Works on enhancement of project tasks

Fix: security check

htdocs/projet/activity/list.php

@@ -34,6 +34,7 @@ $projectid='';
 $projectid=isset($_GET["id"])?$_GET["id"]:$_POST["projectid"];
 
 // Security check
+$socid=0;
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projectid);
 
@@ -110,10 +111,10 @@ print_barre_liste($title, $page, $_SERVER["PHP_SELF"], "", $sortfield, $sortorde
 
 if ($mesg) print $mesg;
 
-$tasksarray=$task->getTasksArray(0,0,$project->id,0);
+$tasksarray=$task->getTasksArray(0,0,$project->id,$socid);
 $tasksrole=$task->getUserRolesForProjectsOrTasks($user,0,$project->id,0);
 //var_dump($tasksarray);
-var_dump($tasksrole);
+//var_dump($tasksrole);
 
 print '<form name="addtime" method="POST" action="'.$_SERVER["PHP_SELF"].'?id='.$project->id.'">';
 print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';

htdocs/projet/tasks/index.php

@@ -33,8 +33,8 @@ $mode=$_REQUEST["mode"];
 $langs->load('projects');
 
 // Security check
-if (!$user->rights->projet->lire) accessforbidden();
 $socid=0;
+if (!$user->rights->projet->lire) accessforbidden();
 if ($user->societe_id > 0) $socid = $user->societe_id;
 
 $sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];