dolibarr/htdocs/api/class/api_documents.class.php

<?php
/* Copyright (C) 2016   Xebax Christy           <xebax@wanadoo.fr>
 * Copyright (C) 2016	Laurent Destailleur		<eldy@users.sourceforge.net>
 * Copyright (C) 2016   Jean-François Ferry     <jfefe@aternatik.fr>
 *
 * This program is free software you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

use Luracast\Restler\RestException;
use Luracast\Restler\Format\UploadFormat;


require_once DOL_DOCUMENT_ROOT.'/main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';

/**
 * API class for receive files
 *
 * @access protected
 * @class Documents {@requires user,external}
 */
class Documents extends DolibarrApi
{

    /**
     * @var array   $DOCUMENT_FIELDS     Mandatory fields, checked when create and update object
     */
    static $DOCUMENT_FIELDS = array(
        'modulepart'
    );

    /**
     * Constructor
     */
    function __construct()
    {
        global $db;
        $this->db = $db;
    }

    
    /**
     * Returns a document.
     *
     * @param   string  $module_part    Name of module or area concerned by file download ('facture', ...)
     * @param   string  $ref            Reference of object (This will define subdir automatically)
     * @param   string  $subdir         NOT YET AVAILABLE : Subdirectory (Only if ref not provided)
     * @return  array                   List of documents
     *
     * @throws 500
     * @throws 501
     * @throws 400
     * @throws 401
     * @throws 200
     */
    public function index($module_part, $ref='', $subdir='') {
	global $conf;
	$this->invoice = new Facture($this->db);

	if (empty($module_part)) {
            throw new RestException(400, 'bad value for parameter modulepart');
	}
        if (empty($ref) && empty($subdir)) {
            throw new RestException(400, 'bad value for parameter ref or subdir');
        }
        if (empty($ref)) {
            throw new RestException(501, 'FeatureNotYetAvailable');
        }
	if (!DolibarrApiAccess::$user->rights->ecm->read) {
            throw new RestException(401);
        }
	
	//--- Generates the document
	$hidedetails = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 0 : 1;
	$hidedesc = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 0 : 1;
	$hideref = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 0 : 1;
	$result = $this->invoice->fetch(0, $ref);
        if( ! $result ) {
            throw new RestException(404, 'Invoice not found');
        }
	$result = $this->invoice->generateDocument($this->invoice->modelpdf, $outputlangs, $hidedetails, $hidedesc, $hideref);
        if( $result <= 0 ) {
            throw new RestException(500, 'Error generating document');
        }


	//--- Finds and returns the document
	$original_file = str_replace("../","/", $ref.'/'.$ref.'.pdf');
	$refname=basename(dirname($original_file)."/");
	$entity=$conf->entity;

	$check_access = dol_check_secure_access_document($module_part,$original_file,$entity,DolibarrApiAccess::$user);
	$accessallowed              = $check_access['accessallowed'];
	$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
	$original_file              = $check_access['original_file'];

	if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
	{
	    throw new RestException(401);
	}
        if (!$accessallowed) {
            throw new RestException(401);
        }


	$filename = basename($original_file);
	$original_file_osencoded=dol_osencode($original_file);	// New file name encoded in OS encoding charset

	if (! file_exists($original_file_osencoded))
	{
	    throw new RestException(404, 'File not found');
	}

	$file_content=file_get_contents($original_file_osencoded);
        return array('filename'=>$filename, 'content'=>base64_encode($file_content), 'encoding'=>'MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)' );
    }
    
    
    /**
     * Return a document.
     *
     * @param   int         $id          ID of document
     * @return  array                    Array with data of file
     *
     * @throws RestException
     */
    /*
    public function get($id) {
        return array('note'=>'xxx');
    }*/
    
