2004-10-20 23:06:45 +02:00
< ? php
2007-04-13 14:55:55 +02:00
/* Copyright ( C ) 2004 - 2007 Rodolphe Quiedeville < rodolphe @ quiedeville . org >
2012-02-06 14:34:58 +01:00
* Copyright ( C ) 2004 - 2012 Laurent Destailleur < eldy @ users . sourceforge . net >
2005-11-01 16:58:51 +01:00
* Copyright ( C ) 2005 Simon Tosser < simon @ kornog - computing . com >
2012-02-27 17:02:56 +01:00
* Copyright ( C ) 2005 - 2012 Regis Houssin < regis @ dolibarr . fr >
2010-04-21 10:47:58 +02:00
* Copyright ( C ) 2010 Pierre Morin < pierre . morin @ auguria . net >
2010-10-08 18:56:14 +02:00
* Copyright ( C ) 2010 Juanjo Menent < jmenent @ 2 byte . es >
2004-07-12 11:46:13 +02:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 2 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2011-08-01 01:19:04 +02:00
* along with this program . If not , see < http :// www . gnu . org / licenses />.
2004-07-12 11:46:13 +02:00
* or see http :// www . gnu . org /
*/
2007-04-13 14:55:55 +02:00
/**
2008-11-24 21:09:23 +01:00
* \file htdocs / document . php
* \brief Wrapper to download data files
2010-02-28 15:16:46 +01:00
* \remarks Call of this wrapper is made with URL :
2009-02-24 03:41:21 +01:00
* document . php ? modulepart = repfichierconcerne & file = pathrelatifdufichier
2008-11-24 21:09:23 +01:00
*/
2004-12-28 16:02:48 +01:00
2009-12-30 13:09:24 +01:00
define ( 'NOTOKENRENEWAL' , 1 ); // Disables token renewal
2010-01-12 11:26:05 +01:00
// Pour autre que bittorrent, on charge environnement + info issus de logon (comme le user)
2011-04-27 19:10:29 +02:00
if ( isset ( $_GET [ " modulepart " ]) && $_GET [ " modulepart " ] == 'bittorrent' && ! defined ( " NOLOGIN " ))
2010-02-28 15:16:46 +01:00
{
define ( " NOLOGIN " , 1 );
define ( " NOCSRFCHECK " , 1 ); // We accept to go on this page from external web site.
}
2009-12-30 13:09:24 +01:00
if ( ! defined ( 'NOREQUIREMENU' )) define ( 'NOREQUIREMENU' , '1' );
if ( ! defined ( 'NOREQUIREHTML' )) define ( 'NOREQUIREHTML' , '1' );
if ( ! defined ( 'NOREQUIREAJAX' )) define ( 'NOREQUIREAJAX' , '1' );
2009-02-18 18:04:00 +01:00
2011-07-09 02:15:16 +02:00
/**
* Wrapper , donc header vierge
*
* @ return null
*/
2007-11-19 19:34:53 +01:00
function llxHeader () { }
2011-04-27 19:10:29 +02:00
require ( " ./main.inc.php " ); // Load $user and permissions
2011-10-24 12:59:44 +02:00
require_once ( DOL_DOCUMENT_ROOT . '/core/lib/files.lib.php' );
2011-04-27 19:10:29 +02:00
$encoding = '' ;
2012-04-07 10:18:09 +02:00
$action = GETPOST ( 'action' , 'alpha' );
$original_file = GETPOST ( 'file' , 'alpha' ); // Do not use urldecode here ($_GET are already decoded by PHP).
