lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX Upload in the filemanager use the Dolibarr methods

Browse Source
This commit is contained in:
Laurent Destailleur 2022-03-08 20:46:56 +01:00
parent 2d93c6b678
commit c7bb6c3c4c
4 changed files with 27 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/core/filemanagerdol/browser/default/frmupload.php
View File

@ -65,6 +65,7 @@ function SetCurrentFolder( resourceType, folderPath )
function OnSubmit()
{
console.log("Click on OnSubmit");
if ( document.getElementById('NewFile').value.length == 0 )
{
alert( 'Please select a file from your computer' );
@ -80,6 +81,8 @@ function OnSubmit()
function OnUploadCompleted( errorNumber, data )
{
console.log("errorNumber = "+errorNumber);
// Reset the Upload Worker Frame.
window.parent.frames['frmUploadWorker'].location = 'javascript:void(0)' ;
@ -106,7 +109,7 @@ function OnUploadCompleted( errorNumber, data )
alert( 'A file with the same name is already available. The uploaded file has been renamed to "' + data + '"' );
break;
case 202:
alert( 'Invalid file' );
alert( 'Invalid file (Bad extension)' );
break;
default:
alert( 'Error on file upload. Error number: ' + errorNumber );

20
htdocs/core/filemanagerdol/connectors/php/commands.php
View File

@ -203,12 +203,17 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
$oFile = isset($_FILES['NewFile']) ? $_FILES['NewFile'] : $_FILES['upload'];
// $resourceType should be 'Image';
$detectHtml = 0;
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
// Get the uploaded file name.
$sFileName = $oFile['name'];
$sFileName = SanitizeFileName($sFileName);
//$sFileName = SanitizeFileName($sFileName);
$sFileName = dol_sanitizeFileName($sFileName);
$sOriginalFileName = $sFileName;
@ -216,6 +221,8 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
$sExtension = substr($sFileName, (strrpos($sFileName, '.') + 1));
$sExtension = strtolower($sExtension);
//var_dump($Config);
/*
if (isset($Config['SecureImageUploads'])) {
if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
$sErrorNumber = '202';
@ -228,6 +235,14 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
$sErrorNumber = '202';
}
}
*/
include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
$isImageValid = image_format_supported($sFileName) > 0 ? true : false;
if (!$isImageValid) {
$sErrorNumber = '202';
}
// Check if it is an allowed extension.
if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
@ -241,7 +256,8 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
$sFileName = RemoveExtension($sOriginalFileName).'('.$iCounter.').'.$sExtension;
$sErrorNumber = '201';
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
dol_move_uploaded_file($oFile['tmp_name'], $sFilePath, 0, 0);
if (is_file($sFilePath)) {
if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {

3
htdocs/core/filemanagerdol/connectors/php/io.php
View File

@ -408,7 +408,8 @@ EOF;
}
$rpl = array('\\' => '\\\\', '"' => '\\"');
echo 'window.parent.OnUploadCompleted('.$errorNumber.',"'.strtr($fileUrl, $rpl).'","'.strtr($fileName, $rpl).'", "'.strtr($customMsg, $rpl).'");';
echo 'console.log('.$errorNumber.');';
echo 'window.parent.OnUploadCompleted('.$errorNumber.', "'.strtr($fileUrl, $rpl).'", "'.strtr($fileName, $rpl).'", "'.strtr($customMsg, $rpl).'");';
echo '</script>';
exit;
}

4
htdocs/core/filemanagerdol/connectors/php/upload.php
View File

@ -22,11 +22,12 @@
* This is the "File Uploader" for PHP.
*/
require 'config.php';
require 'config.php'; // This include the main.inc.php
require 'util.php';
require 'io.php';
require 'commands.php';
/**
* SendError
*
@ -63,6 +64,7 @@ if (!IsAllowedType($sType)) {
}
// @CHANGE
//FileUpload( $sType, $sCurrentFolder, $sCommand )