WIP work on param download on payment page

2017-09-20 17:23:36 +02:00 · 2017-09-20 17:23:36 +02:00 · 577c64cc37
commit 577c64cc37
parent 1d6213ea7d
2 changed files with 29 additions and 4 deletions
--- a/htdocs/compta/facture/class/facture.class.php
+++ b/htdocs/compta/facture/class/facture.class.php
@ -1051,6 +1051,23 @@ class Facture extends CommonInvoice
 		else return -1;
 	}

+	/**
+	 * Return link to download file from a direct external access
+	 *
+	 * @param	int				$withpicto			Add download picto into link
+	 * @return	string			HTML link to file
+	 */
+	function getDirectExternalLink($withpicto=0)
+	{
+		// Define $urlwithroot
+		$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
+		$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT;		// This is to use external domain name found into config file
+		//$urlwithroot=DOL_MAIN_URL_ROOT;					// This is to use same domain name than current
+
+		$url='eee';
+		return '<a href="'.$urlwithroot.'/document.php?modulepart=invoice&" target="_download" rel="noindex, nofollow">'.$this->ref.'</a>';
+	}
+
 	/**
 	 *      Return clicable link of object (with eventually picto)
 	 *
--- a/htdocs/public/payment/newpayment.php
+++ b/htdocs/public/payment/newpayment.php
@ -808,7 +808,7 @@ if ($source == 'invoice')

 	print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Creditor");
    print '</td><td class="CTableRow'.($var?'1':'2').'"><b>'.$creditor.'</b>';
-    print '<input type="hidden" name="creditor" value="'.$creditor.'">';
+    print '<input type="hidden" name="creditor" value="'.dol_escape_htmltag($creditor).'">';
    print '</td></tr>'."\n";

 	// Debitor
@ -821,8 +821,8 @@ if ($source == 'invoice')
 	$text='<b>'.$langs->trans("PaymentInvoiceRef",$invoice->ref).'</b>';
 	print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Designation");
 	print '</td><td class="CTableRow'.($var?'1':'2').'">'.$text;
-	print '<input type="hidden" name="source" value="'.GETPOST("source",'alpha').'">';
-	print '<input type="hidden" name="ref" value="'.$invoice->ref.'">';
+	print '<input type="hidden" name="source" value="'.dol_escape_htmltag(GETPOST("source",'alpha')).'">';
+	print '<input type="hidden" name="ref" value="'.dol_escape_htmltag($invoice->ref).'">';
 	print '</td></tr>'."\n";

 	// Amount
@ -846,13 +846,21 @@ if ($source == 'invoice')
 	print '</td></tr>'."\n";

 	// Tag
-
 	print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("PaymentCode");
 	print '</td><td class="CTableRow'.($var?'1':'2').'"><b>'.$fulltag.'</b>';
 	print '<input type="hidden" name="tag" value="'.$tag.'">';
 	print '<input type="hidden" name="fulltag" value="'.$fulltag.'">';
 	print '</td></tr>'."\n";

+	// Add download link
+	if (GETPOST('download','int') > 0)
+	{
+		print '<tr class="CTableRow'.($var?'1':'2').'"><td class="CTableRow'.($var?'1':'2').'">'.$langs->trans("Document");
+		print '</td><td class="CTableRow'.($var?'1':'2').'">';
+		print $invoice->getDirectExternalLink(1);
+		print '</td></tr>'."\n";
+	}
+
    // Shipping address
    $shipToName=$invoice->thirdparty->name;
    $shipToStreet=$invoice->thirdparty->address;