From 968addfad3c94e7af1e0b3deb2b30b28c1746026 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 1 May 2010 14:28:48 +0000 Subject: [PATCH] Fix: Better error management in upload files --- htdocs/adherents/fiche.php | 4 +- htdocs/admin/company.php | 4 +- htdocs/admin/mails.php | 46 ++++--- htdocs/admin/security_other.php | 62 ++++++--- htdocs/categories/class/categorie.class.php | 4 +- htdocs/comm/action/document.php | 46 +++---- htdocs/comm/mailing/fiche.php | 52 ++++---- htdocs/comm/propal.php | 43 ++++--- htdocs/comm/propal/document.php | 48 +++---- htdocs/commande/document.php | 42 +++--- htdocs/commande/fiche.php | 50 ++++---- htdocs/compta/facture.php | 55 ++++---- htdocs/compta/facture/document.php | 32 +++-- htdocs/compta/prelevement/fiche.php | 2 + htdocs/contrat/document.php | 46 +++---- htdocs/ecm/docmine.php | 38 +++--- htdocs/ecm/docother.php | 45 ++++--- htdocs/ecm/index.php | 37 +++--- htdocs/fichinter/document.php | 46 +++---- htdocs/fourn/commande/document.php | 42 +++--- htdocs/fourn/facture/document.php | 33 ++--- htdocs/ftp/index.php | 37 +++--- htdocs/imports/import.php | 2 + .../modules/mailings/peche.modules.php | 39 +++--- htdocs/langs/en_US/errors.lang | 6 + htdocs/langs/fr_FR/errors.lang | 6 + htdocs/lib/admin.lib.php | 1 - htdocs/lib/antivir.class.php | 62 ++++++--- htdocs/lib/files.lib.php | 120 ++++++++++++++++++ htdocs/lib/functions.lib.php | 89 ------------- htdocs/product/class/product.class.php | 2 + htdocs/product/document.php | 46 +++---- htdocs/projet/document.php | 62 ++++----- htdocs/projet/tasks/document.php | 39 +++--- htdocs/societe/document.php | 33 ++--- htdocs/user/fiche.php | 9 +- 36 files changed, 739 insertions(+), 591 deletions(-) diff --git a/htdocs/adherents/fiche.php b/htdocs/adherents/fiche.php index 920a5e8c33c..4f3f5c0abfb 100644 --- a/htdocs/adherents/fiche.php +++ b/htdocs/adherents/fiche.php @@ -212,6 +212,8 @@ if ($_REQUEST["action"] == 'confirm_sendinfo' && $_REQUEST["confirm"] == 'yes') if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->adherent->creer) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + $datenaiss=''; if (isset($_POST["naissday"]) && $_POST["naissday"] && isset($_POST["naissmonth"]) && $_POST["naissmonth"] @@ -293,7 +295,7 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->adhe if (@is_dir($dir)) { $newfile=$dir.'/'.$_FILES['photo']['name']; - if (! dol_move_uploaded_file($_FILES['photo']['tmp_name'],$newfile,1) > 0) + if (! dol_move_uploaded_file($_FILES['photo']['tmp_name'],$newfile,1,0,$_FILES['photo']['error']) > 0) { $message .= '
'.$langs->trans("ErrorFailedToSaveFile").'
'; } diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index 07918b852c3..16c420ff30a 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -51,6 +51,8 @@ $quality = 80; if ( (isset($_POST["action"]) && $_POST["action"] == 'update') || (isset($_POST["action"]) && $_POST["action"] == 'updateedit') ) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM",$_POST["nom"],'chaine',0,'',$conf->entity); dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADRESSE",$_POST["address"],'chaine',0,'',$conf->entity); dolibarr_set_const($db, "MAIN_INFO_SOCIETE_VILLE",$_POST["ville"],'chaine',0,'',$conf->entity); @@ -77,7 +79,7 @@ if ( (isset($_POST["action"]) && $_POST["action"] == 'update') { create_exdir($conf->mycompany->dir_output.'/logos/'); } - if (dol_move_uploaded_file($_FILES["logo"]["tmp_name"],$conf->mycompany->dir_output.'/logos/'.$original_file,1) > 0) + if (dol_move_uploaded_file($_FILES["logo"]["tmp_name"],$conf->mycompany->dir_output.'/logos/'.$original_file,1,0,$_FILES['logo']['error']) > 0) { dolibarr_set_const($db, "MAIN_INFO_SOCIETE_LOGO",$original_file,'chaine',0,'',$conf->entity); diff --git a/htdocs/admin/mails.php b/htdocs/admin/mails.php index 70652b1d219..a227408fea9 100644 --- a/htdocs/admin/mails.php +++ b/htdocs/admin/mails.php @@ -68,40 +68,46 @@ if (isset($_POST["action"]) && $_POST["action"] == 'update') */ if ($_POST['addfile'] || $_POST['addfilehtml']) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + // Set tmp user directory $vardir=$conf->user->dir_output."/".$user->id; $upload_dir = $vardir.'/temp/'; - if (! empty($_FILES['addedfile']['tmp_name'])) + if (create_exdir($upload_dir) >= 0) { - if (! is_dir($upload_dir)) create_exdir($upload_dir); - - if (is_dir($upload_dir)) + $resupload=dol_move_uploaded_file($_FILES['addedfile']['tmp_name'], $upload_dir . "/" . $_FILES['addedfile']['name'],0,0,$_FILES['addedfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { - $result = dol_move_uploaded_file($_FILES['addedfile']['tmp_name'], $upload_dir . "/" . $_FILES['addedfile']['name'],0); - if ($result > 0) - { - $message = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); + $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - include_once(DOL_DOCUMENT_ROOT.'/html.formmail.class.php'); - $formmail = new FormMail($db); - $formmail->add_attached_files($upload_dir . "/" . $_FILES['addedfile']['name'],$_FILES['addedfile']['name'],$_FILES['addedfile']['type']); - } - else if ($result == -99) + include_once(DOL_DOCUMENT_ROOT.'/html.formmail.class.php'); + $formmail = new FormMail($db); + $formmail->add_attached_files($upload_dir . "/" . $_FILES['addedfile']['name'],$_FILES['addedfile']['name'],$_FILES['addedfile']['type']); + } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus { - // Files infected by a virus - $langs->load("errors"); $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; } - else if ($result < 0) + else // Known error { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + $mesg = '
'.$langs->trans($resupload).'
'; } } } + else + { + $langs->load("errors"); + $mesg = '
'.$langs->trans("ErrorFailToCreateDir",$upload_dir).'
