From 10f1d39b2a092fa0f8b90ad0ae3ba4386cd2eb5d Mon Sep 17 00:00:00 2001 From: johnnyq Date: Thu, 6 Jun 2024 13:18:50 -0400 Subject: [PATCH] Fix In Comntat Details Contact must belong to the client --- client_contact_details.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/client_contact_details.php b/client_contact_details.php index 3c2c799c..f13d0e28 100644 --- a/client_contact_details.php +++ b/client_contact_details.php @@ -31,6 +31,12 @@ if (isset($_GET['contact_id'])) { $contact_location_id = intval($row['contact_location_id']); $location_name = nullable_htmlentities($row['location_name']); $auth_method = nullable_htmlentities($row['contact_auth_method']); + $contact_client_id = intval($row['contact_client_id']); + + // Check to see if Contact belongs to client + if($contact_client_id !== $client_id) { + exit(); + } // Related Assets Query $sql_related_assets = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_contact_id = $contact_id ORDER BY asset_name DESC");