extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-03 04:29:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Infolog: Avoid changing contact or project links if user has no write permission

Browse Source
This commit is contained in:
nathan 2021-10-15 09:04:29 -06:00
parent 75d119f31f
commit 62aeccbb0f
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
infolog/inc/class.infolog_bo.inc.php
View File

@ -1094,10 +1094,14 @@ class infolog_bo
* Checks for info_contact properly linked, project properly linked and * Checks for info_contact properly linked, project properly linked and
* adds or removes to correct. * adds or removes to correct.
* *
* @param Array $values * @param array $values
*/ */
protected function write_check_links(&$values) protected function write_check_links(array &$values)
{ {
if(!$this->bo->check_access($values, Acl::EDIT))
{
return;
}
$old_link_id = (int)$values['info_link_id']; $old_link_id = (int)$values['info_link_id'];
$from = $values['info_from']; $from = $values['info_from'];
@ -1106,7 +1110,7 @@ class infolog_bo
) || ( ) || (
is_array($values['info_contact']) && $values['info_contact']['id'] == 'none' && is_array($values['info_contact']) && $values['info_contact']['id'] == 'none' &&
array_key_exists('search', $values['info_contact']) array_key_exists('search', $values['info_contact'])
)) ))
{ {
if(is_array($values['info_contact'])) if(is_array($values['info_contact']))
{ {
@ -1115,7 +1119,7 @@ class infolog_bo
$id = (int)$values['info_contact']['id']; $id = (int)$values['info_contact']['id'];
$from = $values['info_contact']['search']; $from = $values['info_contact']['search'];
} }
else if ($values['info_contact']) else if($values['info_contact'])
{ {
list($app, $id) = explode(':', $values['info_contact'], 2); list($app, $id) = explode(':', $values['info_contact'], 2);
} }