From d144a2af4de5fb08df70e684bb4404f58cb0082a Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Mon, 4 May 2009 10:36:44 +0000
Subject: [PATCH] Fix: security with multi-company

---
 htdocs/product/fiche.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/htdocs/product/fiche.php b/htdocs/product/fiche.php
index 5d06ce93f1b..cfb2278005f 100644
--- a/htdocs/product/fiche.php
+++ b/htdocs/product/fiche.php
@@ -44,11 +44,10 @@ $langs->load("stocks");
 if (isset($_GET["id"]) || isset($_GET["ref"]))
 {
 	$id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
-	$fieldid = isset($_GET["ref"])?'ref':'rowid';
 }
-
+$fieldid = isset($_GET["ref"])?'ref':'rowid';
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user,'produit',$id,'product','','',$fieldid?$fieldid:'rowid');
+$result=restrictedArea($user,'produit',$id,'product','','',$fieldid);
 
 $mesg = '';