From c2d6e9adcfd62b56877db1490a293ee4745941bf Mon Sep 17 00:00:00 2001
From: David Pareja Rodriguez <dpareja@energia-viva.com>
Date: Wed, 1 Mar 2023 08:33:52 +0100
Subject: [PATCH 1/3] Allow FileUpload to be used when $fk_element and $element
 are null but enforce a valid upload_dir

---
 htdocs/core/class/fileupload.class.php | 71 ++++++++++++++++----------
 1 file changed, 45 insertions(+), 26 deletions(-)

diff --git a/htdocs/core/class/fileupload.class.php b/htdocs/core/class/fileupload.class.php
index 75662d57f94..7eb76032183 100644
--- a/htdocs/core/class/fileupload.class.php
+++ b/htdocs/core/class/fileupload.class.php
@@ -104,36 +104,40 @@ class FileUpload
 			$dir_output = $conf->$element->dir_output;
 		}
 
-		dol_include_once('/'.$pathname.'/class/'.$filename.'.class.php');
+		// If pathname and filename are null then we can still upload files
+		// IF we have specified upload_dir on $this->options
+		if ($pathname !== null && $filename !== null) {
+			dol_include_once('/'.$pathname.'/class/'.$filename.'.class.php');
 
-		$classname = ucfirst($filename);
+			$classname = ucfirst($filename);
 
-		if ($element == 'order_supplier') {
-			$classname = 'CommandeFournisseur';
-		} elseif ($element == 'invoice_supplier') {
-			$classname = 'FactureFournisseur';
-		}
-
-		$object = new $classname($db);
-
-		$object->fetch($fk_element);
-		if (!empty($parentForeignKey)) {
-			dol_include_once('/'.$parentElement.'/class/'.$parentObject.'.class.php');
-			$parent = new $parentClass($db);
-			$parent->fetch($object->$parentForeignKey);
-			if (!empty($parent->socid)) {
-				$parent->fetch_thirdparty();
+			if ($element == 'order_supplier') {
+				$classname = 'CommandeFournisseur';
+			} elseif ($element == 'invoice_supplier') {
+				$classname = 'FactureFournisseur';
 			}
-			$object->$parentObject = clone $parent;
-		} else {
-			$object->fetch_thirdparty();
-		}
 
-		$object_ref = dol_sanitizeFileName($object->ref);
-		if ($element == 'invoice_supplier') {
-			$object_ref = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier').$object_ref;
-		} elseif ($element == 'project_task') {
-			$object_ref = $object->project->ref.'/'.$object_ref;
+			$object = new $classname($db);
+
+			$object->fetch($fk_element);
+			if (!empty($parentForeignKey)) {
+				dol_include_once('/'.$parentElement.'/class/'.$parentObject.'.class.php');
+				$parent = new $parentClass($db);
+				$parent->fetch($object->$parentForeignKey);
+				if (!empty($parent->socid)) {
+					$parent->fetch_thirdparty();
+				}
+				$object->$parentObject = clone $parent;
+			} else {
+				$object->fetch_thirdparty();
+			}
+
+			$object_ref = dol_sanitizeFileName($object->ref);
+			if ($element == 'invoice_supplier') {
+				$object_ref = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier').$object_ref;
+			} elseif ($element == 'project_task') {
+				$object_ref = $object->project->ref.'/'.$object_ref;
+			}
 		}
 
