Fix sanitize data
This commit is contained in:
Laurent Destailleur
parent
0fc3b99a06
commit
510125ceb0
@ -212,10 +212,10 @@ function hideoptions(){
|
||||
|
||||
if (div.style.display === "none") {
|
||||
div.style.display = "block";
|
||||
lnk.innerText="'.$langs->trans("HideAdvancedoptions").'";
|
||||
lnk.innerText="'.dol_escape_js($langs->transnoentitiesnoconv("HideAdvancedoptions")).'";
|
||||
} else {
|
||||
div.style.display = "none";
|
||||
lnk.innerText="'.$langs->trans("ShowAdvancedOptions").'...";
|
||||
lnk.innerText="'.dol_escape_js($langs->transnoentitiesnoconv("ShowAdvancedOptions")).'...";
|
||||
}
|
||||
}
|
||||
</script>';
|
||||
|
||||
@ -35,7 +35,7 @@ $langs->load("admin");
|
||||
$action = GETPOST('action', 'aZ09');
|
||||
$what = GETPOST('what', 'alpha');
|
||||
$export_type = GETPOST('export_type', 'alpha');
|
||||
$file = GETPOST('filename_template', 'alpha');
|
||||
$file = dol_sanitizeFileName(GETPOST('filename_template', 'alpha'));
|
||||
|
||||
// Load variable for pagination
|
||||
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
|
||||
|
||||
@ -215,6 +215,9 @@ class Utils
|
||||
dol_syslog("Utils::dumpDatabase type=".$type." compression=".$compression." file=".$file, LOG_DEBUG);
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
|
||||
|
||||
// Clean data
|
||||
$file = dol_sanitizeFileName($file);
|
||||
|
||||
// Check compression parameter
|
||||
if (!in_array($compression, array('none', 'gz', 'bz', 'zip', 'zstd'))) {
|
||||
$langs->load("errors");
|
||||
@ -373,23 +376,23 @@ class Utils
|
||||
}
|
||||
} else {
|
||||
if ($compression == 'none') {
|
||||
$fullcommandclear .= " > ".dol_sanitizePathName($outputfile);
|
||||
$fullcommandcrypted .= " > ".dol_sanitizePathName($outputfile);
|
||||
$fullcommandclear .= ' > "'.dol_sanitizePathName($outputfile).'"';
|
||||
$fullcommandcrypted .= ' > "'.dol_sanitizePathName($outputfile).'"';
|
||||
$handle = 1;
|
||||
} elseif ($compression == 'gz') {
|
||||
$fullcommandclear .= " | gzip > ".dol_sanitizePathName($outputfile);
|
||||
$fullcommandcrypted .= " | gzip > ".dol_sanitizePathName($outputfile);
|
||||
$paramcrypted.=" | gzip";
|
||||
$fullcommandclear .= ' | gzip > "'.dol_sanitizePathName($outputfile).'"';
|
||||
$fullcommandcrypted .= ' | gzip > "'.dol_sanitizePathName($outputfile).'"';
|
||||
$paramcrypted .= ' | gzip';
|
||||
$handle = 1;
|
||||
} elseif ($compression == 'bz') {
|
||||
$fullcommandclear .= " | bzip2 > ".dol_sanitizePathName($outputfile);
|
||||
$fullcommandcrypted .= " | bzip2 > ".dol_sanitizePathName($outputfile);
|
||||
$paramcrypted.=" | bzip2";
|
||||
$fullcommandclear .= ' | bzip2 > "'.dol_sanitizePathName($outputfile).'"';
|
||||
$fullcommandcrypted .= ' | bzip2 > "'.dol_sanitizePathName($outputfile).'"';
|
||||
$paramcrypted .= ' | bzip2';
|
||||
$handle = 1;
|
||||
} elseif ($compression == 'zstd') {
|
||||
$fullcommandclear .= " | zstd > ".dol_sanitizePathName($outputfile);
|
||||
$fullcommandcrypted .= " | zstd > ".dol_sanitizePathName($outputfile);
|
||||
$paramcrypted.=" | zstd";
|
||||
$fullcommandclear .= ' | zstd > "'.dol_sanitizePathName($outputfile).'"';
|
||||
$fullcommandcrypted .= ' | zstd > "'.dol_sanitizePathName($outputfile).'"';
|
||||
$paramcrypted .= ' | zstd';
|
||||
$handle = 1;
|
||||
}
|
||||
}
|
||||
@ -473,15 +476,16 @@ class Utils
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if ($compression == 'none') {
|
||||
fclose($handle);
|
||||
} elseif ($compression == 'gz') {
|
||||
gzclose($handle);
|
||||
} elseif ($compression == 'bz') {
|
||||
bzclose($handle);
|
||||
} elseif ($compression == 'zstd') {
|
||||
fclose($handle);
|
||||
if (!$lowmemorydump) {
|
||||
if ($compression == 'none') {
|
||||
fclose($handle);
|
||||
} elseif ($compression == 'gz') {
|
||||
gzclose($handle);
|
||||
} elseif ($compression == 'bz') {
|
||||
bzclose($handle);
|
||||
} elseif ($compression == 'zstd') {
|
||||
fclose($handle);
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($conf->global->MAIN_UMASK)) {
|
||||
|
||||
@ -1233,6 +1233,7 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1)
|
||||
$tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars);
|
||||
$tmp = preg_replace('/\-\-+/', '_', $tmp);
|
||||
$tmp = preg_replace('/\s+\-([^\s])/', ' _$1', $tmp);
|
||||
$tmp = preg_replace('/\s+\-$/', '', $tmp);
|
||||
$tmp = str_replace('..', '', $tmp);
|
||||
return $tmp;
|
||||
}
|
||||
@ -1257,6 +1258,7 @@ function dol_sanitizePathName($str, $newstr = '_', $unaccent = 1)
|
||||
$tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars);
|
||||
$tmp = preg_replace('/\-\-+/', '_', $tmp);
|
||||
$tmp = preg_replace('/\s+\-([^\s])/', ' _$1', $tmp);
|
||||
$tmp = preg_replace('/\s+\-$/', '', $tmp);
|
||||
$tmp = str_replace('..', '', $tmp);
|
||||
return $tmp;
|
||||
}
|
||||
|
||||
@ -2270,7 +2270,7 @@ LateWarningAfter="Late" warning after
|
||||
TemplateforBusinessCards=Template for a business card in different size
|
||||
InventorySetup= Inventory Setup
|
||||
ExportUseLowMemoryMode=Use a low memory mode
|
||||
ExportUseLowMemoryModeHelp=Use the low memory mode to execute the exec of the dump (compression is done through a pipe instead of into the PHP memory). This method does not allow to check that file is completed and error message can't be reported if it fails.
|
||||
ExportUseLowMemoryModeHelp=Use the low memory mode to generate the dump file (compression is done through a pipe instead of into the PHP memory). This method does not allow to check that the file is complete and error message can't be reported if it fails. Use it if you experience not enough memory errors.
|
||||
|
||||
ModuleWebhookName = Webhook
|
||||
ModuleWebhookDesc = Interface to catch dolibarr triggers and send it to an URL
|
||||
|
||||
Loading…
Reference in New Issue
Block a user