Fix accept link of local media into email template and user signature
This commit is contained in:
Laurent Destailleur
parent
6d5aa62400
commit
e2d1091358
@ -258,6 +258,39 @@ $permissiontoadd = 1;
|
||||
|
||||
$id = 25;
|
||||
|
||||
// If $acceptlocallinktomedia is true, we can add link media files int email templates (we already can do this into HTML editor of an email).
|
||||
// Note that local link to a file into medias are replaced with a real link by email in CMailFile.class.php with value $urlwithroot defined like this:
|
||||
// $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
|
||||
// $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
|
||||
$acceptlocallinktomedia = getDolGlobalInt('MAIN_DISALLOW_MEDIAS_IN_EMAIL_TEMPLATES') ? 0 : 1;
|
||||
if ($acceptlocallinktomedia) {
|
||||
global $dolibarr_main_url_root;
|
||||
$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
|
||||
|
||||
// Parse $newUrl
|
||||
$newUrlArray = parse_url($urlwithouturlroot);
|
||||
$hosttocheck = $newUrlArray['host'];
|
||||
$hosttocheck = str_replace(array('[', ']'), '', $hosttocheck); // Remove brackets of IPv6
|
||||
|
||||
if (function_exists('gethostbyname')) {
|
||||
$iptocheck = gethostbyname($hosttocheck);
|
||||
} else {
|
||||
$iptocheck = $hosttocheck;
|
||||
}
|
||||
|
||||
//var_dump($iptocheck.' '.$acceptlocallinktomedia);
|
||||
if (!filter_var($iptocheck, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
|
||||
// If ip of public url is an private network IP, we do not allow this.
|
||||
$acceptlocallinktomedia = 0;
|
||||
// TODO Show a warning
|
||||
}
|
||||
|
||||
if (preg_match('/http:/i', $urlwithouturlroot)) {
|
||||
// If public url is not a https, we do not allow to add medias link. It will generate security alerts when email will be sent.
|
||||
$acceptlocallinktomedia = 0;
|
||||
// TODO Show a warning
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
@ -828,7 +861,8 @@ if ($action == 'create') {
|
||||
if (empty($conf->global->FCKEDITOR_ENABLE_MAIL)) {
|
||||
$okforextended = false;
|
||||
}
|
||||
$doleditor = new DolEditor($tmpfieldlist, (!empty($obj->$tmpfieldlist) ? $obj->$tmpfieldlist : ''), '', 180, 'dolibarr_mailings', 'In', 0, true, $okforextended, ROWS_4, '90%');
|
||||
|
||||
$doleditor = new DolEditor($tmpfieldlist, (!empty($obj->$tmpfieldlist) ? $obj->$tmpfieldlist : ''), '', 180, 'dolibarr_mailings', 'In', false, $acceptlocallinktomedia, $okforextended, ROWS_4, '90%');
|
||||
print $doleditor->Create(1);
|
||||
}
|
||||
print '</td>';
|
||||
@ -1061,46 +1095,13 @@ if ($num) {
|
||||
print $form->selectyesno($tmpfieldlist.'-'.$rowid, (isset($obj->$tmpfieldlist) ? $obj->$tmpfieldlist : '0'), 1, false, 0, 1);
|
||||
}
|
||||
|
||||
// If $acceptlocallinktomedia is true, we can add link media files int email templates (we already can do this into HTML editor of an email).
|
||||
// Note that local link to a file into medias are replaced with a real link by email in CMailFile.class.php with value $urlwithroot defined like this:
|
||||
// $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
|
||||
// $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
|
||||
$acceptlocallinktomedia = getDolGlobalInt('MAIN_DISALLOW_MEDIAS_IN_EMAIL_TEMPLATES') ? 0 : 1;
|
||||
if ($acceptlocallinktomedia) {
|
||||
global $dolibarr_main_url_root;
|
||||
$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
|
||||
|
||||
// Parse $newUrl
|
||||
$newUrlArray = parse_url($urlwithouturlroot);
|
||||
$hosttocheck = $newUrlArray['host'];
|
||||
$hosttocheck = str_replace(array('[', ']'), '', $hosttocheck); // Remove brackets of IPv6
|
||||
|
||||
if (function_exists('gethostbyname')) {
|
||||
$iptocheck = gethostbyname($hosttocheck);
|
||||
} else {
|
||||
$iptocheck = $hosttocheck;
|
||||
}
|
||||
|
||||
//var_dump($iptocheck.' '.$acceptlocallinktomedia);
|
||||
if (!filter_var($iptocheck, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
|
||||
// If ip of public url is an private network IP, we do not allow this.
