From e63eef54095a467d0dfd64646c6ef574bab09e89 Mon Sep 17 00:00:00 2001
From: Nik Okuntseff <support@anuko.com>
Date: Tue, 4 Dec 2018 15:07:39 +0000
Subject: [PATCH] Improved access check for client edit.

---
 WEB-INF/templates/footer.tpl |  2 +-
 client_edit.php              | 10 +++++++---
 mobile/client_edit.php       | 10 +++++++---
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 09e0d89c..c5ff71ca 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.29.4579 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.29.4580 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/client_edit.php b/client_edit.php
index a1f98249..7b572ea7 100644
--- a/client_edit.php
+++ b/client_edit.php
@@ -41,8 +41,13 @@ if (!$user->isPluginEnabled('cl')) {
   header('Location: feature_disabled.php');
   exit();
 }
-
-$cl_id = (int) $request->getParameter('id');
+$cl_id = (int)$request->getParameter('id');
+$client = ttClientHelper::getClient($cl_id, true);
+if (!$client) {
+  header('Location: access_denied.php');
+  exit();
+}
+// End of access checks.
 
 $projects = ttGroupHelper::getActiveProjects();
 
@@ -53,7 +58,6 @@ if ($request->isPost()) {
   $cl_status = $request->getParameter('status');
   $cl_projects = $request->getParameter('projects');
 } else {
-  $client = ttClientHelper::getClient($cl_id, true);
   $cl_name = $client['name'];
   $cl_address = $client['address'];
   $cl_tax = $client['tax'];
diff --git a/mobile/client_edit.php b/mobile/client_edit.php
index b65ac99d..ab868650 100644
--- a/mobile/client_edit.php
+++ b/mobile/client_edit.php
@@ -40,8 +40,13 @@ if (!$user->isPluginEnabled('cl')) {
   header('Location: feature_disabled.php');
   exit();
 }
-
-$cl_id = (int) $request->getParameter('id');
+$cl_id = (int)$request->getParameter('id');
+$client = ttClientHelper::getClient($cl_id, true);
+if (!$client) {
+  header('Location: access_denied.php');
+  exit();
+}
+// End of access checks.
 
 $projects = ttGroupHelper::getActiveProjects();
 
@@ -52,7 +57,6 @@ if ($request->isPost()) {
   $cl_status = $request->getParameter('status');
   $cl_projects = $request->getParameter('projects');
 } else {
-  $client = ttClientHelper::getClient($cl_id, true);
   $cl_name = $client['name'];
   $cl_address = $client['address'];
   $cl_tax = $client['tax'];
-- 
2.20.1