From becd65f9d3436a6542ed439beb792ea92512bfdb Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 19 Jan 2014 21:34:48 +0100 Subject: [PATCH 1/2] Fix: Bad space into log --- htdocs/core/lib/files.lib.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 3df77ec722a..c021d0411ba 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -538,13 +538,13 @@ function dol_move($srcfile, $destfile, $newmask=0, $overwriteifexists=1) $newpathofdestfile=dol_osencode($destfile); $result=@rename($newpathofsrcfile, $newpathofdestfile); // To see errors, remove @ - if (! $result) + if (! $result) { - if ($destexists) + if ($destexists) { dol_syslog("files.lib.php::dol_move failed. We try to delete first and move after.", LOG_WARNING); // We force delete and try again. Rename function sometimes fails to replace dest file with some windows NTFS partitions. - dol_delete_file($destfile); + dol_delete_file($destfile); $result=@rename($newpathofsrcfile, $newpathofdestfile); // To see errors, remove @ } else dol_syslog("files.lib.php::dol_move failed", LOG_WARNING); @@ -1301,7 +1301,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu if (empty($modulepart)) return 'ErrorBadParameter'; if (empty($entity)) $entity=0; - dol_syslog('modulepart='.$modulepart.' original_file= '.$original_file); + dol_syslog('modulepart='.$modulepart.' original_file='.$original_file); // We define $accessallowed and $sqlprotectagainstexternals $accessallowed=0; $sqlprotectagainstexternals=''; From 79e4c283db369348c399e80011d4c87131d7928c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 19 Jan 2014 22:43:36 +0100 Subject: [PATCH 2/2] Fix: Deletion of files was broken --- htdocs/core/lib/files.lib.php | 2 ++ .../core/tpl/document_actions_pre_headers.tpl.php | 13 +++++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index c021d0411ba..dd4ff4b6ed3 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -726,6 +726,8 @@ function dol_delete_file($file,$disableglob=0,$nophperrors=0,$nohook=0,$object=n $langs->load("other"); $langs->load("errors"); + dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook); + if (empty($nohook)) { $hookmanager->initHooks(array('fileslib')); diff --git a/htdocs/core/tpl/document_actions_pre_headers.tpl.php b/htdocs/core/tpl/document_actions_pre_headers.tpl.php index 06edca3c7c7..7bfc5964140 100644 --- a/htdocs/core/tpl/document_actions_pre_headers.tpl.php +++ b/htdocs/core/tpl/document_actions_pre_headers.tpl.php @@ -41,12 +41,17 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') { if ($object->id) { - $urlfile = GETPOST('urlfile', 'alpha'); - $linkid = GETPOST('linkid', 'int'); + $urlfile = GETPOST('urlfile', 'alpha'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). + if (GETPOST('section')) $file = $upload_dir . "/" . $urlfile; // For a delete of GED module urlfile contains full path from upload_dir + else // For documents pages, upload_dir contains already path to file from module dir, so we clean path into urlfile. + { + $urlfile=basename($urlfile); + $file = $upload_dir . "/" . $urlfile; + } + $linkid = GETPOST('linkid', 'int'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). + if ($urlfile) { - $file = $upload_dir . "/" . $urlfile; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). - $ret = dol_delete_file($file, 0, 0, 0, $object); if ($ret) { setEventMessage($langs->trans("FileWasRemoved", $urlfile));