No transmormation of data objectid before calling trigger

Dolibarr · May 10, 2018 · 63b9384 · 63b9384
1 parent 2fb5de6
commit 63b9384
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
@@ -186,15 +186,15 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu
     //print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
     //print ", perm: ".$features."->".$feature2."=".($user->rights->$features->$feature2->lire)."<br>";
 
-    if ($dbt_select != 'rowid' && $dbt_select != 'id') $objectid = "'".$objectid."'";
-
 	// Get more permissions checks from hooks
 	$parameters=array('features'=>$features, 'objectid'=>$objectid, 'idtype'=>$dbt_select);
 	$reshook=$hookmanager->executeHooks('restrictedArea',$parameters);
 	if (! empty($hookmanager->resArray['result'])) return true;
 	if ($reshook > 0) return false;
 
-    // Features/modules to check
+	if ($dbt_select != 'rowid' && $dbt_select != 'id') $objectid = "'".$objectid."'";
+
+	// Features/modules to check
     $featuresarray = array($features);
     if (preg_match('/&/', $features)) $featuresarray = explode("&", $features);
     else if (preg_match('/\|/', $features)) $featuresarray = explode("|", $features);