From 98dfff814b103b57c450173804f92a255909a3ba Mon Sep 17 00:00:00 2001
From: Nik Okuntseff <support@anuko.com>
Date: Tue, 14 Aug 2018 21:16:29 +0000
Subject: [PATCH] Improved access check for cf_custom_field_add.php.

---
 WEB-INF/templates/footer.tpl | 2 +-
 cf_custom_field_add.php      | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 1b7d29ce..99c9b21c 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.98.4319 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.98.4320 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/cf_custom_field_add.php b/cf_custom_field_add.php
index 922d83b7..8227d254 100644
--- a/cf_custom_field_add.php
+++ b/cf_custom_field_add.php
@@ -39,6 +39,12 @@ if (!$user->isPluginEnabled('cf')) {
   header('Location: feature_disabled.php');
   exit();
 }
+$fields = CustomFields::getFields();
+// Deny access when max number of custom fields is already set.
+if (count($fields) >= 1) {
+  header('Location: access_denied.php');
+  exit();
+}
 
 if ($request->isPost()) {
   $cl_field_name = trim($request->getParameter('name'));
-- 
2.20.1