise.php b/htdocs/comm/propal/aideremise.php index 09e6834aeaf..62bf3ac8ae3 100644 --- a/htdocs/comm/propal/aideremise.php +++ b/htdocs/comm/propal/aideremise.php @@ -15,16 +15,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ - * */ /** \file htdocs/comm/propal/aideremise.php \ingroup propale \brief Page de simulation des remises + \version $Id$ */ require("./pre.inc.php"); @@ -32,8 +29,8 @@ include_once(DOL_DOCUMENT_ROOT."/propal.class.php"); $propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'propale', $propalid, 'propal'); +// Security cehck +$result = restrictedArea($user, 'propale', $propalid, 'propal'); /******************************************************************************/ @@ -42,11 +39,13 @@ $socid = restrictedArea($user, 'propale', $propalid, 'propal'); -llxHeader(); /******************************************************************************/ -/* Fin des Actions */ +/* View */ /******************************************************************************/ + +llxHeader(); + /* * * Mode fiche diff --git a/htdocs/comm/propal/apercu.php b/htdocs/comm/propal/apercu.php index e8be4f4c57a..3ca7cbde8cb 100644 --- a/htdocs/comm/propal/apercu.php +++ b/htdocs/comm/propal/apercu.php @@ -17,15 +17,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ */ /** \file htdocs/comm/propal/apercu.php \ingroup propal \brief Page de l'onglet aperçu d'une propal - \version $Revision$ + \version $Id$ */ require("./pre.inc.php"); @@ -41,8 +39,13 @@ $langs->load('compta'); $propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'propale', $propalid, 'propal'); +// Security check +$result = restrictedArea($user, 'propale', $propalid, 'propal'); + + +/* +* View +*/ llxHeader(); diff --git a/htdocs/comm/propal/contact.php b/htdocs/comm/propal/contact.php index 9d986abc6f0..18709b645b4 100644 --- a/htdocs/comm/propal/contact.php +++ b/htdocs/comm/propal/contact.php @@ -15,15 +15,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ */ /** \file htdocs/comm/propal/contact.php \ingroup propal \brief Onglet de gestion des contacts de propal - \version $Revision$ + \version $Id$ */ require ("./pre.inc.php"); @@ -38,8 +36,9 @@ $langs->load("companies"); $propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'propale', $propalid, 'propal'); +// Security check +$result = restrictedArea($user, 'propale', $propalid, 'propal'); + /* * Ajout d'un nouveau contact diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index b0e01687316..74e9366df3a 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -17,15 +17,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ */ /** \file htdocs/comm/propal/document.php \ingroup propale \brief Page de gestion des documents attachées à une proposition commerciale - \version $Revision$ + \version $Id$ */ require('./pre.inc.php'); @@ -40,8 +38,8 @@ $action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action' $propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'propale', $propalid, 'propal'); +// Security check +$result = restrictedArea($user, 'propale', $propalid, 'propal'); /* diff --git a/htdocs/comm/propal/info.php b/htdocs/comm/propal/info.php index 1f56703fc63..52fecfd981a 100644 --- a/htdocs/comm/propal/info.php +++ b/htdocs/comm/propal/info.php @@ -16,16 +16,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ */ /** \file htdocs/comm/propal/info.php \ingroup propale \brief Page d'affichage des infos d'une proposition commerciale - \version $Revision$ + \version $Id$ */ require('./pre.inc.php'); @@ -37,8 +34,8 @@ $langs->load('compta'); $propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'propale', $propalid, 'propal'); +// Security check +$result = restrictedArea($user, 'propale', $propalid, 'propal'); /* diff --git a/htdocs/comm/propal/note.php b/htdocs/comm/propal/note.php index 6228e746f60..f9f8661a8c6 