From d3c95e030baafb3da50f5e4a30e31c429aa85d63 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 30 Aug 2017 14:34:36 +0200
Subject: [PATCH] Fix delete file not possible for external user even with
 permissions

---
 htdocs/comm/propal/document.php               |  1 -
 htdocs/commande/document.php                  |  1 -
 htdocs/compta/facture/document.php            | 17 +++++++++--------
 htdocs/core/actions_linkedfiles.inc.php       |  6 +++---
 .../tpl/document_actions_post_headers.tpl.php |  2 +-
 htdocs/supplier_proposal/document.php         | 19 +++++++++----------
 6 files changed, 22 insertions(+), 24 deletions(-)

diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php
index 65b8eef5a66..3a9f3a98e26 100644
--- a/htdocs/comm/propal/document.php
+++ b/htdocs/comm/propal/document.php
@@ -45,7 +45,6 @@ $ref		= GETPOST('ref','alpha');
 $socid='';
 if (! empty($user->societe_id))
 {
-	$action='';
 	$socid = $user->societe_id;
 }
 $result = restrictedArea($user, 'propal', $id);
diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php
index 7eea9c95877..d69ec07360a 100644
--- a/htdocs/commande/document.php
+++ b/htdocs/commande/document.php
@@ -44,7 +44,6 @@ $ref		= GETPOST('ref');
 // Security check
 if ($user->societe_id)
 {
-	$action='';
 	$socid = $user->societe_id;
 }
 $result=restrictedArea($user,'commande',$id,'');
diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php
index b6c77207952..1ab0d7ceb93 100644
--- a/htdocs/compta/facture/document.php
+++ b/htdocs/compta/facture/document.php
@@ -49,7 +49,6 @@ $confirm=GETPOST('confirm', 'alpha');
 // Security check
 if ($user->societe_id)
 {
-	$action='';
 	$socid = $user->societe_id;
 }
 $result=restrictedArea($user,'facture',$id,'');
@@ -72,9 +71,11 @@ if ($object->fetch($id))
 	$upload_dir = $conf->facture->dir_output . "/" . dol_sanitizeFileName($object->ref);
 }
 
+
 /*
  * Actions
  */
+
 include_once DOL_DOCUMENT_ROOT . '/core/actions_linkedfiles.inc.php';
 
 
@@ -100,7 +101,7 @@ if ($id > 0 || ! empty($ref))
 		dol_fiche_head($head, 'documents', $langs->trans('InvoiceCustomer'), -1, 'bill');
 
     	$totalpaye = $object->getSommePaiement();
-		
+
 		// Construit liste des fichiers
 		$filearray=dol_dir_list($upload_dir,"files",0,'','(\.meta|_preview.*\.png)$',$sortfield,(strtolower($sortorder)=='desc'?SORT_DESC:SORT_ASC),1);
 		$totalsize=0;
@@ -109,11 +110,11 @@ if ($id > 0 || ! empty($ref))
 			$totalsize+=$file['size'];
 		}
 
-	
+
 	    // Invoice content
-	
+
 	    $linkback = '<a href="' . DOL_URL_ROOT . '/compta/facture/list.php' . (! empty($socid) ? '?socid=' . $socid : '') . '">' . $langs->trans("BackToList") . '</a>';
-	
+
 	    $morehtmlref='<div class="refidno">';
 	    // Ref customer
 	    $morehtmlref.=$form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1);
@@ -154,14 +155,14 @@ if ($id > 0 || ! empty($ref))
 	    	}
 	    }
 	    $morehtmlref.='</div>';
-	
+
 	    $object->totalpaye = $totalpaye;   // To give a chance to dol_banner_tab to use already paid amount to show correct status
-	
+
 	    dol_banner_tab($object, 'ref', $linkback, 1, 'facnumber', 'ref', $morehtmlref, '', 0);
 
 		print '<div class="fichecenter">';
 		print '<div class="underbanner clearboth"></div>';
-	    
+
 		print '<table class="border" width="100%">';
 
