lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '10.0' into 10.0p47

Browse Source
This commit is contained in:
Alexandre SPANGARO 2020-09-19 03:43:05 +02:00
commit d843652052
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/functions.lib.php
View File

@ -7709,7 +7709,7 @@ function getAdvancedPreviewUrl($modulepart, $relativepath, $alldata = 0, $param
if ($alldata == 1)
{
if (isAllowedForPreview) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:''), 'mime'=>dol_mimetype($relativepath), );
if ($isAllowedForPreview) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:''), 'mime'=>dol_mimetype($relativepath), );
else return array();
}

2
htdocs/document.php
View File

@ -160,7 +160,7 @@ $type = 'application/octet-stream'; // By default
if (GETPOST('type', 'alpha')) $type=GETPOST('type', 'alpha');
else $type=dol_mimetype($original_file);
// Security: Force to octet-stream if file is a dangerous file. For example when it is a .noexe file
if (!dolIsAllowedForPreview($original_file)) {
if (!in_array($type, array('text/x-javascript')) && !dolIsAllowedForPreview($original_file)) {
$type = 'application/octet-stream';
}
// Security: Delete string ../ into $original_file