header('Location: feature_disabled.php');
exit();
}
-
$predefined_expense_id = (int) $request->getParameter('id');
+$predefined_expense = ttPredefinedExpenseHelper::get($predefined_expense_id);
+if (!$predefined_expense) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
if ($request->isPost()) {
$cl_name = trim($request->getParameter('name'));
$cl_cost = trim($request->getParameter('cost'));
} else {
- $predefined_expense = ttPredefinedExpenseHelper::get($predefined_expense_id);
$cl_name = $predefined_expense['name'];
$cl_cost = $predefined_expense['cost'];
}