diff --git a/htdocs/admin/tools/dolibarr_export.php b/htdocs/admin/tools/dolibarr_export.php index 779db36fb2f..d01efa0ea5b 100644 --- a/htdocs/admin/tools/dolibarr_export.php +++ b/htdocs/admin/tools/dolibarr_export.php @@ -212,10 +212,10 @@ function hideoptions(){ if (div.style.display === "none") { div.style.display = "block"; - lnk.innerText="'.$langs->trans("HideAdvancedoptions").'"; + lnk.innerText="'.dol_escape_js($langs->transnoentitiesnoconv("HideAdvancedoptions")).'"; } else { div.style.display = "none"; - lnk.innerText="'.$langs->trans("ShowAdvancedOptions").'..."; + lnk.innerText="'.dol_escape_js($langs->transnoentitiesnoconv("ShowAdvancedOptions")).'..."; } } '; diff --git a/htdocs/admin/tools/export.php b/htdocs/admin/tools/export.php index 8299e2198ee..8e7643ffc5d 100644 --- a/htdocs/admin/tools/export.php +++ b/htdocs/admin/tools/export.php @@ -35,7 +35,7 @@ $langs->load("admin"); $action = GETPOST('action', 'aZ09'); $what = GETPOST('what', 'alpha'); $export_type = GETPOST('export_type', 'alpha'); -$file = GETPOST('filename_template', 'alpha'); +$file = dol_sanitizeFileName(GETPOST('filename_template', 'alpha')); // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; diff --git a/htdocs/core/class/utils.class.php b/htdocs/core/class/utils.class.php index f5c33bac652..3ab8ff836bf 100644 --- a/htdocs/core/class/utils.class.php +++ b/htdocs/core/class/utils.class.php @@ -215,6 +215,9 @@ class Utils dol_syslog("Utils::dumpDatabase type=".$type." compression=".$compression." file=".$file, LOG_DEBUG); require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + // Clean data + $file = dol_sanitizeFileName($file); + // Check compression parameter if (!in_array($compression, array('none', 'gz', 'bz', 'zip', 'zstd'))) { $langs->load("errors"); @@ -373,23 +376,23 @@ class Utils } } else { if ($compression == 'none') { - $fullcommandclear .= " > ".dol_sanitizePathName($outputfile); - $fullcommandcrypted .= " > ".dol_sanitizePathName($outputfile); + $fullcommandclear .= ' > "'.dol_sanitizePathName($outputfile).'"'; + $fullcommandcrypted .= ' > "'.dol_sanitizePathName($outputfile).'"'; $handle = 1; } elseif ($compression == 'gz') { - $fullcommandclear .= " | gzip > ".dol_sanitizePathName($outputfile); - $fullcommandcrypted .= " | gzip > ".dol_sanitizePathName($outputfile); - $paramcrypted.=" | gzip"; + $fullcommandclear .= ' | gzip > "'.dol_sanitizePathName($outputfile).'"'; + $fullcommandcrypted .= ' | gzip > "'.dol_sanitizePathName($outputfile).'"'; + $paramcrypted .= ' | gzip'; $handle = 1; } elseif ($compression == 'bz') { - $fullcommandclear .= " | bzip2 > ".dol_sanitizePathName($outputfile); - $fullcommandcrypted .= " | bzip2 > ".dol_sanitizePathName($outputfile); - $paramcrypted.=" | bzip2"; + $fullcommandclear .= ' | bzip2 > "'.dol_sanitizePathName($outputfile).'"'; + $fullcommandcrypted .= ' | bzip2 > "'.dol_sanitizePathName($outputfile).'"'; + $paramcrypted .= ' | bzip2'; $handle = 1; } elseif ($compression == 'zstd') { - $fullcommandclear .= " | zstd > ".dol_sanitizePathName($outputfile); - $fullcommandcrypted .= " | zstd > ".dol_sanitizePathName($outputfile); - $paramcrypted.=" | zstd"; + $fullcommandclear .= ' | zstd > "'.dol_sanitizePathName($outputfile).'"'; + $fullcommandcrypted .= ' | zstd > "'.dol_sanitizePathName($outputfile).'"'; + $paramcrypted .= ' | zstd'; $handle = 1; } } @@ -473,15 +476,16 @@ class Utils } } - - if ($compression == 'none') { - fclose($handle); - } elseif ($compression == 'gz') { - gzclose($handle); - } elseif ($compression == 'bz') { - bzclose($handle); - } elseif ($compression == 'zstd') { - fclose($handle); + if (!$lowmemorydump) { + if ($compression == 'none') { + fclose($handle); + } elseif ($compression == 'gz') { + gzclose($handle); + } elseif ($compression == 'bz') { + bzclose($handle); + } elseif ($compression == 'zstd') { + fclose($handle); + } } if (!empty($conf->global->MAIN_UMASK)) { diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 6c278f4764d..f026d58e2de 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1233,6 +1233,7 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1) $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); $tmp = preg_replace('/\-\-+/', '_', $tmp); $tmp = preg_replace('/\s+\-([^\s])/', ' _$1', $tmp); + $tmp = preg_replace('/\s+\-$/', '', $tmp); $tmp = str_replace('..', '', $tmp); return $tmp; } @@ -1257,6 +1258,7 @@ function dol_sanitizePathName($str, $newstr = '_', $unaccent = 1) $tmp = dol_string_nospecial($unaccent ? dol_string_unaccent($str) : $str, $newstr, $filesystem_forbidden_chars); $tmp = preg_replace('/\-\-+/', '_', $tmp); $tmp = preg_replace('/\s+\-([^\s])/', ' _$1', $tmp); + $tmp = preg_replace('/\s+\-$/', '', $tmp); $tmp = str_replace('..', '', $tmp); return $tmp; } diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index ba92fc4f8a1..fc793a1f465 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2270,7 +2270,7 @@ LateWarningAfter="Late" warning after TemplateforBusinessCards=Template for a business card in different size InventorySetup= Inventory Setup ExportUseLowMemoryMode=Use a low memory mode -ExportUseLowMemoryModeHelp=Use the low memory mode to execute the exec of the dump (compression is done through a pipe instead of into the PHP memory). This method does not allow to check that file is completed and error message can't be reported if it fails. +ExportUseLowMemoryModeHelp=Use the low memory mode to generate the dump file (compression is done through a pipe instead of into the PHP memory). This method does not allow to check that the file is complete and error message can't be reported if it fails. Use it if you experience not enough memory errors. ModuleWebhookName = Webhook ModuleWebhookDesc = Interface to catch dolibarr triggers and send it to an URL