From 113d4d1665dd76ab40d0aed3870af2c4d853eab8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 25 Apr 2017 10:29:13 +0200 Subject: [PATCH 1/3] FIX spaces not allowed into vat code --- htdocs/admin/dict.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 046a1cb9b27..3427382ea9f 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -680,7 +680,11 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) if ($_POST["accountancy_code"] <= 0) $_POST["accountancy_code"]=''; // If empty, we force to null if ($_POST["accountancy_code_sell"] <= 0) $_POST["accountancy_code_sell"]=''; // If empty, we force to null if ($_POST["accountancy_code_buy"] <= 0) $_POST["accountancy_code_buy"]=''; // If empty, we force to null - + if ($id == 10 && isset($_POST["code"])) // Spaces are not allowed into code + { + $_POST["code"]=preg_replace('/\s/','',$_POST["code"]); + } + // Si verif ok et action add, on ajoute la ligne if ($ok && GETPOST('actionadd')) { From 95788c96994980b12bf13464795bb9b6fc1e294f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 Apr 2017 00:53:13 +0200 Subject: [PATCH 2/3] FIX A non admin user can not download files attached to user. --- htdocs/core/lib/files.lib.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index d27d6c1cdb1..87a587a7460 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1385,7 +1385,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu $sqlprotectagainstexternals=''; $ret=array(); - // find the subdirectory name as the reference + // Find the subdirectory name as the reference. For exemple original_file='10/myfile.pdf' -> refname='10' if (empty($refname)) $refname=basename(dirname($original_file)."/"); $relative_original_file = $original_file; @@ -1553,6 +1553,18 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu $original_file=$conf->fckeditor->dir_output.'/'.$original_file; } + // Wrapping for users + else if ($modulepart == 'user' && !empty($conf->user->dir_output)) + { + $canreaduser=(! empty($fuser->admin) || $fuser->rights->user->user->lire); + if ($user->id == (int) $refname) { $canreaduser=1; } // A user can always read its own card + if ($canreaduser || preg_match('/^specimen/i',$original_file)) + { + $accessallowed=1; + } + $original_file=$conf->user->dir_output.'/'.$original_file; + } + // Wrapping for third parties else if (($modulepart == 'company' || $modulepart == 'societe') && !empty($conf->societe->dir_output)) { From d390acc8886a7f48899e5bf180b1d4f42d9c45c5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 27 Apr 2017 02:03:59 +0200 Subject: [PATCH 3/3] FIX A non admin user can not download files attached to user. --- htdocs/core/lib/files.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 87a587a7460..2faa3ae1a8f 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1557,7 +1557,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu else if ($modulepart == 'user' && !empty($conf->user->dir_output)) { $canreaduser=(! empty($fuser->admin) || $fuser->rights->user->user->lire); - if ($user->id == (int) $refname) { $canreaduser=1; } // A user can always read its own card + if ($fuser->id == (int) $refname) { $canreaduser=1; } // A user can always read its own card if ($canreaduser || preg_match('/^specimen/i',$original_file)) { $accessallowed=1;