100644 --- a/htdocs/comm/propal/note.php +++ b/htdocs/comm/propal/note.php @@ -17,16 +17,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ */ /** \file htdocs/comm/propal/note.php \ingroup propale \brief Fiche d'information sur une proposition commerciale - \version $Revision$ + \version $Id$ */ require('./pre.inc.php'); @@ -39,8 +36,10 @@ $langs->load('bills'); $propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'propale', $propalid, 'propal'); +// Security check +$result = restrictedArea($user, 'propale', $propalid, 'propal'); + + /******************************************************************************/ /* Actions */ diff --git a/htdocs/commande/contact.php b/htdocs/commande/contact.php index 63e8d98050d..bfdfad072b7 100644 --- a/htdocs/commande/contact.php +++ b/htdocs/commande/contact.php @@ -15,16 +15,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ */ /** \file htdocs/commande/contact.php \ingroup commande \brief Onglet de gestion des contacts de commande - \version $Revision$ + \version $Id$ */ require ("./pre.inc.php"); @@ -39,8 +36,9 @@ $langs->load("companies"); $commandeid = isset($_GET["id"])?$_GET["id"]:''; -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'commande', $commandeid); +// Security check +$result = restrictedArea($user, 'commande', $commandeid); + /* * Ajout d'un nouveau contact diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php index 76f1528ddba..3a94394eac0 100644 --- a/htdocs/compta/facture/contact.php +++ b/htdocs/compta/facture/contact.php @@ -15,15 +15,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ */ /** \file htdocs/compta/facture/contact.php \ingroup facture \brief Onglet de gestion des contacts des factures - \version $Revision$ + \version $Id$ */ require ("./pre.inc.php"); @@ -36,8 +34,9 @@ $langs->load("companies"); $facid = isset($_GET["facid"])?$_GET["facid"]:''; -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'facture', $facid); +// Security check +$result = restrictedArea($user, 'facture', $facid); + /* * Ajout d'un nouveau contact diff --git a/htdocs/compta/propal.php b/htdocs/compta/propal.php index 044627e7709..3d986a940ad 100644 --- a/htdocs/compta/propal.php +++ b/htdocs/compta/propal.php @@ -17,14 +17,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ */ /** - \file htdocs/compta/propal.php - \ingroup propale - \brief Page liste des propales (vision compta) + \file htdocs/compta/propal.php + \ingroup propale + \brief Page liste des propales (vision compta) + \version $Id$ */ require("./pre.inc.php"); @@ -64,8 +63,8 @@ else if (! empty($_GET["propalid"])) $dbtable='propal'; } -// S�curit� d'acc�s client et commerciaux -$socid = restrictedArea($user, $module, $objectid, $dbtable); +// Security check +$result = restrictedArea($user, $module, $objectid, $dbtable); diff --git a/htdocs/contrat/contact.php b/htdocs/contrat/contact.php index 79fd2e4d629..4e1c84fd1c1 100644 --- a/htdocs/contrat/contact.php +++ b/htdocs/contrat/contact.php @@ -15,16 +15,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ */ /** \file htdocs/contrat/contact.php \ingroup contrat \brief Onglet de gestion des contacts des contrats - \version $Revision$ + \version $Id$ */ require ("./pre.inc.php"); @@ -38,8 +35,9 @@ $langs->load("companies"); $contratid = isset($_GET["id"])?