diff --git a/htdocs/admin/security_file.php b/htdocs/admin/security_file.php
new file mode 100644
index 0000000000000000000000000000000000000000..4c0dd435634c6b922c17e515e7648efc2ba96360
--- /dev/null
+++ b/htdocs/admin/security_file.php
@@ -0,0 +1,214 @@
+<?php
+/* Copyright (C) 2004-2013 Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com>
+ * Copyright (C) 2013 Juanjo Menent <jmenent@2byte.es>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * \file htdocs/admin/security_file.php
+ * \ingroup core
+ * \brief Security options setup
+ */
+
+require '../main.inc.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
+
+$langs->load("users");
+$langs->load("admin");
+$langs->load("other");
+
+if (! $user->admin)
+ accessforbidden();
+
+$action=GETPOST('action','alpha');
+
+$upload_dir=$conf->admin->dir_temp;
+
+
+/*
+ * Actions
+ */
+
+if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
+{
+ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+
+ dol_add_file_process($upload_dir, 0, 0, 'userfile');
+}
+
+if (preg_match('/set_(.*)/',$action,$reg))
+{
+ $code=$reg[1];
+ $value=(GETPOST($code) ? GETPOST($code) : 1);
+ if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
+ {
+ Header("Location: ".$_SERVER["PHP_SELF"]);
+ exit;
+ }
+ else
+ {
+ dol_print_error($db);
+ }
+}
+
+else if (preg_match('/del_(.*)/',$action,$reg))
+{
+ $code=$reg[1];
+ if (dolibarr_del_const($db, $code, $conf->entity) > 0)
+ {
+ Header("Location: ".$_SERVER["PHP_SELF"]);
+ exit;
+ }
+ else
+ {
+ dol_print_error($db);
+ }
+}
+
+else if ($action == 'updateform')
+{
+ $res3=dolibarr_set_const($db, 'MAIN_UPLOAD_DOC',$_POST["MAIN_UPLOAD_DOC"],'chaine',0,'',$conf->entity);
+ $res4=dolibarr_set_const($db, "MAIN_UMASK", $_POST["MAIN_UMASK"],'chaine',0,'',$conf->entity);
+ $res5=dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", $_POST["MAIN_ANTIVIRUS_COMMAND"],'chaine',0,'',$conf->entity);
+ $res6=dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", $_POST["MAIN_ANTIVIRUS_PARAM"],'chaine',0,'',$conf->entity);
+ if ($res3 && $res4 && $res5 && $res6) setEventMessage($langs->trans("RecordModifiedSuccessfully"));
+}
+
+
+
+// Delete file
+else if ($action == 'delete')
+{
+ $langs->load("other");
+ $file = $conf->admin->dir_temp . '/' . GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
+ $ret=dol_delete_file($file);
+ if ($ret) setEventMessage($langs->trans("FileWasRemoved", GETPOST('urlfile')));
+ else setEventMessage($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), 'errors');
+ Header('Location: '.$_SERVER["PHP_SELF"]);
+ exit;
+}
+
+/*
+ * View
+ */
+
+$form = new Form($db);
+
+llxHeader('',$langs->trans("Files"));
+
+print_fiche_titre($langs->trans("SecuritySetup"),'','setup');
+
+//print $langs->trans("FilesDesc")."<br>\n";
+//print "<br>\n";
+
+
+
+print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
+print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
+print '<input type="hidden" name="action" value="updateform">';
+
+$head=security_prepare_head();
+
+dol_fiche_head($head, 'file', $langs->trans("Security"));
+
+
+// Upload options
+$var=false;
+
+print '<table class="noborder" width="100%">';
+print '<tr class="liste_titre">';
+print '<td colspan="2">'.$langs->trans("Parameters").'</td>';
+print '<td>'.$langs->trans("Value").'</td>';
+print '</tr>';
