Fix: Regression with quot management. Try a better fix.
This commit is contained in:
Laurent Destailleur
parent
705c152f7a
commit
c2db3265ec
@ -75,7 +75,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
|
||||
@ -213,7 +213,7 @@ if ($id > 0)
|
||||
*/
|
||||
if ($action == 'delete')
|
||||
{
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$member->id.'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$member->id.'&urlfile='.urlencode(GETPOST("urlfile")), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
|
||||
if ($ret == 'html') print '<br>';
|
||||
}
|
||||
|
||||
|
||||
@ -46,7 +46,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
$result=dol_mkdir($upload_dir); // Create dir if not exists
|
||||
if ($result >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),1,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),1,0,$_FILES['userfile']['error']);
|
||||
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
|
||||
@ -73,7 +73,7 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
|
||||
|
||||
@ -75,7 +75,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
|
||||
@ -192,7 +192,7 @@ if ($id > 0 || ! empty($ref))
|
||||
*/
|
||||
if ($action == 'delete')
|
||||
{
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$id.'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$id.'&urlfile='.urlencode(GETPOST("urlfile")), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
|
||||
if ($ret == 'html') print '<br>';
|
||||
}
|
||||
|
||||
|
||||
@ -78,7 +78,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
|
||||
|
||||
@ -80,7 +80,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
|
||||
@ -206,7 +206,7 @@ if ($id > 0 || ! empty($ref))
|
||||
*/
|
||||
if ($action == 'delete')
|
||||
{
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?facid='.$id.'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?facid='.$id.'&urlfile='.urlencode(GETPOST("urlfile")), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
|
||||
if ($ret == 'html') print '<br>';
|
||||
}
|
||||
|
||||
|
||||
@ -67,7 +67,7 @@ if ($action == 'infotrans' && $user->rights->prelevement->bons->send)
|
||||
{
|
||||
$dir = $conf->prelevement->dir_output.'/receipts';
|
||||
|
||||
if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $dir . "/" . stripslashes($_FILES['userfile']['name']),1) > 0)
|
||||
if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $dir . "/" . dol_unescapefile($_FILES['userfile']['name']),1) > 0)
|
||||
{
|
||||
$dt = dol_mktime(12,0,0,GETPOST('remonth','int'),GETPOST('reday','int'),GETPOST('reyear','int'));
|
||||
|
||||
@ -149,7 +149,7 @@ if ($id)
|
||||
print '<tr><td width="20%">'.$langs->trans('Status').'</td>';
|
||||
print '<td>'.$bon->getLibStatut(1).'</td>';
|
||||
print '</tr>';
|
||||
|
||||
|
||||
if($bon->date_trans <> 0)
|
||||
{
|
||||
$muser = new User($db);
|
||||
|
||||
@ -75,7 +75,7 @@ if (GETPOST("sendit") && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
{
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
|
||||
|
||||
@ -72,7 +72,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
{
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
|
||||
|
||||
@ -487,12 +487,25 @@ function dol_move($srcfile, $destfile, $newmask=0, $overwriteifexists=1)
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Unescape a file submitted by upload. PHP escape char " and only char " into $FILES with %22
|
||||
* This is a bug because when file contains %22, it is not escape, so there is no way to retrieve original value.
|
||||
* So best solution is to keep " as %22 into uploaded filename.
|
||||
*
|
||||
* @param string $filename Filename
|
||||
*/
|
||||
function dol_unescapefile($filename)
|
||||
{
|
||||
//return stripslashes($filename); // FIXME
|
||||
return $filename;
|
||||
}
|
||||
|
||||
/**
|
||||
* Move an uploaded file after some controls.
|
||||
* If there is errors (virus found, antivir in error, bad filename), file is not moved.
|
||||
*
|
||||
* @param string $src_file Source full path filename ($_FILES['field']['tmp_name'])
|
||||
* @param string $dest_file Target full path filename
|
||||
* @param string $dest_file Target full path filename ($_FILES['field']['name'])
|
||||
* @param int $allowoverwrite 1=Overwrite target file if it already exists
|
||||
* @param int $disablevirusscan 1=Disable virus scan
|
||||
* @param string $uploaderrorcode Value of upload error code ($_FILES['field']['error'])
|
||||
@ -603,7 +616,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable
|
||||
if (is_object($object))
|
||||
{
|
||||
$object->src_file=$dest_file;
|
||||
|
||||
|
||||
// Appel des triggers
|
||||
include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php");
|
||||
$interface=new Interfaces($db);
|
||||
|
||||
@ -75,7 +75,7 @@ if (GETPOST("sendit") && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
{
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
$result=$ecmdir->changeNbOfFiles('+');
|
||||
|
||||
@ -45,7 +45,7 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
{
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
$result=$ecmdir->changeNbOfFiles('+');
|
||||
|
||||
@ -94,7 +94,7 @@ if (GETPOST("sendit") && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0, 0, $_FILES['userfile']['error']);
|
||||
$resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0, 0, $_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
//$mesg = '<div class="ok">'.$langs->trans("FileTransferComplete").'</div>';
|
||||
|
||||
@ -76,7 +76,7 @@ if (GETPOST('sendit','alpha') && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
|
||||
|
||||
@ -79,7 +79,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
|
||||
|
||||
@ -75,7 +75,7 @@ if ($_POST['sendit'] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
|
||||
|
||||
@ -95,7 +95,7 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0);
|
||||
$resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
//$mesg = '<div class="ok">'.$langs->trans("FileTransferComplete").'</div>';
|
||||
|
||||
@ -76,7 +76,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
{
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
|
||||
|
||||
@ -75,7 +75,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
|
||||
|
||||
@ -73,7 +73,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
{
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
|
||||
|
||||
@ -83,7 +83,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
{
|
||||
if (dol_mkdir($upload_dir) >= 0)
|
||||
{
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
|
||||
@ -123,6 +123,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes')
|
||||
if ($object->id)
|
||||
{
|
||||
$file = $upload_dir . "/" . GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
|
||||
dol_delete_file($file,0,0,0,$object);
|
||||
$mesg = '<div class="ok">'.$langs->trans("FileWasRemoved",GETPOST('urlfile')).'</div>';
|
||||
}
|
||||
@ -206,10 +207,10 @@ if ($object->id)
|
||||
|
||||
/*
|
||||
* Confirmation suppression fichier
|
||||
*/
|
||||
*/
|
||||
if ($action == 'delete')
|
||||
{
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
|
||||
{
|
||||
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&urlfile='.urlencode(GETPOST("urlfile")), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
|
||||
if ($ret == 'html') print '<br>';
|
||||
}
|
||||
|
||||
|
||||
@ -118,6 +118,12 @@ if ($modulepart)
|
||||
$accessallowed=1;
|
||||
$original_file=$conf->adherent->dir_output.'/'.$original_file;
|
||||
}
|
||||
// Wrapping for members photos
|
||||
elseif ($modulepart == 'member')
|
||||
{
|
||||
$accessallowed=1;
|
||||
$original_file=$conf->adherent->dir_output.'/'.$original_file;
|
||||
}
|
||||
// Wrapping pour les images des societes
|
||||
elseif ($modulepart == 'societe')
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user