lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Several fix on photo upload when file format is wrong

Browse Source
This commit is contained in:
Laurent Destailleur 2011-06-22 09:11:00 +00:00
parent bbf4372f50
commit 32da27f003
6 changed files with 85 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
htdocs/adherents/fiche.php
View File

@ -245,7 +245,7 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->adhe
$adh->amount = $_POST["amount"];
if (GETPOST('deletephoto')) $adh->photo='';
$adh->photo = ($_FILES['photo']['name']?dol_sanitizeFileName($_FILES['photo']['name']):$adh->oldcopy->photo);
elseif (! empty($_FILES['photo']['name'])) $adh->photo = dol_sanitizeFileName($_FILES['photo']['name']);
// Get status and public property
$adh->statut = $_POST["statut"];
@ -277,40 +277,47 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->adhe
$result=$adh->update($user,0,$nosyncuser,$nosyncuserpass);
if ($result >= 0 && ! sizeof($adh->errors))
{
if (GETPOST('deletephoto') && $adh->photo)
$dir= $conf->adherent->dir_output . '/' . get_exdir($adh->id,2,0,1).'/photos';
$file_OK = is_uploaded_file($_FILES['photo']['tmp_name']);
if ($file_OK)
{
$fileimg=$conf->adherent->dir_output.'/'.get_exdir($adh->id,2,0,1).'/photos/'.$adh->photo;
$dirthumbs=$conf->adherent->dir_output.'/'.get_exdir($adh->id,2,0,1).'/photos/thumbs';
dol_delete_file($fileimg);
dol_delete_dir_recursive($dirthumbs);
if (GETPOST('deletephoto'))
{
$fileimg=$conf->adherent->dir_output.'/'.get_exdir($adh->id,2,0,1).'/photos/'.$adh->photo;
$dirthumbs=$conf->adherent->dir_output.'/'.get_exdir($adh->id,2,0,1).'/photos/thumbs';
dol_delete_file($fileimg);
dol_delete_dir_recursive($dirthumbs);
}
if (image_format_supported($_FILES['photo']['name']) > 0)
{
dol_mkdir($dir);
if (@is_dir($dir))
{
$newfile=$dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']);
if (! dol_move_uploaded_file($_FILES['photo']['tmp_name'],$newfile,1,0,$_FILES['photo']['error']) > 0)
{
$message .= '<div class="error">'.$langs->trans("ErrorFailedToSaveFile").'</div>';
}
else
{
// Create small thumbs for company (Ratio is near 16/9)
// Used on logon for example
$imgThumbSmall = vignette($newfile, $maxwidthsmall, $maxheightsmall, '_small', $quality);
// Create mini thumbs for company (Ratio is near 16/9)
// Used on menu or for setup page for example
$imgThumbMini = vignette($newfile, $maxwidthmini, $maxheightmini, '_mini', $quality);
}
}
}
else
{
$errmsgs[] = "ErrorBadImageFormat";
}
}
if (!empty($_FILES['photo']['tmp_name']) && trim($_FILES['photo']['tmp_name']))
{
$dir= $conf->adherent->dir_output . '/' . get_exdir($adh->id,2,0,1).'/photos/';
create_exdir($dir);
if (@is_dir($dir))
{
$newfile=$dir.'/'.dol_sanitizeFileName($_FILES['photo']['name']);
if (! dol_move_uploaded_file($_FILES['photo']['tmp_name'],$newfile,1,0,$_FILES['photo']['error']) > 0)
{
$message .= '<div class="error">'.$langs->trans("ErrorFailedToSaveFile").'</div>';
}
else
{
// Create small thumbs for company (Ratio is near 16/9)
// Used on logon for example
$imgThumbSmall = vignette($newfile, $maxwidthsmall, $maxheightsmall, '_small', $quality);
// Create mini thumbs for company (Ratio is near 16/9)
// Used on menu or for setup page for example
$imgThumbMini = vignette($newfile, $maxwidthmini, $maxheightmini, '_mini', $quality);
}
}
}
$_GET["rowid"]=$adh->id;
$_REQUEST["action"]='';
}

