Fix: bug #26929 : les fichiers contenant le signe + dans le nom ne peuvent tre tlchargs
Ne:w Use new confirm popup to delete file confirmation
This commit is contained in:
Laurent Destailleur
parent
49253626d2
commit
0cc71ca978
@ -96,7 +96,7 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
if ($_GET["action"] == 'delete')
|
||||
{
|
||||
$upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($objectid);
|
||||
$file = $upload_dir . '/' . urldecode($_GET['urlfile']);
|
||||
$file = $upload_dir . '/' . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
dol_delete_file($file);
|
||||
}
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
/**
|
||||
\file htdocs/comm/propal/document.php
|
||||
\ingroup propale
|
||||
\brief Page de gestion des documents attachées à une proposition commerciale
|
||||
\brief Page de gestion des documents attach<EFBFBD>es <EFBFBD> une proposition commerciale
|
||||
\version $Id$
|
||||
*/
|
||||
|
||||
@ -84,7 +84,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
}
|
||||
else
|
||||
{
|
||||
// Echec transfert (fichier dépassant la limite ?)
|
||||
// Echec transfert (fichier d<EFBFBD>passant la limite ?)
|
||||
$mesg = '<div class="error">'.$langs->trans("ErrorFileNotUploaded").'</div>';
|
||||
// print_r($_FILES);
|
||||
}
|
||||
@ -101,7 +101,7 @@ if ($action=='delete')
|
||||
if ($propal->fetch($propalid))
|
||||
{
|
||||
$upload_dir = $conf->propale->dir_output . "/" . dol_sanitizeFileName($propal->ref);
|
||||
$file = $upload_dir . '/' . urldecode($_GET['urlfile']);
|
||||
$file = $upload_dir . '/' . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
dol_delete_file($file);
|
||||
$mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
|
||||
}
|
||||
@ -142,7 +142,7 @@ if ($propalid > 0)
|
||||
// Ref
|
||||
print '<tr><td width="30%">'.$langs->trans('Ref').'</td><td colspan="3">'.$propal->ref.'</td></tr>';
|
||||
|
||||
// Société
|
||||
// Soci<EFBFBD>t<EFBFBD>
|
||||
print '<tr><td>'.$langs->trans('Company').'</td><td colspan="5">'.$societe->getNomUrl(1).'</td></tr>';
|
||||
|
||||
print '<tr><td>'.$langs->trans("NbOfAttachedFiles").'</td><td colspan="3">'.sizeof($filearray).'</td></tr>';
|
||||
|
||||
@ -98,7 +98,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
if ($action=='delete')
|
||||
{
|
||||
$upload_dir = $conf->commande->dir_output . "/" . dol_sanitizeFileName($commande->ref);
|
||||
$file = $upload_dir . '/' . urldecode($_GET['urlfile']);
|
||||
$file = $upload_dir . '/' . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
dol_delete_file($file);
|
||||
$mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
|
||||
}
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
/**
|
||||
\file htdocs/compta/facture/document.php
|
||||
\ingroup facture
|
||||
\brief Page de gestion des documents attachées à une facture
|
||||
\brief Page de gestion des documents attach<EFBFBD>es <EFBFBD> une facture
|
||||
\version $Id$
|
||||
*/
|
||||
|
||||
@ -85,7 +85,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
}
|
||||
else
|
||||
{
|
||||
// Echec transfert (fichier dépassant la limite ?)
|
||||
// Echec transfert (fichier d<EFBFBD>passant la limite ?)
