lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix bug huntr.dev

Browse Source
This commit is contained in:
Laurent Destailleur 2021-10-25 15:39:02 +02:00
parent ad2e567571
commit 7533d4495d
1 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
htdocs/core/actions_linkedfiles.inc.php
View File

@ -36,8 +36,19 @@ if (GETPOST('uploadform', 'int') && empty($_POST) && empty($_FILES)) {
die;
}
if ((GETPOST('sendit', 'alpha')
|| GETPOST('linkit', 'restricthtml')
|| ($action == 'confirm_deletefile' && $confirm == 'yes')
|| ($action == 'confirm_updateline' && GETPOST('save', 'alpha') && GETPOST('link', 'alpha'))
|| ($action == 'renamefile' && GETPOST('renamefilesave', 'alpha'))) && empty($permissiontoadd)) {
dol_syslog('The file actions_linkedfiles.inc.php was included but paramater $permissiontoadd as not set before.');
print 'The file actions_linkedfiles.inc.php was included but paramater $permissiontoadd as not set before.';
die;
}
// Submit file/link
if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC) && (!isset($permissiontoadd) || $permissiontoadd)) {
if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC) && !empty($permissiontoadd)) {
if (!empty($_FILES)) {
if (is_array($_FILES['userfile']['tmp_name'])) {
$userfiles = $_FILES['userfile']['tmp_name'];
@ -75,7 +86,7 @@ if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC) && (!is
}
}
}
} elseif (GETPOST('linkit', 'restricthtml') && !empty($conf->global->MAIN_UPLOAD_DOC) && (!isset($permissiontoadd) || $permissiontoadd)) {
} elseif (GETPOST('linkit', 'restricthtml') && !empty($conf->global->MAIN_UPLOAD_DOC) && !empty($permissiontoadd)) {
$link = GETPOST('link', 'alpha');
if ($link) {
if (substr($link, 0, 7) != 'http://' && substr($link, 0, 8) != 'https://' && substr($link, 0, 7) != 'file://' && substr($link, 0, 7) != 'davs://') {
@ -87,7 +98,7 @@ if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC) && (!is
// Delete file/link
if ($action == 'confirm_deletefile' && $confirm == 'yes' && (!isset($permissiontoadd) || $permissiontoadd)) {
if ($action == 'confirm_deletefile' && $confirm == 'yes' && !empty($permissiontoadd)) {
$urlfile = GETPOST('urlfile', 'alpha', 0, null, null, 1); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
if (GETPOST('section', 'alpha')) {
// For a delete from the ECM module, upload_dir is ECM root dir and urlfile contains relative path from upload_dir
@ -158,7 +169,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes' && (!isset($permissiont
exit;
}
}
} elseif ($action == 'confirm_updateline' && GETPOST('save', 'alpha') && GETPOST('link', 'alpha') && (!isset($permissiontoadd) || $permissiontoadd)) {
} elseif ($action == 'confirm_updateline' && GETPOST('save', 'alpha') && GETPOST('link', 'alpha') && !empty($permissiontoadd)) {
require_once DOL_DOCUMENT_ROOT.'/core/class/link.class.php';
$langs->load('link');
$link = new Link($db);
@ -176,7 +187,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes' && (!isset($permissiont
} else {
//error fetching
}
} elseif ($action == 'renamefile' && GETPOST('renamefilesave', 'alpha') && (!isset($permissiontoadd) || $permissiontoadd)) {
} elseif ($action == 'renamefile' && GETPOST('renamefilesave', 'alpha') && !empty($permissiontoadd)) {
// For documents pages, upload_dir contains already path to file from module dir, so we clean path into urlfile.
if (!empty($upload_dir)) {
$filenamefrom = dol_sanitizeFileName(GETPOST('renamefilefrom', 'alpha'), '_', 0); // Do not remove accents