Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix aperçu/dl fichier quand il est dans {userid}/temp (#27211)

Browse Source
This commit is contained in:
Saami PERDRIX 2024-02-22 00:10:04 +01:00 committed by GitHub
parent 6defdcd018
commit 52646ee9f5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/files.lib.php
View File

@ -2295,7 +2295,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
// Find the subdirectory name as the reference. For example original_file='10/myfile.pdf' -> refname='10'
if (empty($refname)) {
$refname = basename(dirname($original_file)."/");
if ($refname == 'thumbs') {
if ($refname == 'thumbs' || $refname == 'temp') {
// If we get the thumbns directory, we must go one step higher. For example original_file='10/thumbs/myfile_small.jpg' -> refname='10'
$refname = basename(dirname(dirname($original_file))."/");
}

9
htdocs/document.php
View File

@ -207,7 +207,7 @@ $original_file = str_replace('..\\', '/', $original_file);
// Find the subdirectory name as the reference
$refname = basename(dirname($original_file)."/");
//$refname = basename(dirname($original_file)."/");
// Security check
if (empty($modulepart)) {
@ -215,11 +215,10 @@ if (empty($modulepart)) {
}
// Check security and set return info with full path of file
$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $user, $refname);
$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $user, '');
$accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
$fullpath_original_file = $check_access['original_file']; // $fullpath_original_file is now a full path name
//var_dump($fullpath_original_file);exit;
if (!empty($hashp)) {
$accessallowed = 1; // When using hashp, link is public so we force $accessallowed
@ -283,7 +282,7 @@ if (!is_object($hookmanager)) {
}
$hookmanager->initHooks(array('document'));
$parameters = array('ecmfile' => $ecmfile, 'modulepart' => $modulepart, 'original_file' => $original_file,
'entity' => $entity, 'refname' => $refname, 'fullpath_original_file' => $fullpath_original_file,
'entity' => $entity, 'refname' => '', 'fullpath_original_file' => $fullpath_original_file,
'filename' => $filename, 'fullpath_original_file_osencoded' => $fullpath_original_file_osencoded);
$reshook = $hookmanager->executeHooks('downloadDocument', $parameters); // Note that $action and $object may have been
if ($reshook < 0) {
@ -293,6 +292,7 @@ if ($reshook < 0) {
exit;
}
// Permissions are ok and file found, so we return it
top_httphead($type);
header('Content-Description: File Transfer');
@ -300,6 +300,7 @@ if ($encoding) {
header('Content-Encoding: '.$encoding);
}
// Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, attachment=need user action to open)
if ($attachment) {
header('Content-Disposition: attachment; filename="'.$filename.'"');
} else {