$modulepart = GETPOST ( 'modulepart' , 'alpha' );
$urlsource = GETPOST ( 'urlsource' , 'alpha' );
2012-04-18 01:01:46 +02:00
$entity = GETPOST ( 'entity' ) ? GETPOST ( 'entity' , 'int' ) : $conf -> entity ;
2011-04-27 19:10:29 +02:00
2011-06-15 13:35:33 +02:00
// Security check
if ( empty ( $modulepart )) accessforbidden ( 'Bad value for parameter modulepart' );
2010-12-18 04:27:01 +01:00
/*
2011-04-27 19:10:29 +02:00
* Action
2010-12-18 04:27:01 +01:00
*/
2011-04-27 19:10:29 +02:00
// None
2008-08-04 00:50:32 +02:00
2011-04-27 19:10:29 +02:00
/*
* View
*/
2011-04-26 23:06:45 +02:00
2008-08-04 00:50:32 +02:00
// Define mime type
$type = 'application/octet-stream' ;
2012-02-27 17:02:56 +01:00
if ( GETPOST ( 'type' , 'alpha' )) $type = GETPOST ( 'type' , 'alpha' );
2008-08-04 00:50:32 +02:00
else $type = dol_mimetype ( $original_file );
2009-10-15 04:27:20 +02:00
//print 'X'.$type.'-'.$original_file;exit;
2008-08-04 00:50:32 +02:00
2008-12-27 23:26:09 +01:00
// Define attachment (attachment=true to force choice popup 'open'/'save as')
2006-08-26 15:47:10 +02:00
$attachment = true ;
2009-10-15 04:27:20 +02:00
// Text files
2009-10-24 08:10:00 +02:00
if ( preg_match ( '/\.txt$/i' , $original_file )) { $attachment = false ; }
if ( preg_match ( '/\.csv$/i' , $original_file )) { $attachment = true ; }
if ( preg_match ( '/\.tsv$/i' , $original_file )) { $attachment = true ; }
2009-10-15 04:27:20 +02:00
// Documents MS office
2009-10-24 08:10:00 +02:00
if ( preg_match ( '/\.doc(x)?$/i' , $original_file )) { $attachment = true ; }
if ( preg_match ( '/\.dot(x)?$/i' , $original_file )) { $attachment = true ; }
if ( preg_match ( '/\.mdb$/i' , $original_file )) { $attachment = true ; }
if ( preg_match ( '/\.ppt(x)?$/i' , $original_file )) { $attachment = true ; }
if ( preg_match ( '/\.xls(x)?$/i' , $original_file )) { $attachment = true ; }
2009-10-15 04:27:20 +02:00
// Documents Open office
2009-10-24 08:10:00 +02:00
if ( preg_match ( '/\.odp$/i' , $original_file )) { $attachment = true ; }
if ( preg_match ( '/\.ods$/i' , $original_file )) { $attachment = true ; }
if ( preg_match ( '/\.odt$/i' , $original_file )) { $attachment = true ; }
2009-05-20 13:09:56 +02:00
// Misc
2009-10-24 08:10:00 +02:00
if ( preg_match ( '/\.(html|htm)$/i' , $original_file )) { $attachment = false ; }
if ( preg_match ( '/\.pdf$/i' , $original_file )) { $attachment = true ; }
if ( preg_match ( '/\.sql$/i' , $original_file )) { $attachment = true ; }
2009-05-20 13:09:56 +02:00
// Images
2009-10-24 08:10:00 +02:00
if ( preg_match ( '/\.jpg$/i' , $original_file )) { $attachment = true ; }
if ( preg_match ( '/\.jpeg$/i' , $original_file )) { $attachment = true ; }
if ( preg_match ( '/\.png$/i' , $original_file )) { $attachment = true ; }
if ( preg_match ( '/\.gif$/i' , $original_file )) { $attachment = true ; }
if ( preg_match ( '/\.bmp$/i' , $original_file )) { $attachment = true ; }
if ( preg_match ( '/\.tiff$/i' , $original_file )) { $attachment = true ; }
2009-05-20 13:09:56 +02:00
// Calendar
2009-10-24 08:10:00 +02:00
if ( preg_match ( '/\.vcs$/i' , $original_file )) { $attachment = true ; }
if ( preg_match ( '/\.ics$/i' , $original_file )) { $attachment = true ; }
2010-10-02 15:10:33 +02:00
if ( GETPOST ( " attachment " )) { $attachment = true ; }
2008-12-27 23:26:09 +01:00
if ( ! empty ( $conf -> global -> MAIN_DISABLE_FORCE_SAVEAS )) $attachment = false ;
2009-10-15 04:27:20 +02:00
//print "XX".$attachment;exit;
2008-12-27 23:26:09 +01:00
2008-01-21 00:18:18 +01:00
// Suppression de la chaine de caractere ../ dans $original_file
2009-07-16 02:43:59 +02:00
