Home Explore Help
Sign In
iProspective
/
dolibarr
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into develop

Laurent Destailleur 2 years ago
parent
7d29bc64d9 7d1e5b914b
commit
e61f5dd5a7
6 changed files with 25 additions and 0 deletions
Split View Show Diff Stats
  1. 5 0
      htdocs/user/agenda_extsites.php
  2. 4 0
      htdocs/user/document.php
  3. 4 0
      htdocs/user/info.php
  4. 4 0
      htdocs/user/note.php
  5. 4 0
      htdocs/user/notify/card.php
  6. 4 0
      htdocs/user/param_ihm.php

+ 5 - 0
htdocs/user/agenda_extsites.php
View File 

@@ -52,6 +52,11 @@ $colorlist = array('BECEDD', 'DDBECE', 'BFDDBE', 'F598B4', 'F68654', 'CBF654', '
 
 
 // Security check
 
 $id = GETPOST('id', 'int');
 
+
 
+if (!isset($id) || empty($id)) {
 
+	accessforbidden();
 
+}
 
+
 
 $object = new User($db);
 
 $object->fetch($id, '', '', 1);
 
 $object->getrights();

+ 4 - 0
htdocs/user/document.php
View File 

@@ -41,6 +41,10 @@ $id = (GETPOST('userid', 'int') ? GETPOST('userid', 'int') : GETPOST('id', 'int'
 
 $ref = GETPOST('ref', 'alpha');
 
 $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'userdoc'; // To manage different context of search
 
 
+if (!isset($id) || empty($id)) {
 
+	accessforbidden();
 
+}
 
+
 
 // Define value to know what current user can do on users
 
 $canadduser = (!empty($user->admin) || $user->hasRight("user", "user", "write"));
 
 $canreaduser = (!empty($user->admin) || $user->hasRight("user", "user", "read"));

+ 4 - 0
htdocs/user/info.php
View File 

@@ -35,6 +35,10 @@ $langs->load("users");
 
 $id = GETPOST('id', 'int');
 
 $ref = GETPOST('ref', 'alpha');
 
 
+if (!isset($id) || empty($id)) {
 
+	accessforbidden();
 
+}
 
+
 
 $object = new User($db);
 
 if ($id > 0 || !empty($ref)) {
 
 	$result = $object->fetch($id, $ref, '', 1);

+ 4 - 0
htdocs/user/note.php
View File 

@@ -33,6 +33,10 @@ $id = GETPOST('id', 'int');
 
 $action = GETPOST('action', 'aZ09');
 
 $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'usernote'; // To manage different context of search
 
 
+if (!isset($id) || empty($id)) {
 
+	accessforbidden();
 
+}
 
+
 
 // Load translation files required by page
 
 $langs->loadLangs(array('companies', 'members', 'bills', 'users'));

+ 4 - 0
htdocs/user/notify/card.php
View File 

@@ -38,6 +38,10 @@ $langs->loadLangs(array('companies', 'mails', 'admin', 'other', 'errors'));
 
 $id = GETPOST("id", 'int');
 
 $ref = GETPOST('ref', 'alpha');
 
 
+if (!isset($id) || empty($id)) {
 
+	accessforbidden();
 
+}
 
+
 
 $action = GETPOST('action', 'aZ09');
 
 $actionid = GETPOST('actionid', 'int');

+ 4 - 0
htdocs/user/param_ihm.php
View File 

@@ -39,6 +39,10 @@ $id = GETPOST('id', 'int');
 
 $action = GETPOST('action', 'aZ09');
 
 $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'userihm'; // To manage different context of search
 
 
+if (!isset($id) || empty($id)) {
 
+	accessforbidden();
 
+}
 
+
 
 if ($id) {
 
 	// $user est le user qui edite, $id est l'id de l'utilisateur edite
 
 	$caneditfield = ((($user->id == $id) && $user->hasRight("user", "self", "write"))