From 840056890d9b574fcc62fdf386db346f133baa91 Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Mon, 4 Mar 2019 15:30:40 +0000 Subject: [PATCH] Improved sfety of inner join for timesheet assignment. --- WEB-INF/lib/ttReportHelper.class.php | 3 ++- WEB-INF/templates/footer.tpl | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/WEB-INF/lib/ttReportHelper.class.php b/WEB-INF/lib/ttReportHelper.class.php index a64bb870..0fa00d13 100644 --- a/WEB-INF/lib/ttReportHelper.class.php +++ b/WEB-INF/lib/ttReportHelper.class.php @@ -640,7 +640,8 @@ class ttReportHelper { if ($time_log_ids) { if ($timesheet_id) - $inner_join = " inner join tt_timesheets ts on (ts.id = $timesheet_id and ts.approve_status is null)"; + $inner_join = " inner join tt_timesheets ts on (ts.id = $timesheet_id". + " and ts.user_id = $user_id and ts.approve_status is null)"; $sql = "update tt_log l $inner_join". " set l.timesheet_id = ".$mdb2->quote($timesheet_id). diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 3f166443..9ce9723f 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.18.52.4819 | Copyright © Anuko | +  Anuko Time Tracker 1.18.52.4820 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} -- 2.20.1