 		print '<tr><td class="titlefield">'.$langs->trans("NbOfAttachedFiles").'</td><td colspan="3">'.count($filearray).'</td></tr>';
diff --git a/htdocs/core/actions_linkedfiles.inc.php b/htdocs/core/actions_linkedfiles.inc.php
index f21c41d828d..981de037c13 100644
--- a/htdocs/core/actions_linkedfiles.inc.php
+++ b/htdocs/core/actions_linkedfiles.inc.php
@@ -30,9 +30,9 @@ if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
     if ($object->id)
     {
     	if (! empty($upload_dirold) && ! empty($conf->global->PRODUCT_USE_OLD_PATH_FOR_PHOTO))
-            dol_add_file_process($upload_dirold, 0, 1, 'userfile', GETPOST('savingdocmask'));
+            $result = dol_add_file_process($upload_dirold, 0, 1, 'userfile', GETPOST('savingdocmask'));
         else
-            dol_add_file_process($upload_dir, 0, 1, 'userfile', GETPOST('savingdocmask'));
+            $result = dol_add_file_process($upload_dir, 0, 1, 'userfile', GETPOST('savingdocmask'));
     }
 }
 elseif (GETPOST('linkit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
@@ -176,7 +176,7 @@ elseif ($action == 'renamefile' && GETPOST('renamefilesave'))
 
                     setEventMessages($langs->trans("FileRenamed"), null);
                 }
-                else 
+                else
                 {
                     $langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now.
                     setEventMessages($langs->trans("ErrorFailToRenameFile", $filenamefrom, $filenameto), null, 'errors');
diff --git a/htdocs/core/tpl/document_actions_post_headers.tpl.php b/htdocs/core/tpl/document_actions_post_headers.tpl.php
index 064eda8e5b5..e613c479ee0 100644
--- a/htdocs/core/tpl/document_actions_post_headers.tpl.php
+++ b/htdocs/core/tpl/document_actions_post_headers.tpl.php
@@ -80,7 +80,7 @@ $formfile->form_attach_new_file(
 
 $disablemove=1;
 if ($modulepart == 'produit') $disablemove=0;
-    
+
 // List of document
 $formfile->list_of_documents(
     $filearray,
diff --git a/htdocs/supplier_proposal/document.php b/htdocs/supplier_proposal/document.php
index cec276a6064..4985fd34629 100644
--- a/htdocs/supplier_proposal/document.php
+++ b/htdocs/supplier_proposal/document.php
@@ -44,7 +44,6 @@ $ref		= GETPOST('ref','alpha');
 $socid='';
 if (! empty($user->societe_id))
 {
-	$action='';
 	$socid = $user->societe_id;
 }
 $result = restrictedArea($user, 'supplier_proposal', $id);
@@ -96,8 +95,8 @@ if ($object->id > 0)
 
 	// Supplier proposal card
 	$linkback = '<a href="' . DOL_URL_ROOT . '/supplier_proposal/list.php' . (! empty($socid) ? '?socid=' . $socid : '') . '">' . $langs->trans("BackToList") . '</a>';
-		
-		
+
+
 	$morehtmlref='<div class="refidno">';
 	// Ref supplier
 	//$morehtmlref.=$form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->commande->creer, 'string', '', 0, 1);
@@ -138,14 +137,14 @@ if ($object->id > 0)
 	    }
 	}
 	$morehtmlref.='</div>';
-		
-		
+
+
 	dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref);
-	
-		
+
+
 	print '<div class="fichecenter">';
 	print '<div class="underbanner clearboth"></div>';
-	
+
 	print '<table class="border"width="100%">';
 
 	print '<tr><td class="titlefield">'.$langs->trans("NbOfAttachedFiles").'</td><td>'.count($filearray).'</td></tr>';
@@ -154,9 +153,9 @@ if ($object->id > 0)
 	print '</table>';
 
 	print '</div>';
-	
+
 	dol_fiche_end();
-	
+
 	$modulepart = 'supplier_proposal';
 	$permission = $user->rights->supplier_proposal->creer;
 	$permtoedit = $user->rights->supplier_proposal->creer;
-- 
GitLab