From ebf77e8c921a765fd1897c03d6c2e76fe0976497 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 30 May 2012 04:11:00 +0200 Subject: [PATCH] A better fix to remove files from document list --- htdocs/document.php | 6 +++--- htdocs/viewimage.php | 8 +++++++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/htdocs/document.php b/htdocs/document.php index 91a4c8c714e..429ae2c53e8 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -483,7 +483,7 @@ if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file)) exit; } -/* +// TODO Remove this. Some part of code still use it. if ($action == 'remove_file') // Remove a file { clearstatcache(); @@ -508,7 +508,7 @@ if ($action == 'remove_file') // Remove a file return; } else // Open and return file -{*/ +{ clearstatcache(); $filename = basename($original_file); @@ -540,6 +540,6 @@ else // Open and return file //flush(); readfile($original_file_osencoded); -//} +} ?> diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index dc30fd53483..418e496ab7c 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -53,7 +53,7 @@ $original_file=GETPOST("file"); $modulepart=GETPOST('modulepart','alpha'); $urlsource=GETPOST("urlsource"); $entity=GETPOST('entity','int'); - +if ($entity == '') $entity=1; // For backward compatibility // Security check if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart'); @@ -212,6 +212,12 @@ if ($modulepart) if ($user->rights->tax->charges->lire) $accessallowed=1; $original_file=$conf->tax->dir_output.'/'.$original_file; } + // Wrapping for products or services + elseif ($modulepart == 'actions') + { + if ($user->rights->agenda->myactions->read) $accessallowed=1; + $original_file=$conf->agenda->dir_output.'/'.$original_file; + } // Wrapping for categories elseif ($modulepart == 'category') {