AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 11:24:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ajax contacts - Enforce client access restrictions when getting client contacts

Browse Source
This commit is contained in:
Marcus Hill
2025-05-11 12:01:23 +01:00
parent 908738b7ca
commit d5536e78f4
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ajax.php
View File

@@ -316,7 +316,9 @@ if (isset($_GET['get_client_contacts'])) {
$contact_sql = mysqli_query( $contact_sql = mysqli_query(
$mysqli, $mysqli,
"SELECT contact_id, contact_name, contact_primary, contact_important, contact_technical FROM contacts "SELECT contact_id, contact_name, contact_primary, contact_important, contact_technical FROM contacts
LEFT JOIN clients on contact_client_id = client_id
WHERE contacts.contact_archived_at IS NULL AND contact_client_id = $client_id WHERE contacts.contact_archived_at IS NULL AND contact_client_id = $client_id
$access_permission_query
ORDER BY contact_primary DESC, contact_technical DESC, contact_important DESC, contact_name" ORDER BY contact_primary DESC, contact_technical DESC, contact_important DESC, contact_name"
); );