Skip to content
Snippets Groups Projects
Commit 1a57d186 authored by Laurent Destailleur's avatar Laurent Destailleur
Browse files

FIX #6443

parent bf345430
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
htdocs/core/lib/files.lib.php
+ 67
79
View file @ 1a57d186
...@@ -1803,120 +1803,122 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -1803,120 +1803,122 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
// find the subdirectory name as the reference // find the subdirectory name as the reference
if (empty($refname)) $refname=basename(dirname($original_file)."/"); if (empty($refname)) $refname=basename(dirname($original_file)."/");
$relative_original_file = $original_file;
// Wrapping for some images // Wrapping for some images
if ($modulepart == 'companylogo') if ($modulepart == 'companylogo' && !empty($conf->mycompany->dir_output))
{ {
$accessallowed=1; $accessallowed=1;
$original_file=$conf->mycompany->dir_output.'/logos/'.$original_file; $original_file=$conf->mycompany->dir_output.'/logos/'.$original_file;
} }
// Wrapping for users photos // Wrapping for users photos
elseif ($modulepart == 'userphoto') elseif ($modulepart == 'userphoto' && !empty($conf->user->dir_output))
{ {
$accessallowed=1; $accessallowed=1;
$original_file=$conf->user->dir_output.'/'.$original_file; $original_file=$conf->user->dir_output.'/'.$original_file;
} }
// Wrapping for members photos // Wrapping for members photos
elseif ($modulepart == 'memberphoto') elseif ($modulepart == 'memberphoto' && !empty($conf->adherent->dir_output))
{ {
$accessallowed=1; $accessallowed=1;
$original_file=$conf->adherent->dir_output.'/'.$original_file; $original_file=$conf->adherent->dir_output.'/'.$original_file;
} }
// Wrapping pour les apercu factures // Wrapping pour les apercu factures
elseif ($modulepart == 'apercufacture') elseif ($modulepart == 'apercufacture' && !empty($conf->facture->dir_output))
{ {
if ($fuser->rights->facture->lire) $accessallowed=1; if ($fuser->rights->facture->lire) $accessallowed=1;
$original_file=$conf->facture->dir_output.'/'.$original_file; $original_file=$conf->facture->dir_output.'/'.$original_file;
} }
// Wrapping pour les apercu propal // Wrapping pour les apercu propal
elseif ($modulepart == 'apercupropal') elseif ($modulepart == 'apercupropal' && !empty($conf->propal->dir_output))
{ {
if ($fuser->rights->propale->lire) $accessallowed=1; if ($fuser->rights->propale->lire) $accessallowed=1;
$original_file=$conf->propal->dir_output.'/'.$original_file; $original_file=$conf->propal->dir_output.'/'.$original_file;
} }
// Wrapping pour les apercu commande // Wrapping pour les apercu commande
elseif ($modulepart == 'apercucommande') elseif ($modulepart == 'apercucommande' && !empty($conf->commande->dir_output))
{ {
if ($fuser->rights->commande->lire) $accessallowed=1; if ($fuser->rights->commande->lire) $accessallowed=1;
$original_file=$conf->commande->dir_output.'/'.$original_file; $original_file=$conf->commande->dir_output.'/'.$original_file;
} }
// Wrapping pour les apercu intervention // Wrapping pour les apercu intervention
elseif ($modulepart == 'apercufichinter') elseif ($modulepart == 'apercufichinter' && !empty($conf->ficheinter->dir_output))
{ {
if ($fuser->rights->ficheinter->lire) $accessallowed=1; if ($fuser->rights->ficheinter->lire) $accessallowed=1;
$original_file=$conf->ficheinter->dir_output.'/'.$original_file; $original_file=$conf->ficheinter->dir_output.'/'.$original_file;
} }
// Wrapping pour les images des stats propales // Wrapping pour les images des stats propales
elseif ($modulepart == 'propalstats') elseif ($modulepart == 'propalstats' && !empty($conf->propal->dir_temp))
{ {
if ($fuser->rights->propale->lire) $accessallowed=1; if ($fuser->rights->propale->lire) $accessallowed=1;
