X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/07ee49d8208cc8308a167487f010e4b919555e03..cabf2460445f26eded09e7d2c9c8cda97e8db593:/predefined_expense_edit.php

diff --git a/predefined_expense_edit.php b/predefined_expense_edit.php
index ab2299c0..3f0cb0c8 100644
--- a/predefined_expense_edit.php
+++ b/predefined_expense_edit.php
@@ -39,14 +39,18 @@ if (!$user->isPluginEnabled('ex')) {
   header('Location: feature_disabled.php');
   exit();
 }
-
 $predefined_expense_id = (int) $request->getParameter('id');
+$predefined_expense = ttPredefinedExpenseHelper::get($predefined_expense_id);
+if (!$predefined_expense) {
+  header('Location: access_denied.php');
+  exit();
+}
+// End of access checks.
 
 if ($request->isPost()) {
   $cl_name = trim($request->getParameter('name'));
   $cl_cost = trim($request->getParameter('cost'));
 } else {
-  $predefined_expense = ttPredefinedExpenseHelper::get($predefined_expense_id);
   $cl_name = $predefined_expense['name'];
   $cl_cost = $predefined_expense['cost'];
 }