From: Nik Okuntseff Date: Mon, 26 Mar 2018 18:56:07 +0000 (+0000) Subject: Included team_id in task update sql to avoid risk of misuse. X-Git-Tag: timetracker_1.19-1~927 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=81ca36ba9b5294ecb417d9b82196752211c652b7;p=timetracker.git Included team_id in task update sql to avoid risk of misuse. --- diff --git a/WEB-INF/lib/ttTaskHelper.class.php b/WEB-INF/lib/ttTaskHelper.class.php index 2bb99da4..24831cb2 100644 --- a/WEB-INF/lib/ttTaskHelper.class.php +++ b/WEB-INF/lib/ttTaskHelper.class.php @@ -198,7 +198,7 @@ class ttTaskHelper { $projects = $fields['projects']; $sql = "update tt_tasks set name = ".$mdb2->quote($name).", description = ".$mdb2->quote($description). - ", status = $status where id = $task_id"; + ", status = $status where id = $task_id and team_id = $user->team_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) die($affected->getMessage()); diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index b9939f90..9defcca8 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.17.74.4179 | Copyright © Anuko | +  Anuko Time Tracker 1.17.74.4180 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve}