|
@@ -18,35 +18,58 @@
|
|
|
* or see http://www.gnu.org/
|
|
|
*/
|
|
|
|
|
|
-// Variable $upload_dir must be defined when entering here
|
|
|
+// Variable $upload_dir must be defined when entering here.
|
|
|
// Variable $upload_dirold may also exists.
|
|
|
+// Variable $confirm must be defined.
|
|
|
|
|
|
//var_dump($upload_dir);
|
|
|
//var_dump($upload_dirold);
|
|
|
|
|
|
+
|
|
|
// Submit file/link
|
|
|
-if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
|
|
+if (GETPOST('sendit','none') && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
|
|
{
|
|
|
- if ($object->id)
|
|
|
- {
|
|
|
- if (! empty($upload_dirold) && ! empty($conf->global->PRODUCT_USE_OLD_PATH_FOR_PHOTO))
|
|
|
- $result = dol_add_file_process($upload_dirold, 0, 1, 'userfile', GETPOST('savingdocmask', 'alpha'));
|
|
|
- else
|
|
|
- $result = dol_add_file_process($upload_dir, 0, 1, 'userfile', GETPOST('savingdocmask', 'alpha'));
|
|
|
- }
|
|
|
+ if (! empty($_FILES))
|
|
|
+ {
|
|
|
+ if (is_array($_FILES['userfile']['tmp_name'])) $userfiles=$_FILES['userfile']['tmp_name'];
|
|
|
+ else $userfiles=array($_FILES['userfile']['tmp_name']);
|
|
|
+
|
|
|
+ foreach($userfiles as $key => $userfile)
|
|
|
+ {
|
|
|
+ if (empty($_FILES['userfile']['tmp_name'][$key]))
|
|
|
+ {
|
|
|
+ $error++;
|
|
|
+ if ($_FILES['userfile']['error'][$key] == 1 || $_FILES['userfile']['error'][$key] == 2){
|
|
|
+ setEventMessages($langs->trans('ErrorFileSizeTooLarge'), null, 'errors');
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("File")), null, 'errors');
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (! $error)
|
|
|
+ {
|
|
|
+ if (! empty($upload_dirold) && ! empty($conf->global->PRODUCT_USE_OLD_PATH_FOR_PHOTO))
|
|
|
+ {
|
|
|
+ $result = dol_add_file_process($upload_dirold, 0, 1, 'userfile', GETPOST('savingdocmask', 'alpha'));
|
|
|
+ }
|
|
|
+ elseif (! empty($upload_dir))
|
|
|
+ {
|
|
|
+ $result = dol_add_file_process($upload_dir, 0, 1, 'userfile', GETPOST('savingdocmask', 'alpha'));
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
|
|
-elseif (GETPOST('linkit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
|
|
+elseif (GETPOST('linkit','none') && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
|
|
{
|
|
|
- if ($object->id)
|
|
|
+ $link = GETPOST('link', 'alpha');
|
|
|
+ if ($link)
|
|
|
{
|
|
|
- $link = GETPOST('link', 'alpha');
|
|
|
- if ($link)
|
|
|
- {
|
|
|
- if (substr($link, 0, 7) != 'http://' && substr($link, 0, 8) != 'https://' && substr($link, 0, 7) != 'file://') {
|
|
|
- $link = 'http://' . $link;
|
|
|
- }
|
|
|
- dol_add_file_process($upload_dir, 0, 1, 'userfile', null, $link);
|
|
|
+ if (substr($link, 0, 7) != 'http://' && substr($link, 0, 8) != 'https://' && substr($link, 0, 7) != 'file://') {
|
|
|
+ $link = 'http://' . $link;
|
|
|
}
|
|
|
+ dol_add_file_process($upload_dir, 0, 1, 'userfile', null, $link);
|
|
|
}
|
|
|
}
|
|
|
|
|
@@ -54,8 +77,6 @@ elseif (GETPOST('linkit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
|
|
// Delete file/link
|
|
|
if ($action == 'confirm_deletefile' && $confirm == 'yes')
|
|
|
{
|
|
|
- if ($object->id)
|
|
|
- {
|
|
|
$urlfile = GETPOST('urlfile', 'alpha', 0, null, null, 1); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
|
|
if (GETPOST('section', 'alpha')) $file = $upload_dir . "/" . $urlfile; // For a delete of GED module urlfile contains full path from upload_dir
|
|
|
else // For documents pages, upload_dir contains already path to file from module dir, so we clean path into urlfile.
