From 98dfff814b103b57c450173804f92a255909a3ba Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Tue, 14 Aug 2018 21:16:29 +0000 Subject: [PATCH] Improved access check for cf_custom_field_add.php. --- WEB-INF/templates/footer.tpl | 2 +- cf_custom_field_add.php | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 1b7d29ce..99c9b21c 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.17.98.4319 | Copyright © Anuko | +  Anuko Time Tracker 1.17.98.4320 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/cf_custom_field_add.php b/cf_custom_field_add.php index 922d83b7..8227d254 100644 --- a/cf_custom_field_add.php +++ b/cf_custom_field_add.php @@ -39,6 +39,12 @@ if (!$user->isPluginEnabled('cf')) { header('Location: feature_disabled.php'); exit(); } +$fields = CustomFields::getFields(); +// Deny access when max number of custom fields is already set. +if (count($fields) >= 1) { + header('Location: access_denied.php'); + exit(); +} if ($request->isPost()) { $cl_field_name = trim($request->getParameter('name')); -- 2.20.1