Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into develop
This commit is contained in:
Laurent Destailleur
commit
bbc1af99f6
@ -61,14 +61,17 @@ if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg)) {
|
||||
dol_print_error($db);
|
||||
}
|
||||
} elseif ($action == 'updateform') {
|
||||
$res1 = 1; $res2 = 1;
|
||||
$res1 = 1; $res2 = 1; $res3 = 1;
|
||||
if (GETPOSTISSET('MAIN_APPLICATION_TITLE')) {
|
||||
$res1 = dolibarr_set_const($db, "MAIN_APPLICATION_TITLE", GETPOST("MAIN_APPLICATION_TITLE", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
}
|
||||
if (GETPOSTISSET('MAIN_SESSION_TIMEOUT')) {
|
||||
$res2 = dolibarr_set_const($db, "MAIN_SESSION_TIMEOUT", GETPOST("MAIN_SESSION_TIMEOUT", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
}
|
||||
if ($res1 && $res2) {
|
||||
if (GETPOSTISSET('MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT')) {
|
||||
$res3 = dolibarr_set_const($db, "MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", GETPOST("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", 'alphanohtml'), 'int', 0, '', $conf->entity);
|
||||
}
|
||||
if ($res1 && $res2 && $res3) {
|
||||
setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs');
|
||||
}
|
||||
}
|
||||
@ -174,6 +177,14 @@ print '<input class="flat right width50" name="MAIN_SESSION_TIMEOUT" type="text"
|
||||
print '</td>';
|
||||
print '</tr>';
|
||||
|
||||
print '<tr class="oddeven">';
|
||||
print '<td>'.$langs->trans("MaxNumberOfImagesInGetPost").'</td><td class="right">';
|
||||
print '</td>';
|
||||
print '<td class="nowrap">';
|
||||
print '<input class="flat right width50" name="MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT" type="text" value="'.dol_escape_htmltag($conf->global->MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT).'"> '.strtolower($langs->trans("Images"));
|
||||
print '</td>';
|
||||
print '</tr>';
|
||||
|
||||
/*
|
||||
if (empty($conf->global->MAIN_APPLICATION_TITLE)) {
|
||||
$conf->global->MAIN_APPLICATION_TITLE = "";
|
||||
|
||||
@ -195,27 +195,30 @@ print '</fieldset>';
|
||||
print '</div>';
|
||||
|
||||
print '</td>';
|
||||
print '</tr>';
|
||||
print '<tr>';
|
||||
print '<td class="tdtop nopaddingrightimp">';
|
||||
|
||||
print '<button id="btn" type="button" onclick="hideoptions()">'.$langs->trans("ShowAdvancedOptions").'</button>';
|
||||
print '<br>';
|
||||
print '<a id="lnk" href="javascript:hideoptions()"> '.$langs->trans("ShowAdvancedOptions").'</a>';
|
||||
|
||||
print '<script type="text/javascript">
|
||||
|
||||
function hideoptions(){
|
||||
const btn = document.getElementById("btn");
|
||||
const lnk = document.getElementById("lnk");
|
||||
const div = document.getElementById("div_container_sub_exportoptions");
|
||||
|
||||
if (div.style.display === "none") {
|
||||
div.style.display = "block";
|
||||
btn.innerText="'.$langs->trans("HideAdvancedoptions").'";
|
||||
lnk.innerText="'.$langs->trans("HideAdvancedoptions").'";
|
||||
} else {
|
||||
div.style.display = "none";
|
||||
btn.innerText="'.$langs->trans("ShowAdvancedOptions").'";
|
||||
lnk.innerText="'.$langs->trans("ShowAdvancedOptions").'";
|
||||
}
|
||||
}
|
||||
</script>';
|
||||
|
||||
print '<div id="div_container_sub_exportoptions" style="display: none;">';
|
||||
print '<br>';
|
||||
if (in_array($type, array('mysql', 'mysqli'))) {
|
||||
print "<!-- Fieldset mysqldump -->\n";
|
||||
print '<fieldset id="mysql_options"><legend>'.$langs->trans("MySqlExportParameters").'</legend>';
|
||||
|
||||
@ -218,6 +218,36 @@ function dol_ftp_get($connect_id, $file, $newsection)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Upload a FTP file
|
||||
*
|
||||
* @param resource $connect_id Connection handler
|
||||
* @param string $file File name
|
||||
* @param string $localfile The path to the local file
|
||||
* @param string $newsection $newsection
|
||||
* @return result
|
||||
*/
|
||||
function dol_ftp_put($connect_id, $file, $localfile, $newsection)
|
||||
{
|
||||
|
||||
global $conf;
|
||||
|
||||
if (!empty($conf->global->FTP_CONNECT_WITH_SFTP)) {
|
||||
$newsection = ssh2_sftp_realpath($connect_id, ".").'/./'; // workaround for bug https://bugs.php.net/bug.php?id=64169
|
||||
}
|
||||
|
||||
// Remote file
|
||||
$filename = $file;
|
||||
$remotefile = $newsection.(preg_match('@[\\\/]$@', $newsection) ? '' : '/').$file;
|
||||
$newremotefileiso = utf8_decode($remotefile);
|
||||
|
||||
if (!empty($conf->global->FTP_CONNECT_WITH_SFTP)) {
|
||||
return ssh2_scp_send($connect_id, $localfile, $newremotefileiso, 0644);
|
||||
} else {
|
||||
