From 2ff633a89f5f9bcd1daf413f77b1ea69a1682719 Mon Sep 17 00:00:00 2001
From: Alexandre SPANGARO <aspangaro.dolibarr@gmail.com>
Date: Wed, 16 Sep 2020 21:12:35 +0200
Subject: [PATCH] Revert "FIX Yogosha report 4425 (backport)"

This reverts commit 23c4cfe913429a38b3e4f9edec33bdfb0166d274.
---
 htdocs/core/lib/functions.lib.php | 37 +++++++------------------------
 htdocs/document.php               |  9 ++++----
 2 files changed, 12 insertions(+), 34 deletions(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 3f4229589dd..97ad5d58969 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -7705,16 +7705,19 @@ function getAdvancedPreviewUrl($modulepart, $relativepath, $alldata = 0, $param
 
 	if (empty($conf->use_javascript_ajax)) return '';
 
-	$isAllowedForPreview = dolIsAllowedForPreview($relativepath);
+	$mime_preview = array('bmp', 'jpeg', 'png', 'gif', 'tiff', 'pdf', 'plain', 'css', 'svg+xml');
+	//$mime_preview[]='vnd.oasis.opendocument.presentation';
+	//$mime_preview[]='archive';
+	$num_mime = array_search(dol_mimetype($relativepath, '', 1), $mime_preview);
 
 	if ($alldata == 1)
 	{
-		if (isAllowedForPreview) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:''), 'mime'=>dol_mimetype($relativepath), );
+		if ($num_mime !== false) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:''), 'mime'=>dol_mimetype($relativepath), );
 		else return array();
 	}
 
-	// old behavior, return a string
-	if ($isAllowedForPreview) return 'javascript:document_preview(\''.dol_escape_js(DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:'')).'\', \''.dol_mimetype($relativepath).'\', \''.dol_escape_js($langs->trans('Preview')).'\')';
+	// old behavior
+	if ($num_mime !== false) return 'javascript:document_preview(\''.dol_escape_js(DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:'')).'\', \''.dol_mimetype($relativepath).'\', \''.dol_escape_js($langs->trans('Preview')).'\')';
 	else return '';
 }
 
@@ -7738,30 +7741,6 @@ function ajax_autoselect($htmlname, $addlink = '')
 	return $out;
 }
 
-/**
- *	Return if a file is qualified for preview
- *
- *	@param	string	$file		Filename we looking for information
- *	@return int					1 If allowed, 0 otherwise
- *  @see    dol_mimetype(), image_format_supported() from images.lib.php
- */
-function dolIsAllowedForPreview($file) {
-	global $conf;
-
-	// Check .noexe extension in filename
-	if (preg_match('/\.noexe$/i', $file)) return 0;
-
-	// Check mime types
-	$mime_preview = array('bmp', 'jpeg', 'png', 'gif', 'tiff', 'pdf', 'plain', 'css', 'webp');
-	if (!empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)) $mime_preview[] = 'svg+xml';
-	//$mime_preview[]='vnd.oasis.opendocument.presentation';
-	//$mime_preview[]='archive';
-	$num_mime = array_search(dol_mimetype($file, '', 1), $mime_preview);
-	if ($num_mime !== false) return 1;
-
-	// By default, not allowed for preview
-	return 0;
-}
 
 /**
  *	Return mime type of a file
@@ -7770,7 +7749,7 @@ function dolIsAllowedForPreview($file) {
  *  @param  string	$default    Default mime type if extension not found in known list
  * 	@param	int		$mode    	0=Return full mime, 1=otherwise short mime string, 2=image for mime type, 3=source language, 4=css of font fa
  *	@return string 		    	Return a mime type family (text/xxx, application/xxx, image/xxx, audio, video, archive)
- *  @see    dolIsAllowedForPreview(), image_format_supported() from images.lib.php
+ *  @see    image_format_supported() from images.lib.php
  */
 function dol_mimetype($file, $default = 'application/octet-stream', $mode = 0)
 {
diff --git a/htdocs/document.php b/htdocs/document.php
index ccd404f7315..2b37792d69a 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -156,13 +156,12 @@ if (isset($_GET["attachment"])) $attachment = GETPOST("attachment", 'alpha')?tru
 if (! empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment=false;
 
 // Define mime type
-$type = 'application/octet-stream';	// By default
+$type = 'application/octet-stream';
 if (GETPOST('type', 'alpha')) $type=GETPOST('type', 'alpha');
 else $type=dol_mimetype($original_file);
-// Security: Force to octet-stream if file is a dangerous file. For example when it is a .noexe file
-if (!dolIsAllowedForPreview($original_file)) {
-	$type = 'application/octet-stream';
-}
+// Security: Force to octet-stream if file is a dangerous file
+if (preg_match('/\.noexe$/i', $original_file)) $type = 'application/octet-stream';
+
 // Security: Delete string ../ into $original_file
 $original_file = str_replace("../", "/", $original_file);