Moved exportcsv.php out of public folder as it should only be accesible for Dolibarr users

htdocs/opensurvey/adminstuds_preview.php

@@ -449,7 +449,7 @@ print '</form>'."\n";
 
 print '<div class="tabsAction">';
 
-print '<a class="butAction" href="public/exportcsv.php?sondage=' . $numsondage . '">'.$langs->trans("ExportSpreadsheet") .' (.CSV)' . '</a>';
+print '<a class="butAction" href="exportcsv.php?id=' . $numsondage . '">'.$langs->trans("ExportSpreadsheet") .' (.CSV)' . '</a>';
 
 print '</div>';
 

htdocs/opensurvey/public/exportcsv.php → htdocs/opensurvey/exportcsv.php

@@ -16,34 +16,24 @@
  */
 
 /**
- *	\file       htdocs/opensurvey/public/exportcsv.php
+ *	\file       htdocs/opensurvey/exportcsv.php
  *	\ingroup    opensurvey
  *	\brief      Page to list surveys
  */
 
 
-define("NOLOGIN",1);		// This means this output page does not require to be logged.
-define("NOCSRFCHECK",1);	// We accept to go on this page from external web site.
-require_once('../../main.inc.php');
+require_once('../main.inc.php');
 require_once(DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/opensurvey/class/opensurveysondage.class.php");
 
 $action=GETPOST('action');
 $numsondage = $numsondageadmin = '';
-if (GETPOST('sondage'))
+if (GETPOST('id'))
 {
-	if (strlen(GETPOST('sondage')) == 24)	// recuperation du numero de sondage admin (24 car.) dans l'URL
-	{
-		$numsondageadmin=GETPOST("sondage",'alpha');
+	$numsondageadmin=GETPOST("id",'alpha');
 	$numsondage=substr($numsondageadmin, 0, 16);
 }
-	else
-	{
-		$numsondageadmin='';
-		$numsondage=GETPOST("sondage",'alpha');
-	}
-}
 
 $object=new Opensurveysondage($db);
 $result=$object->fetch(0,$numsondage);