Qual: Uniformize code

2011-06-15 11:35:33 +00:00 · 2011-06-15 11:35:33 +00:00 · a82262a7e0
commit a82262a7e0
parent addfe4580c
2 changed files with 18 additions and 3 deletions
--- a/htdocs/document.php
+++ b/htdocs/document.php
@ -53,6 +53,9 @@ $original_file = GETPOST("file");	// Do not use urldecode here ($_GET are alread
 $modulepart = GETPOST("modulepart");
 $urlsource = GETPOST("urlsource");

+// Security check
+if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
+

 /*
 * Action
@ -112,7 +115,6 @@ $original_file = str_replace("../","/", $original_file);
 $refname=basename(dirname($original_file)."/");

 // Security check
-if (empty($modulepart)) accessforbidden('Bad value for modulepart');
 $accessallowed=0;
 $sqlprotectagainstexternals='';
 if ($modulepart)
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@ -44,7 +44,6 @@ if (! defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX','1');
 // Pour autre que companylogo, on charge environnement + info issus de logon comme le user
 if (($modulepart == 'companylogo') && ! defined("NOLOGIN")) define("NOLOGIN",'1');

-
 // C'est un wrapper, donc header vierge
 function llxHeader() { }

@ -52,6 +51,21 @@ function llxHeader() { }
 require("./main.inc.php");
 require_once(DOL_DOCUMENT_ROOT.'/lib/files.lib.php');

+// Security check
+if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
+
+
+/*
+ * Actions
+ */
+
+// None
+
+
+
+/*
+ * View
+ */

 if (GETPOST("cache"))
 {
@ -75,7 +89,6 @@ else $type=dol_mimetype($original_file);
 $original_file = str_replace("../","/", $original_file);

 // Security check
-if (empty($modulepart)) accessforbidden('Bad value for modulepart');
 $accessallowed=0;
 if ($modulepart)
 {