X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttTimeHelper.class.php;h=6ddedc456ecbc00e000e16d4f5bc21404d422dbe;hb=241fff8e23fee4caddf4038ad83df75e8146f1a2;hp=24506780401560ec8b8b912065de9e9f50b15dc3;hpb=3c5f822f90846e9a65866c9e33b7e1ff81b46b1f;p=timetracker.git

diff --git a/WEB-INF/lib/ttTimeHelper.class.php b/WEB-INF/lib/ttTimeHelper.class.php
index 24506780..6ddedc45 100644
--- a/WEB-INF/lib/ttTimeHelper.class.php
+++ b/WEB-INF/lib/ttTimeHelper.class.php
@@ -418,7 +418,7 @@ class ttTimeHelper {
       if ('00:00' == $finish) $finish = '24:00';
     }
 
-    $created_v = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$mdb2->quote($user->id);
+    $created_v = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id;
 
     if (!$billable) $billable = 0;
     if (!$paid) $paid = 0;
@@ -474,7 +474,7 @@ class ttTimeHelper {
     if ($user->can('manage_invoices') && $user->isPluginEnabled('ps')) {
       $paid_part = $fields['paid'] ? ', paid = 1' : ', paid = 0';
     }
-    $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
+    $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
 
     $start = ttTimeHelper::to24HourFormat($start);
     $finish = ttTimeHelper::to24HourFormat($finish);
@@ -506,15 +506,22 @@ class ttTimeHelper {
   }
 
   // delete - deletes a record from tt_log table and its associated custom field values.
-  static function delete($id, $user_id) {
+  static function delete($id) {
+    global $user;
     $mdb2 = getConnection();
 
-    $sql = "update tt_log set status = NULL where id = $id and user_id = $user_id";
+    $user_id = $user->getUser();
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
+    $sql = "update tt_log set status = null".
+      " where id = $id and user_id = $user_id and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error'))
       return false;
 
-    $sql = "update tt_custom_field_log set status = NULL where log_id = $id";
+    $sql = "update tt_custom_field_log set status = null".
+      " where log_id = $id and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error'))
       return false;