lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Comment

Browse Source
This commit is contained in:
Laurent Destailleur 2020-02-25 14:59:47 +01:00
parent 9c7debf27f
commit f6014798d9
1 changed files with 36 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
htdocs/api/class/api_documents.class.php
View File

@ -80,7 +80,18 @@ class Documents extends DolibarrApi
//--- Finds and returns the document
$entity = $conf->entity;
$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, DolibarrApiAccess::$user, '', 'read');
// Special cases that need to use get_exdir to get real dir of object
// If future, all object should use this to define path of documents.
/*
$tmpreldir = '';
if ($modulepart == 'supplier_invoice') {
$tmpreldir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier');
}
$relativefile = $tmpreldir.dol_sanitizeFileName($object->ref); */
$relativefile = $original_file;
$check_access = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, '', 'read');
$accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
$original_file = $check_access['original_file'];
@ -146,7 +157,18 @@ class Documents extends DolibarrApi
//--- Finds and returns the document
$entity = $conf->entity;
$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, DolibarrApiAccess::$user, '', 'write');
// Special cases that need to use get_exdir to get real dir of object
// If future, all object should use this to define path of documents.
/*
$tmpreldir = '';
if ($modulepart == 'supplier_invoice') {
$tmpreldir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier');
}
$relativefile = $tmpreldir.dol_sanitizeFileName($object->ref); */
$relativefile = $original_file;
$check_access = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, '', 'write');
$accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
$original_file = $check_access['original_file'];
@ -696,7 +718,18 @@ class Documents extends DolibarrApi
//--- Finds and returns the document
$entity = $conf->entity;
$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, DolibarrApiAccess::$user, '', 'read');
// Special cases that need to use get_exdir to get real dir of object
// If future, all object should use this to define path of documents.
/*
$tmpreldir = '';
if ($modulepart == 'supplier_invoice') {
$tmpreldir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier');
}
$relativefile = $tmpreldir.dol_sanitizeFileName($object->ref); */
$relativefile = $original_file;
$check_access = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, '', 'read');
$accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
$original_file = $check_access['original_file'];