From 05e850dbfc25eb930012ab06dccc6d8916272889 Mon Sep 17 00:00:00 2001 From: David Pareja Rodriguez Date: Wed, 23 Nov 2022 11:58:21 +0100 Subject: [PATCH] FIX Broken Permissions check, $object is null. This code was probably copy&paste'd from `htdocs/compta/prelevement/card.php` where the `$object` variable exists. On `htdocs/compta/prelevement/line.php` `$object` is not defined, and `$type` come from the `$type = GETPOST('type', 'aZ09');` which ends up being overwritten with null. --- htdocs/compta/prelevement/line.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/prelevement/line.php b/htdocs/compta/prelevement/line.php index 65ba71a0d2f..f706e94a656 100644 --- a/htdocs/compta/prelevement/line.php +++ b/htdocs/compta/prelevement/line.php @@ -61,7 +61,7 @@ if ($sortfield == "") { $sortfield = "pl.fk_soc"; } -$type = $object->type; + if ($type == 'bank-transfer') { $result = restrictedArea($user, 'paymentbybanktransfer', '', '', ''); } else {