$_GET["id"]:''; -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'contrat', $contratid); +// Security check +$result = restrictedArea($user, 'contrat', $contratid); + /* * Ajout d'un nouveau contact diff --git a/htdocs/contrat/fiche.php b/htdocs/contrat/fiche.php index 1abf2edd6b1..ea111f3d848 100644 --- a/htdocs/contrat/fiche.php +++ b/htdocs/contrat/fiche.php @@ -37,7 +37,7 @@ $langs->load("bills"); $langs->load("products"); // Security check -restrictedArea($user,'contrat',$contratid,'contrat'); +$result=restrictedArea($user,'contrat',$contratid,'contrat'); diff --git a/htdocs/docsoc.php b/htdocs/docsoc.php index a31a1fb2a20..884b05f1eec 100644 --- a/htdocs/docsoc.php +++ b/htdocs/docsoc.php @@ -16,15 +16,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ */ /** \file htdocs/docsoc.php \brief Fichier onglet documents li�s � la soci�t� \ingroup societe - \version $Revision$ + \version $Id$ */ require("./pre.inc.php"); @@ -42,8 +40,8 @@ $sortfield=$_GET["sortfield"]; if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="name"; -// S�curit� d'acc�s client et commerciaux -$socid = restrictedArea($user, 'societe', $socid); +// Security check +$result = restrictedArea($user, 'societe', $socid); /* * Actions diff --git a/htdocs/fichinter/contact.php b/htdocs/fichinter/contact.php index 232d8abdb1d..c929f66064a 100644 --- a/htdocs/fichinter/contact.php +++ b/htdocs/fichinter/contact.php @@ -15,15 +15,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ */ /** \file htdocs/fichinter/contact.php \ingroup fichinter \brief Onglet de gestion des contacts de fiche d'intervention - \version $Revision$ + \version $Id$ */ require ("./pre.inc.php"); @@ -37,8 +35,9 @@ $langs->load("companies"); $fichinterid = isset($_GET["id"])?$_GET["id"]:''; -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter'); +// Security check +$result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter'); + /* * Ajout d'un nouveau contact diff --git a/htdocs/fichinter/fiche.php b/htdocs/fichinter/fiche.php index fb467ab94ed..8e558409d15 100644 --- a/htdocs/fichinter/fiche.php +++ b/htdocs/fichinter/fiche.php @@ -16,15 +16,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ */ /** \file htdocs/fichinter/fiche.php \brief Fichier fiche intervention \ingroup ficheinter - \version $Revision$ + \version $Id$ */ require("./pre.inc.php"); @@ -41,12 +39,8 @@ if (defined("FICHEINTER_ADDON") && is_readable(DOL_DOCUMENT_ROOT ."/includes/mod $langs->load("companies"); $langs->load("interventions"); - +// Get parameters $fichinterid = isset($_GET["id"])?$_GET["id"]:''; - -// Securite d'acces client et commerciaux -$socid = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter'); - //Recupere le resultat de la recherche Ajax //Todo: voir pour le supprimer par la suite if ($conf->use_javascript_ajax && $conf->global->COMPANY_USE_SEARCH_TO_SELECT && $_POST['socid_id']) @@ -54,6 +48,11 @@ if ($conf->use_javascript_ajax && $conf->global->COMPANY_USE_SEARCH_TO_SELECT && $_POST['socid'] = $_POST['socid_id']; } +// Security check +$result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter'); + + + /* * Traitements des actions */ diff --git a/htdocs/fichinter/info.php b/htdocs/fichinter/info.php index 39478820690..1b6725a0660 100644 --- a/htdocs/fichinter/info.php +++ b/htdocs/fichinter/info.php @@ -14,16 +14,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ */ /** - \file htdocs/fichinter/info.php - \ingroup fichinter - \brief Page d'affichage des infos d'une fiche d'intervention - \version $Revision$ + \file htdocs/fichinter/info.php + \ingroup fichinter + \brief Page d'affichage des infos d'une fiche d'intervention + \version $Id$ */ require('./pre.inc.php'); @@ -34,14 +31,13 @@ $langs->load('companies'); $fichinterid = isset($_GET["id"])?$_GET["id"]:''; -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter'); +// Security check +$result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter'); /* - * - * - */ +* View +*/ llxHeader(); diff --git a/htdocs/fichinter/note.php b/htdocs/fichinter/note.php index 6578e544d81..586fce8e18f 100644 --- a/htdocs/fichinter/note.php +++ b/htdocs/fichinter/note.php @@ -14,16 +14,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ */ /** \file htdocs/fichinter/note.php \ingroup fichinter \brief Fiche d'information sur une fiche d'intervention - \version $Revision$ + \version $Id$ */ require('./pre.inc.php'); @@ -34,8 +31,9 @@ $langs->load('companies'); $fichinterid = isset($_GET["id"])?