return ftp_put($connect_id, $newremotefileiso, $localfile, FTP_BINARY);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove FTP directory
|
||||
*
|
||||
|
||||
@ -954,6 +954,11 @@ function sanitizeVal($out = '', $check = 'alphanohtml', $filter = null, $options
|
||||
|
||||
// Restore entity ' into ' (restricthtml is for html content so we can use html entity)
|
||||
$out = preg_replace('/'/i', "'", $out);
|
||||
|
||||
preg_match_all('/(<img)/i', $out, $reg);
|
||||
if (count($reg[0]) > getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", 1000)) {
|
||||
$out = '';
|
||||
}
|
||||
} while ($oldstringtoclean != $out);
|
||||
break;
|
||||
case 'custom':
|
||||
|
||||
@ -131,6 +131,39 @@ if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) {
|
||||
}
|
||||
}
|
||||
|
||||
if ($action == 'uploadfile') {
|
||||
// set up a connection or die
|
||||
if (!$conn_id) {
|
||||
$newsectioniso = utf8_decode($section);
|
||||
$resultarray = dol_ftp_connect($ftp_server, $ftp_port, $ftp_user, $ftp_password, $newsectioniso, $ftp_passive);
|
||||
$conn_id = $resultarray['conn_id'];
|
||||
$ok = $resultarray['ok'];
|
||||
$mesg = $resultarray['mesg'];
|
||||
}
|
||||
if ($conn_id && $ok && !$mesg) {
|
||||
// var_dump($_FILES['userfile']['name']);
|
||||
$nbfile = count($_FILES['userfile']['name']);
|
||||
$i = 0;
|
||||
for (; $i < $nbfile; $i++) {
|
||||
var_dump($i);
|
||||
$newsection = $newsectioniso;
|
||||
$fileupload = $_FILES['userfile']['name'][$i];
|
||||
$fileuploadpath = $_FILES['userfile']['tmp_name'][$i];
|
||||
$result = dol_ftp_put($conn_id, $fileupload, $fileuploadpath, $newsection);
|
||||
|
||||
if ($result) {
|
||||
setEventMessages($langs->trans("FileWasUpload", $fileupload), null, 'mesgs');
|
||||
} else {
|
||||
dol_syslog("ftp/index.php ftp_delete", LOG_ERR);
|
||||
setEventMessages($langs->trans("FTPFailedToUploadFile", $fileupload), null, 'errors');
|
||||
}
|
||||
}
|
||||
$action = '';
|
||||
} else {
|
||||
dol_print_error('', $mesg);
|
||||
}
|
||||
}
|
||||
|
||||
// Action ajout d'un rep
|
||||
if ($action == 'add' && $user->rights->ftp->setup) {
|
||||
$ecmdir->ref = GETPOST("ref");
|
||||
@ -589,6 +622,18 @@ if (!function_exists('ftp_connect')) {
|
||||
print '</div>';
|
||||
|
||||
print "</form>";
|
||||
if ($user->hasRight('ftp', 'write')) {
|
||||
print load_fiche_titre($langs->trans("AttachANewFile"), null, null);
|
||||
print '<form enctype="multipart/form-data" action="'.$_SERVER["PHP_SELF"].'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="numero_ftp" value="'.$numero_ftp.'">';
|
||||
print '<input type="hidden" name="section" value="'.$section.'">';
|
||||
print '<input type="hidden" name="action" value="uploadfile">';
|
||||
print '<td><input type="file" class="flat" name="userfile[]" multiple></td>';
|
||||
print '<td></td>';
|
||||
print '<td align="center"><button type="submit" class="butAction" name="uploadfile" value="'.$langs->trans("Save").'">'.$langs->trans("Upload").'</button></td>';
|
||||
print '</form>';
|
||||
}
|
||||
} else {
|
||||
$foundsetup = false;
|
||||
$MAXFTP = 20;
|
||||
|
||||
@ -73,3 +73,4 @@ ALTER TABLE llx_commande_fournisseur_dispatch ADD INDEX idx_commande_fournisseur
|
||||
ALTER TABLE llx_recruitment_recruitmentcandidature ADD email_date datetime after email_msgid;
|
||||
ALTER TABLE llx_ticket ADD email_date datetime after email_msgid;
|
||||
|
||||
INSERT INTO llx_const (name, entity, value, type, visible) VALUES ('MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT', 1, 1000, 'int', 0);
|
||||
|
||||
@ -2287,4 +2287,6 @@ DoesNotWorkWithAllThemes=Will not work with all themes
|
||||
NoName=No name
|
||||
ShowAdvancedOptions= Show advanced options
|
||||
HideAdvancedoptions= Hide advanced options
|
||||
Images=Images
|
||||
MaxNumberOfImagesInGetPost=Max number of images allowed in GETPOST check
|
||||
CIDLookupURL=The module brings an URL that can be used by an external tool to get the name of a thirdparty or contact from its phone number. URL to use is:
|
||||
|
||||
@ -325,4 +325,6 @@ FTPFailedToRemoveDir=Failed to remove directory <b>%s</b>: check permissions and
|
||||
FTPPassiveMode=Passive mode
|
||||
ChooseAFTPEntryIntoMenu=Choose a FTP/SFTP site from the menu...
|
||||
FailedToGetFile=Failed to get files %s
|
||||
ErrorFTPNodisconnect=Error to disconnect FTP/SFTP server
|
||||
ErrorFTPNodisconnect=Error to disconnect FTP/SFTP server
|
||||
FileWasUpload=File <b>%s</b> was upload
|
||||
FTPFailedToUploadFile=Failed to upload file <b>%s</b>.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user