|
||||
$acceptlocallinktomedia = 0;
|
||||
// TODO Show a warning
|
||||
}
|
||||
|
||||
if (preg_match('/http:/i', $urlwithouturlroot)) {
|
||||
// If public url is not a https, we do not allow to add medias link. It will generate security alerts when email will be sent.
|
||||
$acceptlocallinktomedia = 0;
|
||||
// TODO Show a warning
|
||||
}
|
||||
}
|
||||
|
||||
if ($tmpfieldlist == 'content') {
|
||||
print $form->textwithpicto($langs->trans("Content"), $tabhelp[$id][$tmpfieldlist], 1, 'help', '', 0, 2, $tmpfieldlist).'<br>';
|
||||
$okforextended = true;
|
||||
if (empty($conf->global->FCKEDITOR_ENABLE_MAIL)) {
|
||||
$okforextended = false;
|
||||
}
|
||||
|
||||
$doleditor = new DolEditor($tmpfieldlist.'-'.$rowid, (!empty($obj->{$tmpfieldlist}) ? $obj->{$tmpfieldlist} : ''), '', 500, 'dolibarr_mailings', 'In', 0, $acceptlocallinktomedia, $okforextended, ROWS_6, '90%');
|
||||
print $doleditor->Create(1);
|
||||
}
|
||||
|
||||
@ -60,7 +60,7 @@ class DolEditor
|
||||
* 'In' = each window has its own toolbar
|
||||
* 'Out:name' = share toolbar into the div called 'name'
|
||||
* @param boolean $toolbarstartexpanded Bar is visible or not at start
|
||||
* @param boolean $uselocalbrowser Enabled to add links to local object with local browser. If false, only external images can be added in content.
|
||||
* @param boolean|int $uselocalbrowser Enabled to add links to local object with local browser. If false, only external images can be added in content.
|
||||
* @param boolean|string $okforextendededitor True=Allow usage of extended editor tool if qualified (like ckeditor). If 'textarea', force use of simple textarea. If 'ace', force use of Ace.
|
||||
* Warning: If you use 'ace', don't forget to also include ace.js in page header. Also, the button "save" must have class="buttonforacesave".
|
||||
* @param int $rows Size of rows for textarea tool
|
||||
|
||||
@ -286,8 +286,6 @@ function CreateFolder($resourceType, $currentFolder)
|
||||
echo '<Error number="'.$sErrorNumber.'" />';
|
||||
}
|
||||
|
||||
// @CHANGE
|
||||
//function FileUpload( $resourceType, $currentFolder, $sCommand )
|
||||
/**
|
||||
* FileUpload
|
||||
*
|
||||
@ -299,6 +297,8 @@ function CreateFolder($resourceType, $currentFolder)
|
||||
*/
|
||||
function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
|
||||
{
|
||||
global $user;
|
||||
|
||||
if (!isset($_FILES)) {
|
||||
global $_FILES;
|
||||
}
|
||||
@ -328,22 +328,11 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
|
||||
$sExtension = substr($sFileName, (strrpos($sFileName, '.') + 1));
|
||||
$sExtension = strtolower($sExtension);
|
||||
|
||||
//var_dump($Config);
|
||||
/*
|
||||
if (isset($Config['SecureImageUploads'])) {
|
||||
if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
|
||||
$sErrorNumber = '202';
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($Config['HtmlExtensions'])) {
|
||||
if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) &&
|
||||
($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
|
||||
$sErrorNumber = '202';
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
// Check permission
|
||||
if (!$user->hasRight('website', 'write') && !$user->hasRight('mailing', 'write') || !empty($user->socid)) {
|
||||
dol_syslog("connector.lib.php Try to upload a file with no permission");
|
||||
$sErrorNumber = '202';
|
||||
}
|
||||
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
|
||||
//var_dump($sFileName); var_dump(image_format_supported($sFileName));exit;
|
||||
|
||||
@ -125,6 +125,40 @@ $hookmanager->initHooks(array('usercard', 'globalcard'));
|
||||
|
||||
$error = 0;
|
||||
|
||||
// If $acceptlocallinktomedia is true, we can add link media files int email templates (we already can do this into HTML editor of an email).