|
||||
$mesg = '<div class="error">'.$langs->trans("ErrorFileNotUploaded").'</div>';
|
||||
// print_r($_FILES);
|
||||
}
|
||||
@ -102,7 +102,7 @@ if ($action=='delete')
|
||||
if ($facture->fetch($facid))
|
||||
{
|
||||
$upload_dir = $conf->facture->dir_output . "/" . dol_sanitizeFileName($facture->ref);
|
||||
$file = $upload_dir . '/' . urldecode($_GET['urlfile']);
|
||||
$file = $upload_dir . '/' . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
dol_delete_file($file);
|
||||
$mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
|
||||
}
|
||||
@ -143,7 +143,7 @@ if ($facid > 0)
|
||||
// Ref
|
||||
print '<tr><td width="30%">'.$langs->trans('Ref').'</td><td colspan="3">'.$facture->ref.'</td></tr>';
|
||||
|
||||
// Société
|
||||
// Soci<EFBFBD>t<EFBFBD>
|
||||
print '<tr><td>'.$langs->trans('Company').'</td><td colspan="3">'.$societe->getNomUrl(1).'</td></tr>';
|
||||
|
||||
print '<tr><td>'.$langs->trans("NbOfAttachedFiles").'</td><td colspan="3">'.sizeof($filearray).'</td></tr>';
|
||||
|
||||
@ -73,7 +73,7 @@ $modulepart='contract';
|
||||
if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
{
|
||||
/*
|
||||
* Creation répertoire si n'existe pas
|
||||
* Creation r<EFBFBD>pertoire si n'existe pas
|
||||
*/
|
||||
if (! is_dir($upload_dir)) create_exdir($upload_dir);
|
||||
|
||||
@ -86,7 +86,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
}
|
||||
else
|
||||
{
|
||||
// Echec transfert (fichier dépassant la limite ?)
|
||||
// Echec transfert (fichier d<EFBFBD>passant la limite ?)
|
||||
$mesg = '<div class="error">'.$langs->trans("ErrorFileNotUploaded").'</div>';
|
||||
// print_r($_FILES);
|
||||
}
|
||||
@ -115,7 +115,7 @@ if ($contrat->id)
|
||||
|
||||
if ($_GET["action"] == 'delete')
|
||||
{
|
||||
$file = $upload_dir . '/' . urldecode($_GET['urlfile']);
|
||||
$file = $upload_dir . '/' . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
$result=dol_delete_file($file);
|
||||
//if ($result >= 0) $mesg=$langs->trans("FileWasRemoced");
|
||||
}
|
||||
|
||||
@ -68,7 +68,7 @@ function llxHeader() { }
|
||||
|
||||
// Define mime type
|
||||
$type = 'application/octet-stream';
|
||||
if (! empty($_GET["type"])) $type=urldecode($_GET["type"]);
|
||||
if (! empty($_GET["type"])) $type=$_GET["type"];
|
||||
else $type=dol_mimetype($original_file);
|
||||
|
||||
// Define attachment (attachment=true to force choice popup 'open'/'save as')
|
||||
@ -93,9 +93,9 @@ if (eregi('\.vcs$',$original_file)) { $attachment = true; }
|
||||
if (eregi('\.ics$',$original_file)) { $attachment = true; }
|
||||
if (! empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment=false;
|
||||
|
||||
|
||||
// Suppression de la chaine de caractere ../ dans $original_file
|
||||
$original_file = str_replace("../","/", "$original_file");
|
||||
$original_file = str_replace("../","/", $original_file);
|
||||
|
||||
// find the subdirectory name as the reference
|
||||
$refname=basename(dirname($original_file)."/");
|
||||
|
||||
|
||||
@ -201,7 +201,7 @@ if (! $_GET["action"] || $_GET["action"] == 'delete_section')
|
||||
// Confirmation de la suppression d'une ligne categorie
|
||||
if ($_GET['action'] == 'delete_section')
|
||||
{
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?section='.urldecode($_GET["section"]), $langs->trans('DeleteSection'), $langs->trans('ConfirmDeleteSection',$ecmdir->label), 'confirm_deletesection');
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?section='.$_GET["section"], $langs->trans('DeleteSection'), $langs->trans('ConfirmDeleteSection',$ecmdir->label), 'confirm_deletesection');
|
||||
if ($ret == 'html') print '<br>';
|
||||
}
|
||||
|
||||
|
||||
@ -203,7 +203,7 @@ if (! $_GET["action"] || $_GET["action"] == 'delete_section')
|
||||
// Confirmation de la suppression d'une ligne categorie
|
||||
if ($_GET['action'] == 'delete_section')
|
||||
{
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?section='.urldecode($_GET["section"]), $langs->trans('DeleteSection'), $langs->trans('ConfirmDeleteSection',$ecmdir->label), 'confirm_deletesection');
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?section='.urlencode($_GET["section"]), $langs->trans('DeleteSection'), $langs->trans('ConfirmDeleteSection',$ecmdir->label), 'confirm_deletesection');
|
||||
if ($ret == 'html') print '<br>';
|
||||
}
|
||||
|
||||
|
||||
@ -130,7 +130,7 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
// Remove file
|
||||
if ($_POST['action'] == 'confirm_deletefile' && $_POST['confirm'] == 'yes')
