From dbae3ee1f88767eaac054a13b4690ce26c751dae Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Sat, 13 Aug 2005 16:44:52 +0000
Subject: [PATCH] =?UTF-8?q?Secu:=20Certaines=20pages=20sur=20les=20pr=E9l?=
 =?UTF-8?q?=E8vement=20n'=E9taient=20pas=20prot=E9g=E9es=20par=20les=20dro?=
 =?UTF-8?q?its?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 htdocs/compta/prelevement/demandes.php |  3 +++
 htdocs/compta/prelevement/stats.php    | 27 +++++++++++++++++---------
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php
index 3236f26963b..d33e1598e29 100644
--- a/htdocs/compta/prelevement/demandes.php
+++ b/htdocs/compta/prelevement/demandes.php
@@ -29,6 +29,9 @@
 require("./pre.inc.php");
 require_once DOL_DOCUMENT_ROOT."/includes/modules/modPrelevement.class.php";
 
+if (!$user->rights->prelevement->bons->lire)
+  accessforbidden();
+
 $langs->load("widthdrawals");
 
 if ($user->societe_id > 0)
diff --git a/htdocs/compta/prelevement/stats.php b/htdocs/compta/prelevement/stats.php
index 7b164ad5179..d1de2ff467f 100644
--- a/htdocs/compta/prelevement/stats.php
+++ b/htdocs/compta/prelevement/stats.php
@@ -1,5 +1,6 @@
 <?PHP
 /* Copyright (C) 2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
+ * Copyright (C) 2005 Laurent Destailleur  <eldy@users.sourceforge.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -17,15 +18,23 @@
  *
  * $Id$
  * $Source$
- *
  */
+
+/**
+        \file       htdocs/compta/prelevement/stats.php
+        \brief      Page de stats des prélèvements
+        \version    $Revision$
+*/
+
 require("./pre.inc.php");
 
-/*
- * Sécurité accés client
- */
+if (!$user->rights->prelevement->bons->lire)
+  accessforbidden();
+
+// Sécurité accés client
 if ($user->societe_id > 0) accessforbidden();
 
+
 llxHeader('','Statistiques prélèvements');
 
 /*
@@ -67,7 +76,7 @@ if ($db->query($sql))
   $i = 0;
   
   print"\n<!-- debut table -->\n";
-  print '<table class="noborder" width="100%" cellspacing="0" cellpadding="4">';
+  print '<table class="noborder" width="100%">';
   print '<tr class="liste_titre">';
   print '<td width="30%">Statut</td><td align="center">Nombre</td><td align="right">% en nombre</td>';
   print '<td align="right">Montant</td><td align="right">% en montant</td></tr>';
@@ -113,7 +122,7 @@ if ($db->query($sql))
 }
 else 
 {
-  print $db->error() . ' ' . $sql;
+  dolibarr_print_error($db);
 }  
 /*
  *
@@ -158,7 +167,7 @@ if ($db->query($sql))
   $i = 0;
   
   print"\n<!-- debut table -->\n";
-  print '<table class="noborder" width="100%" cellspacing="0" cellpadding="4">';
+  print '<table class="noborder" width="100%">';
   print '<tr class="liste_titre">';
   print '<td width="30%">Statut</td><td align="center">Nombre</td>';
   print '<td align="right">% en nombre</td><td align="right">Montant</td><td align="right">% en montant</td></tr>';
@@ -202,11 +211,11 @@ if ($db->query($sql))
 }
 else 
 {
-  print $db->error() . ' ' . $sql;
+  dolibarr_print_error($db);
 }  
 
 
 $db->close();
 
-llxFooter("<em>Derni&egrave;re modification $Date$ r&eacute;vision $Revision$</em>");
+llxFooter('$Date$ - $Revision$');
 ?>