$original_file=$conf->propal->dir_temp.'/'.$original_file; $original_file=$conf->propal->dir_temp.'/'.$original_file;
} }
// Wrapping pour les images des stats commandes // Wrapping pour les images des stats commandes
elseif ($modulepart == 'orderstats') elseif ($modulepart == 'orderstats' && !empty($conf->commande->dir_temp))
{ {
if ($fuser->rights->commande->lire) $accessallowed=1; if ($fuser->rights->commande->lire) $accessallowed=1;
$original_file=$conf->commande->dir_temp.'/'.$original_file; $original_file=$conf->commande->dir_temp.'/'.$original_file;
} }
elseif ($modulepart == 'orderstatssupplier') elseif ($modulepart == 'orderstatssupplier' && !empty($conf->fournisseur->dir_output))
{ {
if ($fuser->rights->fournisseur->commande->lire) $accessallowed=1; if ($fuser->rights->fournisseur->commande->lire) $accessallowed=1;
$original_file=$conf->fournisseur->dir_output.'/commande/temp/'.$original_file; $original_file=$conf->fournisseur->dir_output.'/commande/temp/'.$original_file;
} }
// Wrapping pour les images des stats factures // Wrapping pour les images des stats factures
elseif ($modulepart == 'billstats') elseif ($modulepart == 'billstats' && !empty($conf->facture->dir_temp))
{ {
if ($fuser->rights->facture->lire) $accessallowed=1; if ($fuser->rights->facture->lire) $accessallowed=1;
$original_file=$conf->facture->dir_temp.'/'.$original_file; $original_file=$conf->facture->dir_temp.'/'.$original_file;
} }
elseif ($modulepart == 'billstatssupplier') elseif ($modulepart == 'billstatssupplier' && !empty($conf->fournisseur->dir_output))
{ {
if ($fuser->rights->fournisseur->facture->lire) $accessallowed=1; if ($fuser->rights->fournisseur->facture->lire) $accessallowed=1;
$original_file=$conf->fournisseur->dir_output.'/facture/temp/'.$original_file; $original_file=$conf->fournisseur->dir_output.'/facture/temp/'.$original_file;
} }
// Wrapping pour les images des stats expeditions // Wrapping pour les images des stats expeditions
elseif ($modulepart == 'expeditionstats') elseif ($modulepart == 'expeditionstats' && !empty($conf->expedition->dir_temp))
{ {
if ($fuser->rights->expedition->lire) $accessallowed=1; if ($fuser->rights->expedition->lire) $accessallowed=1;
$original_file=$conf->expedition->dir_temp.'/'.$original_file; $original_file=$conf->expedition->dir_temp.'/'.$original_file;
} }
// Wrapping pour les images des stats expeditions // Wrapping pour les images des stats expeditions
elseif ($modulepart == 'tripsexpensesstats') elseif ($modulepart == 'tripsexpensesstats' && !empty($conf->deplacement->dir_temp))
{ {
if ($fuser->rights->deplacement->lire) $accessallowed=1; if ($fuser->rights->deplacement->lire) $accessallowed=1;
$original_file=$conf->deplacement->dir_temp.'/'.$original_file; $original_file=$conf->deplacement->dir_temp.'/'.$original_file;
} }
// Wrapping pour les images des stats expeditions // Wrapping pour les images des stats expeditions
elseif ($modulepart == 'memberstats') elseif ($modulepart == 'memberstats' && !empty($conf->adherent->dir_temp))
{ {
if ($fuser->rights->adherent->lire) $accessallowed=1; if ($fuser->rights->adherent->lire) $accessallowed=1;
$original_file=$conf->adherent->dir_temp.'/'.$original_file; $original_file=$conf->adherent->dir_temp.'/'.$original_file;
} }
// Wrapping pour les images des stats produits // Wrapping pour les images des stats produits
elseif (preg_match('/^productstats_/i',$modulepart)) elseif (preg_match('/^productstats_/i',$modulepart) && !empty($conf->product->dir_temp))
{ {
if ($fuser->rights->produit->lire || $fuser->rights->service->lire) $accessallowed=1; if ($fuser->rights->produit->lire || $fuser->rights->service->lire) $accessallowed=1;
