lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur 2020-04-05 15:29:30 +02:00
commit 8f4ac3d610
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
htdocs/api/class/api_documents.class.php
View File

@ -457,6 +457,22 @@ class Documents extends DolibarrApi
$upload_dir = $conf->expensereport->dir_output.'/'.dol_sanitizeFileName($object->ref);
}
elseif ($modulepart == 'categorie' || $modulepart == 'category')
{
require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php';
if (!DolibarrApiAccess::$user->rights->categorie->lire) {
throw new RestException(401);
}
$object = new Categorie($this->db);
$result = $object->fetch($id, $ref);
if (!$result) {
throw new RestException(404, 'Category not found');
}
$upload_dir = $conf->categorie->multidir_output[$object->entity].'/'.get_exdir($object->id, 2, 0, 0, $object, 'category').$object->id."/photos/".dol_sanitizeFileName($object->ref);
}
else
{
throw new RestException(500, 'Modulepart '.$modulepart.' not implemented yet.');

2
htdocs/api/class/api_setup.class.php
View File

@ -1426,7 +1426,7 @@ class Setup extends DolibarrApi
throw new RestException(403, 'Error API open to admin users only or to the login user defined with constant API_LOGIN_ALLOWED_FOR_ADMIN_CHECK');
}
if (! preg_match('/[^a-zA-Z0-9_]/', $confname) || ! isset($conf->global->$confname)) {
if (! preg_match('/^[a-zA-Z0-9_]+$/', $confname) || ! isset($conf->global->$confname)) {
throw new RestException(500, 'Error Bad or unknown value for constname');
}
if (preg_match('/(_pass|password|secret|_key|key$)/i', $confname)) {