Do not show data from other users when viewing the client dashboard as an admin

helmo · helmo · commit 74efda9da4df · 2023-07-29T11:55:50.000+02:00
diff --git a/interface/web/dashboard/dashlets/limits.php b/interface/web/dashboard/dashlets/limits.php
@@ -148,11 +148,12 @@ public function show($limit_to_client_id = 0)
         $tpl->setVar($wb);
 
         if ($limit_to_client_id != null) {
-          $client = $app->db->queryOneRecord("SELECT * FROM client WHERE client_id = ?", $limit_to_client_id);
+          $client_id = $limit_to_client_id;
         }
         elseif ($limit_to_client_id == null && $app->auth->is_reseller()) {
-          $client = $app->db->queryOneRecord("SELECT * FROM client WHERE client_id = ?", $_SESSION['s']['user']['client_id']);
+          $client_id = $_SESSION['s']['user']['client_id'];
         }
+        $client = $app->db->queryOneRecord("SELECT * FROM client WHERE client_id = ?", $client_id);
 
         $rows = array();
         foreach ($limits as $limit) {
@@ -201,7 +202,7 @@ public function _get_limit_usage($limit, $limit_to_client_id)
         if ($limit['db_where'] != '') {
             $sql .= $limit['db_where']." AND ";
         }
-        $sql .= $app->tform->getAuthSQL('r', '', $limit_to_client_id);
+        $sql .= $app->tform->getAuthSQL('r', '', $limit_to_client_id, array());
         // TEST to show reseller data.
         //$sql .= $app->tform->getAuthSQL('r', '', 0, '3,28,39');
         //echo $sql;