$original_file = str_replace ( " ../ " , " / " , $original_file );
2007-04-12 21:47:50 +02:00
// find the subdirectory name as the reference
2007-01-31 18:52:54 +01:00
$refname = basename ( dirname ( $original_file ) . " / " );
2005-08-25 12:20:13 +02:00
2010-11-07 13:33:32 +01:00
// Security check
2004-12-28 16:02:48 +01:00
$accessallowed = 0 ;
2007-01-31 18:52:54 +01:00
$sqlprotectagainstexternals = '' ;
2004-12-28 16:02:48 +01:00
if ( $modulepart )
{
2009-04-29 22:16:13 +02:00
// On fait une verification des droits et on definit le repertoire concerne
2010-02-28 19:59:35 +01:00
// Wrapping for third parties
2012-04-07 09:14:33 +02:00
if ( $modulepart == 'company' || $modulepart == 'societe' )
2010-02-28 19:59:35 +01:00
{
if ( $user -> rights -> societe -> lire || preg_match ( '/^specimen/i' , $original_file ))
{
$accessallowed = 1 ;
}
2012-04-07 10:18:09 +02:00
$original_file = $conf -> societe -> multidir_output [ $entity ] . '/' . $original_file ;
$sqlprotectagainstexternals = " SELECT rowid as fk_soc FROM " . MAIN_DB_PREFIX . " societe WHERE rowid=' " . $refname . " ' AND entity IN ( " . getEntity ( 'societe' , 1 ) . " ) " ;
2010-02-28 19:59:35 +01:00
}
// Wrapping for invoices
2012-02-06 14:34:58 +01:00
else if ( $modulepart == 'facture' || $modulepart == 'invoice' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> facture -> lire || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
}
$original_file = $conf -> facture -> dir_output . '/' . $original_file ;
2010-03-29 16:11:06 +02:00
$sqlprotectagainstexternals = " SELECT fk_soc as fk_soc FROM " . MAIN_DB_PREFIX . " facture WHERE ref=' " . $refname . " ' AND entity= " . $conf -> entity ;
2009-04-29 22:16:13 +02:00
}
2009-02-18 18:04:00 +01:00
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'unpaid' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> facture -> lire || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
}
2009-08-19 19:07:48 +02:00
$original_file = $conf -> facture -> dir_output . '/unpaid/temp/' . $original_file ;
2009-04-29 22:16:13 +02:00
}
// Wrapping pour les fiches intervention
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'ficheinter' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> ficheinter -> lire || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
}
$original_file = $conf -> ficheinter -> dir_output . '/' . $original_file ;
2010-03-29 16:11:06 +02:00
$sqlprotectagainstexternals = " SELECT fk_soc as fk_soc FROM " . MAIN_DB_PREFIX . " fichinter WHERE ref=' " . $refname . " ' AND entity= " . $conf -> entity ;
2009-04-29 22:16:13 +02:00
}
// Wrapping pour les prelevements
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'prelevement' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> prelevement -> bons -> lire || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
}
$original_file = $conf -> prelevement -> dir_output . '/' . $original_file ;
}
// Wrapping pour les propales
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'propal' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> propale -> lire || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
}
2012-03-22 08:33:44 +01:00
$original_file = $conf -> propal -> dir_output . '/' . $original_file ;
2010-03-29 16:11:06 +02:00
$sqlprotectagainstexternals = " SELECT fk_soc as fk_soc FROM " . MAIN_DB_PREFIX . " propal WHERE ref=' " . $refname . " ' AND entity= " . $conf -> entity ;
2009-04-29 22:16:13 +02:00
}
2010-01-13 18:06:20 +01:00
2009-04-29 22:16:13 +02:00
// Wrapping pour les commandes
2012-02-06 14:34:58 +01:00