$_GET["id"]:''; -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter'); +// Security check +$result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter'); + /******************************************************************************/ /* Actions */ diff --git a/htdocs/lib/functions.inc.php b/htdocs/lib/functions.inc.php index 313bc383bac..fb98be95d86 100644 --- a/htdocs/lib/functions.inc.php +++ b/htdocs/lib/functions.inc.php @@ -1232,7 +1232,7 @@ function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list global $db; // Clean parameters - if (!$modulename) + if (! $modulename) { $modulename = 'societe'; $list = 1; @@ -1240,20 +1240,25 @@ function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list $objectid = 0; $socid = 0; - $nocreate = 0; - // Check permission from module - if (! $user->rights->$modulename->lire) + // Check read permission from module + $readok=1; + if ($modulename == 'societe') { - accessforbidden(); + if (! $user->rights->societe->lire && ! $user->rights->fournisseur->lire) $readok=0; } - else if (!$user->rights->$modulename->creer) + else { - $nocreate = 1; - if ($_GET["action"] == 'create' || $_POST["action"] == 'create') - { - accessforbidden(); - } + if (! $user->rights->$modulename->lire) $readok=0; + } + if (! $readok) accessforbidden(); + + // Check write permission from module + $createok=1; + if ($_GET["action"] == 'create' || $_POST["action"] == 'create') + { + if (! $user->rights->$modulename->creer) $createok=0; + if (! $createok) accessforbidden(); } // Check permission from company affiliation @@ -1298,7 +1303,8 @@ function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list } } } - else if ((!$objectid && $list==0) && $nocreate == 1) + // If access to create or modify + if (! $objectid && ! $list && ! $createok) { accessforbidden(); } diff --git a/htdocs/projet/commandes.php b/htdocs/projet/commandes.php index a6ca6802084..047367c00ee 100644 --- a/htdocs/projet/commandes.php +++ b/htdocs/projet/commandes.php @@ -16,16 +16,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ */ /** \file htdocs/projet/commandes.php \ingroup projet commande \brief Page des commandes par projet - \version $Revision$ + \version $Id$ */ require("./pre.inc.php"); @@ -44,8 +41,9 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; } if ($projetid == '') accessforbidden(); -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'projet', $projetid); +// Security check +$result = restrictedArea($user, 'projet', $projetid); + llxHeader("","../"); diff --git a/htdocs/projet/facture.php b/htdocs/projet/facture.php index 078904e058e..a83d81eee91 100644 --- a/htdocs/projet/facture.php +++ b/htdocs/projet/facture.php @@ -16,16 +16,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ */ /** \file htdocs/projet/facture.php \ingroup projet facture \brief Page des factures par projet - \version $Revision$ + \version $Id$ */ require("./pre.inc.php"); @@ -44,8 +41,10 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; } if ($projetid == '') accessforbidden(); -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'projet', $projetid); +// Security check +$result = restrictedArea($user, 'projet', $projetid); + + llxHeader("","../"); diff --git a/htdocs/projet/fiche.php b/htdocs/projet/fiche.php index b95c64f8644..6fce51340ec 100644 --- a/htdocs/projet/fiche.php +++ b/htdocs/projet/fiche.php @@ -16,15 +16,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ */ /** \file htdocs/projet/fiche.php \ingroup projet \brief Fiche projet - \version $Revision$ + \version $Id$ */ require("./pre.inc.php"); @@ -38,10 +36,14 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; } if ($projetid == '' && ($_GET['action'] != "create" && $_POST['action'] != "add" && $_POST["action"] != "update" && !