diff --git a/htdocs/document.php b/htdocs/document.php index e348f10b6bd..a9428f8b585 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -105,7 +105,19 @@ if ($modulepart) { // On fait une verification des droits et on definit le repertoire concerne - // Wrapping pour les factures + // Wrapping for third parties + if ($modulepart == 'company') + { + $user->getrights('companies'); + if ($user->rights->societe->lire || preg_match('/^specimen/i',$original_file)) + { + $accessallowed=1; + } + $original_file=$conf->societe->dir_output.'/'.$original_file; + $sqlprotectagainstexternals = "SELECT rowid as fk_soc FROM ".MAIN_DB_PREFIX."societe WHERE rowid='$refname'"; + } + + // Wrapping for invoices if ($modulepart == 'facture') { $user->getrights('facture'); diff --git a/htdocs/html.formfile.class.php b/htdocs/html.formfile.class.php index c1019f2d9c0..d944df08af3 100644 --- a/htdocs/html.formfile.class.php +++ b/htdocs/html.formfile.class.php @@ -123,7 +123,7 @@ class FormFile /** * \brief Show the box with list of available documents for object * \param modulepart propal=propal, facture=facture, ... - * \param filename Sub dir to scan (use '' if filedir already complete) + * \param filename Sub dir to scan (Example: '9/9', 'FA9999'). Use '' if filedir already complete) * \param filedir Dir to scan * \param urlsource Url of origin page (for return) * \param genallowed Generation is allowed (1/0 or array of formats) diff --git a/htdocs/soc.php b/htdocs/soc.php index a8288d63bbe..944532d71b6 100644 --- a/htdocs/soc.php +++ b/htdocs/soc.php @@ -1403,7 +1403,7 @@ else $var=true; - $somethingshown=$formfile->show_documents('company','',$filedir,$urlsource,$genallowed,$delallowed,'','',0,0,28,0,'',0,'',$soc->default_lang); + $somethingshown=$formfile->show_documents('company',$soc->id,$filedir,$urlsource,$genallowed,$delallowed,'','',0,0,28,0,'',0,'',$soc->default_lang); print ''; print '';