'; + } + if ($_POST['addfile']) $_GET["action"]='test'; if ($_POST['addfilehtml']) $_GET["action"]='testhtml'; } diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php index 6c3df488abc..3d7c41181ca 100644 --- a/htdocs/admin/security_other.php +++ b/htdocs/admin/security_other.php @@ -42,29 +42,37 @@ $upload_dir=$conf->admin->dir_temp; if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { - $result=create_exdir($upload_dir); // Create dir if not exists + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + + $result=create_exdir($upload_dir); // Create dir if not exists if ($result >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],1); - if (is_numeric($resupload) && $resupload > 0) - { - $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); - } - else if (is_numeric($resupload) && $resupload == -99) - { - // File infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else - { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded"); - if (is_array($resupload)) $mesg.= '
'.dol_nl2br(join("\n",$resupload)); - $mesg.= '
'; - // print_r($_FILES); - } + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],1,0,$_FILES['userfile']['error']); + + if (is_numeric($resupload) && $resupload > 0) + { + $mesg = '
'.$langs->trans("FileTransferComplete").'
'; + + include_once(DOL_DOCUMENT_ROOT.'/html.formmail.class.php'); + $formmail = new FormMail($db); + $formmail->add_attached_files($upload_dir . "/" . $_FILES['addedfile']['name'],$_FILES['addedfile']['name'],$_FILES['addedfile']['type']); + } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } + } } } @@ -261,8 +269,20 @@ print ''; print ""; print ''.$langs->trans("AntiVirusCommand").'
'; print $langs->trans("AntiVirusCommandExample"); +// Check command in inside safe_mode print ''; print ''; +if (ini_get('safe_mode') && ! empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) +{ + $langs->load("errors"); + $basedir=preg_replace('/"/','',dirname($conf->global->MAIN_ANTIVIRUS_COMMAND)); + $listdir=explode(';',ini_get('safe_mode_exec_dir')); + if (! in_array($basedir,$listdir)) + { + print img_warning($langs->trans('WarningSafeModeOnCheckExecDir')); + dol_syslog("safe_mode is on, basedir is ".$basedir.", safe_mode_exec_dir is ".ini_get('safe_mode_exec_dir'), LOG_WARNING); + } +} print ''; print ""; print ''; diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 19a3f4c0e65..cc081162d38 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -1018,6 +1018,8 @@ class Categorie */ function add_photo($sdir, $file, $maxWidth = 160, $maxHeight = 120) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + $dir = $sdir .'/'. get_exdir($this->id,2) . $this->id ."/"; $dir .= "photos/"; @@ -1031,7 +1033,7 @@ class Categorie $originImage = $dir . $file['name']; // Cree fichier en taille origine - $result=dol_move_uploaded_file($file['tmp_name'], $originImage, 1); + $result=dol_move_uploaded_file($file['tmp_name'], $originImage, 1, 0, 0); if (file_exists($originImage)) { diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index d4b6d5533e6..740a529b0b5 100755 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -69,31 +69,33 @@ $pagenext = $page + 1; */ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { - /* - * Creation repertoire si n'existe pas - */ - $upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($objectid); - if (! is_dir($upload_dir)) create_exdir($upload_dir); + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); - if (is_dir($upload_dir)) + // Creation repertoire si n'existe pas + $upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($objectid); + + if (create_exdir($upload_dir) >= 0) { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) - { - $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); - } - else if ($result == -99) - { - // Files infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0,0,$_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + $mesg = '
'.$langs->trans("FileTransferComplete").'
'; + } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } } } } diff --git a/htdocs/comm/mailing/fiche.php b/htdocs/comm/mailing/fiche.php index 8eb4c13381f..5c18d09655e 100644 --- a/htdocs/comm/mailing/fiche.php +++ b/htdocs/comm/mailing/fiche.php @@ -442,6 +442,8 @@ if (! empty($_POST["removedfile"])) // Action update emailing if ($_POST["action"] == 'update' && empty($_POST["removedfile"]) && empty($_POST["cancel"])) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + $mil = new Mailing($db); $mil->fetch($_POST["id"]); @@ -451,39 +453,37 @@ if ($_POST["action"] == 'update' && empty($_POST["removedfile"]) && empty($_POST // If upload file $i=''; - //$i=0; - //while ($i < 4) - //{ - if (! empty($_POST["addfile".$i]) && ! empty($conf->global->MAIN_UPLOAD_DOC)) + if (! empty($_POST["addfile".$i]) && ! empty($conf->global->MAIN_UPLOAD_DOC)) + { + $isupload=1; + + if (! is_dir($upload_dir)) create_exdir($upload_dir); + + if (is_dir($upload_dir)) { - $isupload=1; - - if (! is_dir($upload_dir)) create_exdir($upload_dir); - - if (is_dir($upload_dir)) + $resupload = dol_move_uploaded_file($_FILES['addedfile'.$i]['tmp_name'], $upload_dir . "/" . $_FILES['addedfile'.$i]['name'],1,0,$_FILES['addedfile'.$i]['error']); + if (is_numeric($resupload) && $resupload > 0) { - $result = dol_move_uploaded_file($_FILES['addedfile'.$i]['tmp_name'], $upload_dir . "/" . $_FILES['addedfile'.$i]['name'],1); - if ($result > 0) - { - $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); - } - else if ($result == -99) - { - // Files infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) + $mesg = '
'.$langs->trans("FileTransferComplete").'
'; + } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error { - // Echec transfert (fichier depassant la limite ?) $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; } } } - // $i++; - //} + } if (! $isupload) { diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php index 150ecff722b..c2e028d3175 100644 --- a/htdocs/comm/propal.php +++ b/htdocs/comm/propal.php @@ -279,7 +279,7 @@ if ($_POST['action'] == 'add' && $user->rights->propale->creer) $propal->modelpdf = $_POST['model']; $propal->author = $user->id; // deprecated $propal->note = $_POST['note']; - + $propal->origin = $_POST['origin']; $propal->origin_id = $_POST['originid']; @@ -381,38 +381,41 @@ if ($_REQUEST['action'] == 'setstatut' && $user->rights->propale->cloturer) */ if ($_POST['addfile']) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + // Set tmp user directory $vardir=$conf->user->dir_output."/".$user->id; $upload_dir = $vardir.'/temp/'; if (! empty($_FILES['addedfile']['tmp_name'])) { - if (! is_dir($upload_dir)) create_exdir($upload_dir); - - if (is_dir($upload_dir)) + if (create_exdir($upload_dir) >= 0) { - $result = dol_move_uploaded_file($_FILES['addedfile']['tmp_name'], $upload_dir . "/" . $_FILES['addedfile']['name'],0); - if ($result > 0) + $resupload=dol_move_uploaded_file($_FILES['addedfile']['tmp_name'], $upload_dir . "/" . $_FILES['addedfile']['name'],0,0,$_FILES['addedfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); include_once(DOL_DOCUMENT_ROOT.'/html.formmail.class.php'); $formmail = new FormMail($db); // Add file in list of files in session $formmail->add_attached_files($upload_dir . "/" . $_FILES['addedfile']['name'],$_FILES['addedfile']['name'],$_FILES['addedfile']['type']); } - else if ($result == -99) + else { - // Files infected by a virus $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) - { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } } } } @@ -1189,14 +1192,14 @@ if ($id > 0 || ! empty($ref)) if ($conf->projet->enabled) $rowspan++; if ($conf->global->PROPALE_ADD_DELIVERY_ADDRESS) $rowspan++; - + //Local taxes if ($mysoc->pays_code=='ES' && $conf->global->MAIN_FEATURES_LEVEL >= 1) { if($mysoc->localtax1_assuj=="1") $rowspan++; if($mysoc->localtax2_assuj=="1") $rowspan++; } - + // Notes print ''.$langs->trans('NotePublic').' :
'. nl2br($propal->note_public).''; print ''; @@ -1371,7 +1374,7 @@ if ($id > 0 || ! empty($ref)) print ''.$langs->trans('AmountVAT').''; print ''.price($propal->total_tva).''; print ''.$langs->trans("Currency".$conf->monnaie).''; - + // Amount Local Taxes if ($mysoc->pays_code=='ES' && $conf->global->MAIN_FEATURES_LEVEL >= 1) { @@ -1388,7 +1391,7 @@ if ($id > 0 || ! empty($ref)) print ''.$langs->trans("Currency".$conf->monnaie).''; } } - + // Amount TTC print ''.$langs->trans('AmountTTC').''; print ''.price($propal->total_ttc).''; diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index 3743f036bc1..222ecca56cf 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -68,34 +68,38 @@ $pagenext = $page + 1; // Envoi fichier if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + $propal = new Propal($db); if ($propal->fetch($propalid)) { $upload_dir = $conf->propale->dir_output . "/" . dol_sanitizeFileName($propal->ref); - if (! is_dir($upload_dir)) create_exdir($upload_dir); - if (is_dir($upload_dir)) - { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) - { - $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); - } - else if ($result == -99) - { - // Files infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) - { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); - } - } + if (create_exdir($upload_dir) >= 0) + { + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0,0,$_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) + { + $mesg = '
'.$langs->trans("FileTransferComplete").'
'; + } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } + } + } } } diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php index 1d7f861c537..8b461b7086a 100644 --- a/htdocs/commande/document.php +++ b/htdocs/commande/document.php @@ -76,28 +76,32 @@ if (! $commande->fetch($_GET['id'],$_GET['ref']) > 0) // Envoi fichier if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { - $upload_dir = $conf->commande->dir_output . "/" . dol_sanitizeFileName($commande->ref); - if (! is_dir($upload_dir)) create_exdir($upload_dir); + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); - if (is_dir($upload_dir)) + $upload_dir = $conf->commande->dir_output . "/" . dol_sanitizeFileName($commande->ref); + + if (create_exdir($upload_dir) >= 0) { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) - { - $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); - } - else if ($result == -99) - { - // Files infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0,0,$_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + $mesg = '
'.$langs->trans("FileTransferComplete").'
'; + } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } } } } diff --git a/htdocs/commande/fiche.php b/htdocs/commande/fiche.php index c084639ff98..ae8b55f4fb1 100644 --- a/htdocs/commande/fiche.php +++ b/htdocs/commande/fiche.php @@ -774,40 +774,42 @@ if ($_REQUEST['action'] == 'remove_file') */ if ($_POST['addfile']) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + // Set tmp user directory $vardir=$conf->user->dir_output."/".$user->id; $upload_dir = $vardir.'/temp/'; - if (! empty($_FILES['addedfile']['tmp_name'])) + if (create_exdir($upload_dir) >= 0) { - if (! is_dir($upload_dir)) create_exdir($upload_dir); - - if (is_dir($upload_dir)) + $resupload=dol_move_uploaded_file($_FILES['addedfile']['tmp_name'], $upload_dir . "/" . $_FILES['addedfile']['name'],0,0,$_FILES['addedfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { - $result = dol_move_uploaded_file($_FILES['addedfile']['tmp_name'], $upload_dir . "/" . $_FILES['addedfile']['name'],0); - if ($result > 0) - { - $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); + $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - include_once(DOL_DOCUMENT_ROOT.'/html.formmail.class.php'); - $formmail = new FormMail($db); - $formmail->add_attached_files($upload_dir . "/" . $_FILES['addedfile']['name'],$_FILES['addedfile']['name'],$_FILES['addedfile']['type']); - } - else if ($result == -99) + include_once(DOL_DOCUMENT_ROOT.'/html.formmail.class.php'); + $formmail = new FormMail($db); + // Add file in list of files in session + $formmail->add_attached_files($upload_dir . "/" . $_FILES['addedfile']['name'],$_FILES['addedfile']['name'],$_FILES['addedfile']['type']); + } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus { - // Files infected by a virus - $langs->load("errors"); $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; } - else if ($result < 0) + else // Known error { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + $mesg = '
'.$langs->trans($resupload).'
'; } } } + $_GET["action"]='presend'; } @@ -1423,7 +1425,7 @@ else */ $nbrow=7; if ($conf->projet->enabled) $nbrow++; - + //Local taxes if ($mysoc->pays_code=='ES' && $conf->global->MAIN_FEATURES_LEVEL >= 1) { @@ -1674,7 +1676,7 @@ else print ''.$langs->trans("Currency".$conf->monnaie).''; } } - + // Total TTC print ''.$langs->trans('AmountTTC').''.price($commande->total_ttc).''; print ''.$langs->trans('Currency'.$conf->monnaie).''; @@ -2245,7 +2247,7 @@ else * Linked object block */ $commande->load_object_linked($commande->id,$commande->element); - + foreach($commande->linked_object as $object => $objectid) { if($conf->$object->enabled && $object != $commande->element) @@ -2253,7 +2255,7 @@ else $somethingshown=$commande->showLinkedObjectBlock($object,$objectid,$somethingshown); } } - + print ''; // List of actions on element diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php index 2609fe11cf5..c9732bf454d 100644 --- a/htdocs/compta/facture.php +++ b/htdocs/compta/facture.php @@ -672,15 +672,15 @@ if ($_POST['action'] == 'add' && $user->rights->facture->creer) $element = $regs[1]; $subelement = $regs[2]; } - + // For compatibility if ($element == 'order') { $element = $subelement = 'commande'; } if ($element == 'propal') { $element = 'comm/propal'; $subelement = 'propal'; } if ($element == 'contract') { $element = $subelement = 'contrat'; } - + $facture->origin = $_POST['origin']; $facture->origin_id = $_POST['originid']; - + $facid = $facture->create($user); if ($facid > 0) @@ -695,7 +695,7 @@ if ($_POST['action'] == 'add' && $user->rights->facture->creer) $lines = $object->lignes; if (empty($lines) && method_exists($object,'fetch_lignes')) $lines = $object->fetch_lignes(); if (empty($lines) && method_exists($object,'fetch_lines')) $lines = $object->fetch_lines(); - + for ($i = 0 ; $i < sizeof($lines) ; $i++) { $desc=($lines[$i]->desc?$lines[$i]->desc:$lines[$i]->libelle); @@ -1089,40 +1089,43 @@ if ($_GET['action'] == 'down' && $user->rights->facture->creer) */ if ($_POST['addfile']) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + // Set tmp user directory $vardir=$conf->user->dir_output."/".$user->id; $upload_dir = $vardir.'/temp/'; - if (! empty($_FILES['addedfile']['tmp_name'])) + if (! is_dir($upload_dir)) create_exdir($upload_dir); + + if (is_dir($upload_dir)) { - if (! is_dir($upload_dir)) create_exdir($upload_dir); - - if (is_dir($upload_dir)) + $resupload = dol_move_uploaded_file($_FILES['addedfile']['tmp_name'], $upload_dir . "/" . $_FILES['addedfile']['name'],0,0, $_FILES['addedfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { - $result = dol_move_uploaded_file($_FILES['addedfile']['tmp_name'], $upload_dir . "/" . $_FILES['addedfile']['name'],0); - if ($result > 0) - { - $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); + $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - include_once(DOL_DOCUMENT_ROOT.'/html.formmail.class.php'); - $formmail = new FormMail($db); - $formmail->add_attached_files($upload_dir . "/" . $_FILES['addedfile']['name'],$_FILES['addedfile']['name'],$_FILES['addedfile']['type']); - } - else if ($result == -99) + include_once(DOL_DOCUMENT_ROOT.'/html.formmail.class.php'); + $formmail = new FormMail($db); + $formmail->add_attached_files($upload_dir . "/" . $_FILES['addedfile']['name'],$_FILES['addedfile']['name'],$_FILES['addedfile']['type']); + } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus { - // Files infected by a virus - $langs->load("errors"); $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; } - else if ($result < 0) + else // Known error { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + $mesg = '
'.$langs->trans($resupload).'
