From 023b6f2e8bbd9172a1366a1b35002bae2e73490e Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 25 Apr 2013 10:22:08 +0200
Subject: [PATCH] Fix: Use entity

---
 htdocs/core/lib/files.lib.php       |  4 +++-
 htdocs/document.php                 |  2 +-
 htdocs/viewimage.php                |  2 +-
 htdocs/webservices/server_other.php | 18 +++++++++---------
 4 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php
index 67b638fe9be..96efcf9fdde 100644
--- a/htdocs/core/lib/files.lib.php
+++ b/htdocs/core/lib/files.lib.php
@@ -1233,13 +1233,15 @@ function dol_most_recent_file($dir,$regexfilter='',$excludefilter=array('\.meta$
  *
  * @param	string	$modulepart			Module of document
  * @param	string	$original_file		Relative path with filename
+ * @param	string	$entity				Restrict onto entity
  * @return	mixed						Array with access information : accessallowed & sqlprotectagainstexternals & original_file (as full path name)
  */
-function dol_check_secure_access_document($modulepart,$original_file)
+function dol_check_secure_access_document($modulepart,$original_file,$entity)
 {
 	global $user, $conf;
 
 	if (empty($modulepart)) return 'ErrorBadParameter';
+	if (empty($entity)) $entity=0;
 
 	// We define $accessallowed and $sqlprotectagainstexternals
 	$accessallowed=0;
diff --git a/htdocs/document.php b/htdocs/document.php
index 6802af456af..e5566b1aee6 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -96,7 +96,7 @@ $refname=basename(dirname($original_file)."/");
 
 // Security check
 if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
-$check_access = dol_check_secure_access_document($modulepart,$original_file);
+$check_access = dol_check_secure_access_document($modulepart,$original_file,$entity);
 $accessallowed              = $check_access['accessallowed'];
 $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
 $original_file              = $check_access['original_file'];
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index 3dda49f4fd7..5d3290a259d 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -100,7 +100,7 @@ $original_file = str_replace("../","/", $original_file);
 
 // Security check
 if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
-$check_access = dol_check_secure_access_document($modulepart,$original_file);
+$check_access = dol_check_secure_access_document($modulepart,$original_file,$entity);
 $accessallowed              = $check_access['accessallowed'];
 $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
 $original_file              = $check_access['original_file'];
diff --git a/htdocs/webservices/server_other.php b/htdocs/webservices/server_other.php
index 23c22807002..bb296f56794 100644
--- a/htdocs/webservices/server_other.php
+++ b/htdocs/webservices/server_other.php
@@ -192,7 +192,7 @@ function getDocument($authentication, $modulepart, $file)
 	$error=0;
 
 	// Properties of doc
-	$original_file = $file;	
+	$original_file = $file;
 	$type=dol_mimetype($original_file);
 	$relativefilepath = $ref . "/";
 	$relativepath = $relativefilepath . $ref.'.pdf';
@@ -221,10 +221,10 @@ function getDocument($authentication, $modulepart, $file)
 		$refname=basename(dirname($original_file)."/");
 
 		// Security check
-		$accessallowed=0;
-		$check_access = dol_check_secure_access_document($modulepart,$original_file);
-		$accessallowed=$check_access['accessallowed'];
+		$check_access = dol_check_secure_access_document($modulepart,$original_file,$conf->entity);
+		$accessallowed              = $check_access['accessallowed'];
 		$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
+		$original_file              = $check_access['original_file'];
 
 		// Basic protection (against external users only)
 		if ($fuser->societe_id > 0)
@@ -277,27 +277,27 @@ function getDocument($authentication, $modulepart, $file)
 			if(file_exists($original_file))
 			{
 				dol_syslog("Function: getDocument $original_file $filename content-type=$type");
-				
+
 				$file=$fileparams['fullname'];
 				$filename = basename($file);
-	
+
 				$f = fopen($original_file,'r');
 				$content_file = fread($f,filesize($original_file));
-	
+
 				$objectret = array(
 					'filename' => basename($original_file),
 					'mimetype' => dol_mimetype($original_file),
 					'content' => base64_encode($content_file),
 					'length' => filesize($original_file)
 				);
-			
+
 				// Create return object
 				$objectresp = array(
 					'result'=>array('result_code'=>'OK', 'result_label'=>''),
 					'document'=>$objectret
 				);
 			}
-			else 
+			else
 			{
 				dol_syslog("File doesn't exist ".$original_file);
 				$errorcode='NOT_FOUND';
-- 
GitLab