    
    /**
     * Push a file. 
     * Test sample 1: { "filename": "mynewfile.txt", "modulepart": "facture", "ref": "FA1701-001", "subdir": "", "filecontent": "content text", "fileencoding": "", "overwriteifexists": "0" }.
     * Test sample 2: { "filename": "mynewfile.txt", "modulepart": "medias", "ref": "", "subdir": "mysubdir1/mysubdir2", "filecontent": "content text", "fileencoding": "", "overwriteifexists": "0" }.
     *
     * @param   string  $filename           Name of file to create ('FA1705-0123')
     * @param   string  $modulepart         Name of module or area concerned by file upload ('facture', ...)
     * @param   string  $ref                Reference of object (This will define subdir automatically and store submited file into it)
     * @param   string  $subdir             Subdirectory (Only if ref not provided)
     * @param   string  $filecontent        File content (string with file content. An empty file will be created if this parameter is not provided)
     * @param   string  $fileencoding       File encoding (''=no encoding, 'base64'=Base 64)
     * @param   int 	$overwriteifexists  Overwrite file if exists (1 by default)
     * @return  bool     				    State of copy
     * @throws RestException
     */
    public function post($filename, $modulepart, $ref='', $subdir='', $filecontent='', $fileencoding='', $overwriteifexists=0)
    {
        global $db, $conf;
        
        /*var_dump($modulepart);
        var_dump($filename);
        var_dump($filecontent);
        exit;*/
        
        require_once DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php';

        if (!DolibarrApiAccess::$user->rights->ecm->upload) {
            throw new RestException(401);
        }

        $newfilecontent = '';
        if (empty($fileencoding)) $newfilecontent = $filecontent;
        if ($fileencoding == 'base64') $newfilecontent = base64_decode($filecontent);

		$original_file = dol_sanitizeFileName($filename);

		// Define $uploadir
		$object = null;
		$entity = $user->entity;
		if ($ref)
		{
    		if ($modulepart == 'facture' || $modulepart == 'invoice')
    		{
    		    $modulepart='facture';
    		    $object=new Facture($db);
    		    $result = $object->fetch('', $ref);
    		}
    		
    		if (! ($object->id > 0))
    		{
   		        throw new RestException(500, 'The object '.$modulepart." with ref '".$ref."' was not found.");
    		}

    		$tmp = dol_check_secure_access_document($modulepart, $tmpreldir.$object->ref, $entity, DolibarrApiAccess::$user, $ref, 'write');
    		$upload_dir = $tmp['original_file'];
    		
    		if (empty($upload_dir) || $upload_dir == '/')
    		{
    		    throw new RestException(500, 'This value of modulepart does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');
    		}
		}
		else
		{
		    if ($modulepart == 'invoice') $modulepart ='facture';
		    
		    $tmp = dol_check_secure_access_document($modulepart, $subdir, $entity, DolibarrApiAccess::$user, '', 'write');
    		$upload_dir = $tmp['original_file'];

		    if (empty($upload_dir) || $upload_dir == '/')
    		{
    		    throw new RestException(500, 'This value of modulepart does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');
    		}
		}
		
		
		$upload_dir = dol_sanitizePathName($upload_dir);
		
		$destfile = $upload_dir . '/' . $original_file;
		$destfiletmp = DOL_DATA_ROOT.'/admin/temp/' . $original_file;
		dol_delete_file($destfiletmp);
		
        if (!dol_is_dir($upload_dir)) {
            throw new RestException(401,'Directory not exists : '.$upload_dir);
        }

        if (! $overwriteifexists && dol_is_file($destfile))
        {
            throw new RestException(500, "File with name '".$original_file."' already exists.");
        }
        
        $fhandle = @fopen($destfiletmp, 'w');
        if ($fhandle)
        {
            $nbofbyteswrote = fwrite($fhandle, $newfilecontent);
            fclose($fhandle);
            @chmod($destfiletmp, octdec($conf->global->MAIN_UMASK));
        }
        else
        {
            throw new RestException(500, "Failed to open file '".$destfiletmp."' for write");
        }
        
