From c722d648500ebe6bc3af98dea997750a3b8c0c42 Mon Sep 17 00:00:00 2001 From: Eric Date: Mon, 12 Nov 2018 16:08:30 +0100 Subject: [PATCH] =?UTF-8?q?N=C2=B01706=20-=20Fix=20problem=20with=20user?= =?UTF-8?q?=5Fmanager=20profile?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/userrights.class.inc.php | 2 +- sources/application/search/searchform.class.inc.php | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/core/userrights.class.inc.php b/core/userrights.class.inc.php index 8650625d8..4051f9332 100644 --- a/core/userrights.class.inc.php +++ b/core/userrights.class.inc.php @@ -308,7 +308,7 @@ abstract class User extends cmdbAbstractObject if (count($aOrgs) > 0) { // Check that the modified User belongs to one of our organization - if (!in_array($this->GetOriginal('org_id'), $aOrgs) || !in_array($this->Get('org_id'), $aOrgs)) + if (!in_array($this->GetOriginal('org_id'), $aOrgs) && !in_array($this->Get('org_id'), $aOrgs)) { $this->m_aCheckIssues[] = Dict::Format('Class:User/Error:UserOrganizationNotAllowed'); } diff --git a/sources/application/search/searchform.class.inc.php b/sources/application/search/searchform.class.inc.php index 8e9c00ce6..4f9cbe8c9 100644 --- a/sources/application/search/searchform.class.inc.php +++ b/sources/application/search/searchform.class.inc.php @@ -480,6 +480,7 @@ class SearchForm * * @return array * @throws \MissingQueryArgument + * @throws \Exception */ public function GetCriterion($oSearch, $aFields, $aArgs = array(), $bIsRemovable = true) { @@ -554,6 +555,12 @@ class SearchForm foreach($aContextParams as $sParamCode => $sParamValue) { + // Check that the code exists in the concerned class + if (!MetaModel::IsValidAttCode($oSearch->GetClass(), $sParamCode)) + { + continue; + } + // Add Context criteria in read only mode $sAlias = $oSearch->GetClassAlias(); $oFieldExpression = new FieldExpression($sParamCode, $sAlias);