Work on public sharing files

htdocs/core/class/commonobject.class.php

@@ -612,15 +612,16 @@ abstract class CommonObject
 		$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT;		// This is to use external domain name found into config file
 		//$urlwithroot=DOL_MAIN_URL_ROOT;					// This is to use same domain name than current
 
-		$forcedownload=1;
-		$rellink='/document.php?modulepart='.$modulepart;
-		if ($forcedownload) $rellink.='&attachment=1';
-		if (! empty($ecmfile->entity)) $rellink.='&entity='.$ecmfile->entity;
-		//$rellink.='&file='.urlencode($filepath);		// No need of name of file for public link, we will use the hash
-		$fulllink=$urlwithroot.$rellink;
-		//if (! empty($object->ref))       $fulllink.='&hashn='.$object->ref;			// Hash of file path
-		//elseif (! empty($object->label)) $fulllink.='&hashc='.$object->label;		// Hash of file content
-		if (! empty($ecmfile->share))  $fulllink.='&hashp='.$ecmfile->share;			// Hash for public share
+		$forcedownload=0;
+
+		$paramlink='';
+		//if (! empty($modulepart)) $paramlink.=($paramlink?'&':'').'modulepart='.$modulepart;		// For sharing with hash (so public files), modulepart is not required.
+		//if (! empty($ecmfile->entity)) $paramlink.='&entity='.$ecmfile->entity; 					// For sharing with hash (so public files), entity is not required.
+		//$paramlink.=($paramlink?'&':'').'file='.urlencode($filepath);								// No need of name of file for public link, we will use the hash
+		if (! empty($ecmfile->share)) $paramlink.=($paramlink?'&':'').'hashp='.$ecmfile->share;			// Hash for public share
+		if ($forcedownload) $paramlink.=($paramlink?'&':'').'attachment=1';
+
+		$fulllink=$urlwithroot.'/document.php'.($paramlink?'?'.$paramlink:'');
 
 		// Here $ecmfile->share is defined
 		return $fulllink;
@@ -4212,8 +4213,9 @@ abstract class CommonObject
 						/*$this->result['fullname']=$destfull;
 						$this->result['filepath']=$ecmfile->filepath;
 						$this->result['filename']=$ecmfile->filename;*/
+						//var_dump($obj->update_main_doc_field);exit;
 
-						// Update the last_main_doc field into main object
+						// Update the last_main_doc field into main object (if documenent generator has property ->update_main_doc_field set)
 						$update_main_doc_field=0;
 						if (! empty($obj->update_main_doc_field)) $update_main_doc_field=1;
 						if ($update_main_doc_field && ! empty($this->table_element))

htdocs/core/class/html.formfile.class.php

@@ -1068,7 +1068,7 @@ class FormFile
 			$nboffiles=count($filearray);
 			if ($nboffiles > 0) include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
 
-			$var=true; $i=0; $nboflines = 0; $lastrowid=0;
+			$i=0; $nboflines = 0; $lastrowid=0;
 			foreach($filearray as $key => $file)      // filearray must be only files here
 			{
 				if ($file['name'] != '.'
@@ -1083,7 +1083,7 @@ class FormFile
 					print '<!-- Line list_of_documents '.$key.' relativepath = '.$relativepath.' -->'."\n";
 					// Do we have entry into database ?
 					print '<!-- In database: position='.$filearray[$key]['position'].' -->'."\n";
-					print '<tr id="row-'.($filearray[$key]['rowid']>0?$filearray[$key]['rowid']:'-AFTER'.$lastrowid.'POS'.($i+1)).'" '.$bcdd[$var].'>';
+					print '<tr id="row-'.($filearray[$key]['rowid']>0?$filearray[$key]['rowid']:'-AFTER'.$lastrowid.'POS'.($i+1)).'">';
 
 					// File name
 					print '<td class="tdoverflowmax300">';
@@ -1114,6 +1114,8 @@ class FormFile
 					}
 					// Preview link
 					if (! $editline) print $this->showPreview($file, $modulepart, $filepath);
+					// Public share link
+					if (! $editline && ! empty($filearray[$key]['hashp'])) print 'ee';
 
 					print "</td>\n";
 