else if ( $modulepart == 'commande' || $modulepart == 'order' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> commande -> lire || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
}
$original_file = $conf -> commande -> dir_output . '/' . $original_file ;
2010-03-29 16:11:06 +02:00
$sqlprotectagainstexternals = " SELECT fk_soc as fk_soc FROM " . MAIN_DB_PREFIX . " commande WHERE ref=' " . $refname . " ' AND entity= " . $conf -> entity ;
2009-04-29 22:16:13 +02:00
}
2010-01-13 18:06:20 +01:00
2010-01-12 19:02:23 +01:00
// Wrapping pour les projets
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'project' )
2010-01-12 19:02:23 +01:00
{
if ( $user -> rights -> projet -> lire || preg_match ( '/^specimen/i' , $original_file ))
{
$accessallowed = 1 ;
}
$original_file = $conf -> projet -> dir_output . '/' . $original_file ;
2010-03-29 16:11:06 +02:00
$sqlprotectagainstexternals = " SELECT fk_soc as fk_soc FROM " . MAIN_DB_PREFIX . " projet WHERE ref=' " . $refname . " ' AND entity= " . $conf -> entity ;
2010-01-12 19:02:23 +01:00
}
2009-04-29 22:16:13 +02:00
// Wrapping pour les commandes fournisseurs
2012-02-06 14:34:58 +01:00
else if ( $modulepart == 'commande_fournisseur' || $modulepart == 'order_supplier' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> fournisseur -> commande -> lire || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
}
2011-03-07 01:16:02 +01:00
$original_file = $conf -> fournisseur -> commande -> dir_output . '/' . $original_file ;
2010-03-29 16:11:06 +02:00
$sqlprotectagainstexternals = " SELECT fk_soc as fk_soc FROM " . MAIN_DB_PREFIX . " commande_fournisseur WHERE ref=' " . $refname . " ' AND entity= " . $conf -> entity ;
2009-04-29 22:16:13 +02:00
}
// Wrapping pour les factures fournisseurs
2011-04-17 21:27:19 +02:00
else if ( $modulepart == 'facture_fournisseur' || $modulepart == 'invoice_supplier' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> fournisseur -> facture -> lire || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
}
2011-03-07 01:16:02 +01:00
$original_file = $conf -> fournisseur -> facture -> dir_output . '/' . $original_file ;
2010-04-21 20:35:40 +02:00
$sqlprotectagainstexternals = " SELECT fk_soc as fk_soc FROM " . MAIN_DB_PREFIX . " facture_fourn WHERE facnumber=' " . $refname . " ' AND entity= " . $conf -> entity ;
2009-04-29 22:16:13 +02:00
}
// Wrapping pour les rapport de paiements
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'facture_paiement' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> facture -> lire || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
}
2009-06-29 20:33:05 +02:00
if ( $user -> societe_id > 0 ) $original_file = $conf -> facture -> dir_output . '/payments/private/' . $user -> id . '/' . $original_file ;
else $original_file = $conf -> facture -> dir_output . '/payments/' . $original_file ;
2009-04-29 22:16:13 +02:00
}
// Wrapping pour les exports de compta
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'export_compta' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> compta -> ventilation -> creer || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
}
$original_file = $conf -> compta -> dir_output . '/' . $original_file ;
}
// Wrapping pour les expedition
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'expedition' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> expedition -> lire || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
}
2009-07-04 21:28:52 +02:00
$original_file = $conf -> expedition -> dir_output . " /sending/ " . $original_file ;
2009-04-29 22:16:13 +02:00
}
// Wrapping pour les bons de livraison