1
htdocs/langs/en_US/errors.lang
View File

@ -29,6 +29,7 @@ ErrorSupplierCodeRequired=Supplier code required
ErrorSupplierCodeAlreadyUsed=Supplier code already used
ErrorBadParameters=Bad parameters
ErrorBadValueForParameter=Wrong value '%s' for parameter incorrect '%s'
ErrorBadImageFormat=Image file has not a supported format
ErrorFailedToWriteInDir=Failed to write in directory %s
ErrorFoundBadEmailInFile=Found incorrect email syntax for %s lines in file (example line %s with email=%s)
ErrorUserCannotBeDelete=User can not be deleted. May be it is associated on Dolibarr entities.

1
htdocs/langs/fr_FR/errors.lang
View File

@ -30,6 +30,7 @@ ErrorSupplierCodeRequired=Code fournisseur obligatoire
ErrorSupplierCodeAlreadyUsed=Code fournisseur déjà utilisé
ErrorBadParameters=Paramètres incorrects
ErrorBadValueForParameter=Valeur '%s' incorrecte pour le paramètre '%s'
ErrorBadImageFormat=L'image n'a pas un format reconnu
ErrorFailedToWriteInDir=Impossible d'écrire dans le répertoire %s
ErrorFoundBadEmailInFile=Syntaxe de mail incorrecte trouvée pour %s lignes dans le fichier (exemple ligne %s avec email=%s)
ErrorUserCannotBeDelete=L'utilisateur ne peut pas être supprimé. Peut-être est-il associé à des éléments de Dolibarr.

39
htdocs/lib/files.lib.php
View File

@ -618,31 +618,34 @@ function dol_delete_dir($dir,$nophperrors=0)
function dol_delete_dir_recursive($dir,$count=0,$nophperrors=0)
{
dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir,LOG_DEBUG);
$dir_osencoded=dol_osencode($dir);
if ($handle = opendir("$dir_osencoded"))
if (dol_is_dir($dir))
{
while (false !== ($item = readdir($handle)))
$dir_osencoded=dol_osencode($dir);
if ($handle = opendir("$dir_osencoded"))
{
if (! utf8_check($item)) $item=utf8_encode($item); // should be useless
if ($item != "." && $item != "..")
while (false !== ($item = readdir($handle)))
{
if (is_dir(dol_osencode("$dir/$item")))
if (! utf8_check($item)) $item=utf8_encode($item); // should be useless
if ($item != "." && $item != "..")
{
$count=dol_delete_dir_recursive("$dir/$item",$count,$nophperrors);
}
else
{
dol_delete_file("$dir/$item",1,$nophperrors);
$count++;
//echo " removing $dir/$item<br>\n";
if (is_dir(dol_osencode("$dir/$item")))
{
$count=dol_delete_dir_recursive("$dir/$item",$count,$nophperrors);
}
else
{
dol_delete_file("$dir/$item",1,$nophperrors);
$count++;
//echo " removing $dir/$item<br>\n";
}
}
}
closedir($handle);
dol_delete_dir($dir,$nophperrors);
$count++;
//echo "removing $dir<br>\n";
}
closedir($handle);
dol_delete_dir($dir,$nophperrors);
$count++;
//echo "removing $dir<br>\n";
}
//echo "return=".$count;

