From ebb5696fdef1dfbc3910c24805783e4e96f491c0 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 10 Mar 2006 09:30:09 +0000 Subject: [PATCH] =?UTF-8?q?am=E9lioration=20de=20la=20s=E9curit=E9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/comm/fiche.php | 6 +++--- htdocs/comm/prospect/fiche.php | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/htdocs/comm/fiche.php b/htdocs/comm/fiche.php index a84cbd9393e..345609e7dec 100644 --- a/htdocs/comm/fiche.php +++ b/htdocs/comm/fiche.php @@ -58,9 +58,9 @@ if ($user->societe_id > 0) // Protection restriction commercial if (!$user->rights->commercial->client->voir && $socidp && !$user->societe_id > 0) { - $sql = "SELECT fk_soc"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux"; - $sql .= " WHERE fk_soc = ".$socidp." AND fk_user = ".$user->id; + $sql = "SELECT sc.fk_soc, s.client"; + $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s"; + $sql .= " WHERE fk_soc = ".$socidp." AND fk_user = ".$user->id." AND s.client = 1"; if ( $db->query($sql) ) { diff --git a/htdocs/comm/prospect/fiche.php b/htdocs/comm/prospect/fiche.php index a92b21c7255..4c7f7a4f651 100644 --- a/htdocs/comm/prospect/fiche.php +++ b/htdocs/comm/prospect/fiche.php @@ -63,9 +63,9 @@ if ($user->societe_id > 0) // Protection restriction commercial if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0) { - $sql = "SELECT fk_soc"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux"; - $sql .= " WHERE fk_soc = ".$socid." AND fk_user = ".$user->id; + $sql = "SELECT sc.fk_soc, s.client"; + $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s"; + $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 2"; if ( $db->query($sql) ) {