From b204ad5b845498e9e2dcccdb008c061da3575374 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Thu, 29 Mar 2012 01:39:56 +0800
Subject: [PATCH] Fix: multicompany compatibility

---
 htdocs/categories/class/categorie.class.php | 24 +++++++++++++--------
 htdocs/categories/viewcat.php               |  4 ++--
 htdocs/societe/info.php                     |  9 ++++----
 htdocs/societe/soc.php                      |  2 +-
 4 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php
index 2a8e52e7cad..409f7329be2 100644
--- a/htdocs/categories/class/categorie.class.php
+++ b/htdocs/categories/class/categorie.class.php
@@ -523,22 +523,28 @@ class Categorie
 	/**
 	 * 	Return list of contents of a category
 	 *
-	 * 	@param	string	$field		Field name for select in table. Full field name will be fk_field.
-	 * 	@param	string	$classname	PHP Class of object to store entity
-	 * 	@param	string	$table		Table name for select in table. Full table name will be PREFIX_categorie_table.
+	 * 	@param	string	$field				Field name for select in table. Full field name will be fk_field.
+	 * 	@param	string	$classname			PHP Class of object to store entity
+	 * 	@param	string	$category_table		Table name for select in table. Full table name will be PREFIX_categorie_table.
+	 *	@param	string	$object_table		Table name for select in table. Full table name will be PREFIX_table.
 	 *	@return	void
 	 */
-	function get_type($field,$classname,$table='')
+	function get_type($field,$classname,$category_table='',$object_table='')
 	{
 		$objs = array();
 
 		// Clean parameters
-		if (empty($table)) $table=$field;
+		if (empty($category_table)) $category_table=$field;
+		if (empty($object_table)) $object_table=$field;
 
-		$sql = "SELECT fk_".$field." FROM ".MAIN_DB_PREFIX."categorie_".$table;
-		$sql.= " WHERE fk_categorie = ".$this->id;
+		$sql = "SELECT c.fk_".$field;
+		$sql.= " FROM ".MAIN_DB_PREFIX."categorie_".$category_table." as c";
+		$sql.= ", ".MAIN_DB_PREFIX.$object_table." as o";
+		$sql.= " WHERE c.fk_categorie = ".$this->id;
+		$sql.= " AND c.fk_".$field." = o.rowid";
+		$sql.= " AND o.entity IN (".getEntity($field, 1).")";
 
-		dol_syslog("Categorie::get_type sql=".$sql);
+		dol_syslog(get_class($this)."::get_type sql=".$sql);
 		$resql = $this->db->query($sql);
 		if ($resql)
 		{
@@ -553,7 +559,7 @@ class Categorie
 		else
 		{
 			$this->error=$this->db->error().' sql='.$sql;
-			dol_syslog("Categorie::get_type ".$this->error, LOG_ERR);
+			dol_syslog(get_class($this)."::get_type ".$this->error, LOG_ERR);
 			return -1;
 		}
 	}
diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php
index bcf8fd65675..5d3fa1d0a55 100644
--- a/htdocs/categories/viewcat.php
+++ b/htdocs/categories/viewcat.php
@@ -322,7 +322,7 @@ if ($object->type == 3)
 {
 	require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent.class.php");
 
-	$prods = $object->get_type("member","Adherent");
+	$prods = $object->get_type("member","Adherent","","adherent");
 	if ($prods < 0)
 	{
 		dol_print_error($db,$object->error);
@@ -358,7 +358,7 @@ if ($object->type == 3)
 	}
 }
 
-$db->close();
 
 llxFooter();
+$db->close();
 ?>
\ No newline at end of file
diff --git a/htdocs/societe/info.php b/htdocs/societe/info.php
index e743eb53a1e..67701ee4fa7 100644
--- a/htdocs/societe/info.php
+++ b/htdocs/societe/info.php
@@ -1,6 +1,7 @@
 <?php
-/* Copyright (C) 2004-2009 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2010      Juanjo Menent        <jmenent@2byte.es>
+/* Copyright (C) 2004-2009	Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2012	Regis Houssin		<regis@dolibarr.fr>
+ * Copyright (C) 2010		Juanjo Menent		<jmenent@2byte.es>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -32,9 +33,9 @@ $langs->load("other");
 if ($conf->notification->enabled) $langs->load("mails");
 
 // Security check
-$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'societe','','');
+$result = restrictedArea($user, 'societe', $socid, '&societe');
 
 
 /*
diff --git a/htdocs/societe/soc.php b/htdocs/societe/soc.php
index 2a9e3a3efdf..b81d158ed22 100644
--- a/htdocs/societe/soc.php
+++ b/htdocs/societe/soc.php
@@ -66,7 +66,7 @@ if (! empty($canvas))
 }
 
 // Security check
-$result = restrictedArea($user, 'societe', $socid, '&societe', '', '', '', $objcanvas);
+$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', $objcanvas);
 
 // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
 include_once(DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php');