lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Sanitize filename

Browse Source
This commit is contained in:
Laurent Destailleur 2011-01-14 01:24:00 +00:00
parent daa6438fa0
commit 5bde360164
5 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/comm/propal.php
View File

@ -511,7 +511,7 @@ if ($_POST['action'] == 'send' && ! $_POST['addfile'] && ! $_POST['removedfile']
$result=$mailfile->sendfile(); $result=$mailfile->sendfile();
if ($result) if ($result)
{ {
$mesg='<div class="ok">'.$langs->trans('MailSuccessfulySent',$from,$sendto).'.</div>'; $mesg=$langs->trans('MailSuccessfulySent',$from,$sendto);
$error=0; $error=0;
@ -969,7 +969,11 @@ if ($id > 0 || ! empty($ref))
* Show object in view mode * Show object in view mode
*/ */
if ($mesg) print $mesg."<br>"; if ($mesg)
{
if (! preg_match('/div class=/',$mesg)) print '<div class="ok">'.$mesg.'</div><br>';
else print $mesg."<br>";
}
$object->fetch($id,$ref); $object->fetch($id,$ref);
@ -1612,7 +1616,7 @@ if ($id > 0 || ! empty($ref))
if (! empty($_REQUEST["mode"]) && $_REQUEST["mode"]=='init') if (! empty($_REQUEST["mode"]) && $_REQUEST["mode"]=='init')
{ {
$formmail->clear_attached_files(); $formmail->clear_attached_files();
$formmail->add_attached_files($file,$object->ref.'.pdf','application/pdf'); $formmail->add_attached_files($file,dol_sanitizeFilename($object->ref).'.pdf','application/pdf');
} }
$formmail->show_form(); $formmail->show_form();

2
htdocs/commande/fiche.php
View File

@ -1916,7 +1916,7 @@ else
if (! empty($_REQUEST["mode"]) && $_REQUEST["mode"]=='init') if (! empty($_REQUEST["mode"]) && $_REQUEST["mode"]=='init')
{ {
$formmail->clear_attached_files(); $formmail->clear_attached_files();
$formmail->add_attached_files($file,$ref.'.pdf','application/pdf'); $formmail->add_attached_files($file,dol_sanitizeFilename($ref.'.pdf'),'application/pdf');
} }
// Show form // Show form

2
htdocs/compta/facture.php
View File

@ -2871,7 +2871,7 @@ else
if (! empty($_REQUEST["mode"]) && $_REQUEST["mode"]=='init') if (! empty($_REQUEST["mode"]) && $_REQUEST["mode"]=='init')
{ {
$formmail->clear_attached_files(); $formmail->clear_attached_files();
$formmail->add_attached_files($file,$ref.'.pdf','application/pdf'); $formmail->add_attached_files($file,dol_sanitizeFilename($ref.'.pdf'),'application/pdf');
} }
$formmail->show_form(); $formmail->show_form();

2
htdocs/fourn/commande/fiche.php
View File

@ -1474,7 +1474,7 @@ if ($id > 0 || ! empty($ref))
if (! empty($_REQUEST["mode"]) && $_REQUEST["mode"]=='init') if (! empty($_REQUEST["mode"]) && $_REQUEST["mode"]=='init')
{ {
$formmail->clear_attached_files(); $formmail->clear_attached_files();
$formmail->add_attached_files($file,$ref.'.pdf','application/pdf'); $formmail->add_attached_files($file,dol_sanitizeFilename($ref.'.pdf'),'application/pdf');
} }
// Show form // Show form

2
htdocs/fourn/facture/fiche.php
View File

@ -1867,7 +1867,7 @@ else
if (! empty($_REQUEST["mode"]) && $_REQUEST["mode"]=='init') if (! empty($_REQUEST["mode"]) && $_REQUEST["mode"]=='init')
{ {
$formmail->clear_attached_files(); $formmail->clear_attached_files();
$formmail->add_attached_files($file,$ref.'.pdf','application/pdf'); $formmail->add_attached_files($file,dol_sanitizeFilename($ref.'.pdf'),'application/pdf');
} }
// Show form // Show form