projects
/
timetracker.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Security fix - improved access checks for task edit and deletes.
[timetracker.git]
/
tofile.php
diff --git
a/tofile.php
b/tofile.php
index
67c5b31
..
e7b9ed9
100644
(file)
--- a/
tofile.php
+++ b/
tofile.php
@@
-31,11
+31,12
@@
import('form.Form');
import('form.ActionForm');
import('ttReportHelper');
import('form.ActionForm');
import('ttReportHelper');
-// Access check.
-if (!
ttAccessAllowed('view_own_reports'
)) {
+// Access check
s
.
+if (!
(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports')
)) {
header('Location: access_denied.php');
exit();
}
header('Location: access_denied.php');
exit();
}
+// End of access checks.
// Use custom fields plugin if it is enabled.
if ($user->isPluginEnabled('cf')) {
// Use custom fields plugin if it is enabled.
if ($user->isPluginEnabled('cf')) {