$original_file=(!empty($conf->product->multidir_temp[$entity])?$conf->product->multidir_temp[$entity]:$conf->service->multidir_temp[$entity]).'/'.$original_file; $original_file=(!empty($conf->product->multidir_temp[$entity])?$conf->product->multidir_temp[$entity]:$conf->service->multidir_temp[$entity]).'/'.$original_file;
} }
// Wrapping for products or services // Wrapping for products or services
elseif ($modulepart == 'tax') elseif ($modulepart == 'tax' && !empty($conf->tax->dir_output))
{ {
if ($fuser->rights->tax->charges->lire) $accessallowed=1; if ($fuser->rights->tax->charges->lire) $accessallowed=1;
$original_file=$conf->tax->dir_output.'/'.$original_file; $original_file=$conf->tax->dir_output.'/'.$original_file;
} }
// Wrapping for products or services // Wrapping for products or services
elseif ($modulepart == 'actions') elseif ($modulepart == 'actions' && !empty($conf->agenda->dir_output))
{ {
if ($fuser->rights->agenda->myactions->read) $accessallowed=1; if ($fuser->rights->agenda->myactions->read) $accessallowed=1;
$original_file=$conf->agenda->dir_output.'/'.$original_file; $original_file=$conf->agenda->dir_output.'/'.$original_file;
} }
// Wrapping for categories // Wrapping for categories
elseif ($modulepart == 'category') elseif ($modulepart == 'category' && !empty($conf->categorie->dir_output))
{ {
if ($fuser->rights->categorie->lire) $accessallowed=1; if ($fuser->rights->categorie->lire) $accessallowed=1;
$original_file=$conf->categorie->multidir_output[$entity].'/'.$original_file; $original_file=$conf->categorie->multidir_output[$entity].'/'.$original_file;
} }
// Wrapping pour les prelevements // Wrapping pour les prelevements
elseif ($modulepart == 'prelevement') elseif ($modulepart == 'prelevement' && !empty($conf->prelevement->dir_output))
{ {
if ($fuser->rights->prelevement->bons->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->prelevement->bons->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -1925,19 +1927,19 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -1925,19 +1927,19 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
$original_file=$conf->prelevement->dir_output.'/'.$original_file; $original_file=$conf->prelevement->dir_output.'/'.$original_file;
} }
// Wrapping pour les graph energie // Wrapping pour les graph energie
elseif ($modulepart == 'graph_stock') elseif ($modulepart == 'graph_stock' && !empty($conf->stock->dir_temp))
{ {
$accessallowed=1; $accessallowed=1;
$original_file=$conf->stock->dir_temp.'/'.$original_file; $original_file=$conf->stock->dir_temp.'/'.$original_file;
} }
// Wrapping pour les graph fournisseurs // Wrapping pour les graph fournisseurs
elseif ($modulepart == 'graph_fourn') elseif ($modulepart == 'graph_fourn' && !empty($conf->fournisseur->dir_temp))
{ {
$accessallowed=1; $accessallowed=1;
$original_file=$conf->fournisseur->dir_temp.'/'.$original_file; $original_file=$conf->fournisseur->dir_temp.'/'.$original_file;
} }
// Wrapping pour les graph des produits // Wrapping pour les graph des produits
elseif ($modulepart == 'graph_product') elseif ($modulepart == 'graph_product' && !empty($conf->product->dir_temp))
{ {
$accessallowed=1; $accessallowed=1;
$original_file=$conf->product->multidir_temp[$entity].'/'.$original_file; $original_file=$conf->product->multidir_temp[$entity].'/'.$original_file;
...@@ -1946,32 +1948,31 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -1946,32 +1948,31 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
elseif ($modulepart == 'barcode') elseif ($modulepart == 'barcode')
{ {
$accessallowed=1; $accessallowed=1;
// If viewimage is called for barcode, we try to output an image on the fly, // If viewimage is called for barcode, we try to output an image on the fly, with no build of file on disk.
// with not build of file on disk.
