From c8c77dbdcff7ae684b56d3a15c9ff5c07dda6d60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Sat, 22 Mar 2014 18:59:48 +0100 Subject: [PATCH 1/3] Fix: Agenda and Banks module were not working with multicompany module --- ChangeLog | 1 + htdocs/comm/action/index.php | 2 +- htdocs/core/lib/security.lib.php | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7d577afa90d..7944ede2f21 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ Fix: Warning into bank conciliation feature. Fix: Bad get of localtaxes into contracts add lines. Fix: Add a limit into list to avoid browser to hang when database is too large. Fix: [ bug #1212 ] 'jqueryFileTree.php' directory traversal vulnerability +Fix: Agenda and Banks module were not working with multicompany module ***** ChangeLog for 3.4.2 compared to 3.4.1 ***** Fix: field's problem into company's page (RIB). diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index cb683dea35e..349dc3aab14 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -311,7 +311,7 @@ $sql.= " ".MAIN_DB_PREFIX."actioncomm as a)"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; $sql.= ' WHERE a.fk_action = ca.id'; $sql.= ' AND a.fk_user_author = u.rowid'; -$sql.= ' AND a.entity IN ('.getEntity().')'; +$sql.= ' AND a.entity IN ('.getEntity('agenda', 1).')'; if ($actioncode) $sql.=" AND ca.code='".$db->escape($actioncode)."'"; if ($pid) $sql.=" AND a.fk_project=".$db->escape($pid); if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND (a.fk_soc IS NULL OR sc.fk_user = " .$user->id . ")"; diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index e19ed1eb7fa..b756e15288f 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -125,6 +125,7 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature $params = explode('&', $dbtablename); $dbtablename=(! empty($params[0]) ? $params[0] : ''); $sharedelement=(! empty($params[1]) ? $params[1] : ''); + $sharedelement=(! empty($params[1]) ? $params[1] : $params[0]); $listofmodules=explode(',',$conf->global->MAIN_MODULES_FOR_EXTERNAL); From e2f51d0df2a824732a980042eff4a31b678278fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Sat, 22 Mar 2014 19:00:37 +0100 Subject: [PATCH 2/3] Removed duplicate line --- htdocs/core/lib/security.lib.php | 1 - 1 file changed, 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index b756e15288f..08dffaef416 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -124,7 +124,6 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature // More parameters $params = explode('&', $dbtablename); $dbtablename=(! empty($params[0]) ? $params[0] : ''); - $sharedelement=(! empty($params[1]) ? $params[1] : ''); $sharedelement=(! empty($params[1]) ? $params[1] : $params[0]); $listofmodules=explode(',',$conf->global->MAIN_MODULES_FOR_EXTERNAL); From 09e02f807fe8227b87f072f8d68fc128eb6ff1f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Sat, 22 Mar 2014 19:01:19 +0100 Subject: [PATCH 3/3] Even better improvement --- htdocs/core/lib/security.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 08dffaef416..328f6d3024f 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -124,7 +124,7 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature // More parameters $params = explode('&', $dbtablename); $dbtablename=(! empty($params[0]) ? $params[0] : ''); - $sharedelement=(! empty($params[1]) ? $params[1] : $params[0]); + $sharedelement=(! empty($params[1]) ? $params[1] : $dbtablename); $listofmodules=explode(',',$conf->global->MAIN_MODULES_FOR_EXTERNAL);