+
+print '<tr '.$bc[$var].'>';
+print '<td colspan="2">'.$langs->trans("MaxSizeForUploadedFiles").'.';
+$max=@ini_get('upload_max_filesize');
+if ($max) print ' '.$langs->trans("MustBeLowerThanPHPLimit",$max*1024,$langs->trans("Kb")).'.';
+else print ' '.$langs->trans("NoMaxSizeByPHPLimit").'.';
+print '</td>';
+print '<td class="nowrap">';
+print '<input class="flat" name="MAIN_UPLOAD_DOC" type="text" size="6" value="'.htmlentities($conf->global->MAIN_UPLOAD_DOC).'"> '.$langs->trans("Kb");
+print '</td>';
+print '</tr>';
+
+$var=!$var;
+print '<tr '.$bc[$var].'>';
+print '<td>'.$langs->trans("UMask").'</td><td align="right">';
+print $form->textwithpicto('',$langs->trans("UMaskExplanation"));
+print '</td>';
+print '<td class="nowrap">';
+print '<input class="flat" name="MAIN_UMASK" type="text" size="6" value="'.htmlentities($conf->global->MAIN_UMASK).'">';
+print '</td>';
+print '</tr>';
+
+// Use anti virus
+$var=!$var;
+print "<tr ".$bc[$var].">";
+print '<td colspan="2">'.$langs->trans("AntiVirusCommand").'<br>';
+print $langs->trans("AntiVirusCommandExample");
+// Check command in inside safe_mode
+print '</td>';
+print '<td>';
+if (ini_get('safe_mode') && ! empty($conf->global->MAIN_ANTIVIRUS_COMMAND))
+{
+ $langs->load("errors");
+ $basedir=preg_replace('/"/','',dirname($conf->global->MAIN_ANTIVIRUS_COMMAND));
+ $listdir=explode(';',ini_get('safe_mode_exec_dir'));
+ if (! in_array($basedir,$listdir))
+ {
+ print img_warning($langs->trans('WarningSafeModeOnCheckExecDir'));
+ dol_syslog("safe_mode is on, basedir is ".$basedir.", safe_mode_exec_dir is ".ini_get('safe_mode_exec_dir'), LOG_WARNING);
+ }
+}
+print '<input type="text" name="MAIN_ANTIVIRUS_COMMAND" size="72" value="'.(! empty($conf->global->MAIN_ANTIVIRUS_COMMAND)?dol_htmlentities($conf->global->MAIN_ANTIVIRUS_COMMAND):'').'">';
+print "</td>";
+print '</tr>';
+
+// Use anti virus
+$var=!$var;
+print "<tr ".$bc[$var].">";
+print '<td colspan="2">'.$langs->trans("AntiVirusParam").'<br>';
+print $langs->trans("AntiVirusParamExample");
+print '</td>';
+print '<td>';
+print '<input type="text" name="MAIN_ANTIVIRUS_PARAM" size="72" value="'.(! empty($conf->global->MAIN_ANTIVIRUS_PARAM)?dol_htmlentities($conf->global->MAIN_ANTIVIRUS_PARAM):'').'">';
+print "</td>";
+print '</tr>';
+
+print '</table>';
+
+dol_fiche_end();
+
+print '<div class="center"><input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'"></div>';
+
+print '</form>';
+
+
+
+// Form to test upload
+print '<br>';
+$formfile=new FormFile($db);
+$formfile->form_attach_new_file($_SERVER['PHP_SELF'], $langs->trans("FormToTestFileUploadForm"), 0, 0, 1, 50, '', '', 1, '', 0);
+
+// List of document
+$filearray=dol_dir_list($upload_dir, "files", 0, '', '', 'name', SORT_ASC, 1);
+$formfile->list_of_documents($filearray, '', 'admin_temp', '');
+
+llxFooter();
+$db->close();
diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php
index 064f7ad0cd9a38d1dc2626ea9d036502e4950809..4dc0c0e06a358abbfa71f2a113016661a31c8ce3 100644
--- a/htdocs/admin/security_other.php
+++ b/htdocs/admin/security_other.php
@@ -37,20 +37,12 @@ if (! $user->admin)
$action=GETPOST('action','alpha');
-$upload_dir=$conf->admin->dir_temp;
/*
* Actions
*/
-if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
-{
- require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