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'livraison' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> expedition -> livraison -> lire || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
}
2009-07-04 21:28:52 +02:00
$original_file = $conf -> expedition -> dir_output . " /receipt/ " . $original_file ;
2009-04-29 22:16:13 +02:00
}
// Wrapping pour les actions
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'actions' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> agenda -> myactions -> read || preg_match ( '/^specimen/i' , $original_file ))
2009-05-10 08:00:28 +02:00
{
2009-04-29 22:16:13 +02:00
$accessallowed = 1 ;
2009-05-10 08:00:28 +02:00
}
$original_file = $conf -> agenda -> dir_output . '/' . $original_file ;
2009-04-29 22:16:13 +02:00
}
// Wrapping pour les actions
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'actionsreport' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> agenda -> allactions -> read || preg_match ( '/^specimen/i' , $original_file ))
2009-05-10 08:00:28 +02:00
{
$accessallowed = 1 ;
}
$original_file = $conf -> agenda -> dir_temp . " / " . $original_file ;
2009-04-29 22:16:13 +02:00
}
// Wrapping pour les produits et services
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'produit' || $modulepart == 'service' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if (( $user -> rights -> produit -> lire || $user -> rights -> service -> lire ) || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
2008-02-25 00:29:30 +01:00
$accessallowed = 1 ;
2009-04-29 22:16:13 +02:00
}
2012-04-07 10:18:09 +02:00
if ( $conf -> product -> enabled ) $original_file = $conf -> product -> multidir_output [ $entity ] . '/' . $original_file ;
elseif ( $conf -> service -> enabled ) $original_file = $conf -> service -> multidir_output [ $entity ] . '/' . $original_file ;
2009-04-29 22:16:13 +02:00
}
// Wrapping pour les contrats
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'contract' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> contrat -> lire || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
2008-02-25 00:29:30 +01:00
$accessallowed = 1 ;
2009-04-29 22:16:13 +02:00
}
$original_file = $conf -> contrat -> dir_output . '/' . $original_file ;
}
// Wrapping pour les documents generaux
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'ged' )
2009-04-29 22:16:13 +02:00
{
if ( $user -> rights -> document -> lire )
{
$accessallowed = 1 ;
}
2009-05-01 13:49:48 +02:00
$original_file = $conf -> ged -> dir_output . '/' . $original_file ;
2009-04-29 22:16:13 +02:00
}
// Wrapping pour les dons
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'donation' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> don -> lire || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
}
$original_file = $conf -> don -> dir_output . '/' . $original_file ;
}
// Wrapping pour les remises de cheques
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'remisecheque' )
2009-04-29 22:16:13 +02:00
{
2009-10-24 08:10:00 +02:00
if ( $user -> rights -> banque -> lire || preg_match ( '/^specimen/i' , $original_file ))
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
}
2009-07-15 21:44:27 +02:00
$original_file = $conf -> banque -> dir_output . '/bordereau/' . get_exdir ( basename ( $original_file , " .pdf " ), 2 , 1 ) . $original_file ;
2009-04-29 22:16:13 +02:00
}
2009-05-20 13:09:56 +02:00
// Wrapping for export module
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'export' )
2009-04-29 22:16:13 +02:00
{
2010-04-21 20:35:40 +02:00
// Aucun test necessaire car on force le rep de download sur
2009-04-29 22:16:13 +02:00
