From 163fba38724c6acde22116721561bdaa7b178f75 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Thu, 15 Apr 2010 13:44:07 +0000
Subject: [PATCH] Fix: bad path Fix: view only image files

---
 htdocs/product/product.class.php | 2 +-
 htdocs/viewimage.php             | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/htdocs/product/product.class.php b/htdocs/product/product.class.php
index 5ac6c019299..cdaf4a66c12 100644
--- a/htdocs/product/product.class.php
+++ b/htdocs/product/product.class.php
@@ -2510,7 +2510,7 @@ class Product extends CommonObject
 
 				if (! utf8_check($file)) $file=utf8_encode($file);	// To be sure file is stored in UTF8 in memory
 
-				if (dol_is_file($dir.$file))
+				if (dol_is_file($dir.$file) && preg_match('/(\.jpg|\.bmp|\.gif|\.png|\.tiff)$/i',$dir.$file))
 				{
 					$nbphoto++;
 					$photo = $file;
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index 865a668c53f..ff6a1d0ae60 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2004-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2005-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2010 Regis Houssin        <regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -209,7 +209,7 @@ if ($modulepart)
 		{
 			$accessallowed=1;
 		}
-		$original_file=(!empty($conf->produit->dir_temp)?$conf->produit->dir_temp:$conf->service->dir_temp).'/'.$original_file;
+		$original_file=(!empty($conf->produit->dir_output)?$conf->produit->dir_output:$conf->service->dir_output).'/'.$original_file;
 	}
 
 	// Wrapping for categories