Merge branch '11.0' of git@github.com:Dolibarr/dolibarr.git into 12.0
Conflicts: htdocs/core/lib/functions.lib.php
This commit is contained in:
Laurent Destailleur
commit
0b2aa2b01d
@ -1278,6 +1278,11 @@ else
|
||||
}
|
||||
}
|
||||
|
||||
// Select mail models is same action as presend
|
||||
if (GETPOST('modelselected', 'alpha')) {
|
||||
$action = 'presend';
|
||||
}
|
||||
|
||||
if (!empty($id) && $action != 'edit' && $action != 'create')
|
||||
{
|
||||
$objsoc = new Societe($db);
|
||||
|
||||
@ -8095,19 +8095,16 @@ function getAdvancedPreviewUrl($modulepart, $relativepath, $alldata = 0, $param
|
||||
|
||||
if (empty($conf->use_javascript_ajax)) return '';
|
||||
|
||||
$mime_preview = array('bmp', 'jpeg', 'png', 'gif', 'tiff', 'pdf', 'plain', 'css', 'svg+xml', 'webp');
|
||||
//$mime_preview[]='vnd.oasis.opendocument.presentation';
|
||||
//$mime_preview[]='archive';
|
||||
$num_mime = array_search(dol_mimetype($relativepath, '', 1), $mime_preview);
|
||||
$isAllowedForPreview = dolIsAllowedForPreview($relativepath);
|
||||
|
||||
if ($alldata == 1)
|
||||
{
|
||||
if ($num_mime !== false) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : ''), 'mime'=>dol_mimetype($relativepath),);
|
||||
if ($isAllowedForPreview) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : ''), 'mime'=>dol_mimetype($relativepath));
|
||||
else return array();
|
||||
}
|
||||
|
||||
// old behavior
|
||||
if ($num_mime !== false) return 'javascript:document_preview(\''.dol_escape_js(DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : '')).'\', \''.dol_mimetype($relativepath).'\', \''.dol_escape_js($langs->trans('Preview')).'\')';
|
||||
// old behavior, return a string
|
||||
if ($isAllowedForPreview) return 'javascript:document_preview(\''.dol_escape_js(DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : '')).'\', \''.dol_mimetype($relativepath).'\', \''.dol_escape_js($langs->trans('Preview')).'\')';
|
||||
else return '';
|
||||
}
|
||||
|
||||
@ -8131,6 +8128,31 @@ function ajax_autoselect($htmlname, $addlink = '')
|
||||
return $out;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return if a file is qualified for preview
|
||||
*
|
||||
* @param string $file Filename we looking for information
|
||||
* @return int 1 If allowed, 0 otherwise
|
||||
* @see dol_mimetype(), image_format_supported() from images.lib.php
|
||||
*/
|
||||
function dolIsAllowedForPreview($file)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
// Check .noexe extension in filename
|
||||
if (preg_match('/\.noexe$/i', $file)) return 0;
|
||||
|
||||
// Check mime types
|
||||
$mime_preview = array('bmp', 'jpeg', 'png', 'gif', 'tiff', 'pdf', 'plain', 'css', 'webp');
|
||||
if (!empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)) $mime_preview[] = 'svg+xml';
|
||||
//$mime_preview[]='vnd.oasis.opendocument.presentation';
|
||||
//$mime_preview[]='archive';
|
||||
$num_mime = array_search(dol_mimetype($file, '', 1), $mime_preview);
|
||||
if ($num_mime !== false) return 1;
|
||||
|
||||
// By default, not allowed for preview
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return mime type of a file
|
||||
@ -8139,7 +8161,7 @@ function ajax_autoselect($htmlname, $addlink = '')
|
||||
* @param string $default Default mime type if extension not found in known list
|
||||
* @param int $mode 0=Return full mime, 1=otherwise short mime string, 2=image for mime type, 3=source language, 4=css of font fa
|
||||
* @return string Return a mime type family (text/xxx, application/xxx, image/xxx, audio, video, archive)
|
||||
* @see image_format_supported() from images.lib.php
|
||||
* @see dolIsAllowedForPreview(), image_format_supported() from images.lib.php
|
||||
*/
|
||||
function dol_mimetype($file, $default = 'application/octet-stream', $mode = 0)
|
||||
{
|
||||
|
||||
@ -159,11 +159,13 @@ if (isset($_GET["attachment"])) $attachment = GETPOST("attachment", 'alpha') ?tr
|
||||
if (!empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment = false;
|
||||
|
||||
// Define mime type
|
||||
$type = 'application/octet-stream';
|
||||
$type = 'application/octet-stream'; // By default
|
||||
if (GETPOST('type', 'alpha')) $type = GETPOST('type', 'alpha');
|
||||
else $type = dol_mimetype($original_file);
|
||||
// Security: Force to octet-stream if file is a dangerous file
|
||||
if (preg_match('/\.noexe$/i', $original_file)) $type = 'application/octet-stream';
|
||||
else $type=dol_mimetype($original_file);
|
||||
// Security: Force to octet-stream if file is a dangerous file. For example when it is a .noexe file
|
||||
if (!dolIsAllowedForPreview($original_file)) {
|
||||
$type = 'application/octet-stream';
|
||||
}
|
||||
|
||||
// Security: Delete string ../ into $original_file
|
||||
$original_file = str_replace("../", "/", $original_file);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user