-
- dol_add_file_process($upload_dir, 0, 0, 'userfile');
-}
-
if (preg_match('/set_(.*)/',$action,$reg))
{
$code=$reg[1];
@@ -84,27 +76,11 @@ else if ($action == 'updateform')
{
$res1=dolibarr_set_const($db, "MAIN_APPLICATION_TITLE", $_POST["MAIN_APPLICATION_TITLE"],'chaine',0,'',$conf->entity);
$res2=dolibarr_set_const($db, "MAIN_SESSION_TIMEOUT", $_POST["MAIN_SESSION_TIMEOUT"],'chaine',0,'',$conf->entity);
- $res3=dolibarr_set_const($db, 'MAIN_UPLOAD_DOC',$_POST["MAIN_UPLOAD_DOC"],'chaine',0,'',$conf->entity);
- $res4=dolibarr_set_const($db, "MAIN_UMASK", $_POST["MAIN_UMASK"],'chaine',0,'',$conf->entity);
- $res5=dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", $_POST["MAIN_ANTIVIRUS_COMMAND"],'chaine',0,'',$conf->entity);
- $res6=dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", $_POST["MAIN_ANTIVIRUS_PARAM"],'chaine',0,'',$conf->entity);
- if ($res1 && $res2 && $res3 && $res4 && $res5 && $res6) setEventMessage($langs->trans("RecordModifiedSuccessfully"));
+ if ($res1 && $res2) setEventMessage($langs->trans("RecordModifiedSuccessfully"));
}
-// Delete file
-else if ($action == 'delete')
-{
- $langs->load("other");
- $file = $conf->admin->dir_temp . '/' . GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
- $ret=dol_delete_file($file);
- if ($ret) setEventMessage($langs->trans("FileWasRemoved", GETPOST('urlfile')));
- else setEventMessage($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), 'errors');
- Header('Location: '.$_SERVER["PHP_SELF"]);
- exit;
-}
-
/*
* View
*/
@@ -230,74 +206,6 @@ print '</tr>';
print '</table>';
-print '<br>';
-
-// Upload options
-$var=false;
-
-print '<table class="noborder" width="100%">';
-print '<tr class="liste_titre">';
-print '<td colspan="2">'.$langs->trans("Parameters").'</td>';
-print '<td>'.$langs->trans("Value").'</td>';
-print '</tr>';
-
-print '<tr '.$bc[$var].'>';
-print '<td colspan="2">'.$langs->trans("MaxSizeForUploadedFiles").'.';
-$max=@ini_get('upload_max_filesize');
-if ($max) print ' '.$langs->trans("MustBeLowerThanPHPLimit",$max*1024,$langs->trans("Kb")).'.';
-else print ' '.$langs->trans("NoMaxSizeByPHPLimit").'.';
-print '</td>';
-print '<td class="nowrap">';
-print '<input class="flat" name="MAIN_UPLOAD_DOC" type="text" size="6" value="'.htmlentities($conf->global->MAIN_UPLOAD_DOC).'"> '.$langs->trans("Kb");
-print '</td>';
-print '</tr>';
-
-$var=!$var;
-print '<tr '.$bc[$var].'>';
-print '<td>'.$langs->trans("UMask").'</td><td align="right">';
-print $form->textwithpicto('',$langs->trans("UMaskExplanation"));
-print '</td>';
-print '<td class="nowrap">';
-print '<input class="flat" name="MAIN_UMASK" type="text" size="6" value="'.htmlentities($conf->global->MAIN_UMASK).'">';
-print '</td>';
-print '</tr>';
-
-// Use anti virus
-$var=!$var;
-print "<tr ".$bc[$var].">";
-print '<td colspan="2">'.$langs->trans("AntiVirusCommand").'<br>';
-print $langs->trans("AntiVirusCommandExample");
-// Check command in inside safe_mode
-print '</td>';
-print '<td>';
-if (ini_get('safe_mode') && ! empty($conf->global->MAIN_ANTIVIRUS_COMMAND))
-{
- $langs->load("errors");
- $basedir=preg_replace('/"/','',dirname($conf->global->MAIN_ANTIVIRUS_COMMAND));
- $listdir=explode(';',ini_get('safe_mode_exec_dir'));
- if (! in_array($basedir,$listdir))
- {
