diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
index c73d260784d..18478551bfb 100644
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -612,15 +612,16 @@ abstract class CommonObject
$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
- $forcedownload=1;
- $rellink='/document.php?modulepart='.$modulepart;
- if ($forcedownload) $rellink.='&attachment=1';
- if (! empty($ecmfile->entity)) $rellink.='&entity='.$ecmfile->entity;
- //$rellink.='&file='.urlencode($filepath); // No need of name of file for public link, we will use the hash
- $fulllink=$urlwithroot.$rellink;
- //if (! empty($object->ref)) $fulllink.='&hashn='.$object->ref; // Hash of file path
- //elseif (! empty($object->label)) $fulllink.='&hashc='.$object->label; // Hash of file content
- if (! empty($ecmfile->share)) $fulllink.='&hashp='.$ecmfile->share; // Hash for public share
+ $forcedownload=0;
+
+ $paramlink='';
+ //if (! empty($modulepart)) $paramlink.=($paramlink?'&':'').'modulepart='.$modulepart; // For sharing with hash (so public files), modulepart is not required.
+ //if (! empty($ecmfile->entity)) $paramlink.='&entity='.$ecmfile->entity; // For sharing with hash (so public files), entity is not required.
+ //$paramlink.=($paramlink?'&':'').'file='.urlencode($filepath); // No need of name of file for public link, we will use the hash
+ if (! empty($ecmfile->share)) $paramlink.=($paramlink?'&':'').'hashp='.$ecmfile->share; // Hash for public share
+ if ($forcedownload) $paramlink.=($paramlink?'&':'').'attachment=1';
+
+ $fulllink=$urlwithroot.'/document.php'.($paramlink?'?'.$paramlink:'');
// Here $ecmfile->share is defined
return $fulllink;
@@ -4212,8 +4213,9 @@ abstract class CommonObject
/*$this->result['fullname']=$destfull;
$this->result['filepath']=$ecmfile->filepath;
$this->result['filename']=$ecmfile->filename;*/
+ //var_dump($obj->update_main_doc_field);exit;
- // Update the last_main_doc field into main object
+ // Update the last_main_doc field into main object (if documenent generator has property ->update_main_doc_field set)
$update_main_doc_field=0;
if (! empty($obj->update_main_doc_field)) $update_main_doc_field=1;
if ($update_main_doc_field && ! empty($this->table_element))
diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php
index 9b090ed109c..919e77a539f 100644
--- a/htdocs/core/class/html.formfile.class.php
+++ b/htdocs/core/class/html.formfile.class.php
@@ -1068,7 +1068,7 @@ class FormFile
$nboffiles=count($filearray);
if ($nboffiles > 0) include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
- $var=true; $i=0; $nboflines = 0; $lastrowid=0;
+ $i=0; $nboflines = 0; $lastrowid=0;
foreach($filearray as $key => $file) // filearray must be only files here
{
if ($file['name'] != '.'
@@ -1083,7 +1083,7 @@ class FormFile
print ''."\n";
// Do we have entry into database ?
