[Vtigercrm-commits] [vtiger-commits] r5340 - /vtigercrm/trunk/include/utils/CommonUtils.php

[vtigercrm-commits at vtiger.fosslabs.com]

Author: saraj
Date: Tue Apr 25 04:31:40 2006
New Revision: 5340

Log:
Added Security Check to Quick Create Module. Fixes #640.

Modified:
    vtigercrm/trunk/include/utils/CommonUtils.php

Modified: vtigercrm/trunk/include/utils/CommonUtils.php
==============================================================================
--- vtigercrm/trunk/include/utils/CommonUtils.php (original)
+++ vtigercrm/trunk/include/utils/CommonUtils.php Tue Apr 25 04:31:40 2006
@@ -1532,11 +1532,24 @@
 function QuickCreate($module)
 {
     global $adb;
+    global $current_user;
     global $mod_strings;
 
 $tabid = getTabid($module);
+
+//Adding Security Check
+require('user_privileges/user_privileges_'.$current_user->id.'.php');
+           if($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0)
+           {
+                 $quickcreate_query = "select * from field where quickcreate=0 and tabid = ".$tabid." order by quickcreatesequence";
+           }
+           else
+           {
+                 $profileList = getCurrentUserProfileList();
+                 $quickcreate_query = "select field.* from field inner join profile2field on profile2field.fieldid=field.fieldid inner join def_org_field on def_org_field.fieldid=field.fieldid where field.tabid=".$tabid." and quickcreate=0 and profile2field.visible=0 and def_org_field.visible=0  and profile2field.profileid in ".$profileList." order by quickcreatesequence";
+           }
+																					     
 $category = getParentTab();
-$quickcreate_query = "select * from field where quickcreate=0 and tabid = ".$tabid." order by quickcreatesequence";
 $result = $adb->query($quickcreate_query);
 $noofrows = $adb->num_rows($result);
 $fieldName_array = Array();