// le rep export qui est propre a l'utilisateur
$accessallowed = 1 ;
$original_file = $conf -> export -> dir_temp . '/' . $user -> id . '/' . $original_file ;
}
2009-05-20 13:09:56 +02:00
// Wrapping for import module
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'import' )
2009-05-20 13:09:56 +02:00
{
2010-04-21 20:35:40 +02:00
// Aucun test necessaire car on force le rep de download sur
2009-05-20 13:09:56 +02:00
// le rep export qui est propre a l'utilisateur
$accessallowed = 1 ;
$original_file = $conf -> import -> dir_temp . '/' . $original_file ;
}
2009-04-29 22:16:13 +02:00
// Wrapping pour l'editeur wysiwyg
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'editor' )
2009-04-29 22:16:13 +02:00
{
// Aucun test necessaire car on force le rep de download sur
// le rep export qui est propre a l'utilisateur
$accessallowed = 1 ;
$original_file = $conf -> fckeditor -> dir_output . '/' . $original_file ;
}
// Wrapping pour les backups
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'systemtools' )
2009-04-29 22:16:13 +02:00
{
if ( $user -> admin )
{
$accessallowed = 1 ;
}
2009-11-25 20:08:09 +01:00
$original_file = $conf -> admin -> dir_output . '/' . $original_file ;
2009-04-29 22:16:13 +02:00
}
// Wrapping pour BitTorrent
2010-03-29 16:11:06 +02:00
else if ( $modulepart == 'bittorrent' )
2009-04-29 22:16:13 +02:00
{
$accessallowed = 1 ;
$dir = 'files' ;
if ( $type == 'application/x-bittorrent' ) $dir = 'torrents' ;
$original_file = $conf -> bittorrent -> dir_output . '/' . $dir . '/' . $original_file ;
}
2010-04-21 20:35:40 +02:00
2010-10-30 01:16:58 +02:00
// Wrapping pour Foundation module
else if ( $modulepart == 'member' )
{
if ( $user -> rights -> adherent -> lire || preg_match ( '/^specimen/i' , $original_file ))
{
$accessallowed = 1 ;
}
$original_file = $conf -> adherent -> dir_output . '/' . $original_file ;
}
2010-11-13 22:27:38 +01:00
// Wrapping for Scanner
else if ( $modulepart == 'scanner_user_temp' )
2010-11-11 17:32:17 +01:00
{
$accessallowed = 1 ;
2010-11-13 22:27:38 +01:00
$original_file = $conf -> scanner -> dir_temp . '/' . $user -> id . '/' . $original_file ;
2010-11-11 17:32:17 +01:00
}
2010-03-29 16:11:06 +02:00
// Generic wrapping
else
{
2010-04-21 20:35:40 +02:00
// Define $accessallowed
2011-11-01 18:32:48 +01:00
if (( $user -> rights -> $modulepart -> lire ) || ( $user -> rights -> $modulepart -> read ) || ( $user -> rights -> $modulepart -> download )) $accessallowed = 1 ; // No subpermission, we have checked on main permission
elseif ( preg_match ( '/^specimen/i' , $original_file )) $accessallowed = 1 ; // If link to a specimen
elseif ( $user -> admin ) $accessallowed = 1 ; // If user is admin
// For modules who wants to manage different levels of permissions for documents
$subPermCategoryConstName = strtoupper ( $modulepart ) . '_SUBPERMCATEGORY_FOR_DOCUMENTS' ;
if ( ! empty ( $conf -> global -> $subPermCategoryConstName ))
2010-04-21 20:35:40 +02:00
{
2011-11-01 18:32:48 +01:00
$subPermCategory = $conf -> global -> $subPermCategoryConstName ;
if ( ! empty ( $subPermCategory ) && (( $user -> rights -> $modulepart -> $subPermCategory -> lire ) || ( $user -> rights -> $modulepart -> $subPermCategory -> read ) || ( $user -> rights -> $modulepart -> $subPermCategory -> download )))
{
$accessallowed = 1 ;
}
2010-04-21 20:35:40 +02:00
}
2011-11-01 18:32:48 +01:00
2010-04-21 20:35:40 +02:00
// Define $original_file
$original_file = $conf -> $modulepart -> dir_output . '/' . $original_file ;
2011-11-01 18:32:48 +01:00
// Define $sqlprotectagainstexternals for modules who want to protect access using a SQL query.