- print img_warning($langs->trans('WarningSafeModeOnCheckExecDir'));
- dol_syslog("safe_mode is on, basedir is ".$basedir.", safe_mode_exec_dir is ".ini_get('safe_mode_exec_dir'), LOG_WARNING);
- }
-}
-print '<input type="text" name="MAIN_ANTIVIRUS_COMMAND" size="72" value="'.(! empty($conf->global->MAIN_ANTIVIRUS_COMMAND)?dol_htmlentities($conf->global->MAIN_ANTIVIRUS_COMMAND):'').'">';
-print "</td>";
-print '</tr>';
-
-// Use anti virus
-$var=!$var;
-print "<tr ".$bc[$var].">";
-print '<td colspan="2">'.$langs->trans("AntiVirusParam").'<br>';
-print $langs->trans("AntiVirusParamExample");
-print '</td>';
-print '<td>';
-print '<input type="text" name="MAIN_ANTIVIRUS_PARAM" size="72" value="'.(! empty($conf->global->MAIN_ANTIVIRUS_PARAM)?dol_htmlentities($conf->global->MAIN_ANTIVIRUS_PARAM):'').'">';
-print "</td>";
-print '</tr>';
-
-print '</table>';
-
dol_fiche_end();
print '<div class="center"><input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'"></div>';
@@ -305,15 +213,5 @@ print '<div class="center"><input type="submit" class="button" name="button" val
print '</form>';
-
-// Form to test upload
-print '<br>';
-$formfile=new FormFile($db);
-$formfile->form_attach_new_file($_SERVER['PHP_SELF'], $langs->trans("FormToTestFileUploadForm"), 0, 0, 1, 50, '', '', 1, '', 0);
-
-// List of document
-$filearray=dol_dir_list($upload_dir, "files", 0, '', '', 'name', SORT_ASC, 1);
-$formfile->list_of_documents($filearray, '', 'admin_temp', '');
-
llxFooter();
$db->close();
diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php
index dd1615d742759878f21155b407e3c9ab4d7f0c6b..a54cb5fcc799941ea2a6f7065f5bd550ebce56af 100644
--- a/htdocs/core/lib/admin.lib.php
+++ b/htdocs/core/lib/admin.lib.php
@@ -516,11 +516,6 @@ function security_prepare_head()
$h = 0;
$head = array();
- $head[$h][0] = DOL_URL_ROOT."/admin/proxy.php";
- $head[$h][1] = $langs->trans("ExternalAccess");
- $head[$h][2] = 'proxy';
- $h++;
-
$head[$h][0] = DOL_URL_ROOT."/admin/security_other.php";
$head[$h][1] = $langs->trans("Miscellaneous");
$head[$h][2] = 'misc';
@@ -531,6 +526,16 @@ function security_prepare_head()
$head[$h][2] = 'passwords';
$h++;
+ $head[$h][0] = DOL_URL_ROOT."/admin/security_file.php";
+ $head[$h][1] = $langs->trans("Files");
+ $head[$h][2] = 'file';
+ $h++;
+
+ $head[$h][0] = DOL_URL_ROOT."/admin/proxy.php";
+ $head[$h][1] = $langs->trans("ExternalAccess");
+ $head[$h][2] = 'proxy';
+ $h++;
+
$head[$h][0] = DOL_URL_ROOT."/admin/events.php";
$head[$h][1] = $langs->trans("Audit");
$head[$h][2] = 'audit';
diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index 9b7b49c9d3d9c5b19fd0caf822edc9d28135e20a..91a24db79ac41d73b585fa8b322eb276deb07a04 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -487,7 +487,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
}
$newmenu->add("/admin/boxes.php?mainmenu=home", $langs->trans("Boxes"),1);
$newmenu->add("/admin/delais.php?mainmenu=home",$langs->trans("Alerts"),1);
- $newmenu->add("/admin/proxy.php?mainmenu=home", $langs->trans("Security"),1);
+ $newmenu->add("/admin/security_other.php?mainmenu=home", $langs->trans("Security"),1);
$newmenu->add("/admin/limits.php?mainmenu=home", $langs->trans("MenuLimits"),1);
$newmenu->add("/admin/pdf.php?mainmenu=home", $langs->trans("PDF"),1);
$newmenu->add("/admin/mails.php?mainmenu=home", $langs->trans("Emails"),1);