|
||||
{
|
||||
$file = $upload_dir . "/" . urldecode($_GET["urlfile"]);
|
||||
$file = $upload_dir . "/" . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
$result=dol_delete_file($file);
|
||||
|
||||
$mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
|
||||
@ -341,7 +341,7 @@ if ($mesg) { print '<br>'.$mesg.'<br>'; }
|
||||
// Confirm remove file
|
||||
if ($_GET['action'] == 'delete')
|
||||
{
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?section='.$_REQUEST["section"].'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile');
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?section='.$_REQUEST["section"].'&urlfile='.urlencode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile');
|
||||
if ($ret == 'html') print '<br>';
|
||||
}
|
||||
|
||||
|
||||
@ -132,27 +132,6 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
}
|
||||
}
|
||||
|
||||
// Remove file
|
||||
if ($_POST['action'] == 'confirm_deletefile' && $_POST['confirm'] == 'yes')
|
||||
{
|
||||
$result=$ecmdir->fetch($_REQUEST["section"]);
|
||||
if (! $result > 0)
|
||||
{
|
||||
dol_print_error($db,$ecmdir->error);
|
||||
exit;
|
||||
}
|
||||
$relativepath=$ecmdir->getRelativePath();
|
||||
$upload_dir = $conf->ecm->dir_output.'/'.$relativepath;
|
||||
$file = $upload_dir . "/" . urldecode($_GET["urlfile"]);
|
||||
|
||||
$result=dol_delete_file($file);
|
||||
|
||||
$mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
|
||||
|
||||
$result=$ecmdir->changeNbOfFiles('-');
|
||||
$action='file_manager';
|
||||
}
|
||||
|
||||
// Action ajout d'un produit ou service
|
||||
if ($_POST["action"] == 'add' && $user->rights->ecm->setup)
|
||||
{
|
||||
@ -173,8 +152,29 @@ if ($_POST["action"] == 'add' && $user->rights->ecm->setup)
|
||||
}
|
||||
}
|
||||
|
||||
// Suppression fichier
|
||||
if ($_POST['action'] == 'confirm_deletesection' && $_POST['confirm'] == 'yes')
|
||||
// Remove file
|
||||
if ($_REQUEST['action'] == 'confirm_deletefile' && $_REQUEST['confirm'] == 'yes')
|
||||
{
|
||||
$result=$ecmdir->fetch($_REQUEST["section"]);
|
||||
if (! $result > 0)
|
||||
{
|
||||
dol_print_error($db,$ecmdir->error);
|
||||
exit;
|
||||
}
|
||||
$relativepath=$ecmdir->getRelativePath();
|
||||
$upload_dir = $conf->ecm->dir_output.'/'.$relativepath;
|
||||
$file = $upload_dir . "/" . $_REQUEST['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
|
||||
$result=dol_delete_file($file);
|
||||
|
||||
$mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
|
||||
|
||||
$result=$ecmdir->changeNbOfFiles('-');
|
||||
$action='file_manager';
|
||||
}
|
||||
|
||||
// Remove directory
|
||||
if ($_REQUEST['action'] == 'confirm_deletesection' && $_REQUEST['confirm'] == 'yes')
|
||||
{
|
||||
$result=$ecmdir->delete($user);
|
||||
$mesg = '<div class="ok">'.$langs->trans("ECMSectionWasRemoved", $ecmdir->label).'</div>';
|
||||
@ -221,7 +221,7 @@ print "<br>\n";
|
||||
// Confirm remove file
|
||||
if ($_GET['action'] == 'delete')
|
||||
{
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?section='.$_REQUEST["section"].'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile');
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?section='.$_REQUEST["section"].'&urlfile='.urlencode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile','','',1);
|
||||
if ($ret == 'html') print '<br>';
|
||||
}
|
||||
|
||||
@ -246,7 +246,7 @@ if (empty($action) || $action == 'file_manager' || eregi('refresh',$action) || $
|
||||
// Confirmation de la suppression d'une ligne categorie
|
||||
if ($_GET['action'] == 'delete_section')
|
||||
{
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?section='.urldecode($_GET["section"]), $langs->trans('DeleteSection'), $langs->trans('ConfirmDeleteSection',$ecmdir->label), 'confirm_deletesection');
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?section='.urlencode($_GET["section"]), $langs->trans('DeleteSection'), $langs->trans('ConfirmDeleteSection',$ecmdir->label), 'confirm_deletesection','','',1);
|
||||
if ($ret == 'html') print '<br>';
|
||||
}
|
||||
|
||||
|
||||
@ -70,7 +70,7 @@ $modulepart='fichinter';
|
||||
if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
{
|
||||
/*
|
||||
* Creation répertoire si n'existe pas
|
||||
* Creation r<EFBFBD>pertoire si n'existe pas
|
||||
*/
|
||||
if (! is_dir($upload_dir)) create_exdir($upload_dir);
|
||||
|
||||
@ -83,7 +83,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
}
|
||||
else
|
||||
{
|
||||
// Echec transfert (fichier dépassant la limite ?)