16
htdocs/lib/images.lib.php
View File

@ -302,7 +302,7 @@ function vignette($file, $maxWidth = 160, $maxHeight = 120, $extName='_small', $
global $conf,$langs;
dol_syslog("vignette file=".$file." extName=".$extName." maxWidth=".$maxWidth." maxHeight=".$maxHeight." quality=".$quality." targetformat=".$targetformat);
dol_syslog("vignette file=".$file." extName=".$extName." maxWidth=".$maxWidth." maxHeight=".$maxHeight." quality=".$quality." outdir=".$outdir." targetformat=".$targetformat);
// Clean parameters
$file=trim($file);
@ -311,24 +311,28 @@ function vignette($file, $maxWidth = 160, $maxHeight = 120, $extName='_small', $
if (! $file)
{
// Si le fichier n'a pas ete indique
return 'Bad parameter file';
return 'ErrorBadParameters';
}
elseif (! file_exists($file))
{
// Si le fichier passe en parametre n'existe pas
return $langs->trans("ErrorFileNotFound",$file);
dol_syslog($langs->trans("ErrorFileNotFound",$file),LOG_ERR);
return $langs->trans("ErrorFileNotFound",$file);
}
elseif(image_format_supported($file) < 0)
{
return 'This file '.$file.' does not seem to be an image format file name.';
dol_syslog('This file '.$file.' does not seem to be an image format file name.',LOG_WARNING);
return 'ErrorBadImageFormat';
}
elseif(!is_numeric($maxWidth) || empty($maxWidth) || $maxWidth < -1){
// Si la largeur max est incorrecte (n'est pas numerique, est vide, ou est inferieure a 0)
return 'Wrong value for parameter maxWidth';
dol_syslog('Wrong value for parameter maxWidth',LOG_ERR);
return 'Wrong value for parameter maxWidth';
}
elseif(!is_numeric($maxHeight) || empty($maxHeight) || $maxHeight < -1){
// Si la hauteur max est incorrecte (n'est pas numerique, est vide, ou est inferieure a 0)
return 'Wrong value for parameter maxHeight';
dol_syslog('Wrong value for parameter maxHeight',LOG_ERR);
return 'Wrong value for parameter maxHeight';
}
$fichier = realpath($file); // Chemin canonique absolu de l'image

23
htdocs/societe/soc.php
View File

@ -194,7 +194,7 @@ else
$soc->default_lang = $_POST["default_lang"];
if (GETPOST('deletephoto')) $soc->logo = '';
$soc->logo = dol_sanitizeFileName($_FILES['photo']['name']);
else if (! empty($_FILES['photo']['name'])) $soc->logo = dol_sanitizeFileName($_FILES['photo']['name']);
// Check parameters
if (empty($_POST["cancel"]))
@ -320,26 +320,25 @@ else
exit;
}
$oldsoc=new Societe($db);
$result=$oldsoc->fetch($socid);
$soc->oldcopy=dol_clone($soc);
// To not set code if third party is not concerned. But if it had values, we keep them.
if (empty($soc->client) && empty($oldsoc->code_client)) $soc->code_client='';
if (empty($soc->fournisseur)&& empty($oldsoc->code_fournisseur)) $soc->code_fournisseur='';
if (empty($soc->client) && empty($soc->oldcopy->code_client)) $soc->code_client='';
if (empty($soc->fournisseur)&& empty($soc->oldcopy->code_fournisseur)) $soc->code_fournisseur='';
//var_dump($soc);exit;
$result = $soc->update($socid,$user,1,$oldsoc->codeclient_modifiable(),$oldsoc->codefournisseur_modifiable());
$result = $soc->update($socid,$user,1,$soc->oldcopy->codeclient_modifiable(),$soc->oldcopy->codefournisseur_modifiable());
if ($result <= 0)
{
$error = $soc->error; $errors = $soc->errors;
}
### Gestion du logo de la société
$dir = $conf->societe->dir_output."/".$soc->id."/logos/";
$dir = $conf->societe->dir_output."/".$soc->id."/logos";
$file_OK = is_uploaded_file($_FILES['photo']['tmp_name']);
if ($file_OK)
{
if (GETPOST('deletephoto') && $soc->logo)
if (GETPOST('deletephoto'))
{
$fileimg=$conf->societe->dir_output.'/'.$soc->id.'/logos/'.$soc->logo;
$dirthumbs=$conf->societe->dir_output.'/'.$soc->id.'/logos/thumbs';
@ -347,9 +346,9 @@ else
dol_delete_dir_recursive($dirthumbs);
}
if (image_format_supported($_FILES['photo']['name']))
if (image_format_supported($_FILES['photo']['name']) > 0)
{
create_exdir($dir);
dol_mkdir($dir);
if (@is_dir($dir))
{
@ -372,6 +371,10 @@ else
}
}
}
else
{
$errors[] = "ErrorBadImageFormat";
}
}
### Gestion du logo de la société