'; } } } + $_GET["action"]='presend'; } @@ -1416,7 +1419,7 @@ if ($_GET['action'] == 'create') $object = new $classname($db); $object->fetch($_GET['originid']); $object->fetch_client(); - + $projectid = (!empty($object->fk_project)?$object->fk_project:''); $ref_client = (!empty($object->ref_client)?$object->ref_client:''); @@ -1701,7 +1704,7 @@ if ($_GET['action'] == 'create') $object->remise_percent=$remise_percent; $object->update_price(); } - + print "\n"; print "\n"; print ''."\n"; diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php index 927dc06d524..ab53100f58f 100644 --- a/htdocs/compta/facture/document.php +++ b/htdocs/compta/facture/document.php @@ -72,31 +72,35 @@ $pagenext = $page + 1; // Envoi fichier if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + $facture = new Facture($db); if ($facture->fetch($facid)) { $upload_dir = $conf->facture->dir_output . "/" . dol_sanitizeFileName($facture->ref); - if (! is_dir($upload_dir)) create_exdir($upload_dir); - if (is_dir($upload_dir)) + if (create_exdir($upload_dir) >= 0) { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0,0,$_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); } - else if ($result == -99) + else { - // Files infected by a virus $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) - { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } } } } diff --git a/htdocs/compta/prelevement/fiche.php b/htdocs/compta/prelevement/fiche.php index 787e7b68279..0bbc963e22d 100644 --- a/htdocs/compta/prelevement/fiche.php +++ b/htdocs/compta/prelevement/fiche.php @@ -54,6 +54,8 @@ if ($_POST["action"] == 'confirm_credite' && $_POST["confirm"] == yes) if ($_POST["action"] == 'infotrans') { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + $bon = new BonPrelevement($db,""); $bon->fetch($_GET["id"]); diff --git a/htdocs/contrat/document.php b/htdocs/contrat/document.php index c98475add8d..9c6c02363c9 100644 --- a/htdocs/contrat/document.php +++ b/htdocs/contrat/document.php @@ -72,32 +72,32 @@ $modulepart='contract'; */ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { - /* - * Creation repertoire si n'existe pas - */ - if (! is_dir($upload_dir)) create_exdir($upload_dir); + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); - if (is_dir($upload_dir)) - { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) - { - $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); - } - else if ($result == -99) - { - // Files infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) + if (create_exdir($upload_dir) >= 0) + { + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0,0,$_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + $mesg = '
'.$langs->trans("FileTransferComplete").'
'; } - } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } + } + } } diff --git a/htdocs/ecm/docmine.php b/htdocs/ecm/docmine.php index 8f68074fb68..be9db8c4599 100644 --- a/htdocs/ecm/docmine.php +++ b/htdocs/ecm/docmine.php @@ -91,32 +91,30 @@ $upload_dir = $conf->ecm->dir_output.'/'.$relativepath; // Envoie fichier if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { - if (! is_dir($upload_dir)) - { - $result=create_exdir($upload_dir); - } + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); - if (is_dir($upload_dir)) + if (create_exdir($upload_dir) >= 0) { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) + $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0,0,$_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { - //$mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); $result=$ecmdir->changeNbOfFiles('+'); } - else if ($result == -99) + else { - // File infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) - { - // Echec transfert (fichier depassant la limite ?) - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } } } else diff --git a/htdocs/ecm/docother.php b/htdocs/ecm/docother.php index 5c9a64d522c..245bf08dcc1 100644 --- a/htdocs/ecm/docother.php +++ b/htdocs/ecm/docother.php @@ -46,28 +46,37 @@ $upload_dir = $conf->ecm->dir_output.'/'.$section; // Envoie fichier if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { - if (! is_dir($upload_dir)) create_exdir($upload_dir); + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); - if (is_dir($upload_dir)) + if (create_exdir($upload_dir) >= 0) { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) + $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0,0,$_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { - $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); - } - else if ($result == -99) - { - // File infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + $result=$ecmdir->changeNbOfFiles('+'); } - else if ($result < 0) - { - // Echec transfert (fichier d?passant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); - } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } + } + } + else + { + // Echec transfert (fichier depassant la limite ?) + $langs->load("errors"); + $mesg = '
'.$langs->trans("ErrorFailToCreateDir",$upload_dir).'
'; } } diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php index c154abfbecd..74715a96c9f 100644 --- a/htdocs/ecm/index.php +++ b/htdocs/ecm/index.php @@ -87,6 +87,8 @@ if (! empty($_REQUEST["section"])) // Envoie fichier if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + $result=$ecmdir->fetch($_REQUEST["section"]); if (! $result > 0) { @@ -96,37 +98,34 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) $relativepath=$ecmdir->getRelativePath(); $upload_dir = $conf->ecm->dir_output.'/'.$relativepath; - if (! is_dir($upload_dir)) + if (create_exdir($upload_dir) >= 0) { - $result=create_exdir($upload_dir); - } - - if (is_dir($upload_dir)) - { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) + $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0, 0, $_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { //$mesg = '
'.$langs->trans("FileTransferComplete").'
'; //print_r($_FILES); $result=$ecmdir->changeNbOfFiles('+'); } - else if ($result == -99) - { - // File infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) + else { - // Echec transfert (fichier depassant la limite ?) $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } } } else { - // Echec transfert (fichier depassant la limite ?) $langs->load("errors"); $mesg = '
'.$langs->trans("ErrorFailToCreateDir",$upload_dir).'
'; } diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php index addfecaaab1..623da8d7b27 100644 --- a/htdocs/fichinter/document.php +++ b/htdocs/fichinter/document.php @@ -69,32 +69,32 @@ $modulepart='fichinter'; */ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { - /* - * Creation repertoire si n'existe pas - */ - if (! is_dir($upload_dir)) create_exdir($upload_dir); + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); - if (is_dir($upload_dir)) - { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) - { - $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); - } - else if ($result == -99) - { - // Files infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) + if (create_exdir($upload_dir) >= 0) + { + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0,0,$_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + $mesg = '
'.$langs->trans("FileTransferComplete").'
'; } - } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } + } + } } diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php index 0d4f1d76a3b..c333b4beed0 100644 --- a/htdocs/fourn/commande/document.php +++ b/htdocs/fourn/commande/document.php @@ -77,28 +77,32 @@ if ($commande->fetch($_GET['id'],$_GET['ref']) < 0) // Envoi fichier if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { - $upload_dir = $conf->fournisseur->dir_output . "/commande/" . dol_sanitizeFileName($commande->ref); - if (! is_dir($upload_dir)) create_exdir($upload_dir); + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); - if (is_dir($upload_dir)) + $upload_dir = $conf->fournisseur->dir_output . "/commande/" . dol_sanitizeFileName($commande->ref); + + if (create_exdir($upload_dir) >= 0) { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) - { - $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); - } - else if ($result == -99) - { - // Files infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0,0,$_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + $mesg = '
'.$langs->trans("FileTransferComplete").'
'; + } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } } } } diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php index 26e7765acb9..75bbaa5b408 100644 --- a/htdocs/fourn/facture/document.php +++ b/htdocs/fourn/facture/document.php @@ -65,32 +65,35 @@ $pagenext = $page + 1; // Envoi fichier if ($_POST['sendit'] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + $facture = new FactureFournisseur($db); if ($facture->fetch($facid)) { $upload_dir = $conf->fournisseur->dir_output.'/facture/'.get_exdir($facture->id,2).$facture->id; - if (! is_dir($upload_dir)) create_exdir($upload_dir); - - if (is_dir($upload_dir)) + if (create_exdir($upload_dir) >= 0) { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0,0,$_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); } - else if ($result == -99) + else { - // Files infected by a virus $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) - { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } } } } diff --git a/htdocs/ftp/index.php b/htdocs/ftp/index.php index a2afc2c92f8..8d38d61c7af 100644 --- a/htdocs/ftp/index.php +++ b/htdocs/ftp/index.php @@ -86,6 +86,8 @@ $conn_id=0; // FTP connection ID // Envoie fichier if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + $result=$ecmdir->fetch($_REQUEST["section"]); if (! $result > 0) { @@ -95,32 +97,29 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) $relativepath=$ecmdir->getRelativePath(); $upload_dir = $conf->ecm->dir_output.'/'.$relativepath; - if (! is_dir($upload_dir)) + if (create_exdir($upload_dir) >= 0) { - $result=create_exdir($upload_dir); - } - - if (is_dir($upload_dir)) - { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) + $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); + if (is_numeric($resupload) && $resupload > 0) { //$mesg = '
'.$langs->trans("FileTransferComplete").'
'; //print_r($_FILES); $result=$ecmdir->changeNbOfFiles('+'); } - else if ($result == -99) - { - // File infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) - { - // Echec transfert (fichier depassant la limite ?) + else { $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } } } else diff --git a/htdocs/imports/import.php b/htdocs/imports/import.php index c6b145feedf..f5e90d7e234 100644 --- a/htdocs/imports/import.php +++ b/htdocs/imports/import.php @@ -191,6 +191,8 @@ if ($action == 'add_import_model') if ($step == 3 && $datatoimport) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { create_exdir($conf->import->dir_temp); diff --git a/htdocs/includes/modules/mailings/peche.modules.php b/htdocs/includes/modules/mailings/peche.modules.php index 59c8e9d8e6e..a31817e68a6 100644 --- a/htdocs/includes/modules/mailings/peche.modules.php +++ b/htdocs/includes/modules/mailings/peche.modules.php @@ -107,7 +107,9 @@ class mailing_peche extends MailingTargets function add_to_target($mailing_id,$filtersarray=array()) { global $conf,$langs,$_FILES; - + + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + // For compatibility with Unix, MS-Dos or Macintosh ini_set('auto_detect_line_endings', true); @@ -115,13 +117,10 @@ class mailing_peche extends MailingTargets $upload_dir=$conf->mailing->dir_temp; - // Save file - if (! is_dir($upload_dir)) create_exdir($upload_dir); - - if (is_dir($upload_dir)) + if (create_exdir($upload_dir) >= 0) { - $result = dol_move_uploaded_file($_FILES['username']['tmp_name'], $upload_dir . "/" . $_FILES['username']['name'], 1); - if ($result > 0) + $resupload = dol_move_uploaded_file($_FILES['username']['tmp_name'], $upload_dir . "/" . $_FILES['username']['name'], 1, 0, $_FILES['username']['error']); + if (is_numeric($resupload) && $resupload > 0) { $cpt=0; @@ -186,22 +185,24 @@ class mailing_peche extends MailingTargets dol_syslog(get_class($this)."::add_to_target mailing ".$cpt." targets found"); } - else if ($result == -99) + else { - // Files infected by a virus $langs->load("errors"); - $this->error = $langs->trans("ErrorFileIsInfectedWithAVirus"); - return -1; - } - else if ($result < 0) - { - // Echec transfert (fichier depassant la limite ?) - $this->error = $langs->trans("ErrorFileNotUploaded"); - // print_r($_FILES); - return -1; + if ($resupload < 0) // Unknown error + { + $this->error = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $this->error = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $this->error = '
'.$langs->trans($resupload).'
