[Vtigercrm-commits] [vtiger-commits] r10010 - /vtigercrm/branches/5.0.3/modules/Users/DetailView.php
vtigercrm-commits at vtiger.fosslabs.com
vtigercrm-commits at vtiger.fosslabs.com
Wed Jan 3 02:22:02 EST 2007
Author: richie
Date: Wed Jan 3 00:21:52 2007
New Revision: 10010
Log:
Unauthorized access of userdetail - fixed
Modified:
vtigercrm/branches/5.0.3/modules/Users/DetailView.php
Modified: vtigercrm/branches/5.0.3/modules/Users/DetailView.php
==============================================================================
--- vtigercrm/branches/5.0.3/modules/Users/DetailView.php (original)
+++ vtigercrm/branches/5.0.3/modules/Users/DetailView.php Wed Jan 3 00:21:52 2007
@@ -39,7 +39,8 @@
$focus = new Users();
-if(!empty($_REQUEST['record'])) {
+if(!empty($_REQUEST['record']))
+{
$focus->retrieve_entity_info($_REQUEST['record'],'Users');
$focus->id = $_REQUEST['record'];
}
@@ -55,22 +56,28 @@
if( $focus->user_name == "" )
{
-
+
+ if(is_admin($current_user))
+ {
echo "
<table>
<tr>
<td>
<b>User does not exist.</b>
</td>
- </tr>
+ </tr>";
+
+ echo "
<tr>
<td>
<a href='index.php?module=Users&action=ListView'>List Users</a>
</td>
</tr>
</table>
- ";
- exit;
+ ";
+ exit;
+ }
+
}
More information about the vtigercrm-commits
mailing list