//$original_file=$conf->barcode->dir_temp.'/'.$original_file; //$original_file=$conf->barcode->dir_temp.'/'.$original_file;
$original_file=''; $original_file='';
} }
// Wrapping pour les icones de background des mailings // Wrapping pour les icones de background des mailings
elseif ($modulepart == 'iconmailing') elseif ($modulepart == 'iconmailing' && !empty($conf->mailing->dir_temp))
{ {
$accessallowed=1; $accessallowed=1;
$original_file=$conf->mailing->dir_temp.'/'.$original_file; $original_file=$conf->mailing->dir_temp.'/'.$original_file;
} }
// Wrapping pour les icones de background des mailings // Wrapping pour le scanner
elseif ($modulepart == 'scanner_user_temp') elseif ($modulepart == 'scanner_user_temp' && !empty($conf->scanner->dir_temp))
{ {
$accessallowed=1; $accessallowed=1;
$original_file=$conf->scanner->dir_temp.'/'.$fuser->id.'/'.$original_file; $original_file=$conf->scanner->dir_temp.'/'.$fuser->id.'/'.$original_file;
} }
// Wrapping pour les images fckeditor // Wrapping pour les images fckeditor
elseif ($modulepart == 'fckeditor') elseif ($modulepart == 'fckeditor' && !empty($conf->fckeditor->dir_output))
{ {
$accessallowed=1; $accessallowed=1;
$original_file=$conf->fckeditor->dir_output.'/'.$original_file; $original_file=$conf->fckeditor->dir_output.'/'.$original_file;
} }
// Wrapping for third parties // Wrapping for third parties
else if ($modulepart == 'company' || $modulepart == 'societe') else if (($modulepart == 'company' || $modulepart == 'societe') && !empty($conf->societe->dir_output))
{ {
if ($fuser->rights->societe->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->societe->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -1982,7 +1983,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -1982,7 +1983,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping for contact // Wrapping for contact
else if ($modulepart == 'contact') else if ($modulepart == 'contact' && !empty($conf->societe->dir_output))
{ {
if ($fuser->rights->societe->lire) if ($fuser->rights->societe->lire)
{ {
...@@ -1992,7 +1993,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -1992,7 +1993,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping for invoices // Wrapping for invoices
else if ($modulepart == 'facture' || $modulepart == 'invoice') else if (($modulepart == 'facture' || $modulepart == 'invoice') && !empty($conf->facture->dir_output))
{ {
if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2001,7 +2002,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2001,7 +2002,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
$original_file=$conf->facture->dir_output.'/'.$original_file; $original_file=$conf->facture->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
} }
else if ($modulepart == 'massfilesarea_facture') else if ($modulepart == 'massfilesarea_facture' && !empty($conf->facture->dir_output))
{ {
if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2010,8 +2011,8 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2010,8 +2011,8 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
$original_file=$conf->facture->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file; $original_file=$conf->facture->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
} }
// Wrapping pour les fiches intervention // Wrapping for interventions
else if ($modulepart == 'ficheinter') else if (($modulepart == 'fichinter' || $modulepart == 'ficheinter') && !empty($conf->ficheinter->dir_output))
{ {
if ($fuser->rights->ficheinter->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->ficheinter->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2022,7 +2023,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2022,7 +2023,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping pour les deplacements et notes de frais // Wrapping pour les deplacements et notes de frais
else if ($modulepart == 'deplacement') else if ($modulepart == 'deplacement' && !empty($conf->deplacement->dir_output))
{ {
if ($fuser->rights->deplacement->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->deplacement->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2032,7 +2033,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2032,7 +2033,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; //$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
} }
// Wrapping pour les propales // Wrapping pour les propales
else if ($modulepart == 'propal') else if ($modulepart == 'propal' && !empty($conf->propal->dir_output))
{ {
if ($fuser->rights->propale->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->propale->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2044,7 +2045,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2044,7 +2045,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping pour les commandes // Wrapping pour les commandes
else if ($modulepart == 'commande' || $modulepart == 'order') else if (($modulepart == 'commande' || $modulepart == 'order') && !empty($conf->commande->dir_output))
{ {
if ($fuser->rights->commande->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->commande->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2055,7 +2056,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2055,7 +2056,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping pour les projets // Wrapping pour les projets
else if ($modulepart == 'project') else if ($modulepart == 'project' && !empty($conf->projet->dir_output))
{ {
if ($fuser->rights->projet->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->projet->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2064,7 +2065,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2064,7 +2065,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
$original_file=$conf->projet->dir_output.'/'.$original_file; $original_file=$conf->projet->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
} }
