Security fix - improved access checks for task edit and deletes.

[timetracker.git] / tofile.php

diff --git a/tofile.php b/tofile.php
index abd1f278bd855ea0ed87479f690c53fb17da2cd4..e7b9ed963b4fbab166135ae48d15c52395f3f7a4 100644 (file)
--- a/tofile.php
+++ b/tofile.php
@@ -31,11 +31,12 @@ import('form.Form');
 import('form.ActionForm');
 import('ttReportHelper');
 
-// Access check.
+// Access checks.
 if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
   header('Location: access_denied.php');
   exit();
 }
+// End of access checks.
 
 // Use custom fields plugin if it is enabled.
 if ($user->isPluginEnabled('cf')) {