@@ -1268,7 +1270,7 @@ class FormFile
 	 *  @param	int		$addfilterfields	Add line with filters
 	 *  @return int                 		<0 if KO, nb of files shown if OK
 	 */
-	function list_of_autoecmfiles($upload_dir,$filearray,$modulepart,$param,$forcedownload=0,$relativepath='',$permtodelete=1,$useinecm=0,$textifempty='',$maxlength=0,$url='',$addfilterfields=0)
+	function list_of_autoecmfiles($upload_dir, $filearray, $modulepart, $param, $forcedownload=0, $relativepath='', $permtodelete=1, $useinecm=0, $textifempty='', $maxlength=0, $url='', $addfilterfields=0)
 	{
 		global $user, $conf, $langs, $form;
 		global $bc;
@@ -1387,7 +1389,6 @@ class FormFile
 			$object_instance=new ExpenseReport($this->db);
 		}
 
-		$var=true;
 		foreach($filearray as $key => $file)
 		{
 			if (!is_dir($file['name'])
@@ -1615,11 +1616,9 @@ class FormFile
 		$nboflinks = count($links);
 		if ($nboflinks > 0) include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
 
-		$var = true;
 		foreach ($links as $link)
 		{
-			$var =! $var;
-			print '<tr ' . $bc[$var] . '>';
+			print '<tr class="oddeven">';
 			//edit mode
 			if ($action == 'update' && $selected === $link->id)
 			{

htdocs/document.php

@@ -73,7 +73,7 @@ $urlsource=GETPOST('urlsource','alpha');
 $entity=GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity;
 
 // Security check
-if (empty($modulepart)) accessforbidden('Bad link. Bad value for parameter modulepart',0,0,1);
+if (empty($modulepart) && empty($hashp)) accessforbidden('Bad link. Bad value for parameter modulepart',0,0,1);
 if (empty($original_file) && empty($hashp)) accessforbidden('Bad link. Missing identification to find file (original_file or hashp)',0,0,1);
 if ($modulepart == 'fckeditor') $modulepart='medias';   // For backward compatibility
 
@@ -119,15 +119,23 @@ if (! empty($hashp))
 	{
 		$tmp = explode('/', $ecmfile->filepath, 2);		// $ecmfile->filepath is relative to document directory
 		$moduleparttocheck = $tmp[0];
-		if ($moduleparttocheck == $modulepart)
+		if ($modulepart)	// Not required for link using public hashp
 		{
-			// We remove first level of directory
-			$original_file = (($tmp[1]?$tmp[1].'/':'').$ecmfile->filename);		// this is relative to module dir
-			//var_dump($original_file); exit;
+			if ($moduleparttocheck == $modulepart)
+			{
+				// We remove first level of directory
+				$original_file = (($tmp[1]?$tmp[1].'/':'').$ecmfile->filename);		// this is relative to module dir
+				//var_dump($original_file); exit;
+			}
+			else
+			{
+				accessforbidden('Bad link. File is from another module part.',0,0,1);
+			}
 		}
 		else
 		{
-			accessforbidden('Bad link. File is from another module part.',0,0,1);
+			$modulepart = $moduleparttocheck;
+			$original_file = (($tmp[1]?$tmp[1].'/':'').$ecmfile->filename);		// this is relative to module dir
 		}
 	}
 	else
@@ -154,7 +162,8 @@ $fullpath_original_file     = $check_access['original_file'];               // $
 
 if (! empty($hashp))
 {
-	$accessallowed = 1;			// When using hashp, link is public so we force $accessallowed
+	$accessallowed = 1;					// When using hashp, link is public so we force $accessallowed
+	$sqlprotectagainstexternals = '';
 }
 else
 {
@@ -220,7 +229,7 @@ if (! file_exists($fullpath_original_file_osencoded))
 top_httphead($type);
 header('Content-Description: File Transfer');
 if ($encoding)   header('Content-Encoding: '.$encoding);
-// Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, atachment=need user action to open)
+// Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, attachment=need user action to open)
 if ($attachment) header('Content-Disposition: attachment; filename="'.$filename.'"');
 else header('Content-Disposition: inline; filename="'.$filename.'"');
 header('Content-Length: ' . dol_filesize($fullpath_original_file));

htdocs/langs/en_US/languages.lang

@@ -1,5 +1,6 @@
 # Dolibarr language file - Source file is en_US - languages
 Language_ar_AR=Arabic
+Language_ar_EG=Arabic (Egypt)
 Language_ar_SA=Arabic
 Language_bn_BD=Bengali
 Language_bg_BG=Bulgarian