|
||||
// Note that local link to a file into medias are replaced with a real link by email in CMailFile.class.php with value $urlwithroot defined like this:
|
||||
// $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
|
||||
// $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
|
||||
$acceptlocallinktomedia = getDolGlobalInt('MAIN_DISALLOW_MEDIAS_IN_EMAIL_TEMPLATES') ? 0 : 1;
|
||||
if ($acceptlocallinktomedia) {
|
||||
global $dolibarr_main_url_root;
|
||||
$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
|
||||
|
||||
// Parse $newUrl
|
||||
$newUrlArray = parse_url($urlwithouturlroot);
|
||||
$hosttocheck = $newUrlArray['host'];
|
||||
$hosttocheck = str_replace(array('[', ']'), '', $hosttocheck); // Remove brackets of IPv6
|
||||
|
||||
if (function_exists('gethostbyname')) {
|
||||
$iptocheck = gethostbyname($hosttocheck);
|
||||
} else {
|
||||
$iptocheck = $hosttocheck;
|
||||
}
|
||||
|
||||
//var_dump($iptocheck.' '.$acceptlocallinktomedia);
|
||||
if (!filter_var($iptocheck, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
|
||||
// If ip of public url is an private network IP, we do not allow this.
|
||||
$acceptlocallinktomedia = 0;
|
||||
// TODO Show a warning
|
||||
}
|
||||
|
||||
if (preg_match('/http:/i', $urlwithouturlroot)) {
|
||||
// If public url is not a https, we do not allow to add medias link. It will generate security alerts when email will be sent.
|
||||
$acceptlocallinktomedia = 0;
|
||||
// TODO Show a warning
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Actions
|
||||
@ -1212,7 +1246,8 @@ if ($action == 'create' || $action == 'adduserldap') {
|
||||
print '<tr><td class="tdtop">'.$langs->trans("Signature").'</td>';
|
||||
print '<td class="wordbreak">';
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
|
||||
$doleditor = new DolEditor('signature', GETPOST('signature', 'restricthtml'), '', 138, 'dolibarr_notes', 'In', true, true, empty($conf->global->FCKEDITOR_ENABLE_USERSIGN) ? 0 : 1, ROWS_4, '90%');
|
||||
|
||||
$doleditor = new DolEditor('signature', GETPOST('signature', 'restricthtml'), '', 138, 'dolibarr_notes', 'In', true, $acceptlocallinktomedia, empty($conf->global->FCKEDITOR_ENABLE_USERSIGN) ? 0 : 1, ROWS_4, '90%');
|
||||
print $doleditor->Create(1);
|
||||
print '</td></tr>';
|
||||
|
||||
@ -2699,7 +2734,8 @@ if ($action == 'create' || $action == 'adduserldap') {
|
||||
print '<td>';
|
||||
if ($caneditfield) {
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
|
||||
$doleditor = new DolEditor('signature', $object->signature, '', 138, 'dolibarr_notes', 'In', false, true, empty($conf->global->FCKEDITOR_ENABLE_USERSIGN) ? 0 : 1, ROWS_4, '90%');
|
||||
|
||||
$doleditor = new DolEditor('signature', $object->signature, '', 138, 'dolibarr_notes', 'In', false, $acceptlocallinktomedia, empty($conf->global->FCKEDITOR_ENABLE_USERSIGN) ? 0 : 1, ROWS_4, '90%');
|
||||
print $doleditor->Create(1);
|
||||
} else {
|
||||
print dol_htmlentitiesbr($object->signature);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user