From af2a715f627b62a116f63b7db115fb103f757b86 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sun, 14 Feb 2010 17:34:43 +0000 Subject: [PATCH] Works on enhancement of project tasks Fix: security check --- htdocs/projet/tasks/index.php | 2 -- htdocs/projet/tasks/task.class.php | 14 ++++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/htdocs/projet/tasks/index.php b/htdocs/projet/tasks/index.php index 470cd8aec24..4c25650311e 100644 --- a/htdocs/projet/tasks/index.php +++ b/htdocs/projet/tasks/index.php @@ -63,8 +63,6 @@ if ($_GET["id"]) $projectstatic->societe->fetch($projectstatic->societe->id); } -$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,$mine,1); - print_barre_liste($title, $page, $_SERVER["PHP_SELF"], "", $sortfield, $sortorder, "", $num); // Get list of tasks in tasksarray and taskarrayfiltered diff --git a/htdocs/projet/tasks/task.class.php b/htdocs/projet/tasks/task.class.php index 78c0f7a3f9e..254ed5237ab 100644 --- a/htdocs/projet/tasks/task.class.php +++ b/htdocs/projet/tasks/task.class.php @@ -447,7 +447,7 @@ class Task extends CommonObject if ($mode == 0) { $sql.= " FROM (".MAIN_DB_PREFIX."projet as p, ".MAIN_DB_PREFIX."projet_task as t)"; - if (is_object($userp) && $userp->id) // Limit to projects affected to a user + /*if (is_object($userp) && $userp->id) // Limit to projects affected to a user { $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."element_contact as ec ON ec.element_id = p.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_contact as tc ON ec.fk_c_type_contact = tc.rowid"; @@ -456,19 +456,20 @@ class Task extends CommonObject { $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."element_contact as ec ON ec.element_id = t.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_contact as tc ON ec.fk_c_type_contact = tc.rowid"; - } + }*/ $sql.= " WHERE t.fk_projet = p.rowid"; $sql.= " AND p.entity = ".$conf->entity; if ($socid) $sql.= " AND p.fk_soc = ".$socid; if ($projectid) $sql.= " AND p.rowid =".$projectid; - if (is_object($userp)) $sql .= " AND (p.public=1 OR (ec.fk_socpeople = ".$userp->id." AND tc.active = 1 AND tc.source = 'internal' AND tc.element='project'))"; + /*if (is_object($userp)) $sql .= " AND (p.public=1 OR (ec.fk_socpeople = ".$userp->id." AND tc.active = 1 AND tc.source = 'internal' AND tc.element='project'))"; if (is_object($usert)) $sql .= " AND (p.public=1 OR (ec.fk_socpeople = ".$usert->id." AND tc.active = 1 AND tc.source = 'internal' AND tc.element='project_task'))"; + */ } if ($mode == 1) { $sql.= " FROM ".MAIN_DB_PREFIX."projet as p"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."projet_task as t on t.fk_projet = p.rowid"; - if (is_object($userp) && $userp->id) // Limit to projects affected to a user + /*if (is_object($userp) && $userp->id) // Limit to projects affected to a user { $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."element_contact as ec ON ec.element_id = p.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_contact as tc ON ec.fk_c_type_contact = tc.rowid"; @@ -477,12 +478,13 @@ class Task extends CommonObject { $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."element_contact as ec ON ec.element_id = t.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_contact as tc ON ec.fk_c_type_contact = tc.rowid"; - } + }*/ $sql.= " WHERE p.entity = ".$conf->entity; if ($socid) $sql.= " AND p.fk_soc = ".$socid; if ($projectid) $sql.= " AND p.rowid =".$projectid; - if (is_object($userp) && $userp->id) $sql .= " AND (p.public=1 OR (ec.fk.socpeople = ".$userp->id." AND tc.active = 1 AND tc.source = 'internal' AND tc.element='project'))"; + /*if (is_object($userp) && $userp->id) $sql .= " AND (p.public=1 OR (ec.fk.socpeople = ".$userp->id." AND tc.active = 1 AND tc.source = 'internal' AND tc.element='project'))"; if (is_object($usert) && $usert->id) $sql .= " AND (p.public=1 OR (ec.fk.socpeople = ".$usert->id." AND tc.active = 1 AND tc.source = 'internal' AND tc.element='project_task'))"; + */ } $sql.= " ORDER BY p.ref, t.label";