From 31825375669329ac6006ae664af2645862b906cc Mon Sep 17 00:00:00 2001 From: atm-lena Date: Wed, 16 Sep 2020 17:19:25 +0200 Subject: [PATCH 1/3] FIX - Send mail from contact : select mail model --- htdocs/contact/card.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index f013cd7e8aa..ec8d64fcede 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -1176,6 +1176,11 @@ else } } + // Select mail models is same action as presend + if (GETPOST('modelselected', 'alpha')) { + $action = 'presend'; + } + if (! empty($id) && $action != 'edit' && $action != 'create') { $objsoc = new Societe($db); From bc457ebb660ae67b0bc853e317915e9e140458c1 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 16 Sep 2020 21:22:59 +0200 Subject: [PATCH 2/3] Stickler --- htdocs/core/lib/functions.lib.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 3f4229589dd..c279b3fb4e5 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -7745,7 +7745,8 @@ function ajax_autoselect($htmlname, $addlink = '') * @return int 1 If allowed, 0 otherwise * @see dol_mimetype(), image_format_supported() from images.lib.php */ -function dolIsAllowedForPreview($file) { +function dolIsAllowedForPreview($file) +{ global $conf; // Check .noexe extension in filename From f453e43ccafd649c6bffce6eab6ac1135fafd455 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Fri, 18 Sep 2020 01:37:15 +0200 Subject: [PATCH 3/3] FIX Yogosha report 4425 (backport) --- htdocs/document.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/htdocs/document.php b/htdocs/document.php index 2b37792d69a..ccd404f7315 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -156,12 +156,13 @@ if (isset($_GET["attachment"])) $attachment = GETPOST("attachment", 'alpha')?tru if (! empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment=false; // Define mime type -$type = 'application/octet-stream'; +$type = 'application/octet-stream'; // By default if (GETPOST('type', 'alpha')) $type=GETPOST('type', 'alpha'); else $type=dol_mimetype($original_file); -// Security: Force to octet-stream if file is a dangerous file -if (preg_match('/\.noexe$/i', $original_file)) $type = 'application/octet-stream'; - +// Security: Force to octet-stream if file is a dangerous file. For example when it is a .noexe file +if (!dolIsAllowedForPreview($original_file)) { + $type = 'application/octet-stream'; +} // Security: Delete string ../ into $original_file $original_file = str_replace("../", "/", $original_file);