Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX #yogosha5678

Browse Source
This commit is contained in:
Laurent Destailleur 2021-03-19 14:25:59 +01:00
parent ae7261c0a7
commit 1540f62df0
12 changed files with 75 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
htdocs/bom/bom_list.php
View File

@ -76,18 +76,6 @@ if (!$sortorder) {
$sortorder = "ASC";
}
// Security check
if (empty($conf->bom->enabled)) {
accessforbidden('Module not enabled');
}
$socid = 0;
if ($user->socid > 0) {
// Protection if external user
//$socid = $user->socid;
accessforbidden();
}
//$result = restrictedArea($user, 'bom', $id, '');
// Initialize array of search criterias
$search_all = GETPOST("search_all", 'alpha');
$search = array();
@ -133,6 +121,13 @@ $permissiontoread = $user->rights->bom->read;
$permissiontoadd = $user->rights->bom->write;
$permissiontodelete = $user->rights->bom->delete;
// Security check
if ($user->socid > 0) {
// Protection if external user
accessforbidden();
}
$result = restrictedArea($user, 'bom');
/*
* Actions

11
htdocs/eventorganization/conferenceorbooth_agenda.php
View File

@ -132,14 +132,17 @@ if ($id > 0 || !empty($ref)) {
$upload_dir = $conf->eventorganization->multidir_output[$object->entity]."/".$object->id;
}
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$result = restrictedArea($user, 'eventorganization', $object->id);
// Security check
if ($user->socid > 0) {
accessforbidden();
}
$isdraft = (($object->status== $object::STATUS_DRAFT) ? 1 : 0);
$result = restrictedArea($user, 'eventorganization', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
$permissiontoadd = $user->rights->eventorganization->conferenceorbooth->write; // Used by the include of actions_addupdatedelete.inc.php
/*
* Actions
*/

7
htdocs/eventorganization/conferenceorbooth_card.php
View File

@ -85,14 +85,11 @@ $permissionnote = $user->rights->eventorganization->write; // Used by the includ
$permissiondellink = $user->rights->eventorganization->write; // Used by the include of actions_dellink.inc.php
$upload_dir = $conf->eventorganization->multidir_output[isset($object->entity) ? $object->entity : 1];
// Security check - Protection if external user
// Security check
if ($user->socid > 0) {
accessforbidden();
}
if ($user->socid > 0) {
$socid = $user->socid;
}
$isdraft = (($object->statut == $object::STATUS_DRAFT) ? 1 : 0);
$isdraft = (($object->status== $object::STATUS_DRAFT) ? 1 : 0);
$result = restrictedArea($user, 'eventorganization', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
if (!$permissiontoread) {

15
htdocs/eventorganization/conferenceorbooth_contact.php
View File

@ -78,18 +78,21 @@ $extrafields->fetch_name_optionals_label($object->table_element);
// Load object
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$result = restrictedArea($user, 'eventorganization', $object->id);
// Security check
if ($user->socid > 0) {
accessforbidden();
}
$isdraft = (($object->status== $object::STATUS_DRAFT) ? 1 : 0);
$result = restrictedArea($user, 'eventorganization', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
$permission = $user->rights->eventorganization->conferenceorbooth->write;
/*
* Add a new contact
* Actions
*/
if ($action == 'addcontact' && $permission) {
if ($action == 'addcontact' && $permission) { // Add a new contact
$contactid = (GETPOST('userid') ? GETPOST('userid', 'int') : GETPOST('contactid', 'int'));
$typeid = (GETPOST('typecontact') ? GETPOST('typecontact') : GETPOST('type'));
$result = $object->add_contact($contactid, $typeid, GETPOST("source", 'aZ09'));

11
htdocs/eventorganization/conferenceorbooth_document.php
View File

@ -124,13 +124,14 @@ if ($id > 0 || !empty($ref)) {
$upload_dir = $conf->eventorganization->multidir_output[$object->entity ? $object->entity : $conf->entity]."/conferenceorbooth/".get_exdir(0, 0, 0, 1, $object);
}
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$result = restrictedArea($user, 'eventorganization', $object->id);
$permissiontoadd = $user->rights->eventorganization->conferenceorbooth->write; // Used by the include of actions_addupdatedelete.inc.php
// Security check
if ($user->socid > 0) {
accessforbidden();
}
$isdraft = (($object->status== $object::STATUS_DRAFT) ? 1 : 0);
$result = restrictedArea($user, 'eventorganization', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
/*

9
htdocs/eventorganization/conferenceorbooth_list.php
View File

@ -132,17 +132,12 @@ $permissiontoadd = $user->rights->eventorganization->write;
$permissiontodelete = $user->rights->eventorganization->delete;
// Security check
if (empty($conf->eventorganization->enabled)) {
accessforbidden('Module not enabled');
}
$socid = 0;
//$socid = 0;
if ($user->socid > 0) { // Protection if external user
//$socid = $user->socid;
accessforbidden();
}
//$result = restrictedArea($user, 'eventorganization', $id, '');
//if (!$permissiontoread) accessforbidden();
$result = restrictedArea($user, 'eventorganization');
/*

6
htdocs/eventorganization/conferenceorbooth_note.php
View File

@ -109,6 +109,12 @@ if ($id > 0 || !empty($ref)) {
$permissionnote = $user->rights->eventorganization->conferenceorbooth->write; // Used by the include of actions_setnotes.inc.php
$permissiontoadd = $user->rights->eventorganization->conferenceorbooth->write; // Used by the include of actions_addupdatedelete.inc.php
// Security check
if ($user->socid > 0) {
accessforbidden();
}
$isdraft = (($object->status== $object::STATUS_DRAFT) ? 1 : 0);
$result = restrictedArea($user, 'eventorganization', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
/*