2010-04-21 20:35:40 +02:00
$sqlProtectConstName = strtoupper ( $modulepart ) . '_SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS' ;
if ( ! empty ( $conf -> global -> $sqlProtectConstName )) // If module want to define its own $sqlprotectagainstexternals
{
// Example: mymodule__SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS = "SELECT fk_soc FROM ".MAIN_DB_PREFIX.$modulepart." WHERE ref='".$refname."' AND entity=".$conf->entity;
eval ( '$sqlprotectagainstexternals = "' . $conf -> global -> $sqlProtectConstName . '";' );
2010-03-29 16:11:06 +02:00
}
2010-04-21 20:35:40 +02:00
}
2004-12-28 16:02:48 +01:00
}
2004-07-12 11:46:13 +02:00
2012-04-18 01:01:46 +02:00
2007-01-31 18:52:54 +01:00
// Basic protection (against external users only)
2007-11-19 19:34:53 +01:00
if ( $user -> societe_id > 0 )
2007-01-31 18:52:54 +01:00
{
if ( $sqlprotectagainstexternals )
{
$resql = $db -> query ( $sqlprotectagainstexternals );
if ( $resql )
{
2009-04-29 22:16:13 +02:00
$num = $db -> num_rows ( $resql );
2010-04-21 20:35:40 +02:00
$i = 0 ;
while ( $i < $num )
{
$obj = $db -> fetch_object ( $resql );
if ( $user -> societe_id != $obj -> fk_soc )
{
$accessallowed = 0 ;
break ;
}
$i ++ ;
}
2007-01-31 18:52:54 +01:00
}
}
}
2007-04-12 21:47:50 +02:00
// Security:
2008-01-21 00:18:18 +01:00
// Limite acces si droits non corrects
2005-02-08 13:03:12 +01:00
if ( ! $accessallowed )
{
2009-04-29 22:16:13 +02:00
accessforbidden ();
2005-02-08 13:03:12 +01:00
}
2004-12-28 16:02:48 +01:00
2007-04-12 21:47:50 +02:00
// Security:
2009-02-18 18:04:00 +01:00
// On interdit les remontees de repertoire ainsi que les pipe dans
2007-04-12 21:47:50 +02:00
// les noms de fichiers.
2009-10-24 08:10:00 +02:00
if ( preg_match ( '/\.\./' , $original_file ) || preg_match ( '/[<>|]/' , $original_file ))
2007-04-12 21:47:50 +02:00
{
2009-02-20 23:53:15 +01:00
dol_syslog ( " Refused to deliver file " . $original_file );
2011-04-27 19:10:29 +02:00
$file = basename ( $original_file ); // Do no show plain path of original_file in shown error message
dol_print_error ( 0 , $langs -> trans ( " ErrorFileNameInvalid " , $file ));
2007-04-12 21:47:50 +02:00
exit ;
}
2012-05-30 04:11:00 +02:00
// TODO Remove this. Some part of code still use it.
