From bb28c51c1aec0e326ac3392552331684ff6643e3 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Thu, 15 Apr 2010 13:44:02 +0000
Subject: [PATCH] Fix: bad path Fix: view only image files

---
 htdocs/product.class.php | 4 ++--
 htdocs/viewimage.php     | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/htdocs/product.class.php b/htdocs/product.class.php
index a05c774c050..8b1a25e8351 100644
--- a/htdocs/product.class.php
+++ b/htdocs/product.class.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2001-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2004-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2010 Regis Houssin        <regis@dolibarr.fr>
  * Copyright (C) 2006      Andre Cianfarani     <acianfa@free.fr>
  * Copyright (C) 2007      Jean Heimburger      <jean@tiaris.info>
  *
@@ -2437,7 +2437,7 @@ class Product extends CommonObject
 
 				if (! utf8_check($file)) $file=utf8_encode($file);	// To be sure date is stored in UTF8 in memory
 
-				if (dol_is_file($dir.$file))
+				if (dol_is_file($dir.$file) && preg_match('/(\.jpg|\.bmp|\.gif|\.png|\.tiff)$/i',$dir.$file))
 				{
 					$nbphoto++;
 					$photo = $file;
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index 830790a7ea2..25397e82367 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2004-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2005-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2010 Regis Houssin        <regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -208,7 +208,7 @@ if ($modulepart)
 		{
 			$accessallowed=1;
 		}
-		$original_file=(!empty($conf->produit->dir_temp)?$conf->produit->dir_temp:$conf->service->dir_temp).'/'.$original_file;
+		$original_file=(!empty($conf->produit->dir_output)?$conf->produit->dir_output:$conf->service->dir_output).'/'.$original_file;
 	}
 
 	// Wrapping for categories