        $result = dol_move($destfiletmp, $destfile, 0, $overwriteifexists, 1);
        
        return $result;
    }

    /**
     * Validate fields before create or update object
     *
     * @param   array           $data   Array with data to verify
     * @return  array
     * @throws  RestException
     */
    function _validate_file($data) {
        $result = array();
        foreach (Documents::$DOCUMENT_FIELDS as $field) {
            if (!isset($data[$field]))
                throw new RestException(400, "$field field missing");
            $result[$field] = $data[$field];
        }
        return $result;
    }
}
API can receive documents 2016-12-12 15:19:47 +01:00			`<?php`
			`/* Copyright (C) 2016 Xebax Christy <xebax@wanadoo.fr>`
			`* Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>`
			`* Copyright (C) 2016 Jean-François Ferry <jfefe@aternatik.fr>`
			`*`
			`* This program is free software you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation; either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

			`use Luracast\Restler\RestException;`
			`use Luracast\Restler\Format\UploadFormat;`


			`require_once DOL_DOCUMENT_ROOT.'/main.inc.php';`
NEW Download a document using the REST API Adds the ability to download a document using the REST API The document is sent in a base64 encoded format. The API will return : { "filename": "CO1709-0002.pdf", "content": "JVBERi0xLjMKJ...", "encoding": "MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)" } 2017-09-28 12:14:49 +02:00			`require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';`
NEW Generates the document before downloading using REST API Generates the document before downloading using REST API 2017-10-04 15:59:54 +02:00			`require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';`
API can receive documents 2016-12-12 15:19:47 +01:00
			`/**`
			`* API class for receive files`
			`*`
			`* @access protected`
			`* @class Documents {@requires user,external}`
			`*/`
			`class Documents extends DolibarrApi`
			`{`

			`/**`
			`* @var array $DOCUMENT_FIELDS Mandatory fields, checked when create and update object`
			`*/`
			`static $DOCUMENT_FIELDS = array(`
PHP7 compatibility 2017-05-22 10:40:24 +02:00			`'modulepart'`
API can receive documents 2016-12-12 15:19:47 +01:00			`);`

			`/**`
			`* Constructor`
			`*/`
			`function __construct()`
			`{`
			`global $db;`
			`$this->db = $db;`
			`}`

