From a4d2927f82b01e70ba62da905d0a1b26bebffec8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 31 Oct 2020 12:11:41 +0100 Subject: [PATCH] Fix for #15016 Conflicts: htdocs/core/actions_linkedfiles.inc.php --- htdocs/core/actions_linkedfiles.inc.php | 11 +++++++---- htdocs/core/lib/files.lib.php | 2 +- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/htdocs/core/actions_linkedfiles.inc.php b/htdocs/core/actions_linkedfiles.inc.php index a1b2c12e10b..8f90234f8ab 100644 --- a/htdocs/core/actions_linkedfiles.inc.php +++ b/htdocs/core/actions_linkedfiles.inc.php @@ -103,7 +103,8 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') $ret = dol_delete_file($file, 0, 0, 0, (is_object($object) ? $object : null)); if (!empty($fileold)) dol_delete_file($fileold, 0, 0, 0, (is_object($object) ? $object : null)); // Delete file using old path - // Si elle existe, on efface la vignette + // If it exists, remove thumb. + $regs = array(); if (preg_match('/(\.jpg|\.jpeg|\.bmp|\.gif|\.png|\.tiff)$/i', $file, $regs)) { $photo_vignette = basename(preg_replace('/'.$regs[0].'/i', '', $file).'_small'.$regs[0]); @@ -124,9 +125,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') } else { setEventMessages($langs->trans("ErrorFailToDeleteFile", $urlfile), null, 'errors'); } - } - elseif ($linkid) // delete of external link - { + } elseif ($linkid) { // delete of external link require_once DOL_DOCUMENT_ROOT.'/core/class/link.class.php'; $link = new Link($db); $link->fetch($linkid); @@ -190,6 +189,10 @@ elseif ($action == 'renamefile' && GETPOST('renamefilesave', 'alpha')) $filenamefrom = dol_sanitizeFileName(GETPOST('renamefilefrom', 'alpha'), '_', 0); // Do not remove accents $filenameto = dol_sanitizeFileName(GETPOST('renamefileto', 'alpha'), '_', 0); // Do not remove accents + // We apply dol_string_nohtmltag also to clean file names (this remove duplicate spaces) because + // this function is also applied when we upload and when we make try to download file (by the GETPOST(filename, 'alphanohtml') call). + $filenameto = dol_string_nohtmltag($filenameto); + if ($filenamefrom != $filenameto) { // Security: diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index eeac3566961..3fa1d083553 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1592,7 +1592,7 @@ function dol_add_file_process($upload_dir, $allowoverwrite = 0, $donotupdatesess $destfile = dol_sanitizeFileName($info['filename'].($info['extension'] != '' ? ('.'.strtolower($info['extension'])) : '')); // We apply dol_string_nohtmltag also to clean file names (this remove duplicate spaces) because - // this function is also applied when we make try to download file (by the GETPOST(filename, 'alphanohtml') call). + // this function is also applied when we rename and when we make try to download file (by the GETPOST(filename, 'alphanohtml') call). $destfile = dol_string_nohtmltag($destfile); $destfull = dol_string_nohtmltag($destfull);