Home Explore Help
Sign In
iProspective
/
dolibarr
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into 16.0

Laurent Destailleur 1 year ago
parent
2b71c260d8 8c2a910a94
commit
a76eafa0d4
3 changed files with 9 additions and 9 deletions
Split View Show Diff Stats
  1. 1 1
      htdocs/core/lib/files.lib.php
  2. 5 6
      htdocs/document.php
  3. 3 2
      htdocs/fichinter/class/fichinter.class.php

+ 1 - 1
htdocs/core/lib/files.lib.php
View File 

@@ -2441,7 +2441,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
 
 	// Find the subdirectory name as the reference. For example original_file='10/myfile.pdf' -> refname='10'
 
 	if (empty($refname)) {
 
 		$refname = basename(dirname($original_file)."/");
 
-		if ($refname == 'thumbs') {
 
+		if ($refname == 'thumbs' || $refname == 'temp') {
 
 			// If we get the thumbs directory, we must go one step higher. For example original_file='10/thumbs/myfile_small.jpg' -> refname='10'
 
 			$refname = basename(dirname(dirname($original_file))."/");
 
 		}

+ 5 - 6
htdocs/document.php
View File 

@@ -207,20 +207,17 @@ $original_file = str_replace('../', '/', $original_file);
 
 $original_file = str_replace('..\\', '/', $original_file);
 
 
 
-// Find the subdirectory name as the reference
 
-$refname = basename(dirname($original_file)."/");
 
-
 
 // Security check
 
 if (empty($modulepart)) {
 
 	accessforbidden('Bad value for parameter modulepart');
 
 }
 
 
 // Check security and set return info with full path of file
 
-$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $user, $refname);
 
+$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $user, '');
 
 $accessallowed              = $check_access['accessallowed'];
 
 $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
 
 $fullpath_original_file     = $check_access['original_file']; // $fullpath_original_file is now a full path name
 
-//var_dump($fullpath_original_file.' '.$original_file.' '.$refname.' '.$accessallowed);exit;
 
+//var_dump($fullpath_original_file.' '.$original_file.' '.$accessallowed);exit;
 
 
 if (!empty($hashp)) {
 
 	$accessallowed = 1; // When using hashp, link is public so we force $accessallowed
 
@@ -284,7 +281,7 @@ if (!is_object($hookmanager)) {
 
 }
 
 $hookmanager->initHooks(array('document'));
 
 $parameters = array('ecmfile' => $ecmfile, 'modulepart' => $modulepart, 'original_file' => $original_file,
 
-	'entity' => $entity, 'refname' => $refname, 'fullpath_original_file' => $fullpath_original_file,
 
+	'entity' => $entity, 'fullpath_original_file' => $fullpath_original_file,
 
 	'filename' => $filename, 'fullpath_original_file_osencoded' => $fullpath_original_file_osencoded);
 
 $reshook = $hookmanager->executeHooks('downloadDocument', $parameters); // Note that $action and $object may have been
 
 if ($reshook < 0) {
 
@@ -294,6 +291,7 @@ if ($reshook < 0) {
 
 	exit;
 
 }
 
 
+
 
 // Permissions are ok and file found, so we return it
 
 top_httphead($type);
 
 header('Content-Description: File Transfer');
 
@@ -301,6 +299,7 @@ if ($encoding) {
 
 	header('Content-Encoding: '.$encoding);
 
 }
 
 // Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, attachment=need user action to open)
 
+
 
 if ($attachment) {
 
 	header('Content-Disposition: attachment; filename="'.$filename.'"');
 
 } else {

+ 3 - 2
htdocs/fichinter/class/fichinter.class.php
View File 

@@ -592,7 +592,8 @@ class Fichinter extends CommonObject
 
 			$sql .= ", date_valid = '".$this->db->idate($now)."'";
 
 			$sql .= ", fk_user_valid = ".($user->id > 0 ? (int) $user->id : "null");
 
 			$sql .= " WHERE rowid = ".((int) $this->id);
 
-			$sql .= " AND entity = ".((int) $conf->entity);
 
+			$sql .= " AND entity = ".((int) $this->entity);
 
+
 
 			$sql .= " AND fk_statut = 0";
 
 
 			dol_syslog(get_class($this)."::setValid", LOG_DEBUG);
 
@@ -620,7 +621,7 @@ class Fichinter extends CommonObject
 
 
 					// Now we rename also files into index
 
 					$sql = 'UPDATE '.MAIN_DB_PREFIX."ecm_files set filename = CONCAT('".$this->db->escape($this->newref)."', SUBSTR(filename, ".(strlen($this->ref) + 1).")), filepath = 'ficheinter/".$this->db->escape($this->newref)."'";
 
-					$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'ficheinter/".$this->db->escape($this->ref)."' and entity = ".$conf->entity;
 
+					$sql .= " WHERE filename LIKE '".$this->db->escape($this->ref)."%' AND filepath = 'ficheinter/".$this->db->escape($this->ref)."' and entity = ".((int) $this->entity);
 
 					$resql = $this->db->query($sql);
 
 					if (!$resql) {
 
 						$error++; $this->error = $this->db->lasterror();