diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php
index a4060634ff9..7f258f8f30e 100644
--- a/htdocs/admin/system/security.php
+++ b/htdocs/admin/system/security.php
@@ -217,7 +217,7 @@ print '
';
print '$dolibarr_nocsrfcheck: '.$dolibarr_nocsrfcheck;
if (!empty($dolibarr_nocsrfcheck)) {
- print img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 0);
+ print ' '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 0);
}
print '
';
@@ -234,16 +234,18 @@ print '
';
print '
';
print '
';
print '
';
-print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup"), '', 'folder');
+print load_fiche_titre($langs->trans("Menu").' '.$langs->trans("SecuritySetup").' + '.$langs->trans("OtherSetup"), '', 'folder');
//print ''.$langs->trans("PasswordEncryption").': ';
print 'MAIN_SECURITY_HASH_ALGO = '.(empty($conf->global->MAIN_SECURITY_HASH_ALGO) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_HASH_ALGO)." ";
if (empty($conf->global->MAIN_SECURITY_HASH_ALGO)) {
print ' If unset: \'md5\'';
}
-print '
';
if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') {
- print 'MAIN_SECURITY_SALT = '.(empty($conf->global->MAIN_SECURITY_SALT) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_SALT).'
';
+ print '
MAIN_SECURITY_SALT = '.(empty($conf->global->MAIN_SECURITY_SALT) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_SALT).'
';
+} else {
+ print '('.$langs->trans("Recommanded").': password_hash)';
+ print '
';
}
if ($conf->global->MAIN_SECURITY_HASH_ALGO != 'password_hash') {
print 'The recommanded value for MAIN_SECURITY_HASH_ALGO is now \'password_hash\' but setting it now will make ALL existing passwords of all users not valid, so update is not possible.
';
@@ -259,18 +261,20 @@ print '
';
print 'MAIN_SECURITY_ANTI_SSRF_SERVER_IP = '.(empty($conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP) ? ''.$langs->trans("Undefined").'' : $conf->global->MAIN_SECURITY_ANTI_SSRF_SERVER_IP)."
";
print '
';
+print 'MAIN_ALLOW_SVG_FILES_AS_IMAGES = '.(empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES) ? '0 ('.$langs->trans("Recommanded").': 0)' : $conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)."
";
+print '
';
print 'MAIN_EXEC_USE_POPEN = ';
if (empty($conf->global->MAIN_EXEC_USE_POPEN)) {
- print ''.$langs->trans("Undefined").' ';
+ print ''.$langs->trans("Undefined").'';
} else {
- print $conf->global->MAIN_EXEC_USE_POPEN.' ';
+ print $conf->global->MAIN_EXEC_USE_POPEN;
}
if ($execmethod == 1) {
- print ' --> "exec" PHP method will be used for shell commands.';
+ print ' ("exec" PHP method will be used for shell commands)';
}
if ($execmethod == 2) {
- print ' --> "popen" PHP method will be used for shell commands.';
+ print ' ("popen" PHP method will be used for shell commands)';
}
print "
";
print '
';
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 57bbbe3a029..ea9692f2864 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -8193,41 +8193,47 @@ class Form
if ($modulepart == 'societe') {
$dir = $conf->societe->multidir_output[$entity];
if (!empty($object->logo)) {
- if ((string) $imagesize == 'mini') {
- $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_mini'); // getImageFileNameForSize include the thumbs
- } elseif ((string) $imagesize == 'small') {
- $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_small');
- } else {
- $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo;
+ if (dolIsAllowedForPreview($object->logo)) {
+ if ((string) $imagesize == 'mini') {
+ $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_mini'); // getImageFileNameForSize include the thumbs
+ } elseif ((string) $imagesize == 'small') {
+ $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.getImageFileNameForSize($object->logo, '_small');
+ } else {
+ $file = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo;
+ }
+ $originalfile = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo;
}
- $originalfile = get_exdir(0, 0, 0, 0, $object, 'thirdparty').'logos/'.$object->logo;
}
$email = $object->email;
} elseif ($modulepart == 'contact') {
$dir = $conf->societe->multidir_output[$entity].'/contact';
if (!empty($object->photo)) {
- if ((string) $imagesize == 'mini') {
- $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_mini');
- } elseif ((string) $imagesize == 'small') {
- $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_small');
- } else {
- $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo;
+ if (dolIsAllowedForPreview($object->logo)) {
+ if ((string) $imagesize == 'mini') {
+ $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_mini');
+ } elseif ((string) $imagesize == 'small') {
+ $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.getImageFileNameForSize($object->photo, '_small');
+ } else {
+ $file = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo;
+ }
+ $originalfile = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo;
}
- $originalfile = get_exdir(0, 0, 0, 0, $object, 'contact').'photos/'.$object->photo;
}
$email = $object->email;
$capture = 'user';
} elseif ($modulepart == 'userphoto') {
$dir = $conf->user->dir_output;
if (!empty($object->photo)) {
- if ((string) $imagesize == 'mini') {
- $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_mini');
- } elseif ((string) $imagesize == 'small') {
- $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_small');
- } else {
- $file = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo;
+ if (dolIsAllowedForPreview($object->logo)) {
+ if ((string) $imagesize == 'mini') {
+ $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_mini');
+ } elseif ((string) $imagesize == 'small') {
+ $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_small');
+ } else {
+ $file = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo;
+ }
+ $originalfile = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo;
}
- $originalfile = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo;
}
if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
$altfile = $object->id.".jpg"; // For backward compatibility
@@ -8237,14 +8243,16 @@ class Form
} elseif ($modulepart == 'memberphoto') {
$dir = $conf->adherent->dir_output;
if (!empty($object->photo)) {
- if ((string) $imagesize == 'mini') {
- $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_mini');
- } elseif ((string) $imagesize == 'small') {
- $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_small');
- } else {
- $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo;
+ if (dolIsAllowedForPreview($object->logo)) {
+ if ((string) $imagesize == 'mini') {
+ $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_mini');
+ } elseif ((string) $imagesize == 'small') {
+ $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.getImageFileNameForSize($object->photo, '_small');
+ } else {
+ $file = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo;
+ }
+ $originalfile = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo;
}
- $originalfile = get_exdir(0, 0, 0, 0, $object, 'member').'photos/'.$object->photo;
}
if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
$altfile = $object->id.".jpg"; // For backward compatibility
@@ -8255,14 +8263,16 @@ class Form
// Generic case to show photos
$dir = $conf->$modulepart->dir_output;
if (!empty($object->photo)) {
- if ((string) $imagesize == 'mini') {
- $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_mini');
- } elseif ((string) $imagesize == 'small') {
- $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_small');
- } else {
- $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo;
+ if (dolIsAllowedForPreview($object->logo)) {
+ if ((string) $imagesize == 'mini') {
+ $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_mini');
+ } elseif ((string) $imagesize == 'small') {
+ $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.getImageFileNameForSize($object->photo, '_small');
+ } else {
+ $file = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo;
+ }
+ $originalfile = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo;
}
- $originalfile = get_exdir($id, 2, 0, 0, $object, $modulepart).'photos/'.$object->photo;
}
if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
$altfile = $object->id.".jpg"; // For backward compatibility