From c930a0f799b9016a2938679ff0795e85ca18a88c Mon Sep 17 00:00:00 2001
From: Dominik <info@profi-webdesign.net>
Date: Mon, 27 Jan 2014 14:50:53 -0500
Subject: [PATCH] and again

---
 interface/lib/classes/tform.inc.php |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index f334508..639689d 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -69,6 +69,7 @@
 	function checkPerm($record_id, $perm) {
 		global $app;
 
+		$record_id = $app->functions->intval($record_id);
 		if($record_id > 0) {
 			// Add backticks for incomplete table names.
 			if(stristr($this->formDef['db_table'], '.')) {
@@ -163,7 +164,7 @@
 		if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');
 
 		// Get the limits of the client that is currently logged in
-		$client_group_id = $_SESSION["s"]["user"]["default_group"];
+		$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 		$client = $app->db->queryOneRecord("SELECT $limit_name as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
 
 		// Check if the user may add another item
@@ -185,7 +186,7 @@
 		if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');
 
 		// Get the limits of the client that is currently logged in
-		$client_group_id = $_SESSION["s"]["user"]["default_group"];
+		$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 		$client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
 
 		//* If the client belongs to a reseller, we will check against the reseller Limit too

--
Gitblit v1.9.1