From 95299cccb9d514788126467fe67879d34751e158 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 4 May 2008 15:19:03 +0000 Subject: [PATCH] Add protection on upload if file already exists --- htdocs/adherents/fiche.php | 2 +- htdocs/admin/company.php | 2 +- htdocs/admin/import/import.php | 2 +- htdocs/comm/action/document.php | 2 +- htdocs/comm/propal/document.php | 2 +- htdocs/commande/document.php | 2 +- htdocs/compta/facture/document.php | 2 +- htdocs/compta/prelevement/fiche.php | 2 +- htdocs/contrat/document.php | 2 +- htdocs/ecm/docmine.php | 4 ++-- htdocs/ecm/docother.php | 4 ++-- htdocs/fourn/facture/document.php | 2 +- htdocs/product/document.php | 2 +- htdocs/product/photos.php | 2 +- htdocs/telephonie/facturation/index.php | 2 +- htdocs/telephonie/ligne/commande/retour/index.php | 2 +- htdocs/user/fiche.php | 2 +- 17 files changed, 19 insertions(+), 19 deletions(-) diff --git a/htdocs/adherents/fiche.php b/htdocs/adherents/fiche.php index 0ac46741607..e3f46b2d78a 100644 --- a/htdocs/adherents/fiche.php +++ b/htdocs/adherents/fiche.php @@ -176,7 +176,7 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"]) if (is_dir($conf->adherent->dir_output)) { $newfile=$conf->adherent->dir_output . "/" . $adh->id . ".jpg"; - if (! dol_move_uploaded_file($_FILES['photo']['tmp_name'],$newfile,1) > 0) + if (! dol_move_uploaded_file($_FILES['photo']['tmp_name'],$newfile,1)) { $message .= '
'.$langs->trans("ErrorFailedToSaveFile").'
'; } diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index 831872a1941..2d34f0bdb92 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -65,7 +65,7 @@ if ( (isset($_POST["action"]) && $_POST["action"] == 'update') { create_exdir($conf->societe->dir_logos); } - if (dol_move_uploaded_file($_FILES["logo"]["tmp_name"],$conf->societe->dir_logos.'/'.$original_file,1) > 0) + if (dol_move_uploaded_file($_FILES["logo"]["tmp_name"],$conf->societe->dir_logos.'/'.$original_file,1)) { dolibarr_set_const($db, "MAIN_INFO_SOCIETE_LOGO",$original_file); diff --git a/htdocs/admin/import/import.php b/htdocs/admin/import/import.php index 7eaa262ede4..69eab6d933f 100644 --- a/htdocs/admin/import/import.php +++ b/htdocs/admin/import/import.php @@ -65,7 +65,7 @@ if ( $_POST["sendit"] && $conf->upload != 0) { $imp = new DolibarrImport($db); $imp->CreateBackupDir(); - if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $imp->upload_dir . "/" . $_FILES['userfile']['name'],1) > 0) + if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $imp->upload_dir . "/" . $_FILES['userfile']['name'],1)) { $imp->ImportClients($imp->upload_dir . "/" . $_FILES['userfile']['name']); diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index d37aeb2793d..067699f8709 100755 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -75,7 +75,7 @@ if ( $_POST["sendit"] && $conf->upload ) if (is_dir($upload_dir)) { - if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0) > 0) + if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0)) { $mesg = '
'.$langs->trans("FileTransferComplete").'
'; //print_r($_FILES); diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index 03df48438ca..ca9a18a3540 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -77,7 +77,7 @@ if ($_POST["sendit"] && $conf->upload) if (is_dir($upload_dir)) { - if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0) > 0) + if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0)) { $mesg = '
'.$langs->trans("FileTransferComplete").'
'; //print_r($_FILES); diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php index 54d82cd70d1..5041a8861c3 100644 --- a/htdocs/commande/document.php +++ b/htdocs/commande/document.php @@ -79,7 +79,7 @@ if ($_POST["sendit"] && $conf->upload) if (is_dir($upload_dir)) { - if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0) > 0) + if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0)) { $mesg = '
'.$langs->trans("FileTransferComplete").'
'; //print_r($_FILES); diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php index b17360290f1..5279c762982 100644 --- a/htdocs/compta/facture/document.php +++ b/htdocs/compta/facture/document.php @@ -79,7 +79,7 @@ if ($_POST["sendit"] && $conf->upload) if (is_dir($upload_dir)) { - if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0) > 0) + if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0)) { $mesg = '
'.$langs->trans("FileTransferComplete").'