|
|
@@ -71,8 +92,8 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes')
|
|
|
$dir = dirname($file).'/'; // Chemin du dossier contenant l'image d'origine
|
|
|
$dirthumb = $dir.'/thumbs/'; // Chemin du dossier contenant la vignette
|
|
|
|
|
|
- $ret = dol_delete_file($file, 0, 0, 0, $object);
|
|
|
- if (! empty($fileold)) dol_delete_file($fileold, 0, 0, 0, $object); // Delete file using old path
|
|
|
+ $ret = dol_delete_file($file, 0, 0, 0, (is_object($object)?$object:null));
|
|
|
+ if (! empty($fileold)) dol_delete_file($fileold, 0, 0, 0, (is_object($object)?$object:null)); // Delete file using old path
|
|
|
|
|
|
// Si elle existe, on efface la vignette
|
|
|
if (preg_match('/(\.jpg|\.jpeg|\.bmp|\.gif|\.png|\.tiff)$/i',$file,$regs))
|
|
@@ -112,9 +133,20 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes')
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
- header('Location: ' . $_SERVER["PHP_SELF"] . '?id=' . $object->id.(!empty($withproject)?'&withproject=1':''));
|
|
|
- exit;
|
|
|
- }
|
|
|
+
|
|
|
+ if (is_object($object) && $object->id > 0)
|
|
|
+ {
|
|
|
+ if ($backtopage)
|
|
|
+ {
|
|
|
+ header('Location: ' . $backtopage);
|
|
|
+ exit;
|
|
|
+ }
|
|
|
+ else
|
|
|
+ {
|
|
|
+ header('Location: ' . $_SERVER["PHP_SELF"] . '?id=' . $object->id.(!empty($withproject)?'&withproject=1':''));
|
|
|
+ exit;
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
|
|
elseif ($action == 'confirm_updateline' && GETPOST('save','alpha') && GETPOST('link', 'alpha'))
|
|
|
{
|
|
@@ -142,45 +174,44 @@ elseif ($action == 'confirm_updateline' && GETPOST('save','alpha') && GETPOST('l
|
|
|
//error fetching
|
|
|
}
|
|
|
}
|
|
|
-elseif ($action == 'renamefile' && GETPOST('renamefilesave'))
|
|
|
+elseif ($action == 'renamefile' && GETPOST('renamefilesave','alpha'))
|
|
|
{
|
|
|
- if ($object->id)
|
|
|
+ // For documents pages, upload_dir contains already path to file from module dir, so we clean path into urlfile.
|
|
|
+ if (! empty($upload_dir))
|
|
|
{
|
|
|
- // For documents pages, upload_dir contains already path to file from module dir, so we clean path into urlfile.
|
|
|
- //var_dump($upload_dir);exit;
|
|
|
- if (! empty($upload_dir))
|
|
|
+ $filenamefrom=dol_sanitizeFileName(GETPOST('renamefilefrom','alpha'));
|
|
|
+ $filenameto=dol_sanitizeFileName(GETPOST('renamefileto','alpha'));
|
|
|
+
|
|
|
+ // Security:
|
|
|
+ // Disallow file with some extensions. We rename them.
|
|
|
+ // Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code.
|
|
|
+ if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$filenameto) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED))
|
|
|
{
|
|
|
- $filenamefrom=dol_sanitizeFileName(GETPOST('renamefilefrom','alpha'));
|
|
|
- $filenameto=dol_sanitizeFileName(GETPOST('renamefileto','alpha'));
|
|
|
+ $filenameto.= '.noexe';
|
|
|
+ }
|
|
|
|
|
|
- // Security:
|
|
|
- // Disallow file with some extensions. We rename them.
|
|
|
- // Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code.
|
|
|
- if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$filenameto) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED))
|
|
|
- {
|
|
|
- $filenameto.= '.noexe';
|
|
|
- }
|
|
|
+ if ($filenamefrom && $filenameto)
|
|
|
+ {
|
|
|
+ $srcpath = $upload_dir.'/'.$filenamefrom;
|
|
|
+ $destpath = $upload_dir.'/'.$filenameto;
|
|
|
|
|
|
- if ($filenamefrom && $filenameto)
|
|
|
+ $result = dol_move($srcpath, $destpath);
|
|
|
+ if ($result)
|
|
|
{
|
|
|
- $srcpath = $upload_dir.'/'.$filenamefrom;
|
|
|
- $destpath = $upload_dir.'/'.$filenameto;
|
|
|
-
|
|
|
- $result = dol_move($srcpath, $destpath);
|
|
|
- if ($result)
|
|
|
- {
|
|
|
- $object->addThumbs($destpath);
|
|
|
+ if ($object->id)
|
|
|
+ {
|
|
|
+ $object->addThumbs($destpath);
|
|
|
+ }
|
|
|
|
|
|
- // TODO Add revert function of addThumbs
|
|
|
- //$object->delThumbs($srcpath);
|
|
|
+ // TODO Add revert function of addThumbs to remove for old name
|
|
|
+ //$object->delThumbs($srcpath);
|
|
|
|
|
|
- setEventMessages($langs->trans("FileRenamed"), null);
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- $langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now.
|
|
|
- setEventMessages($langs->trans("ErrorFailToRenameFile", $filenamefrom, $filenameto), null, 'errors');
|
|
|
- }
|
|
|
+ setEventMessages($langs->trans("FileRenamed"), null);
|
|
|
+ }
|
|
|
+ else
|
|
|
+ {
|
|
|
+ $langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now.
|
|
|
+ setEventMessages($langs->trans("ErrorFailToRenameFile", $filenamefrom, $filenameto), null, 'errors');
|
|
|
}
|
|
|
}
|
|
|
}
|