[Phpcompta-dev] r4598 - phpcompta/trunk/include

phpcompta-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpcompta-dev] r4598 - phpcompta/trunk/include

From:	phpcompta-dev
Subject:	[Phpcompta-dev] r4598 - phpcompta/trunk/include
Date:	Sun, 11 Dec 2011 21:54:10 +0100 (CET)

Author: danydb
Date: 2011-12-11 21:54:08 +0100 (Sun, 11 Dec 2011)
New Revision: 4598

Modified:
   phpcompta/trunk/include/class_acc_ledger.php
   phpcompta/trunk/include/compta_ach.inc.php
   phpcompta/trunk/include/compta_ods.inc.php
   phpcompta/trunk/include/compta_ven.inc.php
Log:

Security ; bug can't access ODS 


Modified: phpcompta/trunk/include/class_acc_ledger.php
===================================================================
--- phpcompta/trunk/include/class_acc_ledger.php        2011-12-11 16:23:38 UTC 
(rev 4597)
+++ phpcompta/trunk/include/class_acc_ledger.php        2011-12-11 20:54:08 UTC 
(rev 4598)
@@ -2045,10 +2045,10 @@
      *\param the type
      *\return the j_id
      */
-    public function get_first($p_type)
+    public function get_first($p_type,$p_access=3)
     {
         $user=new User($this->db);
-        $all=$user->get_ledger($p_type);
+        $all=$user->get_ledger($p_type,$p_access);
         return $all[0];
     }
 

Modified: phpcompta/trunk/include/compta_ach.inc.php
===================================================================
--- phpcompta/trunk/include/compta_ach.inc.php  2011-12-11 16:23:38 UTC (rev 
4597)
+++ phpcompta/trunk/include/compta_ach.inc.php  2011-12-11 20:54:08 UTC (rev 
4598)
@@ -163,7 +163,11 @@
 
 if (!isset($_REQUEST ['p_jrn']))
 {
-       $def_ledger = $Ledger->get_first('ach');
+       $def_ledger = $Ledger->get_first('ach',2);
+       if ( empty ($first_ledger))
+       {
+               exit('Pas de journal disponible');
+       }
        $Ledger->id = $def_ledger['jrn_def_id'];
 }
 else

Modified: phpcompta/trunk/include/compta_ods.inc.php
===================================================================
--- phpcompta/trunk/include/compta_ods.inc.php  2011-12-11 16:23:38 UTC (rev 
4597)
+++ phpcompta/trunk/include/compta_ods.inc.php  2011-12-11 20:54:08 UTC (rev 
4598)
@@ -43,6 +43,10 @@
 $id = (isset($_REQUEST['p_jrn_predef'])) ? $_REQUEST['p_jrn_predef'] : -1;
 $ledger = new Acc_Ledger($cn, $id);
 $first_ledger = $ledger->get_first('ODS');
+if ( empty ($first_ledger))
+{
+       exit('Pas de journal disponible');
+}
 $ledger->id = ($ledger->id == -1) ? $first_ledger['jrn_def_id'] : $id;
 
 /* !\brief show a form for quick_writing */
@@ -52,7 +56,7 @@
 
 
 
-if ($g_user->check_jrn($id) == 'X')
+if ($g_user->check_jrn($ledger->id) == 'X')
 {
        NoAccess();
        exit - 1;

Modified: phpcompta/trunk/include/compta_ven.inc.php
===================================================================
--- phpcompta/trunk/include/compta_ven.inc.php  2011-12-11 16:23:38 UTC (rev 
4597)
+++ phpcompta/trunk/include/compta_ven.inc.php  2011-12-11 20:54:08 UTC (rev 
4598)
@@ -182,7 +182,11 @@
 
     if ( !isset($_REQUEST ['p_jrn']) )
     {
-        $def_ledger=$Ledger->get_first('ven');
+        $def_ledger=$Ledger->get_first('ven',2);
+               if (empty($first_ledger))
+       {
+               exit('Pas de journal disponible');
+       }
         $Ledger->id=$def_ledger['jrn_def_id'];
     }
     else
@@ -190,7 +194,7 @@
        if (isset ($_REQUEST['p_jrn_predef'])){
                $Ledger->id=$_REQUEST['p_jrn_predef'];
        }
-       
+
    echo '<div id="predef_form">';
     echo '<form style="display:inline" method="GET" >';
        echo HtmlInput::hidden('ac',$_REQUEST['ac']);

[Prev in Thread]

Current Thread

[Next in Thread]

[Phpcompta-dev] r4598 - phpcompta/trunk/include, phpcompta-dev <=

Prev by Date: [Phpcompta-dev] r4597 - phpcompta/trunk/include
Next by Date: [Phpcompta-dev] r4599 - phpcompta/trunk/include
Previous by thread: [Phpcompta-dev] r4597 - phpcompta/trunk/include
Next by thread: [Phpcompta-dev] r4599 - phpcompta/trunk/include
Index(es):
- Date
- Thread