lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: security

Browse Source
This commit is contained in:
Regis Houssin 2012-08-25 19:40:08 +02:00
parent 40be4287cf
commit becda06fd6
1 changed files with 3 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/comm/propal/list.php
View File

@ -44,12 +44,7 @@ $langs->load('bills');
$langs->load('orders'); $langs->load('orders');
$langs->load('products'); $langs->load('products');
$id=GETPOST('id','int');
$ref=GETPOST('ref','alpha');
$socid=GETPOST('socid','int'); $socid=GETPOST('socid','int');
$action=GETPOST('action','alpha');
$confirm=GETPOST('confirm','alpha');
$lineid=GETPOST('lineid','int');
$search_user=GETPOST('search_user','int'); $search_user=GETPOST('search_user','int');
$search_sale=GETPOST('search_sale','int'); $search_sale=GETPOST('search_sale','int');
@ -69,17 +64,14 @@ $NBLINES=4;
// Security check // Security check
$module='propal'; $module='propal';
$dbtable=''; $dbtable='';
if (isset($socid)) $objectid='';
if (! empty($user->societe_id)) $socid=$user->societe_id;
if (! empty($socid))
{ {
$objectid=$socid; $objectid=$socid;
$module='societe'; $module='societe';
$dbtable='&societe'; $dbtable='&societe';
} }
else if (isset($id) && $id > 0)
{
$objectid=$id;
}
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, $module, $objectid, $dbtable); $result = restrictedArea($user, $module, $objectid, $dbtable);
$object = new Propal($db); $object = new Propal($db);