diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 046a1cb9b2775f6885e62a4f6babe3b563dcf673..3427382ea9f0487e8f56547956c55ae04760993d 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -680,7 +680,11 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) if ($_POST["accountancy_code"] <= 0) $_POST["accountancy_code"]=''; // If empty, we force to null if ($_POST["accountancy_code_sell"] <= 0) $_POST["accountancy_code_sell"]=''; // If empty, we force to null if ($_POST["accountancy_code_buy"] <= 0) $_POST["accountancy_code_buy"]=''; // If empty, we force to null - + if ($id == 10 && isset($_POST["code"])) // Spaces are not allowed into code + { + $_POST["code"]=preg_replace('/\s/','',$_POST["code"]); + } + // Si verif ok et action add, on ajoute la ligne if ($ok && GETPOST('actionadd')) { diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index d27d6c1cdb11513ec543da8bbdd310ae24e351fc..2faa3ae1a8fc2dfc4818f36aa3490ad27263358e 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1385,7 +1385,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu $sqlprotectagainstexternals=''; $ret=array(); - // find the subdirectory name as the reference + // Find the subdirectory name as the reference. For exemple original_file='10/myfile.pdf' -> refname='10' if (empty($refname)) $refname=basename(dirname($original_file)."/"); $relative_original_file = $original_file; @@ -1553,6 +1553,18 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu $original_file=$conf->fckeditor->dir_output.'/'.$original_file; } + // Wrapping for users + else if ($modulepart == 'user' && !empty($conf->user->dir_output)) + { + $canreaduser=(! empty($fuser->admin) || $fuser->rights->user->user->lire); + if ($fuser->id == (int) $refname) { $canreaduser=1; } // A user can always read its own card + if ($canreaduser || preg_match('/^specimen/i',$original_file)) + { + $accessallowed=1; + } + $original_file=$conf->user->dir_output.'/'.$original_file; + } + // Wrapping for third parties else if (($modulepart == 'company' || $modulepart == 'societe') && !empty($conf->societe->dir_output)) {