From af340ec1335d5f419e989a482f8aa1488a4292c8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 18 Mar 2021 12:18:38 +0100 Subject: [PATCH] Fix #yogosha5657 --- htdocs/opensurvey/exportcsv.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/opensurvey/exportcsv.php b/htdocs/opensurvey/exportcsv.php index 6f9a699273b..fe814a44037 100644 --- a/htdocs/opensurvey/exportcsv.php +++ b/htdocs/opensurvey/exportcsv.php @@ -39,6 +39,9 @@ $object = new Opensurveysondage($db); $result = $object->fetch(0, $numsondage); if ($result <= 0) dol_print_error('', 'Failed to get survey id '.$numsondage); +// Security check +if (!$user->rights->opensurvey->read) accessforbidden(); + /* * Actions