|
@@ -38,7 +38,7 @@ if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1');
|
|
|
if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1');
|
|
|
|
|
|
// For direct external download link, we don't need to load/check we are into a login session
|
|
|
-if (isset($_GET["hashp"]))
|
|
|
+if (isset($_GET["hashp"]) && ! defined("NOLOGIN"))
|
|
|
{
|
|
|
if (! defined("NOLOGIN")) define("NOLOGIN",1);
|
|
|
if (! defined("NOCSRFCHECK")) define("NOCSRFCHECK",1); // We accept to go on this page from external web site.
|
|
@@ -122,8 +122,14 @@ if (! empty($hashp))
|
|
|
if ($result > 0)
|
|
|
{
|
|
|
$tmp = explode('/', $ecmfile->filepath, 2); // $ecmfile->filepath is relative to document directory
|
|
|
- $moduleparttocheck = $tmp[0];
|
|
|
- if ($modulepart) // Not required for link using public hashp
|
|
|
+ // filepath can be 'users/X' or 'X/propale/PR11111'
|
|
|
+ if (is_numeric($tmp[0])) // If first tmp is numeric, it is subdir of company for multicompany, we take next part.
|
|
|
+ {
|
|
|
+ $tmp = explode('/', $tmp[1], 2);
|
|
|
+ }
|
|
|
+ $moduleparttocheck = $tmp[0]; // moduleparttocheck is first part of path
|
|
|
+
|
|
|
+ if ($modulepart) // Not required, so often not defined, for link using public hashp parameter.
|
|
|
{
|
|
|
if ($moduleparttocheck == $modulepart)
|
|
|
{
|