'; //print_r($_FILES); diff --git a/htdocs/compta/prelevement/fiche.php b/htdocs/compta/prelevement/fiche.php index d48ef91153e..0185382395d 100644 --- a/htdocs/compta/prelevement/fiche.php +++ b/htdocs/compta/prelevement/fiche.php @@ -57,7 +57,7 @@ if ($_POST["action"] == 'infotrans') { $dir = $conf->prelevement->dir_output.'/bon/'; - if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $dir . "/" . $_FILES['userfile']['name'],1) > 0) + if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $dir . "/" . $_FILES['userfile']['name'],1)) { $dt = dolibarr_mktime(12,0,0,$_POST["remonth"],$_POST["reday"],$_POST["reyear"]); diff --git a/htdocs/contrat/document.php b/htdocs/contrat/document.php index 7030627b505..db92f09453d 100644 --- a/htdocs/contrat/document.php +++ b/htdocs/contrat/document.php @@ -80,7 +80,7 @@ if ($_POST["sendit"] && $conf->upload) if (is_dir($upload_dir)) { - if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0) > 0) + if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0)) { $mesg = '
'.$langs->trans("FileTransferComplete").'
'; //print_r($_FILES); diff --git a/htdocs/ecm/docmine.php b/htdocs/ecm/docmine.php index 6f2af1fcb86..89427dcb461 100644 --- a/htdocs/ecm/docmine.php +++ b/htdocs/ecm/docmine.php @@ -95,13 +95,13 @@ if ( $_POST["sendit"] && $conf->upload != 0) if (is_dir($upload_dir)) { $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) + if ($result == 1) { //$mesg = '
'.$langs->trans("FileTransferComplete").'
'; //print_r($_FILES); $result=$ecmdir->changeNbOfFiles('+'); } - else if ($result < 0) + else if (!$result) { // Echec transfert (fichier depassant la limite ?) $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; diff --git a/htdocs/ecm/docother.php b/htdocs/ecm/docother.php index 9ddac653c47..8407f6c1f85 100644 --- a/htdocs/ecm/docother.php +++ b/htdocs/ecm/docother.php @@ -51,12 +51,12 @@ if ( $_POST["sendit"] && $conf->upload != 0) if (is_dir($upload_dir)) { $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) + if ($result == 1) { $mesg = '
'.$langs->trans("FileTransferComplete").'
'; //print_r($_FILES); } - else if ($result < 0) + else if (!$result) { // Echec transfert (fichier d?passant la limite ?) $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php index 454e917e604..983f2b6b5ff 100644 --- a/htdocs/fourn/facture/document.php +++ b/htdocs/fourn/facture/document.php @@ -82,7 +82,7 @@ if ($_POST['sendit'] && $conf->upload) if (is_dir($upload_dir)) { - if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . '/' . $_FILES['userfile']['name'],0) > 0) + if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . '/' . $_FILES['userfile']['name'],0)) { $mesg = '
'.$langs->trans('FileTransferComplete').'
'; //print_r($_FILES); diff --git a/htdocs/product/document.php b/htdocs/product/document.php index af1311f8dee..96e4668e8a0 100755 --- a/htdocs/product/document.php +++ b/htdocs/product/document.php @@ -86,7 +86,7 @@ if ($_POST["sendit"] && $conf->upload) if (is_dir($upload_dir)) { - if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0) > 0) + if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0)) { $mesg = '
'.$langs->trans("FileTransferComplete").'
'; //print_r($_FILES); diff --git a/htdocs/product/photos.php b/htdocs/product/photos.php index 037126702c7..eecc30429e0 100644 --- a/htdocs/product/photos.php +++ b/htdocs/product/photos.php @@ -53,7 +53,7 @@ if ($_FILES['userfile']['size'] > 0 && $_POST["sendit"] && $conf->upload != 0) $product = new Product($db); $result = $product->fetch($_GET["id"]); - // if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],1) > 0) + // if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],1)) // var_dump($_FILES); diff --git a/htdocs/telephonie/facturation/index.php b/htdocs/telephonie/facturation/index.php index 81e0ca775b6..9f1330c33d2 100644 --- a/htdocs/telephonie/facturation/index.php +++ b/htdocs/telephonie/facturation/index.php @@ -35,7 +35,7 @@ if ( $_POST["sendit"] && $conf->upload != 0) if (is_dir($upload_dir)) { - if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],1) > 0) + if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],1)) { $mesg = "Le fichier est valide, et a été téléchargé avec succès.\n"; } diff --git a/htdocs/telephonie/ligne/commande/retour/index.php b/htdocs/telephonie/ligne/commande/retour/index.php index f53b4f342dd..0f6c553bd07 100644 --- a/htdocs/telephonie/ligne/commande/retour/index.php +++ b/htdocs/telephonie/ligne/commande/retour/index.php @@ -42,7 +42,7 @@ if ( $_POST["sendit"] && $conf->upload != 0) $nextname = $upload_dir .'/backup'; - if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],1) > 0) + if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],1)) { $mesg = "Le fichier est valide, et a été téléchargé avec succès.\n"; } diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index 1dd237ed23c..8494769310e 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -276,7 +276,7 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $caneditfield) if (is_dir($conf->users->dir_output)) { $newfile=$conf->users->dir_output . "/" . $edituser->id . ".jpg"; - if (! dol_move_uploaded_file($_FILES['photo']['tmp_name'],$newfile,1) > 0) + if (! dol_move_uploaded_file($_FILES['photo']['tmp_name'],$newfile,1)) { $message .= '
'.$langs->trans("ErrorFailedToSaveFile").'
'; }