|
||||
// Echec transfert (fichier d<EFBFBD>passant la limite ?)
|
||||
$mesg = '<div class="error">'.$langs->trans("ErrorFileNotUploaded").'</div>';
|
||||
// print_r($_FILES);
|
||||
}
|
||||
@ -114,7 +114,7 @@ if ($object->id)
|
||||
|
||||
if ($_GET["action"] == 'delete')
|
||||
{
|
||||
$file = $upload_dir . '/' . urldecode($_GET['urlfile']);
|
||||
$file = $upload_dir . '/' . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
$result=dol_delete_file($file);
|
||||
//if ($result >= 0) $mesg=$langs->trans("FileWasRemoced");
|
||||
}
|
||||
|
||||
@ -99,7 +99,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
if ($action=='delete')
|
||||
{
|
||||
$upload_dir = $conf->fournisseur->dir_output . "/commande/" . dol_sanitizeFileName($commande->ref);
|
||||
$file = $upload_dir . '/' . urldecode($_GET['urlfile']);
|
||||
$file = $upload_dir . '/' . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
dol_delete_file($file);
|
||||
$mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
|
||||
}
|
||||
|
||||
@ -98,7 +98,7 @@ if ($action=='delete')
|
||||
{
|
||||
$upload_dir = $conf->fournisseur->dir_output.'/facture/'.get_exdir($facture->id,2).$facture->id;
|
||||
|
||||
$file = $upload_dir . '/' . urldecode($_GET['urlfile']);
|
||||
$file = $upload_dir . '/' . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
dol_delete_file($file);
|
||||
$mesg = '<div class="ok">'.$langs->trans('FileWasRemoved').'</div>';
|
||||
}
|
||||
|
||||
@ -461,7 +461,7 @@ class FormFile
|
||||
if ($forcedownload) print '&type=application/binary';
|
||||
print '&file='.urlencode($relativepath.$file['name']).'">';
|
||||
print img_mime($file['name']).' ';
|
||||
print dol_trunc($file['name'],$maxlength,'middle');
|
||||
print htmlentities(dol_trunc($file['name'],$maxlength,'middle'));
|
||||
print '</a>';
|
||||
print "</td>\n";
|
||||
print '<td align="right">'.dol_print_size($file['size']).'</td>';
|
||||
@ -469,7 +469,7 @@ class FormFile
|
||||
print '<td align="right">';
|
||||
//print ' ';
|
||||
if ($permtodelete)
|
||||
print '<a href="'.$url.'?id='.$object->id.'&section='.$_REQUEST["section"].'&action=delete&urlfile='.urlencode($file['name']).'">'.img_delete().'</a>';
|
||||
print '<a href="'.$url.'?id='.$object->id.'§ion='.$_REQUEST["section"].'&action=delete&urlfile='.urlencode($file['name']).'">'.img_delete().'</a>';
|
||||
else
|
||||
print ' ';
|
||||
print "</td></tr>\n";
|
||||
|
||||
@ -1757,7 +1757,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
|
||||
// les noms de fichiers.
