From: Nik Okuntseff <support@anuko.com>
Date: Tue, 14 Aug 2018 21:16:29 +0000 (+0000)
Subject: Improved access check for cf_custom_field_add.php.
X-Git-Tag: timetracker_1.19-1~771
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=98dfff814b103b57c450173804f92a255909a3ba;p=timetracker.git

Improved access check for cf_custom_field_add.php.
---

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 1b7d29ce..99c9b21c 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.98.4319 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.98.4320 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/cf_custom_field_add.php b/cf_custom_field_add.php
index 922d83b7..8227d254 100644
--- a/cf_custom_field_add.php
+++ b/cf_custom_field_add.php
@@ -39,6 +39,12 @@ if (!$user->isPluginEnabled('cf')) {
   header('Location: feature_disabled.php');
   exit();
 }
+$fields = CustomFields::getFields();
+// Deny access when max number of custom fields is already set.
+if (count($fields) >= 1) {
+  header('Location: access_denied.php');
+  exit();
+}
 
 if ($request->isPost()) {
   $cl_field_name = trim($request->getParameter('name'));