PHP7 compatibility 2017-05-22 10:40:24 +02:00
API can receive documents 2016-12-12 15:19:47 +01:00			`/**`
NEW Generates the document before downloading using REST API Generates the document before downloading using REST API 2017-10-04 15:59:54 +02:00			`* Returns a document.`
PHP7 compatibility 2017-05-22 10:40:24 +02:00			`*`
			`* @param string $module_part Name of module or area concerned by file download ('facture', ...)`
			`* @param string $ref Reference of object (This will define subdir automatically)`
NEW Download a document using the REST API Adds the ability to download a document using the REST API The document is sent in a base64 encoded format. The API will return : { "filename": "CO1709-0002.pdf", "content": "JVBERi0xLjMKJ...", "encoding": "MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)" } 2017-09-28 12:14:49 +02:00			`* @param string $subdir NOT YET AVAILABLE : Subdirectory (Only if ref not provided)`
PHP7 compatibility 2017-05-22 10:40:24 +02:00			`* @return array List of documents`
API can receive documents 2016-12-12 15:19:47 +01:00			`*`
NEW Generates the document before downloading using REST API Generates the document before downloading using REST API 2017-10-04 15:59:54 +02:00			`* @throws 500`
			`* @throws 501`
NEW Download a document using the REST API Adds the ability to download a document using the REST API The document is sent in a base64 encoded format. The API will return : { "filename": "CO1709-0002.pdf", "content": "JVBERi0xLjMKJ...", "encoding": "MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)" } 2017-09-28 12:14:49 +02:00			`* @throws 400`
			`* @throws 401`
NEW Generates the document before downloading using REST API Generates the document before downloading using REST API 2017-10-04 15:59:54 +02:00			`* @throws 200`
API can receive documents 2016-12-12 15:19:47 +01:00			`*/`
PHP7 compatibility 2017-05-22 10:40:24 +02:00			`public function index($module_part, $ref='', $subdir='') {`
NEW Download a document using the REST API Adds the ability to download a document using the REST API The document is sent in a base64 encoded format. The API will return : { "filename": "CO1709-0002.pdf", "content": "JVBERi0xLjMKJ...", "encoding": "MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)" } 2017-09-28 12:14:49 +02:00			`global $conf;`
NEW Generates the document before downloading using REST API Generates the document before downloading using REST API 2017-10-04 15:59:54 +02:00			`$this->invoice = new Facture($this->db);`
NEW Download a document using the REST API Adds the ability to download a document using the REST API The document is sent in a base64 encoded format. The API will return : { "filename": "CO1709-0002.pdf", "content": "JVBERi0xLjMKJ...", "encoding": "MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)" } 2017-09-28 12:14:49 +02:00
			`if (empty($module_part)) {`
			`throw new RestException(400, 'bad value for parameter modulepart');`
			`}`
			`if (empty($ref) && empty($subdir)) {`
			`throw new RestException(400, 'bad value for parameter ref or subdir');`
			`}`
			`if (empty($ref)) {`
NEW Generates the document before downloading using REST API Generates the document before downloading using REST API 2017-10-04 15:59:54 +02:00			`throw new RestException(501, 'FeatureNotYetAvailable');`
NEW Download a document using the REST API Adds the ability to download a document using the REST API The document is sent in a base64 encoded format. The API will return : { "filename": "CO1709-0002.pdf", "content": "JVBERi0xLjMKJ...", "encoding": "MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)" } 2017-09-28 12:14:49 +02:00			`}`
			`if (!DolibarrApiAccess::$user->rights->ecm->read) {`
			`throw new RestException(401);`
			`}`
NEW Generates the document before downloading using REST API Generates the document before downloading using REST API 2017-10-04 15:59:54 +02:00
			`//--- Generates the document`
			`$hidedetails = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 0 : 1;`
			`$hidedesc = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 0 : 1;`
			`$hideref = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 0 : 1;`
			`$result = $this->invoice->fetch(0, $ref);`
			`if( ! $result ) {`
			`throw new RestException(404, 'Invoice not found');`
			`}`
			`$result = $this->invoice->generateDocument($this->invoice->modelpdf, $outputlangs, $hidedetails, $hidedesc, $hideref);`
			`if( $result <= 0 ) {`
			`throw new RestException(500, 'Error generating document');`
			`}`


NEW Download a document using the REST API Adds the ability to download a document using the REST API The document is sent in a base64 encoded format. The API will return : { "filename": "CO1709-0002.pdf", "content": "JVBERi0xLjMKJ...", "encoding": "MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)" } 2017-09-28 12:14:49 +02:00
NEW Generates the document before downloading using REST API Generates the document before downloading using REST API 2017-10-04 15:59:54 +02:00			`//--- Finds and returns the document`
NEW Download a document using the REST API Adds the ability to download a document using the REST API The document is sent in a base64 encoded format. The API will return : { "filename": "CO1709-0002.pdf", "content": "JVBERi0xLjMKJ...", "encoding": "MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)" } 2017-09-28 12:14:49 +02:00			`$original_file = str_replace("../","/", $ref.'/'.$ref.'.pdf');`
			`$refname=basename(dirname($original_file)."/");`
			`$entity=$conf->entity;`

			`$check_access = dol_check_secure_access_document($module_part,$original_file,$entity,DolibarrApiAccess::$user);`
			`$accessallowed = $check_access['accessallowed'];`
			`$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];`
			`$original_file = $check_access['original_file'];`

			`if (preg_match('/\.\./',$original_file) \|\| preg_match('/[<>\|]/',$original_file))`
			`{`
			`throw new RestException(401);`
			`}`
			`if (!$accessallowed) {`
			`throw new RestException(401);`
			`}`


			`$filename = basename($original_file);`
			`$original_file_osencoded=dol_osencode($original_file); // New file name encoded in OS encoding charset`