|
||||
if (eregi('^\.',$src_file) || eregi('\.\.',$src_file) || eregi('[<>|]',$src_file))
|
||||
{
|
||||
dol_syslog("Refused to deliver file ".$src_file);
|
||||
dol_syslog("Refused to deliver file ".$src_file, LOG_WARNING);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -1766,14 +1766,18 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
|
||||
// les noms de fichiers.
|
||||
if (eregi('^\.',$dest_file) || eregi('\.\.',$dest_file) || eregi('[<>|]',$dest_file))
|
||||
{
|
||||
dol_syslog("Refused to deliver file ".$dest_file);
|
||||
dol_syslog("Refused to deliver file ".$dest_file, LOG_WARNING);
|
||||
return -1;
|
||||
}
|
||||
|
||||
// The file functions are ISO and data are stored in UTF8 in memory.
|
||||
$src_file_iso=utf8_decode($src_file);
|
||||
$file_name_iso=utf8_decode($file_name);
|
||||
|
||||
// Check if destination file already exists
|
||||
if (! $allowoverwrite)
|
||||
{
|
||||
if (file_exists($file_name))
|
||||
if (file_exists($file_name_iso))
|
||||
{
|
||||
dol_syslog("Functions.lib::dol_move_uploaded_file File ".$file_name." already exists", LOG_WARNING);
|
||||
return -2;
|
||||
@ -1781,7 +1785,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
|
||||
}
|
||||
|
||||
// Move file
|
||||
$return=move_uploaded_file($src_file, $file_name);
|
||||
$return=move_uploaded_file($src_file_iso, $file_name_iso);
|
||||
if ($return)
|
||||
{
|
||||
if (! empty($conf->global->MAIN_UMASK)) @chmod($file_name, octdec($conf->global->MAIN_UMASK));
|
||||
|
||||
@ -116,7 +116,7 @@ if ($product->id)
|
||||
|
||||
if ($action=='delete')
|
||||
{
|
||||
$file = $upload_dir . '/' . urldecode($_GET['urlfile']);
|
||||
$file = $upload_dir . '/' . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
$result=dol_delete_file($file);
|
||||
//if ($result >= 0) $mesg=$langs->trans("FileWasRemoced");
|
||||
}
|
||||
|
||||
@ -100,7 +100,7 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
// Suppression fichier
|
||||
if ($_REQUEST['action'] == 'confirm_deletefile' && $_REQUEST['confirm'] == 'yes')
|
||||
{
|
||||
$file = $upload_dir . "/" . urldecode($_GET["urlfile"]);
|
||||
$file = $upload_dir . "/" . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
dol_delete_file($file);
|
||||
$mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
|
||||
}
|
||||
|
||||
@ -26,9 +26,11 @@
|
||||
\version $Id$
|
||||
*/
|
||||
|
||||
$original_file = isset($_GET["file"])?urldecode($_GET["file"]):'';
|
||||
$modulepart = urldecode($_GET["modulepart"]);
|
||||
$type = isset($_GET["type"]) ? urldecode($_GET["type"]) : '';
|
||||
// Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
$action = isset($_GET["action"])?$_GET["action"]:'';
|
||||
$original_file = isset($_GET["file"])?$_GET["file"]:'';
|
||||
$modulepart = isset($_GET["modulepart"])?$_GET["modulepart"]:'';
|
||||
$urlsource = isset($_GET["urlsource"])?$_GET["urlsource"]:'';
|
||||
|
||||
// Define if we need master or master+main
|
||||
$needmasteronly=false;
|
||||
@ -59,11 +61,13 @@ else
|
||||
function llxHeader() { }
|
||||
|
||||
|
||||
// Define mime type
|
||||
$type = 'application/octet-stream';
|
||||
if (! empty($_GET["type"])) $type=$_GET["type"];
|
||||
else $type=dol_mimetype($original_file);
|
||||
|
||||
// Protection, on interdit les .. dans les chemins
|
||||
$original_file = eregi_replace('\.\.','',$original_file);
|
||||
|
||||
|
||||
// Suppression de la chaine de caractere ../ dans $original_file
|
||||
$original_file = str_replace("../","/", $original_file);
|
||||
|
||||
$accessallowed=0;
|
||||
if ($modulepart)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user