Fix: [ bug #2570 ] [Contacts] Page should not process if ID is invalid

8d7c1f8d · Laurent Destailleur · d422fac3 · 8d7c1f8d · 8d7c1f8d · 8d7c1f8d
Commit 8d7c1f8d authored 9 years ago by Laurent Destailleur
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,7 @@ Fix: [ bug #2837 ] Product list table column header does not match column body
 Fix: [ bug #2835 ] Customer prices of a product shows incorrect history order
 Fix: [ bug #2814 ] JPEG photos are not displayed in Product photos page
 Fix: [ bug #2715 ] Statistics page has broken layout with long thirdparty names
+Fix: [ bug #2570 ] [Contacts] Page should not process if ID is invalid

 ***** ChangeLog for 3.5.6 compared to 3.5.5 *****
 Fix: Avoid missing class error for fetch_thirdparty method #1973

--- a/htdocs/contact/exportimport.php
+++ b/htdocs/contact/exportimport.php
@@ -33,21 +33,23 @@ $id = GETPOST('id', 'int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact', $id, 'socpeople&societe');

+$contact = new Contact($db);
+

 /*
 *	View
 */

+$form = new Form($db);
+
 $title = (! empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT) ? $langs->trans("Contacts") : $langs->trans("ContactsAddresses"));

 llxHeader('',$title,'EN:Module_Third_Parties|FR:Module_Tiers|ES:M&oacute;dulo_Empresas');

-$form = new Form($db);
-
-$contact = new Contact($db);
+if ($id > 0)
+{
 	$contact->fetch($id, $user);

-
 	$head = contact_prepare_head($contact);

 	dol_fiche_head($head, 'exportimport', $title, 0, 'contact');
@@ -103,11 +105,8 @@ print '<a href="'.DOL_URL_ROOT.'/contact/vcard.php?id='.$contact->id.'">';
 	print img_picto($langs->trans("VCard"),'vcard.png').' ';
 	print $langs->trans("VCard");
 	print '</a>';
-
-
-
+}

 $db->close();

 llxFooter();
-?>
--- a/htdocs/contact/info.php
+++ b/htdocs/contact/info.php
@@ -35,6 +35,8 @@ $contactid = GETPOST("id",'int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe');

+$contact = new Contact($db);
+


 /*
@@ -43,9 +45,10 @@ $result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe');

 llxHeader('',$langs->trans("ContactsAddresses"),'EN:Module_Third_Parties|FR:Module_Tiers|ES:M&oacute;dulo_Empresas');

+if ($contactid > 0)
+{
+	$result = $contact->fetch($contactid, $user);

-$contact = new Contact($db);
-$contact->fetch($contactid, $user);
 	$contact->info($contactid);


@@ -60,8 +63,8 @@ print '</td></tr></table>';
 	dol_print_object_info($contact);

 	print "</div>";
+}

 llxFooter();

 $db->close();
-?>
--- a/htdocs/contact/ldap.php
+++ b/htdocs/contact/ldap.php
@@ -40,8 +40,10 @@ if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact', $id, 'socpeople&societe');

 $contact = new Contact($db);
-$contact->fetch($id, $user);

+if ($id > 0)
+{
+	$contact->fetch($id, $user);

 	/*
 	 * Actions
@@ -73,18 +75,21 @@ if ($action == 'dolibarr2ldap')
 			$db->rollback();
 		}
 	}
+}


 /*
 *	View
 */

+$form = new Form($db);
+
 $title = (! empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT) ? $langs->trans("Contacts") : $langs->trans("ContactsAddresses"));

 llxHeader('',$title,'EN:Module_Third_Parties|FR:Module_Tiers|ES:M&oacute;dulo_Empresas');

-$form = new Form($db);
-
+if ($id > 0)
+{
 	$head = contact_prepare_head($contact);

 	dol_fiche_head($head, 'ldap', $title, 0, 'contact');
@@ -207,10 +212,9 @@ else

 	print '</table>';

-
+}


 $db->close();

 llxFooter();
-?>
--- a/htdocs/contact/perso.php
+++ b/htdocs/contact/perso.php
@@ -38,14 +38,16 @@ if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contact', $id, 'socpeople&societe');
 $object = new Contact($db);

+$result = $object->fetch($id, $user);
+
+if ($id > 0)
+{
    /*
     * Action
     */

    if ($action == 'update' && ! $_POST["cancel"] && $user->rights->societe->contact->creer)
    {
-	$ret = $object->fetch($id);
-
        // Note: Correct date should be completed with location to have exact GM time of birth.
        $object->birthday = dol_mktime(0,0,0,$_POST["birthdaymonth"],$_POST["birthdayday"],$_POST["birthdayyear"]);
        $object->birthday_alert = $_POST["birthday_alert"];
@@ -61,22 +63,22 @@ if ($action == 'update' && ! $_POST["cancel"] && $user->rights->societe->contact
            $error = $object->error;
        }
    }
-
+}

 /*
 *	View
 */

+$form = new Form($db);
+
 $now=dol_now();

 $title = (! empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT) ? $langs->trans("Contacts") : $langs->trans("ContactsAddresses"));

 llxHeader('',$title,'EN:Module_Third_Parties|FR:Module_Tiers|ES:M&oacute;dulo_Empresas');

-$form = new Form($db);
-
-$object->fetch($id, $user);
-
+if ($id > 0)
+{
    $head = contact_prepare_head($object);

    dol_fiche_head($head, 'perso', $title, 0, 'contact');
@@ -244,9 +246,9 @@ if ($action != 'edit')
            print "</div>";
        }
    }
+}


 llxFooter();

 $db->close();
-?>
--- a/htdocs/contact/vcard.php
+++ b/htdocs/contact/vcard.php
@@ -35,6 +35,9 @@ $id = GETPOST('id', 'int');
 $result = restrictedArea($user, 'contact', $id, 'socpeople&societe');

 $contact = new Contact($db);
+
+if ($id > 0)
+{
 	$result=$contact->fetch($id);

 	$physicalperson=1;
@@ -100,5 +103,4 @@ header("Connection: close");
 	header("Content-Type: text/x-vcard; name=\"".$filename."\"");

 	print $output;
-
-?>
+}