'; + } } } - + ini_set('auto_detect_line_endings', false); return parent::add_to_target($mailing_id, $cibles); diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index 2dd867ad3cc..f84364481a4 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -40,7 +40,13 @@ ErrorFileNotFound=File %s not found (Bad path, wrong permissions or acces ErrorDirNotFound=Directory %s not found (Bad path, wrong permissions or access denied by PHP openbasedir or safe_mode parameter) ErrorFunctionNotAvailableInPHP=Function %s is required for this feature but is not available in this version/setup of PHP. ErrorDirAlreadyExists=A directory with this name already exists. +ErrorFileAlreadyExists=A file with this name already exists. +ErrorPartialFile=File not received completely by server. +ErrorNoTmpDir=Temporary directy %s does not exists. +ErrorUploadBlockedByAddon=Upload blocked by a PHP/Apache plugin. +ErrorFileSizeTooLarge=File size is too large. ErrorFieldCanNotContainSpecialCharacters=Field %s must not contains special characters. +WarningSafeModeOnCheckExecDir=Warning, PHP option safe_mode is on so command must be stored inside a directory declared by php parameter safe_mode_exec_dir. WarningAllowUrlFopenMustBeOn=Parameter allow_url_fopen must be set to on in filer php.ini for having this module working completely. You must modify this file manually. WarningBuildScriptNotRunned=Script %s was not yet ran to build graphics, or there is no data to show. WarningBookmarkAlreadyExists=A bookmark with this title or this target (URL) already exists. diff --git a/htdocs/langs/fr_FR/errors.lang b/htdocs/langs/fr_FR/errors.lang index 881e8769e68..cba3b5cee49 100644 --- a/htdocs/langs/fr_FR/errors.lang +++ b/htdocs/langs/fr_FR/errors.lang @@ -41,7 +41,13 @@ ErrorFileNotFound=Fichier %s introuvable (Mauvais chemin, permissions inc ErrorDirNotFound=Répertoire %s introuvable (Mauvais chemin, permissions incorrectes ou accès interdit par le paramètre PHP openbasedir ou safe_mode) ErrorFunctionNotAvailableInPHP=La fonction %s est requise pour cette fonctionnalité mais n'est pas disponible dans cette version/installation de PHP. ErrorDirAlreadyExists=Un répertoire portant ce nom existe déjà. +ErrorFileAlreadyExists=Un fichier portant ce nom existe déjà. +ErrorPartialFile=Fichier non reçu intégrallement par le serveur. +ErrorNoTmpDir=Répertoire temporaire de réception %s inexistant. +ErrorUploadBlockedByAddon=Upload bloqué par un plugin PHP/Apache. +ErrorFileSizeTooLarge=La taille du fichier est trop grande. ErrorFieldCanNotContainSpecialCharacters=Le champ %s ne peut contenir de caractères spéciaux. +WarningSafeModeOnCheckExecDir=Attention, l'option PHP safe_mode est active, la commande doit dont etre dans un répertoire déclaré dans le paramètre php safe_mode_exec_dir. WarningAllowUrlFopenMustBeOn=Attention, le paramètre allow_url_fopen doit être positionné à on dans le fichier php.ini pour que ce module soit pleinement opérationnel. Vous devez modifier ce fichier manuellement. WarningBuildScriptNotRunned=Le script %s n'a pas encore été lancé pour générer les graphiques ou il n'y a aucune donnée à afficher. WarningBookmarkAlreadyExists=Un marque-page avec ce titre ou cette destination (URL) existe déjà. diff --git a/htdocs/lib/admin.lib.php b/htdocs/lib/admin.lib.php index 53eaf88f258..3f745d415cc 100644 --- a/htdocs/lib/admin.lib.php +++ b/htdocs/lib/admin.lib.php @@ -396,7 +396,6 @@ function dolibarr_set_const($db, $name, $value, $type='chaine', $visible=0, $not $sql.= $db->encrypt($name,1); $sql.= ", ".$db->encrypt($value,1); $sql.= ",'".$type."',".$visible.",'".addslashes($note)."',".$entity.")"; - dol_syslog("admin.lib::dolibarr_set_const sql=".$sql, LOG_DEBUG); $resql=$db->query($sql); } diff --git a/htdocs/lib/antivir.class.php b/htdocs/lib/antivir.class.php index 354c5f39886..5284f2df328 100644 --- a/htdocs/lib/antivir.class.php +++ b/htdocs/lib/antivir.class.php @@ -60,37 +60,19 @@ class AntiVir $return = 0; - $maxreclevel = 5 ; // maximal recursion level - $maxfiles = 1000; // maximal number of files to be scanned within archive - $maxratio = 200; // maximal compression ratio - $bz2archivememlim = 0; // limit memory usage for bzip2 (0/1) - $maxfilesize = 10485760; // archived files larger than this value (in bytes) will not be scanned - @set_time_limit($cfg['ExecTimeLimit']); $outputfile=$conf->admin->dir_temp.'/dol_avscan_file.out.'.session_id(); - $command=$conf->global->MAIN_ANTIVIRUS_COMMAND; - $param=$conf->global->MAIN_ANTIVIRUS_PARAM; - - $param=preg_replace('/%maxreclevel/',$maxreclevel,$param); - $param=preg_replace('/%maxfiles/',$maxfiles,$param); - $param=preg_replace('/%maxratio/',$maxratiod,$param); - $param=preg_replace('/%bz2archivememlim/',$bz2archivememlim,$param); - $param=preg_replace('/%maxfilesize/',$maxfilesize,$param); - $param=preg_replace('/%file/',trim($file),$param); - - if (! preg_match('/%file/',$conf->global->MAIN_ANTIVIRUS_PARAM)) - $param=$param." ".escapeshellarg(trim($file)); - - if (preg_match("/\s/",$command)) $command=escapeshellarg($command); // Use quotes on command + $fullcommand=$this->getCliCommand($file); + //$fullcommand='"c:\Program Files (x86)\ClamWin\bin\clamscan.exe" --database="C:\Program Files (x86)\ClamWin\lib" "c:\temp\aaa.txt"'; $output=array(); $return_var=0; // Create a clean fullcommand - $fullcommand=$command.' '.$param.' 2>&1'; dol_syslog("AntiVir::dol_avscan_file Run command=".$fullcommand); exec($fullcommand, $output, $return_var); + /* $handle = fopen($outputfile, 'w'); if ($handle) @@ -139,6 +121,44 @@ class AntiVir return 1; } + + + /** + * \brief get full Command Line to run + * \param file File to scan + * \return string Full command line to run + */ + function getCliCommand($file) + { + global $conf; + + $maxreclevel = 5 ; // maximal recursion level + $maxfiles = 1000; // maximal number of files to be scanned within archive + $maxratio = 200; // maximal compression ratio + $bz2archivememlim = 0; // limit memory usage for bzip2 (0/1) + $maxfilesize = 10485760; // archived files larger than this value (in bytes) will not be scanned + + $command=$conf->global->MAIN_ANTIVIRUS_COMMAND; + $param=$conf->global->MAIN_ANTIVIRUS_PARAM; + + $param=preg_replace('/%maxreclevel/',$maxreclevel,$param); + $param=preg_replace('/%maxfiles/',$maxfiles,$param); + $param=preg_replace('/%maxratio/',$maxratio,$param); + $param=preg_replace('/%bz2archivememlim/',$bz2archivememlim,$param); + $param=preg_replace('/%maxfilesize/',$maxfilesize,$param); + $param=preg_replace('/%file/',trim($file),$param); + + if (! preg_match('/%file/',$conf->global->MAIN_ANTIVIRUS_PARAM)) + $param=$param." ".escapeshellarg(trim($file)); + + if (preg_match("/\s/",$command)) $command=escapeshellarg($command); // Use quotes on command + + $ret=$command.' '.$param; + //$ret=$command.' '.$param.' 2>&1'; + + return $ret; + } + } ?> \ No newline at end of file diff --git a/htdocs/lib/files.lib.php b/htdocs/lib/files.lib.php index f95d09908a2..d50cc8fc8d4 100644 --- a/htdocs/lib/files.lib.php +++ b/htdocs/lib/files.lib.php @@ -328,4 +328,124 @@ function dol_copy($srcfile, $destfile, $newmask=0, $overwriteifexists=1) return $result; } + + +/** + * \brief Move an uploaded file after some controls. + * If there is errors (virus found, antivir in error, bad filename), file is not moved. + * \param src_file Source full path filename ($_FILES['field']['tmp_name']) + * \param dest_file Target full path filename + * \param allowoverwrite 1=Overwrite target file if it already exists + * \param disablevirusscan 1=Disable virus scan + * \param uploaderrorcode Value of upload error code ($_FILES['field']['error']) + * \return int >0 if OK, <0 or string if KO + */ +function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disablevirusscan=0, $uploaderrorcode=0) +{ + global $conf; + + $file_name = $dest_file; + // If an upload error has been reported + if ($uploaderrorcode) + { + switch($uploaderrorcode) + { + case UPLOAD_ERR_INI_SIZE: // 1 + return 'ErrorFileSizeTooLarge'; + break; + case UPLOAD_ERR_FORM_SIZE: // 2 + return 'ErrorFileSizeTooLarge'; + break; + case UPLOAD_ERR_PARTIAL: // 3 + return 'ErrorPartialFile'; + break; + case UPLOAD_ERR_NO_TMP_DIR: // + return 'ErrorNoTmpDir'; + break; + case UPLOAD_ERR_CANT_WRITE: + return 'ErrorFailedToWriteInDir'; + break; + case UPLOAD_ERR_EXTENSION: + return 'ErrorUploadBlockedByAddon'; + break; + default: + break; + } + } + + // If we need to make a virus scan + if (empty($disablevirusscan) && file_exists($src_file) && $conf->global->MAIN_ANTIVIRUS_COMMAND) + { + require_once(DOL_DOCUMENT_ROOT.'