From: Nik Okuntseff Date: Tue, 4 Dec 2018 15:07:39 +0000 (+0000) Subject: Improved access check for client edit. X-Git-Tag: timetracker_1.19-1~485 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=e63eef54095a467d0dfd64646c6ef574bab09e89;p=timetracker.git Improved access check for client edit. --- diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 09e0d89c..c5ff71ca 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.18.29.4579 | Copyright © Anuko | +  Anuko Time Tracker 1.18.29.4580 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/client_edit.php b/client_edit.php index a1f98249..7b572ea7 100644 --- a/client_edit.php +++ b/client_edit.php @@ -41,8 +41,13 @@ if (!$user->isPluginEnabled('cl')) { header('Location: feature_disabled.php'); exit(); } - -$cl_id = (int) $request->getParameter('id'); +$cl_id = (int)$request->getParameter('id'); +$client = ttClientHelper::getClient($cl_id, true); +if (!$client) { + header('Location: access_denied.php'); + exit(); +} +// End of access checks. $projects = ttGroupHelper::getActiveProjects(); @@ -53,7 +58,6 @@ if ($request->isPost()) { $cl_status = $request->getParameter('status'); $cl_projects = $request->getParameter('projects'); } else { - $client = ttClientHelper::getClient($cl_id, true); $cl_name = $client['name']; $cl_address = $client['address']; $cl_tax = $client['tax']; diff --git a/mobile/client_edit.php b/mobile/client_edit.php index b65ac99d..ab868650 100644 --- a/mobile/client_edit.php +++ b/mobile/client_edit.php @@ -40,8 +40,13 @@ if (!$user->isPluginEnabled('cl')) { header('Location: feature_disabled.php'); exit(); } - -$cl_id = (int) $request->getParameter('id'); +$cl_id = (int)$request->getParameter('id'); +$client = ttClientHelper::getClient($cl_id, true); +if (!$client) { + header('Location: access_denied.php'); + exit(); +} +// End of access checks. $projects = ttGroupHelper::getActiveProjects(); @@ -52,7 +57,6 @@ if ($request->isPost()) { $cl_status = $request->getParameter('status'); $cl_projects = $request->getParameter('projects'); } else { - $client = ttClientHelper::getClient($cl_id, true); $cl_name = $client['name']; $cl_address = $client['address']; $cl_tax = $client['tax'];