else if ($modulepart == 'project_task') else if ($modulepart == 'project_task' && !empty($conf->projet->dir_output))
{ {
if ($fuser->rights->projet->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->projet->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2073,19 +2074,9 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2073,19 +2074,9 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
$original_file=$conf->projet->dir_output.'/'.$original_file; $original_file=$conf->projet->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity; $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
} }
// Wrapping for interventions
else if ($modulepart == 'fichinter')
{
if ($fuser->rights->ficheinter->lire || preg_match('/^specimen/i',$original_file))
{
$accessallowed=1;
}
$original_file=$conf->ficheinter->dir_output.'/'.$original_file;
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
}
// Wrapping pour les commandes fournisseurs // Wrapping pour les commandes fournisseurs
else if ($modulepart == 'commande_fournisseur' || $modulepart == 'order_supplier') else if (($modulepart == 'commande_fournisseur' || $modulepart == 'order_supplier') && !empty($conf->fournisseur->commande->dir_output))
{ {
if ($fuser->rights->fournisseur->commande->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->fournisseur->commande->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2096,7 +2087,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2096,7 +2087,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping pour les factures fournisseurs // Wrapping pour les factures fournisseurs
else if ($modulepart == 'facture_fournisseur' || $modulepart == 'invoice_supplier') else if (($modulepart == 'facture_fournisseur' || $modulepart == 'invoice_supplier') && !empty($conf->fournisseur->facture->dir_output))
{ {
if ($fuser->rights->fournisseur->facture->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->fournisseur->facture->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2107,7 +2098,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2107,7 +2098,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping pour les rapport de paiements // Wrapping pour les rapport de paiements
else if ($modulepart == 'facture_paiement') else if ($modulepart == 'facture_paiement' && !empty($conf->facture->dir_output))
{ {
if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2118,7 +2109,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2118,7 +2109,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping for accounting exports // Wrapping for accounting exports
else if ($modulepart == 'export_compta') else if ($modulepart == 'export_compta' && !empty($conf->accounting->dir_output))
{ {
if ($fuser->rights->accounting->ventilation->dispatch || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->accounting->ventilation->dispatch || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2128,7 +2119,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2128,7 +2119,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping pour les expedition // Wrapping pour les expedition
else if ($modulepart == 'expedition') else if ($modulepart == 'expedition' && !empty($conf->expedition->dir_output))
{ {
if ($fuser->rights->expedition->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->expedition->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2138,7 +2129,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2138,7 +2129,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping pour les bons de livraison // Wrapping pour les bons de livraison
else if ($modulepart == 'livraison') else if ($modulepart == 'livraison' && !empty($conf->livraison->dir_output))
{ {
if ($fuser->rights->expedition->livraison->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->expedition->livraison->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2148,7 +2139,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2148,7 +2139,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping pour les actions // Wrapping pour les actions
else if ($modulepart == 'actions') else if ($modulepart == 'actions' && !empty($conf->agenda->dir_output))
{ {
if ($fuser->rights->agenda->myactions->read || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->agenda->myactions->read || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2158,7 +2149,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2158,7 +2149,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping pour les actions // Wrapping pour les actions
else if ($modulepart == 'actionsreport') else if ($modulepart == 'actionsreport' && !empty($conf->agenda->dir_temp))
{ {
if ($fuser->rights->agenda->allactions->read || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->agenda->allactions->read || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2179,7 +2170,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2179,7 +2170,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping pour les contrats // Wrapping pour les contrats
else if ($modulepart == 'contract') else if ($modulepart == 'contract' && !empty($conf->contrat->dir_output))
{ {
if ($fuser->rights->contrat->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->contrat->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2189,7 +2180,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2189,7 +2180,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping pour les dons // Wrapping pour les dons
else if ($modulepart == 'donation') else if ($modulepart == 'donation' && !empty($conf->donation->dir_output))
{ {
if ($fuser->rights->don->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->don->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2199,7 +2190,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2199,7 +2190,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping pour les remises de cheques // Wrapping pour les remises de cheques
