equal
deleted
inserted
replaced
26 $zoneId = recid_to_domid($_GET['id']); |
26 $zoneId = recid_to_domid($_GET['id']); |
27 if ((!level(5)) && (!xs($zoneId))) { |
27 if ((!level(5)) && (!xs($zoneId))) { |
28 error(ERR_RECORD_ACCESS_DENIED); |
28 error(ERR_RECORD_ACCESS_DENIED); |
29 } |
29 } |
30 if ((!level(5)) && ($_SESSION[$zoneId.'_ispartial'] == 1)) { |
30 if ((!level(5)) && ($_SESSION[$zoneId.'_ispartial'] == 1)) { |
31 $checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id='".$_GET["id"]."' AND user_id='".$_SESSION["userid"]."' LIMIT 1"); |
31 $db->setLimit(1); |
|
32 $checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id=".$db->quote($_GET["id"])." AND user_id=".$db->quote($_SESSION["userid"])); |
32 if (empty($checkPartial)) { |
33 if (empty($checkPartial)) { |
33 error(ERR_RECORD_ACCESS_DENIED); |
34 error(ERR_RECORD_ACCESS_DENIED); |
34 } |
35 } |
35 } |
36 } |
36 if ($_GET["confirm"] == '0') { |
37 if ($_GET["confirm"] == '0') { |