			`if (! file_exists($original_file_osencoded))`
			`{`
			`throw new RestException(404, 'File not found');`
			`}`

			`$file_content=file_get_contents($original_file_osencoded);`
			`return array('filename'=>$filename, 'content'=>base64_encode($file_content), 'encoding'=>'MIME base64 (base64_encode php function, http://php.net/manual/en/function.base64-encode.php)' );`
Fix php7 compatibility 2017-05-22 10:07:29 +02:00			`}`
PHP7 compatibility 2017-05-22 10:40:24 +02:00

			`/**`
			`* Return a document.`
			`*`
			`* @param int $id ID of document`
			`* @return array Array with data of file`
			`*`
			`* @throws RestException`
			`*/`
			`/*`
			`public function get($id) {`
			`return array('note'=>'xxx');`
			`}*/`


API can receive documents 2016-12-12 15:19:47 +01:00			`/**`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`* Push a file.`
More powerfull dol_move function. 2017-05-21 14:06:43 +02:00			`* Test sample 1: { "filename": "mynewfile.txt", "modulepart": "facture", "ref": "FA1701-001", "subdir": "", "filecontent": "content text", "fileencoding": "", "overwriteifexists": "0" }.`
			`* Test sample 2: { "filename": "mynewfile.txt", "modulepart": "medias", "ref": "", "subdir": "mysubdir1/mysubdir2", "filecontent": "content text", "fileencoding": "", "overwriteifexists": "0" }.`
API can receive documents 2016-12-12 15:19:47 +01:00			`*`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`* @param string $filename Name of file to create ('FA1705-0123')`
Use dolibarr security checks before uploading a file. 2017-05-20 16:15:06 +02:00			`* @param string $modulepart Name of module or area concerned by file upload ('facture', ...)`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`* @param string $ref Reference of object (This will define subdir automatically and store submited file into it)`
Use dolibarr security checks before uploading a file. 2017-05-20 16:15:06 +02:00			`* @param string $subdir Subdirectory (Only if ref not provided)`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`* @param string $filecontent File content (string with file content. An empty file will be created if this parameter is not provided)`
			`* @param string $fileencoding File encoding (''=no encoding, 'base64'=Base 64)`
More powerfull dol_move function. 2017-05-21 14:06:43 +02:00			`* @param int $overwriteifexists Overwrite file if exists (1 by default)`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`* @return bool State of copy`
API can receive documents 2016-12-12 15:19:47 +01:00			`* @throws RestException`
			`*/`
More powerfull dol_move function. 2017-05-21 14:06:43 +02:00			`public function post($filename, $modulepart, $ref='', $subdir='', $filecontent='', $fileencoding='', $overwriteifexists=0)`
			`{`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`global $db, $conf;`

			`/*var_dump($modulepart);`
			`var_dump($filename);`
			`var_dump($filecontent);`
			`exit;*/`
API can receive documents 2016-12-12 15:19:47 +01:00
			`require_once DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php';`

			`if (!DolibarrApiAccess::$user->rights->ecm->upload) {`
			`throw new RestException(401);`
			`}`

NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`$newfilecontent = '';`
			`if (empty($fileencoding)) $newfilecontent = $filecontent;`
			`if ($fileencoding == 'base64') $newfilecontent = base64_decode($filecontent);`
API can receive documents 2016-12-12 15:19:47 +01:00
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`$original_file = dol_sanitizeFileName($filename);`
API can receive documents 2016-12-12 15:19:47 +01:00
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`// Define $uploadir`
			`$object = null;`
			`$entity = $user->entity;`
			`if ($ref)`
API can receive documents 2016-12-12 15:19:47 +01:00			`{`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`if ($modulepart == 'facture' \|\| $modulepart == 'invoice')`
			`{`
			`$modulepart='facture';`
			`$object=new Facture($db);`
			`$result = $object->fetch('', $ref);`
			`}`

