Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Debug v19

Browse Source
This commit is contained in:
Laurent Destailleur 2023-10-26 12:22:54 +02:00
parent d3c9549154
commit 40ea006536
4 changed files with 26 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
htdocs/api/class/api_access.class.php
View File

@ -30,6 +30,7 @@ require_once DOL_DOCUMENT_ROOT.'/includes/restler/framework/Luracast/Restler/iUs
require_once DOL_DOCUMENT_ROOT.'/includes/restler/framework/Luracast/Restler/Resources.php';
require_once DOL_DOCUMENT_ROOT.'/includes/restler/framework/Luracast/Restler/Defaults.php';
require_once DOL_DOCUMENT_ROOT.'/includes/restler/framework/Luracast/Restler/RestException.php';
use Luracast\Restler\iAuthenticate;
use Luracast\Restler\iUseAuthentication;
use Luracast\Restler\Resources;

35
htdocs/api/class/api_documents.class.php
View File

@ -22,7 +22,7 @@ use Luracast\Restler\RestException;
use Luracast\Restler\Format\UploadFormat;
require_once DOL_DOCUMENT_ROOT.'/main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/api/class/api.php';
require_once DOL_DOCUMENT_ROOT.'/api/class/api.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
/**
@ -658,10 +658,6 @@ class Documents extends DolibarrApi
throw new RestException(400, 'Modulepart not provided.');
}
if (!DolibarrApiAccess::$user->rights->ecm->upload) {
throw new RestException(401);
}
$newfilecontent = '';
if (empty($fileencoding)) {
$newfilecontent = $filecontent;
@ -783,10 +779,17 @@ class Documents extends DolibarrApi
$tmpreldir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier');
}
$relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);
$tmp = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, $ref, 'write');
$upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
// Test on permissions
if ($modulepart != 'ecm') {
$relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);
$tmp = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, $ref, 'write');
$upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
} else {
if (!DolibarrApiAccess::$user->hasRight('ecm', 'upload')) {
throw new RestException(401, 'Missing permission to upload files in ECM module');
}
$upload_dir = $conf->medias->multidir_output[$conf->entity];
}
if (empty($upload_dir) || $upload_dir == '/') {
throw new RestException(500, 'This value of modulepart ('.$modulepart.') does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');
@ -799,9 +802,17 @@ class Documents extends DolibarrApi
$modulepart = 'adherent';
}
$relativefile = $subdir;
$tmp = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, '', 'write');
$upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
// Test on permissions
if ($modulepart != 'ecm') {
$relativefile = $subdir;
$tmp = dol_check_secure_access_document($modulepart, $relativefile, $entity, DolibarrApiAccess::$user, '', 'write');
$upload_dir = $tmp['original_file']; // No dirname here, tmp['original_file'] is already the dir because dol_check_secure_access_document was called with param original_file that is only the dir
} else {
if (!DolibarrApiAccess::$user->hasRight('ecm', 'upload')) {
throw new RestException(401, 'Missing permission to upload files in ECM module');
}
$upload_dir = $conf->medias->multidir_output[$conf->entity];
}
if (empty($upload_dir) || $upload_dir == '/') {
if (!empty($tmp['error'])) {

2
htdocs/api/class/api_setup.class.php
View File

@ -24,7 +24,7 @@
use Luracast\Restler\RestException;
require_once DOL_DOCUMENT_ROOT.'/main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/api/class/api.php';
require_once DOL_DOCUMENT_ROOT.'/api/class/api.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/cstate.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/cregion.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/ccountry.class.php';

2
htdocs/api/class/api_status.class.php
View File

@ -15,7 +15,7 @@
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
require_once DOL_DOCUMENT_ROOT.'/api/class/api.php';
require_once DOL_DOCUMENT_ROOT.'/api/class/api.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php';