From 914096bd0a4692a3b519a0bafee2044fc1696a56 Mon Sep 17 00:00:00 2001
From: Guenter Lukas <gl@gl.co.at>
Date: Mon, 13 Mar 2023 08:45:29 +0100
Subject: [PATCH] update

---
 htdocs/comm/action/card.php | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php
index 545088e47e9..806011b2575 100644
--- a/htdocs/comm/action/card.php
+++ b/htdocs/comm/action/card.php
@@ -90,8 +90,8 @@ if ($fulldayevent) {
 // Security check
 $socid = GETPOST('socid', 'int');
 $id = GETPOST('id', 'int');
-if ($user->socid) {
-	$socid = $user->socid;
+if ($user->socid && ($socid != $user->socid)) {
+	accessforbidden();
 }
 
 $error = GETPOST("error");
@@ -142,9 +142,6 @@ if (!empty($conf->global->AGENDA_REMINDER_EMAIL)) {
 $TDurationTypes = array('y'=>$langs->trans('Years'), 'm'=>$langs->trans('Month'), 'w'=>$langs->trans('Weeks'), 'd'=>$langs->trans('Days'), 'h'=>$langs->trans('Hours'), 'i'=>$langs->trans('Minutes'));
 
 $result = restrictedArea($user, 'agenda', $object->id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
-if ($user->socid && $socid) {
-	$result = restrictedArea($user, 'societe', $socid);
-}
 
 
 /*