53
htdocs/eventorganization/eventorganizationindex.php
View File

@ -25,57 +25,26 @@
*/
// Load Dolibarr environment
$res = 0;
// Try main.inc.php into web root known defined into CONTEXT_DOCUMENT_ROOT (not always defined)
if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) {
$res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php";
}
// Try main.inc.php into web root detected using web root calculated from SCRIPT_FILENAME
$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1;
while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) {
$i--; $j--;
}
if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) {
$res = @include substr($tmp, 0, ($i + 1))."/main.inc.php";
}
if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) {
$res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php";
}
// Try main.inc.php using relative path
if (!$res && file_exists("../main.inc.php")) {
$res = @include "../main.inc.php";
}
if (!$res && file_exists("../../main.inc.php")) {
$res = @include "../../main.inc.php";
}
if (!$res && file_exists("../../../main.inc.php")) {
$res = @include "../../../main.inc.php";
}
if (!$res) {
die("Include of main fails");
}
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
// Load translation files required by the page
$langs->loadLangs(array("eventorganization@eventorganization"));
$langs->loadLangs(array("eventorganization"));
$action = GETPOST('action', 'aZ09');
// Security check
// if (! $user->rights->eventorganization->myobject->read) {
// accessforbidden();
// }
$socid = GETPOST('socid', 'int');
if (isset($user->socid) && $user->socid > 0) {
$action = '';
$socid = $user->socid;
}
$max = 5;
$now = dol_now();
// Security check
//$socid = 0;
if ($user->socid > 0) { // Protection if external user
//$socid = $user->socid;
accessforbidden();
}
$result = restrictedArea($user, 'eventorganization');
/*
* Actions

11
htdocs/intracommreport/list.php
View File

@ -39,8 +39,6 @@ $toselect = GETPOST('toselect', 'array');
$sall = trim((GETPOST('search_all', 'alphanohtml') != '') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml'));
$search_ref = GETPOST("search_ref", 'alpha');
$search_type = GETPOST("search_type", 'int');
$fourn_id = GETPOST("fourn_id", 'int');
$catid = GETPOST('catid', 'int');
$optioncss = GETPOST('optioncss', 'alpha');
$type = GETPOST("type", "int");
@ -139,6 +137,14 @@ if (is_array($extrafields->attributes[$object->table_element]['label']) && count
$object->fields = dol_sort_array($object->fields, 'position');
$arrayfields = dol_sort_array($arrayfields, 'position');
// Security check
if ($search_type == '0') {
$result = restrictedArea($user, 'produit', '', '', '', '', '', 0);
} elseif ($search_type == '1') {
$result = restrictedArea($user, 'service', '', '', '', '', '', 0);
} else {
$result = restrictedArea($user, 'produit|service', '', '', '', '', '', 0);
}
/*
@ -192,6 +198,7 @@ if (empty($reshook)) {
/*
* View
*/
$formother = new FormOther($db);
$title = $langs->trans('IntracommReportList'.$type);

2
htdocs/modulebuilder/template/myobject_list.php
View File

@ -187,7 +187,7 @@ if ($user->socid > 0) { // Protection if external user
//$socid = $user->socid;
accessforbidden();
}
//$result = restrictedArea($user, 'mymodule', $id, '');
//$result = restrictedArea($user, 'mymodule');
//if (!$permissiontoread) accessforbidden();

19
htdocs/mrp/mo_list.php
View File

@ -82,18 +82,6 @@ if (!$sortorder) {
$sortorder = "ASC";
}
// Security check
if (empty($conf->mrp->enabled)) {
accessforbidden('Module not enabled');
}
$socid = 0;
if ($user->socid > 0) { // Protection if external user
//$socid = $user->socid;
accessforbidden();
}
//$result = restrictedArea($user, 'mrp', $id, '');
// Initialize array of search criterias
$search_all = GETPOST('search_all', 'alphanohtml') ? GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml');
$search = array();
@ -139,6 +127,13 @@ $permissiontoread = $user->rights->mrp->read;
$permissiontoadd = $user->rights->mrp->write;
$permissiontodelete = $user->rights->mrp->delete;
// Security check
if ($user->socid > 0) {
// Protection if external user
accessforbidden();
}
$result = restrictedArea($user, 'mrp');
/*
* Actions

17
htdocs/product/list.php
View File

@ -146,15 +146,6 @@ if (!empty($canvas)) {
$objcanvas->getCanvas('product', 'list', $canvas);
}
// Security check
if ($search_type == '0') {
$result = restrictedArea($user, 'produit', '', '', '', '', '', 0);
} elseif ($search_type == '1') {
$result = restrictedArea($user, 'service', '', '', '', '', '', 0);
} else {
$result = restrictedArea($user, 'produit|service', '', '', '', '', '', 0);
}
// Define virtualdiffersfromphysical
$virtualdiffersfromphysical = 0;
if (!empty($conf->global->STOCK_CALCULATE_ON_SHIPMENT)
@ -267,6 +258,14 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php';
$object->fields = dol_sort_array($object->fields, 'position');
$arrayfields = dol_sort_array($arrayfields, 'position');
// Security check
if ($search_type == '0') {
$result = restrictedArea($user, 'produit', '', '', '', '', '', 0);
} elseif ($search_type == '1') {
$result = restrictedArea($user, 'service', '', '', '', '', '', 0);
} else {
$result = restrictedArea($user, 'produit|service', '', '', '', '', '', 0);
}
/*