lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix bug [ bug #882 ] [3.4.0] Can't open WithdrawalReceipt / fichier de

Browse Source 
prélèvement
This commit is contained in:
fhenry 2013-05-07 16:50:27 +02:00
parent de4b9b01bf
commit 16e06736e6
1 changed files with 8 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
htdocs/core/lib/files.lib.php
View File

@ -1244,7 +1244,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
if (empty($modulepart)) return 'ErrorBadParameter';
if (empty($entity)) $entity=0;
dol_syslog('$modulepart='.$modulepart.' $original_file= '.$original_file);
// We define $accessallowed and $sqlprotectagainstexternals
$accessallowed=0;
$sqlprotectagainstexternals='';
@ -1364,9 +1364,12 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
}
// Wrapping pour les prelevements
elseif ($modulepart == 'prelevement')
{
if ($user->rights->prelevement->bons->lire) $accessallowed=1;
$original_file=$conf->prelevement->dir_output.'/receipts/'.$original_file;
{
if ($user->rights->prelevement->bons->lire || preg_match('/^specimen/i',$original_file))
{
$accessallowed=1;
}
$original_file=$conf->prelevement->dir_output.'/'.$original_file;
}
// Wrapping pour les graph energie
elseif ($modulepart == 'graph_stock')
@ -1466,17 +1469,6 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
$original_file=$conf->deplacement->dir_output.'/'.$original_file;
//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$refname."' AND entity=".$conf->entity;
}
// Wrapping pour les prelevements
else if ($modulepart == 'prelevement')
{
if ($user->rights->prelevement->bons->lire || preg_match('/^specimen/i',$original_file))
{
$accessallowed=1;
}
$original_file=$conf->prelevement->dir_output.'/'.$original_file;
}
// Wrapping pour les propales
else if ($modulepart == 'propal')
{
@ -1767,7 +1759,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
eval('$sqlprotectagainstexternals = "'.$conf->global->$sqlProtectConstName.'";');
}
}
$ret = array(
'accessallowed' => $accessallowed,
'sqlprotectagainstexternals'=>$sqlprotectagainstexternals,