2009-10-04 19:18:09 +02:00
if ( $action == 'remove_file' ) // Remove a file
2006-06-10 20:43:11 +02:00
{
2009-02-18 18:04:00 +01:00
clearstatcache ();
2009-10-04 19:18:09 +02:00
dol_syslog ( " document.php remove $original_file $urlsource " , LOG_DEBUG );
2006-06-10 20:43:11 +02:00
2009-10-04 19:18:09 +02:00
// This test should be useless. We keep it to find bug more easily
2009-12-15 11:52:06 +01:00
$original_file_osencoded = dol_osencode ( $original_file ); // New file name encoded in OS encoding charset
if ( ! file_exists ( $original_file_osencoded ))
2006-06-10 20:43:11 +02:00
{
2011-04-27 19:10:29 +02:00
$file = basename ( $original_file ); // Do no show plain path of original_file in shown error message
dol_print_error ( 0 , $langs -> trans ( " ErrorFileDoesNotExists " , $file ));
2009-04-29 22:16:13 +02:00
exit ;
2006-06-10 20:43:11 +02:00
}
2009-10-04 19:18:09 +02:00
2012-07-30 18:43:49 +02:00
$ret = dol_delete_file ( $original_file );
if ( $ret ) setEventMessage ( $langs -> trans ( " FileWasRemoved " , GETPOST ( 'urlfile' )));
2012-07-29 15:47:24 +02:00
else setEventMessage ( $langs -> trans ( " ErrorFailToDeleteFile " , GETPOST ( 'urlfile' )), 'errors' );
2006-04-27 23:25:56 +02:00
2009-02-20 23:53:15 +01:00
dol_syslog ( " document.php back to " . urldecode ( $urlsource ), LOG_DEBUG );
2007-01-31 18:52:54 +01:00
header ( " Location: " . urldecode ( $urlsource ));
2006-06-10 20:43:11 +02:00
return ;
}
2009-10-04 19:18:09 +02:00
else // Open and return file
2012-05-30 04:11:00 +02:00
{
2009-02-18 18:04:00 +01:00
clearstatcache ();
2009-10-04 19:18:09 +02:00
2006-06-10 20:43:11 +02:00
$filename = basename ( $original_file );
2009-02-18 18:04:00 +01:00
2009-10-04 19:18:09 +02:00
// Output file on browser
2009-02-20 23:53:15 +01:00
dol_syslog ( " document.php download $original_file $filename content-type= $type " );
2009-12-15 11:52:06 +01:00
$original_file_osencoded = dol_osencode ( $original_file ); // New file name encoded in OS encoding charset
2009-02-18 18:04:00 +01:00
2009-10-04 19:18:09 +02:00
// This test if file exists should be useless. We keep it to find bug more easily
2009-12-15 11:52:06 +01:00
if ( ! file_exists ( $original_file_osencoded ))
2006-06-10 20:43:11 +02:00
{
2009-04-29 22:16:13 +02:00
dol_print_error ( 0 , $langs -> trans ( " ErrorFileDoesNotExists " , $original_file ));
exit ;
2006-06-10 20:43:11 +02:00
}
2009-02-18 18:04:00 +01:00
2008-01-21 00:18:18 +01:00
// Les drois sont ok et fichier trouve, on l'envoie
2009-02-18 18:04:00 +01:00
2011-12-31 02:50:37 +01:00
header ( 'Content-Description: File Transfer' );
2008-01-21 00:18:18 +01:00
if ( $encoding ) header ( 'Content-Encoding: ' . $encoding );
2010-12-18 04:36:35 +01:00
if ( $type ) header ( 'Content-Type: ' . $type . ( preg_match ( '/text/' , $type ) ? '; charset="' . $conf -> file -> character_set_client : '' ));
2006-06-10 20:43:11 +02:00
if ( $attachment ) header ( 'Content-Disposition: attachment; filename="' . $filename . '"' );
2009-02-18 18:04:00 +01:00
else header ( 'Content-Disposition: inline; filename="' . $filename . '"' );
2011-12-31 02:50:37 +01:00
header ( 'Content-Length: ' . dol_filesize ( $original_file ));
2008-01-21 00:18:18 +01:00
// Ajout directives pour resoudre bug IE
2006-06-10 20:43:11 +02:00
header ( 'Cache-Control: Public, must-revalidate' );
header ( 'Pragma: public' );
2009-02-18 18:04:00 +01:00
2011-12-31 02:50:37 +01:00
//ob_clean();
//flush();
2009-12-15 11:52:06 +01:00
readfile ( $original_file_osencoded );
2012-05-30 04:11:00 +02:00
}
2004-12-28 16:02:48 +01:00
2004-07-12 11:46:13 +02:00
?>