Use dolibarr security checks before uploading a file. 2017-05-20 16:15:06 +02:00			`if (! ($object->id > 0))`
			`{`
			`throw new RestException(500, 'The object '.$modulepart." with ref '".$ref."' was not found.");`
			`}`

			`$tmp = dol_check_secure_access_document($modulepart, $tmpreldir.$object->ref, $entity, DolibarrApiAccess::$user, $ref, 'write');`
			`$upload_dir = $tmp['original_file'];`

NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`if (empty($upload_dir) \|\| $upload_dir == '/')`
			`{`
Use dolibarr security checks before uploading a file. 2017-05-20 16:15:06 +02:00			`throw new RestException(500, 'This value of modulepart does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`}`
API can receive documents 2016-12-12 15:19:47 +01:00			`}`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`else`
API can receive documents 2016-12-12 15:19:47 +01:00			`{`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`if ($modulepart == 'invoice') $modulepart ='facture';`
Use dolibarr security checks before uploading a file. 2017-05-20 16:15:06 +02:00
			`$tmp = dol_check_secure_access_document($modulepart, $subdir, $entity, DolibarrApiAccess::$user, '', 'write');`
			`$upload_dir = $tmp['original_file'];`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00
			`if (empty($upload_dir) \|\| $upload_dir == '/')`
Use dolibarr security checks before uploading a file. 2017-05-20 16:15:06 +02:00			`{`
			`throw new RestException(500, 'This value of modulepart does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');`
			`}`
API can receive documents 2016-12-12 15:19:47 +01:00			`}`
Use dolibarr security checks before uploading a file. 2017-05-20 16:15:06 +02:00

NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`$upload_dir = dol_sanitizePathName($upload_dir);`

More powerfull dol_move function. 2017-05-21 14:06:43 +02:00			`$destfile = $upload_dir . '/' . $original_file;`
			`$destfiletmp = DOL_DATA_ROOT.'/admin/temp/' . $original_file;`
			`dol_delete_file($destfiletmp);`

NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`if (!dol_is_dir($upload_dir)) {`
API can receive documents 2016-12-12 15:19:47 +01:00			`throw new RestException(401,'Directory not exists : '.$upload_dir);`
			`}`

More powerfull dol_move function. 2017-05-21 14:06:43 +02:00			`if (! $overwriteifexists && dol_is_file($destfile))`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`{`
			`throw new RestException(500, "File with name '".$original_file."' already exists.");`
API can receive documents 2016-12-12 15:19:47 +01:00			`}`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00
More powerfull dol_move function. 2017-05-21 14:06:43 +02:00			`$fhandle = @fopen($destfiletmp, 'w');`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`if ($fhandle)`
			`{`
			`$nbofbyteswrote = fwrite($fhandle, $newfilecontent);`
			`fclose($fhandle);`
More powerfull dol_move function. 2017-05-21 14:06:43 +02:00			`@chmod($destfiletmp, octdec($conf->global->MAIN_UMASK));`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`}`
			`else`
			`{`
More powerfull dol_move function. 2017-05-21 14:06:43 +02:00			`throw new RestException(500, "Failed to open file '".$destfiletmp."' for write");`
NEW Add REST API to push a file. 2017-05-20 15:52:36 +02:00			`}`

More powerfull dol_move function. 2017-05-21 14:06:43 +02:00			`$result = dol_move($destfiletmp, $destfile, 0, $overwriteifexists, 1);`

			`return $result;`
API can receive documents 2016-12-12 15:19:47 +01:00			`}`

			`/**`
			`* Validate fields before create or update object`
			`*`
			`* @param array $data Array with data to verify`
			`* @return array`
			`* @throws RestException`
			`*/`
			`function _validate_file($data) {`
			`$result = array();`
			`foreach (Documents::$DOCUMENT_FIELDS as $field) {`
			`if (!isset($data[$field]))`
			`throw new RestException(400, "$field field missing");`
			`$result[$field] = $data[$field];`
			`}`
			`return $result;`
			`}`
			`}`