From 9d857ade463a3c39c55f5bc176cd976118ed7f30 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 26 Sep 2005 22:29:55 +0000 Subject: [PATCH] =?UTF-8?q?Secu:=20Restriction=20sur=20soci=E9t=E9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/comm/propal.php | 5 +---- htdocs/contrat/index.php | 4 +++- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php index 91af8c653e9..e42e58d3538 100644 --- a/htdocs/comm/propal.php +++ b/htdocs/comm/propal.php @@ -1108,10 +1108,7 @@ else $sql .= " AND p.price='".$_GET['search_montant_ht']."'"; } if ($sall) $sql.= " AND (s.nom like '%".$sall."%' OR p.note like '%".$sall."%' OR pd.description like '%".$sall."%')"; - if ($_GET['socidp']) - { - $sql .= ' AND s.idp = '.$_GET['socidp']; - } + if ($socidp) $sql .= ' AND s.idp = '.$socidp; if ($_GET['viewstatut'] <> '') { $sql .= ' AND p.fk_statut in ('.$_GET['viewstatut'].')'; diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index 8513dbe5ca1..b27e036e187 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -163,6 +163,7 @@ $sql = "SELECT cd.rowid as cid, cd.statut, cd.label, cd.description as note, cd. $sql.= " FROM ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."contrat as c, ".MAIN_DB_PREFIX."societe as s"; $sql.= " WHERE c.statut=1 AND cd.statut = 0"; $sql.= " AND cd.fk_contrat = c.rowid AND c.fk_soc = s.idp"; +if ($user->societe_id > 0) $sql.= " AND s.idp = ".$user->societe_id; $sql.= " ORDER BY cd.tms DESC"; if ( $db->query($sql) ) @@ -203,12 +204,13 @@ else print '
'; -// Last activated services +// Last modified services $max=5; $sql = "SELECT cd.rowid as cid, cd.statut, cd.label, cd.description as note, cd.fk_contrat, c.fk_soc, s.nom"; $sql.= " FROM ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."contrat as c, ".MAIN_DB_PREFIX."societe as s"; $sql.= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.idp"; +if ($user->societe_id > 0) $sql.= " AND s.idp = ".$user->societe_id; $sql.= " ORDER BY cd.tms DESC"; if ( $db->query($sql) )