From 16e06736e65ade5ed24daad9035e6e00dd3ef77f Mon Sep 17 00:00:00 2001
From: fhenry <florian.henry@open-concept.pro>
Date: Tue, 7 May 2013 16:50:27 +0200
Subject: [PATCH] =?UTF-8?q?Fix=20bug=20[=20bug=20#882=20]=20[3.4.0]=20Can'?=
 =?UTF-8?q?t=20open=20WithdrawalReceipt=20/=20fichier=20de=20pr=C3=A9l?=
 =?UTF-8?q?=C3=A8vement?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 htdocs/core/lib/files.lib.php | 24 ++++++++----------------
 1 file changed, 8 insertions(+), 16 deletions(-)

diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php
index 83af9f60871..cad4d4c3d52 100644
--- a/htdocs/core/lib/files.lib.php
+++ b/htdocs/core/lib/files.lib.php
@@ -1244,7 +1244,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
 
 	if (empty($modulepart)) return 'ErrorBadParameter';
 	if (empty($entity)) $entity=0;
-
+	dol_syslog('$modulepart='.$modulepart.' $original_file= '.$original_file);
 	// We define $accessallowed and $sqlprotectagainstexternals
 	$accessallowed=0;
 	$sqlprotectagainstexternals='';
@@ -1364,9 +1364,12 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
 	}
 	// Wrapping pour les prelevements
 	elseif ($modulepart == 'prelevement')
-	{
-		if ($user->rights->prelevement->bons->lire) $accessallowed=1;
-		$original_file=$conf->prelevement->dir_output.'/receipts/'.$original_file;
+	{
+		if ($user->rights->prelevement->bons->lire || preg_match('/^specimen/i',$original_file))
+		{
+			$accessallowed=1;
+		}
+		$original_file=$conf->prelevement->dir_output.'/'.$original_file;
 	}
 	// Wrapping pour les graph energie
 	elseif ($modulepart == 'graph_stock')
@@ -1466,17 +1469,6 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
 		$original_file=$conf->deplacement->dir_output.'/'.$original_file;
 		//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$refname."' AND entity=".$conf->entity;
 	}
-
-	// Wrapping pour les prelevements
-	else if ($modulepart == 'prelevement')
-	{
-		if ($user->rights->prelevement->bons->lire || preg_match('/^specimen/i',$original_file))
-		{
-			$accessallowed=1;
-		}
-		$original_file=$conf->prelevement->dir_output.'/'.$original_file;
-	}
-
 	// Wrapping pour les propales
 	else if ($modulepart == 'propal')
 	{
@@ -1767,7 +1759,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
 			eval('$sqlprotectagainstexternals = "'.$conf->global->$sqlProtectConstName.'";');
 		}
 	}
-
+	
 	$ret = array(
 		'accessallowed' => $accessallowed,
 		'sqlprotectagainstexternals'=>$sqlprotectagainstexternals,