From 3b0e1d9a3bb7f949619fbb3fd88db03db2d7e5be Mon Sep 17 00:00:00 2001
From: Denis Flaven <denis.flaven@combodo.com>
Date: Tue, 4 Dec 2012 15:21:59 +0000
Subject: [PATCH] Prevent a crash when not authorized to see an object of a
 derived class.

SVN:trunk[2502]
---
 pages/UI.php | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/pages/UI.php b/pages/UI.php
index 461424da1..a187da15d 100644
--- a/pages/UI.php
+++ b/pages/UI.php
@@ -699,7 +699,7 @@ try
 		case 'details': // Details of an object
 			$sClass = utils::ReadParam('class', '');
 			$id = utils::ReadParam('id', '');
-		if ( empty($sClass) || empty($id))
+			if ( empty($sClass) || empty($id))
 			{
 				throw new ApplicationException(Dict::Format('UI:Error:2ParametersMissing', 'class', 'id'));
 			}
@@ -719,7 +719,21 @@ try
 			}
 			else
 			{
-			DisplayDetails($oP, $sClass, $oObj, $id);
+				try
+				{
+					$oObj->Reload();
+				}
+				catch(Exception $e)
+				{
+					// Probably not allowed to see this instance of a derived class
+					$oObj = null; 
+					$oP->set_title(Dict::S('UI:ErrorPageTitle'));
+					$oP->P(Dict::S('UI:ObjectDoesNotExist'));
+				}
+				if (!is_null($oObj))
+				{
+					DisplayDetails($oP, $sClass, $oObj, $id);
+				}				
 			}
 		break;