2 年之前 · 7d1e5b914b
--- a/htdocs/user/agenda_extsites.php
+++ b/htdocs/user/agenda_extsites.php
@@ -52,6 +52,11 @@ $colorlist = array('BECEDD', 'DDBECE', 'BFDDBE', 'F598B4', 'F68654', 'CBF654', '
 
				 
			
 
				 // Security check
			
 
				 $id = GETPOST('id', 'int');
			
 
				+
			
 
				+if (!isset($id) || empty($id)) {
			
 
				+	accessforbidden();
			
 
				+}
			
 
				+
			
 
				 $object = new User($db);
			
 
				 $object->fetch($id, '', '', 1);
			
 
				 $object->getrights();
			
--- a/htdocs/user/document.php
+++ b/htdocs/user/document.php
@@ -41,6 +41,10 @@ $id = (GETPOST('userid', 'int') ? GETPOST('userid', 'int') : GETPOST('id', 'int'
 
				 $ref = GETPOST('ref', 'alpha');
			
 
				 $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'userdoc'; // To manage different context of search
			
 
				 
			
 
				+if (!isset($id) || empty($id)) {
			
 
				+	accessforbidden();
			
 
				+}
			
 
				+
			
 
				 // Define value to know what current user can do on users
			
 
				 $canadduser = (!empty($user->admin) || $user->hasRight("user", "user", "write"));
			
 
				 $canreaduser = (!empty($user->admin) || $user->hasRight("user", "user", "read"));
			
--- a/htdocs/user/info.php
+++ b/htdocs/user/info.php
@@ -35,6 +35,10 @@ $langs->load("users");
 
				 $id = GETPOST('id', 'int');
			
 
				 $ref = GETPOST('ref', 'alpha');
			
 
				 
			
 
				+if (!isset($id) || empty($id)) {
			
 
				+	accessforbidden();
			
 
				+}
			
 
				+
			
 
				 $object = new User($db);
			
 
				 if ($id > 0 || !empty($ref)) {
			
 
				 	$result = $object->fetch($id, $ref, '', 1);
			
--- a/htdocs/user/note.php
+++ b/htdocs/user/note.php
@@ -33,6 +33,10 @@ $id = GETPOST('id', 'int');
 
				 $action = GETPOST('action', 'aZ09');
			
 
				 $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'usernote'; // To manage different context of search
			
 
				 
			
 
				+if (!isset($id) || empty($id)) {
			
 
				+	accessforbidden();
			
 
				+}
			
 
				+
			
 
				 // Load translation files required by page
			
 
				 $langs->loadLangs(array('companies', 'members', 'bills', 'users'));
			
 
				 
			
--- a/htdocs/user/notify/card.php
+++ b/htdocs/user/notify/card.php
@@ -38,6 +38,10 @@ $langs->loadLangs(array('companies', 'mails', 'admin', 'other', 'errors'));
 
				 $id = GETPOST("id", 'int');
			
 
				 $ref = GETPOST('ref', 'alpha');
			
 
				 
			
 
				+if (!isset($id) || empty($id)) {
			
 
				+	accessforbidden();
			
 
				+}
			
 
				+
			
 
				 $action = GETPOST('action', 'aZ09');
			
 
				 $actionid = GETPOST('actionid', 'int');
			
 
				 
			
--- a/htdocs/user/param_ihm.php
+++ b/htdocs/user/param_ihm.php
@@ -39,6 +39,10 @@ $id = GETPOST('id', 'int');
 
				 $action = GETPOST('action', 'aZ09');
			
 
				 $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'userihm'; // To manage different context of search
			
 
				 
			
 
				+if (!isset($id) || empty($id)) {
			
 
				+	accessforbidden();
			
 
				+}
			
 
				+
			
 
				 if ($id) {
			
 
				 	// $user est le user qui edite, $id est l'id de l'utilisateur edite
			
 
				 	$caneditfield = ((($user->id == $id) && $user->hasRight("user", "self", "write"))