Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX CSS and access to media files

Browse Source
This commit is contained in:
Laurent Destailleur 2024-10-16 12:51:42 +02:00
parent 47581442b1
commit 495a31c8fe
6 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/core/lib/files.lib.php
View File

@ -2799,11 +2799,15 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
$accessallowed = 1;
$original_file = DOL_DOCUMENT_ROOT.'/public/theme/common/'.$original_file;
} elseif ($modulepart == 'medias' && !empty($dolibarr_main_data_root)) {
if (empty($entity) || empty($conf->medias->multidir_output[$entity])) {
/* the medias directory is by default a public directory accessible online for everybody, so test on permission per entity has no sense
if (isModEnabled('multicompany') && (empty($entity) || empty($conf->medias->multidir_output[$entity]))) {
return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
} */
if (empty($entity)) {
$entity = 1;
}
$accessallowed = 1;
$original_file = $conf->medias->multidir_output[$entity].'/'.$original_file;
$original_file = (empty($conf->medias->multidir_output[$entity]) ? $conf->medias->dir_output : $conf->medias->multidir_output[$entity]).'/'.$original_file;
} elseif ($modulepart == 'logs' && !empty($dolibarr_main_data_root)) {
// Wrapping for *.log files, like when used with url http://.../document.php?modulepart=logs&file=dolibarr.log
$accessallowed = ($user->admin && basename($original_file) == $original_file && preg_match('/^dolibarr.*\.(log|json)$/', basename($original_file)));

2
htdocs/document.php
View File

@ -220,7 +220,7 @@ $check_access = dol_check_secure_access_document($modulepart, $original_file, $e
$accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
$fullpath_original_file = $check_access['original_file']; // $fullpath_original_file is now a full path name
//var_dump($fullpath_original_file.' '.$original_file.' '.$accessallowed);exit;
//var_dump($modulepart.' '.$fullpath_original_file.' '.$original_file.' '.$accessallowed);exit;
if (!empty($hashp)) {
$accessallowed = 1; // When using hashp, link is public so we force $accessallowed

3
htdocs/main.inc.php
View File

@ -1909,6 +1909,9 @@ function top_htmlhead($head, $title = '', $disablejs = 0, $disablehead = 0, $arr
if (GETPOSTISSET('dol_hide_leftmenu')) {
$themeparam .= '&dol_hide_leftmenu='.GETPOSTINT('dol_hide_leftmenu');
}
if (GETPOSTISSET('dol_openinpopup')) {
$themeparam .= '&dol_openinpopup='.GETPOST('dol_openinpopup', 'aZ09');
}
if (GETPOSTISSET('dol_optimize_smallscreen')) {
$themeparam .= '&dol_optimize_smallscreen='.GETPOSTINT('dol_optimize_smallscreen');
}

8
htdocs/theme/eldy/global.inc.php
View File

@ -2435,12 +2435,12 @@ div.vmenu, td.vmenu {
div.fiche {
margin-<?php print $left; ?>: <?php print(GETPOST('optioncss', 'aZ09') == 'print' ? 6 : (empty($conf->dol_optimize_smallscreen) ? '42' : '6')); ?>px;
margin-<?php print $right; ?>: <?php print(GETPOST('optioncss', 'aZ09') == 'print' ? 6 : (empty($conf->dol_optimize_smallscreen) ? '38' : '6')); ?>px;
<?php if (!empty($dol_hide_leftmenu)) {
print 'margin-bottom: 12px;'."\n";
} ?>
<?php if (!empty($dol_hide_leftmenu)) {
<?php if (!empty($dol_hide_topmenu) || GETPOST('dol_openinpopup', 'aZ09')) {
print 'margin-top: 12px;'."\n";
} ?>
<?php if (!empty($dol_hide_topmenu) || GETPOST('dol_openinpopup', 'aZ09')) {
print 'margin-bottom: 12px;'."\n";
} ?>
}
body.onlinepaymentbody div.fiche { /* For online payment page */
margin: 20px !important;

2
htdocs/theme/md/style.css.php
View File

@ -2552,7 +2552,7 @@ div.fiche {
div.fiche {
margin-<?php print $left; ?>: <?php print(GETPOST('optioncss', 'aZ09') == 'print' ? 6 : (empty($conf->dol_optimize_smallscreen) ? '35' : '6')); ?>px;
margin-<?php print $right; ?>: <?php print(GETPOST('optioncss', 'aZ09') == 'print' ? 6 : (empty($conf->dol_optimize_smallscreen) ? '33' : '6')); ?>px;
<?php if (!empty($dol_hide_leftmenu) && !empty($dol_hide_topmenu)) {
<?php if (!empty($dol_hide_topmenu) || GETPOST('dol_openinpopup', 'aZ09')) {
print 'margin-top: 12px;';
} ?>
margin-bottom: 15px;

2
htdocs/user/virtualcard.php
View File

@ -109,11 +109,13 @@ $title = $langs->trans("User");
//print dol_get_fiche_head($head, 'info', $title, -1, 'user');
/*
$linkback = '';
if ($user->hasRight('user', 'user', 'lire') || $user->admin) {
$linkback = '<a href="'.DOL_URL_ROOT.'/user/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
}
*/
$morehtmlref = '<a href="'.DOL_URL_ROOT.'/user/vcard.php?id='.$object->id.'&output=file&file='.urlencode(dol_sanitizeFileName($object->getFullName($langs).'.vcf')).'" class="refid" rel="noopener">';
$morehtmlref .= img_picto($langs->trans("Download").' '.$langs->trans("VCard"), 'vcard.png', 'class="valignmiddle marginleftonly paddingrightonly"');