 		$this->options = array(
@@ -195,6 +199,21 @@ class FileUpload
 		if ($options) {
 			$this->options = array_replace_recursive($this->options, $options);
 		}
+
+		// At this point we should have a valid upload_dir in options
+		//if ($pathname === null && $filename === null) { // OR or AND???
+		if ($pathname === null || $filename === null) {
+			if (!key_exists("upload_dir", $this->options)) {
+				setEventMessage('If $fk_element = null or $element = null you must specify upload_dir on $options', 'errors');
+				throw new Exception('If $fk_element = null or $element = null you must specify upload_dir on $options');
+			} elseif (is_dir($this->options['upload_dir'])) {
+				setEventMessage('The directory '$this->options['upload_dir'].' doesn\'t exists', 'errors');
+				throw new Exception('The directory '$this->options['upload_dir'].' doesn\'t exists');
+			} elseif (is_writable($this->options['upload_dir'])) {
+				setEventMessage('The directory '$this->options['upload_dir'].' is not writable', 'errors');
+				throw new Exception('The directory '$this->options['upload_dir'].' is not writable');
+			}
+		}
 	}
 
 	/**

From 2a706411cf34367902349b68344dfe37f80ba07f Mon Sep 17 00:00:00 2001
From: David Pareja Rodriguez <dpareja@energia-viva.com>
Date: Wed, 1 Mar 2023 08:44:06 +0100
Subject: [PATCH 2/3] fix wrong string concatenation

---
 htdocs/core/class/fileupload.class.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/htdocs/core/class/fileupload.class.php b/htdocs/core/class/fileupload.class.php
index 7eb76032183..feb35e660d7 100644
--- a/htdocs/core/class/fileupload.class.php
+++ b/htdocs/core/class/fileupload.class.php
@@ -207,11 +207,11 @@ class FileUpload
 				setEventMessage('If $fk_element = null or $element = null you must specify upload_dir on $options', 'errors');
 				throw new Exception('If $fk_element = null or $element = null you must specify upload_dir on $options');
 			} elseif (is_dir($this->options['upload_dir'])) {
-				setEventMessage('The directory '$this->options['upload_dir'].' doesn\'t exists', 'errors');
-				throw new Exception('The directory '$this->options['upload_dir'].' doesn\'t exists');
+				setEventMessage('The directory '.$this->options['upload_dir'].' doesn\'t exists', 'errors');
+				throw new Exception('The directory '.$this->options['upload_dir'].' doesn\'t exists');
 			} elseif (is_writable($this->options['upload_dir'])) {
-				setEventMessage('The directory '$this->options['upload_dir'].' is not writable', 'errors');
-				throw new Exception('The directory '$this->options['upload_dir'].' is not writable');
+				setEventMessage('The directory '.$this->options['upload_dir'].' is not writable', 'errors');
+				throw new Exception('The directory '.$this->options['upload_dir'].' is not writable');
 			}
 		}
 	}

From 0e9451e10081a012e192ad5572ff79fc3fc28595 Mon Sep 17 00:00:00 2001
From: David Pareja Rodriguez <dpareja@energia-viva.com>
Date: Wed, 1 Mar 2023 10:11:55 +0100
Subject: [PATCH 3/3] fix should check the negative

---
 htdocs/core/class/fileupload.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/class/fileupload.class.php b/htdocs/core/class/fileupload.class.php
index feb35e660d7..aff9fd4d412 100644
--- a/htdocs/core/class/fileupload.class.php
+++ b/htdocs/core/class/fileupload.class.php
@@ -206,10 +206,10 @@ class FileUpload
 			if (!key_exists("upload_dir", $this->options)) {
 				setEventMessage('If $fk_element = null or $element = null you must specify upload_dir on $options', 'errors');
 				throw new Exception('If $fk_element = null or $element = null you must specify upload_dir on $options');
-			} elseif (is_dir($this->options['upload_dir'])) {
+			} elseif (!is_dir($this->options['upload_dir'])) {
 				setEventMessage('The directory '.$this->options['upload_dir'].' doesn\'t exists', 'errors');
 				throw new Exception('The directory '.$this->options['upload_dir'].' doesn\'t exists');
-			} elseif (is_writable($this->options['upload_dir'])) {
+			} elseif (!is_writable($this->options['upload_dir'])) {
 				setEventMessage('The directory '.$this->options['upload_dir'].' is not writable', 'errors');
 				throw new Exception('The directory '.$this->options['upload_dir'].' is not writable');
 			}