From e63eef54095a467d0dfd64646c6ef574bab09e89 Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Tue, 4 Dec 2018 15:07:39 +0000 Subject: [PATCH] Improved access check for client edit. --- WEB-INF/templates/footer.tpl | 2 +- client_edit.php | 10 +++++++--- mobile/client_edit.php | 10 +++++++--- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 09e0d89c..c5ff71ca 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.18.29.4579 | Copyright © Anuko | +  Anuko Time Tracker 1.18.29.4580 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/client_edit.php b/client_edit.php index a1f98249..7b572ea7 100644 --- a/client_edit.php +++ b/client_edit.php @@ -41,8 +41,13 @@ if (!$user->isPluginEnabled('cl')) { header('Location: feature_disabled.php'); exit(); } - -$cl_id = (int) $request->getParameter('id'); +$cl_id = (int)$request->getParameter('id'); +$client = ttClientHelper::getClient($cl_id, true); +if (!$client) { + header('Location: access_denied.php'); + exit(); +} +// End of access checks. $projects = ttGroupHelper::getActiveProjects(); @@ -53,7 +58,6 @@ if ($request->isPost()) { $cl_status = $request->getParameter('status'); $cl_projects = $request->getParameter('projects'); } else { - $client = ttClientHelper::getClient($cl_id, true); $cl_name = $client['name']; $cl_address = $client['address']; $cl_tax = $client['tax']; diff --git a/mobile/client_edit.php b/mobile/client_edit.php index b65ac99d..ab868650 100644 --- a/mobile/client_edit.php +++ b/mobile/client_edit.php @@ -40,8 +40,13 @@ if (!$user->isPluginEnabled('cl')) { header('Location: feature_disabled.php'); exit(); } - -$cl_id = (int) $request->getParameter('id'); +$cl_id = (int)$request->getParameter('id'); +$client = ttClientHelper::getClient($cl_id, true); +if (!$client) { + header('Location: access_denied.php'); + exit(); +} +// End of access checks. $projects = ttGroupHelper::getActiveProjects(); @@ -52,7 +57,6 @@ if ($request->isPost()) { $cl_status = $request->getParameter('status'); $cl_projects = $request->getParameter('projects'); } else { - $client = ttClientHelper::getClient($cl_id, true); $cl_name = $client['name']; $cl_address = $client['address']; $cl_tax = $client['tax']; -- 2.20.1