From c6f43b4d65f786ce69e15507226e325d36984ac7 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 29 Oct 2010 08:11:00 +0000 Subject: [PATCH] New: Task #10725 --- htdocs/lib/functions.lib.php | 5 +++-- htdocs/user/fiche.php | 24 ++++++++++++++---------- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php index aa7c13e9156..c62b76f29e6 100644 --- a/htdocs/lib/functions.lib.php +++ b/htdocs/lib/functions.lib.php @@ -1573,6 +1573,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' // More features to check $features = explode("&",$features); + //var_dump($features); // Check read permission from module // TODO Replace "feature" param by permission for reading @@ -1633,8 +1634,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' // Check write permission from module $createok=1; - if ( (isset($_GET["action"]) && $_GET["action"] == 'create') - || (isset($_POST["action"]) && $_POST["action"] == 'create') ) + if ( GETPOST("action") && GETPOST("action") == 'create') { foreach ($features as $feature) { @@ -1673,6 +1673,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' } else if (! empty($feature)) // This is for old permissions { + //print '
feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write; if (empty($user->rights->$feature->creer) && empty($user->rights->$feature->write)) $createok=0; } diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index 2f81d95e995..3acbb8a5a3d 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -51,10 +51,16 @@ if ($_GET["id"]) || (($user->id != $_GET["id"]) && $user->rights->user->user->password) ); } +$action=GETPOST("action"); +$confirm=GETPOST("confirm"); + // Security check $socid=0; -if ($user->societe_id > 0) $socid = $user->societe_id; -$feature2 = (($socid && $user->rights->user->self->creer)?'':'user'); +if ($user->societe_id > 0) +{ + $socid = $user->societe_id; + $feature2='user'; +} if ($user->id == $_GET["id"]) // A user can always read its own card { $feature2=''; @@ -67,8 +73,6 @@ $langs->load("users"); $langs->load("companies"); $langs->load("ldap"); -$action=isset($_GET["action"])?$_GET["action"]:$_POST["action"]; - $form = new Form($db); // Define size of logo small and mini (might be set into other pages) @@ -95,7 +99,7 @@ if ($_GET["subaction"] == 'delrights' && $canedituser) $edituser->delrights($_GET["rights"]); } -if ($_REQUEST["action"] == 'confirm_disable' && $_REQUEST["confirm"] == "yes") +if ($action == 'confirm_disable' && $confirm == "yes") { if ($_GET["id"] <> $user->id) { @@ -106,7 +110,7 @@ if ($_REQUEST["action"] == 'confirm_disable' && $_REQUEST["confirm"] == "yes") exit; } } -if ($_REQUEST["action"] == 'confirm_enable' && $_REQUEST["confirm"] == "yes") +if ($action == 'confirm_enable' && $confirm == "yes") { if ($_GET["id"] <> $user->id) { @@ -133,7 +137,7 @@ if ($_REQUEST["action"] == 'confirm_enable' && $_REQUEST["confirm"] == "yes") } } -if ($_REQUEST["action"] == 'confirm_delete' && $_REQUEST["confirm"] == "yes") +if ($action == 'confirm_delete' && $confirm == "yes") { if ($_GET["id"] <> $user->id) { @@ -370,8 +374,8 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"]) } // Change password with a new generated one -if ((($_REQUEST["action"] == 'confirm_password' && $_REQUEST["confirm"] == 'yes') -|| ($_REQUEST["action"] == 'confirm_passwordsend' && $_REQUEST["confirm"] == 'yes')) && $caneditpassword) +if ((($action == 'confirm_password' && $confirm == 'yes') +|| ($action == 'confirm_passwordsend' && $confirm == 'yes')) && $caneditpassword) { $edituser = new User($db); $edituser->fetch($_GET["id"]); @@ -385,7 +389,7 @@ if ((($_REQUEST["action"] == 'confirm_password' && $_REQUEST["confirm"] == 'yes' else { // Succes - if ($_REQUEST["action"] == 'confirm_passwordsend' && $_REQUEST["confirm"] == 'yes') + if ($action == 'confirm_passwordsend' && $confirm == 'yes') { if ($edituser->send_password($user,$newpassword) > 0) {