From 5849efd9fc85afb0f12074346ec2e8e34e5e3ce2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 19 Nov 2017 20:44:57 +0100 Subject: [PATCH] Work on public sharing files --- htdocs/core/class/commonobject.class.php | 22 +++++++++++--------- htdocs/core/class/html.formfile.class.php | 13 ++++++------ htdocs/document.php | 25 +++++++++++++++-------- htdocs/langs/en_US/languages.lang | 1 + 4 files changed, 36 insertions(+), 25 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index c73d260784d..18478551bfb 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -612,15 +612,16 @@ abstract class CommonObject $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current - $forcedownload=1; - $rellink='/document.php?modulepart='.$modulepart; - if ($forcedownload) $rellink.='&attachment=1'; - if (! empty($ecmfile->entity)) $rellink.='&entity='.$ecmfile->entity; - //$rellink.='&file='.urlencode($filepath); // No need of name of file for public link, we will use the hash - $fulllink=$urlwithroot.$rellink; - //if (! empty($object->ref)) $fulllink.='&hashn='.$object->ref; // Hash of file path - //elseif (! empty($object->label)) $fulllink.='&hashc='.$object->label; // Hash of file content - if (! empty($ecmfile->share)) $fulllink.='&hashp='.$ecmfile->share; // Hash for public share + $forcedownload=0; + + $paramlink=''; + //if (! empty($modulepart)) $paramlink.=($paramlink?'&':'').'modulepart='.$modulepart; // For sharing with hash (so public files), modulepart is not required. + //if (! empty($ecmfile->entity)) $paramlink.='&entity='.$ecmfile->entity; // For sharing with hash (so public files), entity is not required. + //$paramlink.=($paramlink?'&':'').'file='.urlencode($filepath); // No need of name of file for public link, we will use the hash + if (! empty($ecmfile->share)) $paramlink.=($paramlink?'&':'').'hashp='.$ecmfile->share; // Hash for public share + if ($forcedownload) $paramlink.=($paramlink?'&':'').'attachment=1'; + + $fulllink=$urlwithroot.'/document.php'.($paramlink?'?'.$paramlink:''); // Here $ecmfile->share is defined return $fulllink; @@ -4212,8 +4213,9 @@ abstract class CommonObject /*$this->result['fullname']=$destfull; $this->result['filepath']=$ecmfile->filepath; $this->result['filename']=$ecmfile->filename;*/ + //var_dump($obj->update_main_doc_field);exit; - // Update the last_main_doc field into main object + // Update the last_main_doc field into main object (if documenent generator has property ->update_main_doc_field set) $update_main_doc_field=0; if (! empty($obj->update_main_doc_field)) $update_main_doc_field=1; if ($update_main_doc_field && ! empty($this->table_element)) diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 9b090ed109c..919e77a539f 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -1068,7 +1068,7 @@ class FormFile $nboffiles=count($filearray); if ($nboffiles > 0) include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; - $var=true; $i=0; $nboflines = 0; $lastrowid=0; + $i=0; $nboflines = 0; $lastrowid=0; foreach($filearray as $key => $file) // filearray must be only files here { if ($file['name'] != '.' @@ -1083,7 +1083,7 @@ class FormFile print ''."\n"; // Do we have entry into database ? print ''."\n"; - print ''; + print ''; // File name print ''; @@ -1114,6 +1114,8 @@ class FormFile } // Preview link if (! $editline) print $this->showPreview($file, $modulepart, $filepath); + // Public share link + if (! $editline && ! empty($filearray[$key]['hashp'])) print 'ee'; print "\n"; @@ -1268,7 +1270,7 @@ class FormFile * @param int $addfilterfields Add line with filters * @return int <0 if KO, nb of files shown if OK */ - function list_of_autoecmfiles($upload_dir,$filearray,$modulepart,$param,$forcedownload=0,$relativepath='',$permtodelete=1,$useinecm=0,$textifempty='',$maxlength=0,$url='',$addfilterfields=0) + function