예제 #1
0
if ($bConvert) {
    $bVarsFromForm = true;
} else {
    if ($bProcessPost) {
        $bVarsFromForm = true;
        if (isset($_POST['save']) || isset($_POST['saveAndView']) || isset($_POST['saveAndAdd']) || isset($_POST['apply']) || $bAjaxSubmit) {
            //Check entities access -->
            $quoteID = isset($_POST['UF_QUOTE_ID']) ? intval($_POST['UF_QUOTE_ID']) : 0;
            if ($quoteID > 0 && !CCrmQuote::CheckReadPermission($quoteID)) {
                $quoteID = 0;
            }
            $dealID = isset($_POST['UF_DEAL_ID']) ? intval($_POST['UF_DEAL_ID']) : 0;
            if ($dealID > 0 && !CCrmDeal::CheckReadPermission($dealID)) {
                $dealID = 0;
            }
            $info = CCrmInvoice::__GetCompanyAndContactFromPost($_POST);
            $companyID = $info['COMPANY'];
            if ($companyID > 0 && !CCrmCompany::CheckReadPermission($companyID)) {
                $companyID = 0;
            }
            $contactID = $info['CONTACT'];
            if ($contactID > 0 && !CCrmContact::CheckReadPermission($contactID)) {
                $contactID = 0;
            }
            unset($info);
            //<-- Check entities access
            $comments = trim($_POST['COMMENTS']);
            $bSanitizeComments = $comments !== '' && strpos($comments, '<');
            $userDescription = trim($_POST['USER_DESCRIPTION']);
            $bSanitizeUserDescription = $userDescription !== '' && strpos($userDescription, '<');
            if ($bSanitizeComments || $bSanitizeUserDescription) {