/lib/security.lib.php'); + require_once(DOL_DOCUMENT_ROOT.'/lib/antivir.class.php'); + $antivir=new AntiVir($db); + $result = $antivir->dol_avscan_file($src_file); + if ($result < 0) // If virus or error, we stop here + { + $reterrors=$antivir->errors; + dol_syslog("Functions.lib::dol_move_uploaded_file File ".$file_name." KO with antivir", LOG_WARNING); + return 'ErrorFileIsInfectedWithAVirus: '.join(',',$reterrors); + } + } + + // Security: + // Disallow file with some extensions. We renamed them. + // Car si on a mis le rep documents dans un rep de la racine web (pas bien), cela permet d'executer du code a la demande. + if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$file_name)) + { + $file_name.= '.noexe'; + } + + // Security: + // On interdit fichiers caches, remontees de repertoire ainsi que les pipes dans les noms de fichiers. + if (preg_match('/^\./',$src_file) || preg_match('/\.\./',$src_file) || preg_match('/[<>|]/',$src_file)) + { + dol_syslog("Refused to deliver file ".$src_file, LOG_WARNING); + return -1; + } + + // Security: + // On interdit fichiers caches, remontees de repertoire ainsi que les pipe dans + // les noms de fichiers. + if (preg_match('/^\./',$dest_file) || preg_match('/\.\./',$dest_file) || preg_match('/[<>|]/',$dest_file)) + { + dol_syslog("Refused to deliver file ".$dest_file, LOG_WARNING); + return -2; + } + + // The file functions must be in OS filesystem encoding. + $src_file_osencoded=dol_osencode($src_file); + $file_name_osencoded=dol_osencode($file_name); + + // Check if destination dir is writable + // TODO + + // Check if destination file already exists + if (! $allowoverwrite) + { + if (file_exists($file_name_osencoded)) + { + dol_syslog("Functions.lib::dol_move_uploaded_file File ".$file_name." already exists", LOG_WARNING); + return 'ErrorFileAlreadyExists'; + } + } + + // Move file + $return=move_uploaded_file($src_file_osencoded, $file_name_osencoded); + if ($return) + { + if (! empty($conf->global->MAIN_UMASK)) @chmod($file_name_osencoded, octdec($conf->global->MAIN_UMASK)); + dol_syslog("Functions.lib::dol_move_uploaded_file Success to move ".$src_file." to ".$file_name." - Umask=".$conf->global->MAIN_UMASK, LOG_DEBUG); + return 1; // Success + } + else + { + dol_syslog("Functions.lib::dol_move_uploaded_file Failed to move ".$src_file." to ".$file_name, LOG_ERR); + return -3; // Unknown error + } + + return 1; +} + + ?> diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php index 8c003ee19ba..8edea500ad4 100644 --- a/htdocs/lib/functions.lib.php +++ b/htdocs/lib/functions.lib.php @@ -1958,95 +1958,6 @@ function dol_print_error_email() } - -/** - * \brief Move an uploaded file after some controls. - * If there is errors (virus found, antivir in error, bad filename), file is not moved. - * \param src_file Source filename - * \param dest_file Target filename - * \param allowoverwrite Overwrite if exists - * \param disablevirusscan Disable virus scan - * \return int >0 if OK, <0 if KO (an array with virus or errors if virus found or errors) - */ -function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disablevirusscan=0) -{ - global $conf; - - $file_name = $dest_file; - - // If we need to make a virus scan - if (empty($disablevirusscan) && file_exists($src_file) && $conf->global->MAIN_ANTIVIRUS_COMMAND) - { - require_once(DOL_DOCUMENT_ROOT.'/lib/security.lib.php'); - require_once(DOL_DOCUMENT_ROOT.'/lib/antivir.class.php'); - $antivir=new AntiVir($db); - $result = $antivir->dol_avscan_file($src_file); - if ($result < 0) // If virus or error, we stop here - { - $reterrors=$antivir->errors; - dol_syslog("Functions.lib::dol_move_uploaded_file File ".$file_name." KO with antivir", LOG_WARNING); - //return $reterrors; - return -99; - } - } - - // Security: - // Disallow file with some extensions. We renamed them. - // Car si on a mis le rep documents dans un rep de la racine web (pas bien), cela permet d'executer du code a la demande. - if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$file_name)) - { - $file_name.= '.noexe'; - } - - // Security: - // On interdit fichiers caches, remontees de repertoire ainsi que les pipes dans les noms de fichiers. - if (preg_match('/^\./',$src_file) || preg_match('/\.\./',$src_file) || preg_match('/[<>|]/',$src_file)) - { - dol_syslog("Refused to deliver file ".$src_file, LOG_WARNING); - return -1; - } - - // Security: - // On interdit fichiers caches, remontees de repertoire ainsi que les pipe dans - // les noms de fichiers. - if (preg_match('/^\./',$dest_file) || preg_match('/\.\./',$dest_file) || preg_match('/[<>|]/',$dest_file)) - { - dol_syslog("Refused to deliver file ".$dest_file, LOG_WARNING); - return -2; - } - - // The file functions must be in OS filesystem encoding. - $src_file_osencoded=dol_osencode($src_file); - $file_name_osencoded=dol_osencode($file_name); - - // Check if destination file already exists - if (! $allowoverwrite) - { - if (file_exists($file_name_osencoded)) - { - dol_syslog("Functions.lib::dol_move_uploaded_file File ".$file_name." already exists", LOG_WARNING); - return -3; - } - } - - // Move file - $return=move_uploaded_file($src_file_osencoded, $file_name_osencoded); - if ($return) - { - if (! empty($conf->global->MAIN_UMASK)) @chmod($file_name_osencoded, octdec($conf->global->MAIN_UMASK)); - dol_syslog("Functions.lib::dol_move_uploaded_file Success to move ".$src_file." to ".$file_name." - Umask=".$conf->global->MAIN_UMASK, LOG_DEBUG); - return 1; - } - else - { - dol_syslog("Functions.lib::dol_move_uploaded_file Failed to move ".$src_file." to ".$file_name, LOG_ERR); - return -4; - } - - return 1; -} - - /** * \brief Show title line of an array * \param name libelle champ diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 569f266726e..f91b0f444e0 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -2382,6 +2382,8 @@ class Product extends CommonObject */ function add_photo($sdir, $file, $maxWidth = 160, $maxHeight = 120) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + $dir = $sdir .'/'. get_exdir($this->id,2) . $this->id ."/photos"; create_exdir($dir); diff --git a/htdocs/product/document.php b/htdocs/product/document.php index e86b201f1ce..22d30adc614 100755 --- a/htdocs/product/document.php +++ b/htdocs/product/document.php @@ -77,32 +77,32 @@ $modulepart='produit'; if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { - /* - * Creation repertoire si n'existe pas - */ - if (! is_dir($upload_dir)) create_exdir($upload_dir); + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); - if (is_dir($upload_dir)) - { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) - { - $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); - } - else if ($result == -99) - { - // Files infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) + if (create_exdir($upload_dir) >= 0) + { + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0,0,$_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + $mesg = '
'.$langs->trans("FileTransferComplete").'
'; } - } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } + } + } } diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php index b3d022d86a8..973bf248625 100644 --- a/htdocs/projet/document.php +++ b/htdocs/projet/document.php @@ -69,28 +69,32 @@ if (! $project->fetch($_GET['id'],$_GET['ref']) > 0) // Envoi fichier if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { - $upload_dir = $conf->projet->dir_output . "/" . dol_sanitizeFileName($project->ref); - if (! is_dir($upload_dir)) create_exdir($upload_dir); + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); - if (is_dir($upload_dir)) + $upload_dir = $conf->projet->dir_output . "/" . dol_sanitizeFileName($project->ref); + + if (create_exdir($upload_dir) >= 0) { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) - { - $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); - } - else if ($result == -99) - { - // Files infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0,0,$_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + $mesg = '
'.$langs->trans("FileTransferComplete").'
'; + } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } } } } @@ -119,9 +123,9 @@ if ($id > 0 || ! empty($ref)) $company = new Societe($db); $company->fetch($project->socid); - + if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id); - + // To verify role of users $userAccess = $project->restrictedProjectArea($user); @@ -135,7 +139,7 @@ if ($id > 0 || ! empty($ref)) { $totalsize+=$file['size']; } - + if ($_GET["action"] == 'delete') { $ret=$form->form_confirm($_SERVER["PHP_SELF"]."?id=".$_GET["id"]."&urlfile=".$_GET['urlfile'],$langs->trans("DeleteAFile"),$langs->trans("ConfirmDeleteAFile"),"confirm_delete",'','',1); @@ -143,34 +147,34 @@ if ($id > 0 || ! empty($ref)) } print ''; - + // Ref print ''; - + // Label print ''; - + // Company print ''; - + // Visibility print ''; - + // Statut print ''; - + // Files infos print ''; print ''; - + print "
'.$langs->trans("Ref").''; print $form->showrefnav($project,'ref','',1,'ref','ref'); print '
'.$langs->trans("Label").''.$project->title.'
'.$langs->trans("Company").''; if (! empty($project->societe->id)) print $project->societe->getNomUrl(1); else print ' '; print '
'.$langs->trans("Visibility").''; if ($project->public) print $langs->trans('SharedProject'); else print $langs->trans('PrivateProject'); print '
'.$langs->trans("Status").''.$project->getLibStatut(4).'
'.$langs->trans("NbOfAttachedFiles").''.sizeof($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").''.$totalsize.' '.$langs->trans("bytes").'
\n"; print "\n"; diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php index 7f40fb0a451..d70a3bb95a7 100644 --- a/htdocs/projet/tasks/document.php +++ b/htdocs/projet/tasks/document.php @@ -84,27 +84,30 @@ else // Envoi fichier if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { - if (! is_dir($upload_dir)) create_exdir($upload_dir); + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); - if (is_dir($upload_dir)) + if (create_exdir($upload_dir) >= 0) { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) - { - $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); - } - else if ($result == -99) - { - // Files infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0,0,$_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + $mesg = '
'.$langs->trans("FileTransferComplete").'
'; + } + else + { + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } } } } diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php index ce5219edef4..23fd5bb8f7a 100644 --- a/htdocs/societe/document.php +++ b/htdocs/societe/document.php @@ -73,27 +73,30 @@ $courrier_dir = $conf->societe->dir_output . "/courrier/" . get_exdir($socid) ; // Envoie fichier if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { - if (! is_dir($upload_dir)) create_exdir($upload_dir); + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); - if (is_dir($upload_dir)) + if (create_exdir($upload_dir) >= 0) { - $result = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($result > 0) + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0,0,$_FILES['userfile']['error']); + if (is_numeric($resupload) && $resupload > 0) { $mesg = '
'.$langs->trans("FileTransferComplete").'
'; - //print_r($_FILES); } - else if ($result == -99) - { - // Files infected by a virus - $langs->load("errors"); - $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; - } - else if ($result < 0) + else { - // Echec transfert (fichier depassant la limite ?) - $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; - // print_r($_FILES); + $langs->load("errors"); + if ($resupload < 0) // Unknown error + { + $mesg = '
'.$langs->trans("ErrorFileNotUploaded").'
'; + } + else if (preg_match('/ErrorFileIsInfectedWithAVirus/',$resupload)) // Files infected by a virus + { + $mesg = '
'.$langs->trans("ErrorFileIsInfectedWithAVirus").'
'; + } + else // Known error + { + $mesg = '
'.$langs->trans($resupload).'
'; + } } } } diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index e73107821fd..7a5755b54a6 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -222,6 +222,8 @@ if ($_GET["action"] == 'removegroup' && $caneditfield) if ($_POST["action"] == 'update' && ! $_POST["cancel"]) { + require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php"); + if ($caneditfield) // Case we can edit all field { $message=""; @@ -258,8 +260,7 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"]) $edituser->phenix_login = $_POST["phenix_login"]; $edituser->phenix_pass = $_POST["phenix_pass"]; $edituser->entity = $_POST["entity"]; - - $edituser->photo = $_FILES['photo']['name']; + if (! empty($_FILES['photo']['name'])) $edituser->photo = $_FILES['photo']['name']; $ret=$edituser->update($user); if ($ret < 0) @@ -295,7 +296,9 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"]) if (@is_dir($dir)) { $newfile=$dir.'/'.$_FILES['photo']['name']; - if (! dol_move_uploaded_file($_FILES['photo']['tmp_name'],$newfile,1) > 0) + $result=dol_move_uploaded_file($_FILES['photo']['tmp_name'],$newfile,1,0,$_FILES['photo']['error']); + + if (! $result > 0) { $message .= '
'.$langs->trans("ErrorFailedToSaveFile").'
'; }