else if ($modulepart == 'remisecheque') else if ($modulepart == 'remisecheque' && !empty($conf->banque->dir_output))
{ {
if ($fuser->rights->banque->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->banque->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2210,7 +2201,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2210,7 +2201,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping for bank // Wrapping for bank
else if ($modulepart == 'bank') else if ($modulepart == 'bank' && !empty($conf->bank->dir_output))
{ {
if ($fuser->rights->banque->lire) if ($fuser->rights->banque->lire)
{ {
...@@ -2220,7 +2211,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2220,7 +2211,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping for export module // Wrapping for export module
else if ($modulepart == 'export') else if ($modulepart == 'export' && !empty($conf->export->dir_temp))
{ {
// Aucun test necessaire car on force le rep de download sur // Aucun test necessaire car on force le rep de download sur
// le rep export qui est propre a l'utilisateur // le rep export qui est propre a l'utilisateur
...@@ -2229,21 +2220,21 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2229,21 +2220,21 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping for import module // Wrapping for import module
else if ($modulepart == 'import') else if ($modulepart == 'import' && !empty($conf->import->dir_temp))
{ {
$accessallowed=1; $accessallowed=1;
$original_file=$conf->import->dir_temp.'/'.$original_file; $original_file=$conf->import->dir_temp.'/'.$original_file;
} }
// Wrapping pour l'editeur wysiwyg // Wrapping pour l'editeur wysiwyg
else if ($modulepart == 'editor') else if ($modulepart == 'editor' && !empty($conf->fckeditor->dir_output))
{ {
$accessallowed=1; $accessallowed=1;
$original_file=$conf->fckeditor->dir_output.'/'.$original_file; $original_file=$conf->fckeditor->dir_output.'/'.$original_file;
} }
// Wrapping for miscellaneous medias files // Wrapping for miscellaneous medias files
elseif ($modulepart == 'medias') elseif ($modulepart == 'medias' && !empty($dolibarr_main_data_root))
{ {
$accessallowed=1; $accessallowed=1;
global $dolibarr_main_data_root; global $dolibarr_main_data_root;
...@@ -2251,25 +2242,21 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2251,25 +2242,21 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping for backups // Wrapping for backups
else if ($modulepart == 'systemtools') else if ($modulepart == 'systemtools' && !empty($conf->admin->dir_output))
{
if ($fuser->admin)
{ {
$accessallowed=1; if ($fuser->admin) $accessallowed=1;
}
$original_file=$conf->admin->dir_output.'/'.$original_file; $original_file=$conf->admin->dir_output.'/'.$original_file;
} }
// Wrapping for upload file test // Wrapping for upload file test
else if ($modulepart == 'admin_temp') else if ($modulepart == 'admin_temp' && !empty($conf->admin->dir_temp))
{ {
if ($fuser->admin) if ($fuser->admin) $accessallowed=1;
$accessallowed=1;
$original_file=$conf->admin->dir_temp.'/'.$original_file; $original_file=$conf->admin->dir_temp.'/'.$original_file;
} }
// Wrapping pour BitTorrent // Wrapping pour BitTorrent
else if ($modulepart == 'bittorrent') else if ($modulepart == 'bittorrent' && !empty($conf->bittorrent->dir_output))
{ {
$accessallowed=1; $accessallowed=1;
$dir='files'; $dir='files';
...@@ -2278,7 +2265,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2278,7 +2265,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping pour Foundation module // Wrapping pour Foundation module
else if ($modulepart == 'member') else if ($modulepart == 'member' && !empty($conf->adherent->dir_output))
{ {
if ($fuser->rights->adherent->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->adherent->lire || preg_match('/^specimen/i',$original_file))
{ {
...@@ -2288,7 +2275,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2288,7 +2275,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
} }
// Wrapping for Scanner // Wrapping for Scanner
else if ($modulepart == 'scanner_user_temp') else if ($modulepart == 'scanner_user_temp' && !empty($conf->scanner->dir_temp))
{ {
$accessallowed=1; $accessallowed=1;
$original_file=$conf->scanner->dir_temp.'/'.$fuser->id.'/'.$original_file; $original_file=$conf->scanner->dir_temp.'/'.$fuser->id.'/'.$original_file;
...@@ -2301,6 +2288,9 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2301,6 +2288,9 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
// If modulepart=module Allows any module to open a file if file is in directory called DOL_DATA_ROOT/modulepart // If modulepart=module Allows any module to open a file if file is in directory called DOL_DATA_ROOT/modulepart
else else
{ {
if (preg_match('/^specimen/i',$original_file)) $accessallowed=1; // If link to a file called specimen. Test must be done before changing $original_file int full path.
if ($fuser->admin) $accessallowed=1; // If user is admin
// Define $accessallowed // Define $accessallowed
if (preg_match('/^([a-z]+)_user_temp$/i',$modulepart,$reg)) if (preg_match('/^([a-z]+)_user_temp$/i',$modulepart,$reg))
{ {
...@@ -2353,8 +2343,6 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu ...@@ -2353,8 +2343,6 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu
$original_file=$conf->$modulepart->dir_output.'/'.$original_file; $original_file=$conf->$modulepart->dir_output.'/'.$original_file;
} }
} }
if (preg_match('/^specimen/i',$original_file)) $accessallowed=1; // If link to a specimen
if ($fuser->admin) $accessallowed=1; // If user is admin
// For modules who wants to manage different levels of permissions for documents // For modules who wants to manage different levels of permissions for documents
$subPermCategoryConstName = strtoupper($modulepart).'_SUBPERMCATEGORY_FOR_DOCUMENTS'; $subPermCategoryConstName = strtoupper($modulepart).'_SUBPERMCATEGORY_FOR_DOCUMENTS';
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment