lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '10.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source 
Conflicts:
	htdocs/core/lib/files.lib.php
	htdocs/product/stock/card.php
This commit is contained in:
Laurent Destailleur 2019-08-16 21:48:46 +02:00
commit 467ad3ed22
3 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
htdocs/core/lib/files.lib.php
View File

@ -986,6 +986,7 @@ function dolCheckVirus($src_file)
* - This function can be used only into a HTML page context. Use dol_move if you are outside.
* - Test on antivirus is always done (if antivirus set).
* - Database of files is NOT updated (this is done by dol_add_file_process() that calls this function).
* - Extension .noexe may be added if file is executable and MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED is not set.
*
* @param string $src_file Source full path filename ($_FILES['field']['tmp_name'])
* @param string $dest_file Target full path filename ($_FILES['field']['name'])
@ -1064,15 +1065,15 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable
// Security:
// We refuse cache files/dirs, upload using .. and pipes into filenames.
if (preg_match('/^\./', $src_file) || preg_match('/\.\./', $src_file) || preg_match('/[<>|]/', $src_file))
if (preg_match('/^\./', basename($src_file)) || preg_match('/\.\./', $src_file) || preg_match('/[<>|]/', $src_file))
{
dol_syslog("Refused to deliver file ".$src_file, LOG_WARNING);
return -1;
}
// Security:
// On interdit fichiers caches, remontees de repertoire ainsi que les pipe dans les noms de fichiers.
if (preg_match('/^\./', $dest_file) || preg_match('/\.\./', $dest_file) || preg_match('/[<>|]/', $dest_file))
// We refuse cache files/dirs, upload using .. and pipes into filenames.
if (preg_match('/^\./', basename($dest_file)) || preg_match('/\.\./', $dest_file) || preg_match('/[<>|]/', $dest_file))
{
dol_syslog("Refused to deliver file ".$dest_file, LOG_WARNING);
return -2;
@ -1911,7 +1912,7 @@ function dol_compress_file($inputfile, $outputfile, $mode = "gz")
dol_syslog("Class ZipArchive is set so we zip using ZipArchive to zip into ".$outputfile.' rootPath='.$rootPath);
$zip = new ZipArchive;
if ($zip->open($outputfile, ZipArchive::CREATE)!==true) {
if ($zip->open($outputfile, ZipArchive::CREATE) !== true) {
$errormsg="Failed to open file ".$outputfile."\n";
dol_syslog("dol_compress_file failure - ".$errormsg, LOG_ERR);
return -6;

3
htdocs/core/lib/functions.lib.php
View File

@ -816,7 +816,8 @@ function dol_size($size, $type = '')
*/
function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1)
{
$filesystem_forbidden_chars = array('<','>','/','\\','?','*','|','"','°');
// List of special chars for filenames are defined on page https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file
$filesystem_forbidden_chars = array('<', '>', '/', '\\', '?', '*', '|', '"', ':', '°');
return dol_string_nospecial($unaccent?dol_string_unaccent($str):$str, $newstr, $filesystem_forbidden_chars);
}

5
htdocs/product/stock/card.php
View File

@ -56,6 +56,9 @@ $backtopage=GETPOST('backtopage', 'alpha');
//$result=restrictedArea($user,'stock', $id, 'entrepot&stock');
$result=restrictedArea($user, 'stock');
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('warehousecard', 'globalcard'));
$object = new Entrepot($db);
$extrafields = new ExtraFields($db);
@ -73,8 +76,6 @@ if ($id > 0 || ! empty($ref)) {
}
}
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('warehousecard', 'globalcard'));
/*
* Actions