FIX #yogosha5775
This commit is contained in:
Laurent Destailleur
parent
5fd8612891
commit
ef8c6ec117
@ -63,7 +63,7 @@ $warehouseStatus = GETPOST('warehousestatus', 'alpha');
|
||||
$hidepriceinlabel = GETPOST('hidepriceinlabel', 'int');
|
||||
|
||||
// Security check
|
||||
$result = restrictedArea($user, 'produit|service', 0, 'product&product');
|
||||
restrictedArea($user, 'produit|service', 0, 'product&product');
|
||||
|
||||
|
||||
/*
|
||||
@ -219,13 +219,13 @@ if (!empty($action) && $action == 'fetch' && !empty($id)) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Filter on product to search can be:
|
||||
// Into an array with key $htmlname123 (we take first one found)
|
||||
// Filter on the product to search can be:
|
||||
// Into an array with key $htmlname123 (we take first one found). Which page use this ?
|
||||
// Into a var with name $htmlname can be 'prodid', 'productid', ...
|
||||
$match = preg_grep('/('.$htmlname.'[0-9]+)/', array_keys($_GET));
|
||||
sort($match);
|
||||
|
||||
$idprod = (empty($match[0]) ? '' : $match[0]); // Take first param in GET with key answer
|
||||
$idprod = (empty($match[0]) ? '' : $match[0]); // Take first key found into GET array with matching $htmlname123
|
||||
|
||||
if (GETPOST($htmlname, 'alpha') == '' && (!$idprod || !GETPOST($idprod, 'alpha'))) {
|
||||
print json_encode(array());
|
||||
@ -235,7 +235,9 @@ if (!empty($action) && $action == 'fetch' && !empty($id)) {
|
||||
// When used from jQuery, the search term is added as GET param "term".
|
||||
$searchkey = (($idprod && GETPOST($idprod, 'alpha')) ? GETPOST($idprod, 'alpha') : (GETPOST($htmlname, 'alpha') ? GETPOST($htmlname, 'alpha') : ''));
|
||||
|
||||
$form = new Form($db);
|
||||
if (!is_object($form)) {
|
||||
$form = new Form($db);
|
||||
}
|
||||
|
||||
if (empty($mode) || $mode == 1) { // mode=1: customer
|
||||
$arrayresult = $form->select_produits_list("", $htmlname, $type, 0, $price_level, $searchkey, $status, $finished, $outjson, $socid, '1', 0, '', $hidepriceinlabel, $warehouseStatus);
|
||||
|
||||
@ -51,6 +51,19 @@ $id = GETPOST('id', 'int');
|
||||
$excludeids = GETPOST('excludeids', 'intcomma');
|
||||
$showtype = GETPOST('showtype', 'int');
|
||||
|
||||
$object = new Societe($db);
|
||||
if ($id > 0) {
|
||||
$object->fetch($id);
|
||||
}
|
||||
|
||||
// Security check
|
||||
if ($user->socid > 0) {
|
||||
unset($action);
|
||||
$socid = $user->socid;
|
||||
$object->id = $socid;
|
||||
}
|
||||
restrictedArea($user, 'societe', $object->id, '&societe');
|
||||
|
||||
|
||||
/*
|
||||
* View
|
||||
@ -64,9 +77,7 @@ if (!empty($action) && $action == 'fetch' && !empty($id)) {
|
||||
|
||||
$outjson = array();
|
||||
|
||||
$object = new Societe($db);
|
||||
$ret = $object->fetch($id);
|
||||
if ($ret > 0) {
|
||||
if ($object->id > 0) {
|
||||
$outref = $object->ref;
|
||||
$outname = $object->name;
|
||||
$outdesc = '';
|
||||
@ -87,12 +98,16 @@ if (!empty($action) && $action == 'fetch' && !empty($id)) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Filter on the company to search can be:
|
||||
// Into an array with key $htmlname123 (we take first one found). Which page use this ?
|
||||
// Into a var with name $htmlname can be 'prodid', 'productid', ...
|
||||
$match = preg_grep('/('.$htmlname.'[0-9]+)/', array_keys($_GET));
|
||||
sort($match);
|
||||
$id = (!empty($match[0]) ? $match[0] : '');
|
||||
|
||||
$id = (!empty($match[0]) ? $match[0] : ''); // Take first key found into GET array with matching $htmlname123
|
||||
|
||||
// When used from jQuery, the search term is added as GET param "term".
|
||||
$searchkey = (($id && GETPOST($id, 'alpha')) ?GETPOST($id, 'alpha') : (($htmlname && GETPOST($htmlname, 'alpha')) ?GETPOST($htmlname, 'alpha') : ''));
|
||||
$searchkey = (($id && GETPOST($id, 'alpha')) ? GETPOST($id, 'alpha') : (($htmlname && GETPOST($htmlname, 'alpha')) ?GETPOST($htmlname, 'alpha') : ''));
|
||||
|
||||
if (!$searchkey) {
|
||||
return;
|
||||
|
||||
@ -39,13 +39,6 @@ $confirm = GETPOST('confirm');
|
||||
$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int'));
|
||||
$ref = GETPOST('ref', 'alpha');
|
||||
|
||||
// Security check
|
||||
if ($user->socid > 0) {
|
||||
unset($action);
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'societe', $id, '&societe');
|
||||
|
||||
// Get parameters
|
||||
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
|
||||
$sortfield = GETPOST("sortfield", 'alpha');
|
||||
@ -84,6 +77,13 @@ if ($id > 0 || !empty($ref)) {
|
||||
$hookmanager->initHooks(array('thirdpartydocument', 'globalcard'));
|
||||
|
||||
|
||||
// Security check
|
||||
if ($user->socid > 0) {
|
||||
unset($action);
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'societe', $object->id, '&societe');
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -33,12 +33,7 @@ $action = GETPOST('action', 'aZ09');
|
||||
|
||||
$langs->load("companies");
|
||||
|
||||
// Security check
|
||||
$id = GETPOST('id') ?GETPOST('id', 'int') : GETPOST('socid', 'int');
|
||||
if ($user->socid) {
|
||||
$id = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'societe', $id, '&societe');
|
||||
|
||||
$object = new Societe($db);
|
||||
if ($id > 0) {
|
||||
@ -50,6 +45,13 @@ $permissionnote = $user->rights->societe->creer; // Used by the include of actio
|
||||
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
|
||||
$hookmanager->initHooks(array('thirdpartynote', 'globalcard'));
|
||||
|
||||
// Security check
|
||||
if ($user->socid > 0) {
|
||||
unset($action);
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'societe', $object->id, '&societe');
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
Loading…
Reference in New Issue
Block a user