print ''."\n";
- print '';
+ print '
';
// File name
print '| ';
@@ -1114,6 +1114,8 @@ class FormFile
}
// Preview link
if (! $editline) print $this->showPreview($file, $modulepart, $filepath);
+ // Public share link
+ if (! $editline && ! empty($filearray[$key]['hashp'])) print 'ee';
print " | \n";
@@ -1268,7 +1270,7 @@ class FormFile
* @param int $addfilterfields Add line with filters
* @return int <0 if KO, nb of files shown if OK
*/
- function list_of_autoecmfiles($upload_dir,$filearray,$modulepart,$param,$forcedownload=0,$relativepath='',$permtodelete=1,$useinecm=0,$textifempty='',$maxlength=0,$url='',$addfilterfields=0)
+ function list_of_autoecmfiles($upload_dir, $filearray, $modulepart, $param, $forcedownload=0, $relativepath='', $permtodelete=1, $useinecm=0, $textifempty='', $maxlength=0, $url='', $addfilterfields=0)
{
global $user, $conf, $langs, $form;
global $bc;
@@ -1387,7 +1389,6 @@ class FormFile
$object_instance=new ExpenseReport($this->db);
}
- $var=true;
foreach($filearray as $key => $file)
{
if (!is_dir($file['name'])
@@ -1615,11 +1616,9 @@ class FormFile
$nboflinks = count($links);
if ($nboflinks > 0) include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
- $var = true;
foreach ($links as $link)
{
- $var =! $var;
- print '
';
+ print '
';
//edit mode
if ($action == 'update' && $selected === $link->id)
{
diff --git a/htdocs/document.php b/htdocs/document.php
index 42ad848a0d7..db9f4bdb41e 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -73,7 +73,7 @@ $urlsource=GETPOST('urlsource','alpha');
$entity=GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity;
// Security check
-if (empty($modulepart)) accessforbidden('Bad link. Bad value for parameter modulepart',0,0,1);
+if (empty($modulepart) && empty($hashp)) accessforbidden('Bad link. Bad value for parameter modulepart',0,0,1);
if (empty($original_file) && empty($hashp)) accessforbidden('Bad link. Missing identification to find file (original_file or hashp)',0,0,1);
if ($modulepart == 'fckeditor') $modulepart='medias'; // For backward compatibility
@@ -119,15 +119,23 @@ if (! empty($hashp))
{
$tmp = explode('/', $ecmfile->filepath, 2); // $ecmfile->filepath is relative to document directory
$moduleparttocheck = $tmp[0];
- if ($moduleparttocheck == $modulepart)
+ if ($modulepart) // Not required for link using public hashp
{
- // We remove first level of directory
- $original_file = (($tmp[1]?$tmp[1].'/':'').$ecmfile->filename); // this is relative to module dir
- //var_dump($original_file); exit;
+ if ($moduleparttocheck == $modulepart)
+ {
+ // We remove first level of directory
+ $original_file = (($tmp[1]?$tmp[1].'/':'').$ecmfile->filename); // this is relative to module dir
+ //var_dump($original_file); exit;
+ }
+ else
+ {
+ accessforbidden('Bad link. File is from another module part.',0,0,1);
+ }
}
else
{
- accessforbidden('Bad link. File is from another module part.',0,0,1);
+ $modulepart = $moduleparttocheck;
+ $original_file = (($tmp[1]?$tmp[1].'/':'').$ecmfile->filename); // this is relative to module dir
}
}
else
@@ -154,7 +162,8 @@ $fullpath_original_file = $check_access['original_file']; // $
if (! empty($hashp))
{
- $accessallowed = 1; // When using hashp, link is public so we force $accessallowed
+ $accessallowed = 1; // When using hashp, link is public so we force $accessallowed
+ $sqlprotectagainstexternals = '';
}
else
{
@@ -220,7 +229,7 @@ if (! file_exists($fullpath_original_file_osencoded))
top_httphead($type);
header('Content-Description: File Transfer');
if ($encoding) header('Content-Encoding: '.$encoding);
-// Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, atachment=need user action to open)
+// Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, attachment=need user action to open)
if ($attachment) header('Content-Disposition: attachment; filename="'.$filename.'"');
else header('Content-Disposition: inline; filename="'.$filename.'"');
header('Content-Length: ' . dol_filesize($fullpath_original_file));
diff --git a/htdocs/langs/en_US/languages.lang b/htdocs/langs/en_US/languages.lang
index 0ba12c6062a..05288a888eb 100644
--- a/htdocs/langs/en_US/languages.lang
+++ b/htdocs/langs/en_US/languages.lang
@@ -1,5 +1,6 @@
# Dolibarr language file - Source file is en_US - languages
Language_ar_AR=Arabic
+Language_ar_EG=Arabic (Egypt)
Language_ar_SA=Arabic
Language_bn_BD=Bengali
Language_bg_BG=Bulgarian