From a3d417a40f791a9f74548781290eab66435d7337 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 4 Sep 2019 11:21:41 +0200 Subject: [PATCH] Fix can't change approver of a leave request in some cases --- htdocs/holiday/card.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index 87305a19fd4..2207148e4ea 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -122,7 +122,7 @@ if ($action == 'create') elseif ($starthalfday == 'afternoon') $halfday=-1; elseif ($endhalfday == 'morning') $halfday=1; - $valideur = GETPOST('valideur'); + $valideur = GETPOST('valideur', 'int'); $description = trim(GETPOST('description')); // If no type @@ -270,8 +270,8 @@ if ($action == 'update' && ! GETPOSTISSET('savevalidator')) // If this is the requestor or has read/write rights if ($cancreate) { - $valideur = $_POST['valideur']; - $description = trim($_POST['description']); + $valideur = GETPOST('valideur', 'int'); + $description = trim(GETPOST('description', 'none')); // If no start date if (empty($_POST['date_debut_'])) { @@ -1297,7 +1297,8 @@ else if (empty($include_users)) print img_warning().' '.$langs->trans("NobodyHasPermissionToValidateHolidays"); else { - $s=$form->select_dolusers($object->fk_validator, "valideur", (($action == 'editvalidator') ? 0 : 1), ($user->admin ? '' : array($user->id)), 0, $include_users); + $arrayofvalidatorstoexclude = (($user->admin || ($user->id != $userRequest->id))? '' : array($user->id)); // Nobody if we are admin or if we are not the user of the leave. + $s=$form->select_dolusers($object->fk_validator, "valideur", (($action == 'editvalidator') ? 0 : 1), $arrayofvalidatorstoexclude, 0, $include_users); print $form->textwithpicto($s, $langs->trans("AnyOtherInThisListCanValidate")); } if ($action == 'editvalidator')