list_of_autoecmfiles($upload_dir, $filearray, $modulepart, $param, $forcedownload=0, $relativepath='', $permtodelete=1, $useinecm=0, $textifempty='', $maxlength=0, $url='', $addfilterfields=0) { global $user, $conf, $langs, $form; global $bc; @@ -1387,7 +1389,6 @@ class FormFile $object_instance=new ExpenseReport($this->db); } - $var=true; foreach($filearray as $key => $file) { if (!is_dir($file['name']) @@ -1615,11 +1616,9 @@ class FormFile $nboflinks = count($links); if ($nboflinks > 0) include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; - $var = true; foreach ($links as $link) { - $var =! $var; - print ''; + print ''; //edit mode if ($action == 'update' && $selected === $link->id) { diff --git a/htdocs/document.php b/htdocs/document.php index 42ad848a0d7..db9f4bdb41e 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -73,7 +73,7 @@ $urlsource=GETPOST('urlsource','alpha'); $entity=GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity; // Security check -if (empty($modulepart)) accessforbidden('Bad link. Bad value for parameter modulepart',0,0,1); +if (empty($modulepart) && empty($hashp)) accessforbidden('Bad link. Bad value for parameter modulepart',0,0,1); if (empty($original_file) && empty($hashp)) accessforbidden('Bad link. Missing identification to find file (original_file or hashp)',0,0,1); if ($modulepart == 'fckeditor') $modulepart='medias'; // For backward compatibility @@ -119,15 +119,23 @@ if (! empty($hashp)) { $tmp = explode('/', $ecmfile->filepath, 2); // $ecmfile->filepath is relative to document directory $moduleparttocheck = $tmp[0]; - if ($moduleparttocheck == $modulepart) + if ($modulepart) // Not required for link using public hashp { - // We remove first level of directory - $original_file = (($tmp[1]?$tmp[1].'/':'').$ecmfile->filename); // this is relative to module dir - //var_dump($original_file); exit; + if ($moduleparttocheck == $modulepart) + { + // We remove first level of directory + $original_file = (($tmp[1]?$tmp[1].'/':'').$ecmfile->filename); // this is relative to module dir + //var_dump($original_file); exit; + } + else + { + accessforbidden('Bad link. File is from another module part.',0,0,1); + } } else { - accessforbidden('Bad link. File is from another module part.',0,0,1); + $modulepart = $moduleparttocheck; + $original_file = (($tmp[1]?$tmp[1].'/':'').$ecmfile->filename); // this is relative to module dir } } else @@ -154,7 +162,8 @@ $fullpath_original_file = $check_access['original_file']; // $ if (! empty($hashp)) { - $accessallowed = 1; // When using hashp, link is public so we force $accessallowed + $accessallowed = 1; // When using hashp, link is public so we force $accessallowed + $sqlprotectagainstexternals = ''; } else { @@ -220,7 +229,7 @@ if (! file_exists($fullpath_original_file_osencoded)) top_httphead($type); header('Content-Description: File Transfer'); if ($encoding) header('Content-Encoding: '.$encoding); -// Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, atachment=need user action to open) +// Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, attachment=need user action to open) if ($attachment) header('Content-Disposition: attachment; filename="'.$filename.'"'); else header('Content-Disposition: inline; filename="'.$filename.'"'); header('Content-Length: ' . dol_filesize($fullpath_original_file)); diff --git a/htdocs/langs/en_US/languages.lang b/htdocs/langs/en_US/languages.lang index 0ba12c6062a..05288a888eb 100644 --- a/htdocs/langs/en_US/languages.lang +++ b/htdocs/langs/en_US/languages.lang @@ -1,5 +1,6 @@ # Dolibarr language file - Source file is en_US - languages Language_ar_AR=Arabic +Language_ar_EG=Arabic (Egypt) Language_ar_SA=Arabic Language_bn_BD=Bengali Language_bg_BG=Bulgarian