From: Nik Okuntseff Date: Tue, 14 Aug 2018 21:16:29 +0000 (+0000) Subject: Improved access check for cf_custom_field_add.php. X-Git-Tag: timetracker_1.19-1~771 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=98dfff814b103b57c450173804f92a255909a3ba;p=timetracker.git Improved access check for cf_custom_field_add.php. --- diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 1b7d29ce..99c9b21c 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.17.98.4319 | Copyright © Anuko | +  Anuko Time Tracker 1.17.98.4320 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/cf_custom_field_add.php b/cf_custom_field_add.php index 922d83b7..8227d254 100644 --- a/cf_custom_field_add.php +++ b/cf_custom_field_add.php @@ -39,6 +39,12 @@ if (!$user->isPluginEnabled('cf')) { header('Location: feature_disabled.php'); exit(); } +$fields = CustomFields::getFields(); +// Deny access when max number of custom fields is already set. +if (count($fields) >= 1) { + header('Location: access_denied.php'); + exit(); +} if ($request->isPost()) { $cl_field_name = trim($request->getParameter('name'));