From a82262a7e0ade1073837f9c338fd8dd7a6b660a0 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Wed, 15 Jun 2011 11:35:33 +0000
Subject: [PATCH] Qual: Uniformize code

---
 htdocs/document.php  |  4 +++-
 htdocs/viewimage.php | 17 +++++++++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/htdocs/document.php b/htdocs/document.php
index 5746697508b..ac2c173900c 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -53,6 +53,9 @@ $original_file = GETPOST("file");	// Do not use urldecode here ($_GET are alread
 $modulepart = GETPOST("modulepart");
 $urlsource = GETPOST("urlsource");
 
+// Security check
+if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
+
 
 /*
  * Action
@@ -112,7 +115,6 @@ $original_file = str_replace("../","/", $original_file);
 $refname=basename(dirname($original_file)."/");
 
 // Security check
-if (empty($modulepart)) accessforbidden('Bad value for modulepart');
 $accessallowed=0;
 $sqlprotectagainstexternals='';
 if ($modulepart)
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index f7273746288..72f4bbf260e 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -44,7 +44,6 @@ if (! defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX','1');
 // Pour autre que companylogo, on charge environnement + info issus de logon comme le user
 if (($modulepart == 'companylogo') && ! defined("NOLOGIN")) define("NOLOGIN",'1');
 
-
 // C'est un wrapper, donc header vierge
 function llxHeader() { }
 
@@ -52,6 +51,21 @@ function llxHeader() { }
 require("./main.inc.php");
 require_once(DOL_DOCUMENT_ROOT.'/lib/files.lib.php');
 
+// Security check
+if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
+
+
+/*
+ * Actions
+ */
+
+// None
+
+
+
+/*
+ * View
+ */
 
 if (GETPOST("cache"))
 {
@@ -75,7 +89,6 @@ else $type=dol_mimetype($original_file);
 $original_file = str_replace("../","/", $original_file);
 
 // Security check
-if (empty($modulepart)) accessforbidden('Bad value for modulepart');
 $accessallowed=0;
 if ($modulepart)
 {
-- 
GitLab