lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX select too large into addrights (pb of missing parenthesis)

Browse Source
This commit is contained in:
Laurent Destailleur 2021-12-09 11:12:40 +01:00
parent 76779aa9e1
commit a9bdefa358
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/user/class/user.class.php
View File

@ -738,7 +738,7 @@ class User extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."rights_def";
$sql .= " WHERE entity = ".((int) $entity);
if (!empty($whereforadd) && $whereforadd != 'allmodules') {
$sql .= " AND ".$whereforadd;
$sql .= " AND (".$whereforadd.")"; // Note: parenthesis are important because whereforadd can contains OR. Also note that $whereforadd is already sanitized
}
$result = $this->db->query($sql);
@ -864,7 +864,7 @@ class User extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."rights_def";
$sql .= " WHERE entity = ".((int) $entity);
if (!empty($wherefordel) && $wherefordel != 'allmodules') {
$sql .= " AND ".$wherefordel;
$sql .= " AND (".$wherefordel.")"; // Note: parenthesis are important because wherefordel can contains OR. Also note that $wherefordel is already sanitized
}
// avoid admin can remove his own important rights