lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX: permit access to medias when logged in a different entity

Browse Source
This commit is contained in:
Marc de Lima Lucio 2022-03-22 17:13:48 +01:00
parent 6617cbc531
commit 100c48372b
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/viewimage.php
View File

@ -186,6 +186,13 @@ $refname = basename(dirname($original_file)."/");
// Security check
if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart', 0, 0, 1);
// When logged in a different entity, medias cannot be accessed because $conf->$module->multidir_output
// is not set on the requested entity, but they are public documents, so reset entity
if ($modulepart === 'medias' && $entity != $conf->entity) {
$conf->entity = $entity;
$conf->setValues($db);
}
$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $user, $refname);
$accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];