$_POST["cancel"])) accessforbidden(); -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'projet', $projetid); +// Security check +$result = restrictedArea($user, 'projet', $projetid); +/* +* Actions +*/ + if ($_POST["action"] == 'add' && $user->rights->projet->creer) { $pro = new Project($db); diff --git a/htdocs/projet/propal.php b/htdocs/projet/propal.php index 76bf9a9e43e..90875952425 100644 --- a/htdocs/projet/propal.php +++ b/htdocs/projet/propal.php @@ -16,16 +16,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ */ /** \file htdocs/projet/propal.php \ingroup projet propale \brief Page des propositions commerciales par projet - \version $Revision$ + \version $Id$ */ require("./pre.inc.php"); @@ -44,8 +41,10 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; } if ($projetid == '') accessforbidden(); -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'projet', $projetid); +// Security check +$result = restrictedArea($user, 'projet', $projetid); + + llxHeader("","../"); diff --git a/htdocs/projet/tasks/fiche.php b/htdocs/projet/tasks/fiche.php index 0461dd77a9c..e132e943d3b 100644 --- a/htdocs/projet/tasks/fiche.php +++ b/htdocs/projet/tasks/fiche.php @@ -16,15 +16,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ */ /** \file htdocs/projet/tasks/fiche.php \ingroup projet \brief Fiche taches d'un projet - \version $Revision$ + \version $Id$ */ require("./pre.inc.php"); @@ -38,8 +36,8 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; } if ($projetid == '') accessforbidden(); -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'projet', $projetid); +// Security check +$result = restrictedArea($user, 'projet', $projetid); Function PLines(&$inc, $parent, $lines, &$level, $tasksrole) diff --git a/htdocs/soc.php b/htdocs/soc.php index 1e8debdd70c..1d465c500a9 100644 --- a/htdocs/soc.php +++ b/htdocs/soc.php @@ -18,15 +18,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ */ /** \file htdocs/soc.php \ingroup societe \brief Onglet societe d'une societe - \version $Revision$ + \version $Id$ */ require("pre.inc.php"); @@ -38,7 +36,7 @@ $langs->load("bills"); $socid = isset($_GET["socid"])?$_GET["socid"]:''; -// Sécurité d'accès client et commerciaux +// Security check $result = restrictedArea($user, 'societe', $socid); // Initialisation de l'objet Societe diff --git a/htdocs/societe.php b/htdocs/societe.php index 159c46e8c5d..3f6bbb0e3ff 100644 --- a/htdocs/societe.php +++ b/htdocs/societe.php @@ -32,11 +32,8 @@ $langs->load("companies"); $langs->load("customers"); $langs->load("suppliers"); -// Sécurité d'accès client et commerciaux -if (! $user->rights->societe->lire && ! $user->rights->fournisseur->lire) accessforbidden(); - -$socid = restrictedArea($user, 'societe','','',1); -//print 'socid '.$socid; +// Security check +$result = restrictedArea($user, 'societe','','',1); $search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"]; $search_ville=isset($_GET["search_ville"])?$_GET["search_ville"]:$_POST["search_ville"]; diff --git a/htdocs/socnote.php b/htdocs/socnote.php index b25ff27b7a5..24954f6ef8c 100644 --- a/htdocs/socnote.php +++ b/htdocs/socnote.php @@ -16,16 +16,13 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - * $Id$ - * $Source$ */ /** \file htdocs/socnote.php \brief Fichier onglet notes liées à la société \ingroup societe - \version $Revision$ + \version $Id$ */ require("./pre.inc.php"); @@ -38,8 +35,8 @@ $langs->load("companies"); // Protection quand utilisateur externe $socid = isset($_GET["socid"])?$_GET["socid"]:$_POST["socid"]; -// Sécurité d'accès client et commerciaux -$socid = restrictedArea($user, 'societe', $socid); +// Security check +$result = restrictedArea($user, 'societe', $socid); if ($_POST["action"] == 'add') {