<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.18.29.457
0 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.18.29.457
1 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
header('Location: feature_disabled.php');
exit();
}
-
-$cl_field_id = $request->getParameter('field_id');
+$cl_field_id = (int)$request->getParameter('field_id');
$field = CustomFields::getField($cl_field_id);
-if (false === $field)
- $err->add($i18n->get('error.db'));
+if (!$field) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
$form = new Form('optionAddForm');
if ($err->no()) {
header('Location: feature_disabled.php');
exit();
}
-
$cl_id = $request->getParameter('id');
+$option = CustomFields::getOptionName($cl_id);
+if (!$option) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
+
$form = new Form('optionDeleteForm');
if ($request->isPost()) {
exit();
}
} else {
- $option = CustomFields::getOptionName($cl_id);
- if (false === $option)
- $err->add($i18n->get('error.db'));
-
- if ($err->no()) {
- $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id));
- $form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete')));
- $form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel')));
- }
+ $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id));
+ $form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete')));
+ $form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel')));
}
$smarty->assign('option', $option);
header('Location: feature_disabled.php');
exit();
}
-
$cl_id = $request->getParameter('id');
$cl_name = CustomFields::getOptionName($cl_id);
-if (false === $cl_name)
- $err->add($i18n->get('error.db'));
+if (!$cl_name) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
$form = new Form('optionEditForm');
if ($err->no()) {
$org_id = $user->org_id;
$sql = "select value from tt_custom_field_options".
- " where id = $id and group_id = $group_id and org_id = $org_id";
+ " where id = $id and group_id = $group_id and org_id = $org_id and status = 1";
$res = $mdb2->query($sql);
if (!is_a($res, 'PEAR_Error')) {
$val = $res->fetchRow();
projects / timetracker.git / commitdiff