dolibarr  7.0.0-beta
actions_linkedfiles.inc.php
1 <?php
2 /* Copyright (C) 2013 Cédric Salvador <csalvador@gpcsolutions.fr>
3  * Copyright (C) 2015 Marcos García <marcosgdf@gmail.com>
4  * Copyright (C) 2015 Ferran Marcet <fmarcet@2byte.es>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  * or see http://www.gnu.org/
19  */
20 
21 // Variable $upload_dir must be defined when entering here.
22 // Variable $upload_dirold may also exists.
23 // Variable $confirm must be defined.
24 
25 //var_dump($upload_dir);
26 //var_dump($upload_dirold);
27 
28 
29 // Submit file/link
30 if (GETPOST('sendit','none') && ! empty($conf->global->MAIN_UPLOAD_DOC))
31 {
32  if (! empty($_FILES))
33  {
34  if (is_array($_FILES['userfile']['tmp_name'])) $userfiles=$_FILES['userfile']['tmp_name'];
35  else $userfiles=array($_FILES['userfile']['tmp_name']);
36 
37  foreach($userfiles as $key => $userfile)
38  {
39  if (empty($_FILES['userfile']['tmp_name'][$key]))
40  {
41  $error++;
42  if ($_FILES['userfile']['error'][$key] == 1 || $_FILES['userfile']['error'][$key] == 2){
43  setEventMessages($langs->trans('ErrorFileSizeTooLarge'), null, 'errors');
44  }
45  else {
46  setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("File")), null, 'errors');
47  }
48  }
49  }
50 
51  if (! $error)
52  {
53  if (! empty($upload_dirold) && ! empty($conf->global->PRODUCT_USE_OLD_PATH_FOR_PHOTO))
54  {
55  $result = dol_add_file_process($upload_dirold, 0, 1, 'userfile', GETPOST('savingdocmask', 'alpha'));
56  }
57  elseif (! empty($upload_dir))
58  {
59  $result = dol_add_file_process($upload_dir, 0, 1, 'userfile', GETPOST('savingdocmask', 'alpha'));
60  }
61  }
62  }
63 }
64 elseif (GETPOST('linkit','none') && ! empty($conf->global->MAIN_UPLOAD_DOC))
65 {
66  $link = GETPOST('link', 'alpha');
67  if ($link)
68  {
69  if (substr($link, 0, 7) != 'http://' && substr($link, 0, 8) != 'https://' && substr($link, 0, 7) != 'file://') {
70  $link = 'http://' . $link;
71  }
72  dol_add_file_process($upload_dir, 0, 1, 'userfile', null, $link);
73  }
74 }
75 
76 
77 // Delete file/link
78 if ($action == 'confirm_deletefile' && $confirm == 'yes')
79 {
80  $urlfile = GETPOST('urlfile', 'alpha', 0, null, null, 1); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
81  if (GETPOST('section', 'alpha')) $file = $upload_dir . "/" . $urlfile; // For a delete of GED module urlfile contains full path from upload_dir
82  else // For documents pages, upload_dir contains already path to file from module dir, so we clean path into urlfile.
83  {
84  $urlfile=basename($urlfile);
85  $file = $upload_dir . "/" . $urlfile;
86  if (! empty($upload_dirold)) $fileold = $upload_dirold . "/" . $urlfile;
87  }
88  $linkid = GETPOST('linkid', 'int'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
89 
90  if ($urlfile)
91  {
92  $dir = dirname($file).'/'; // Chemin du dossier contenant l'image d'origine
93  $dirthumb = $dir.'/thumbs/'; // Chemin du dossier contenant la vignette
94 
95  $ret = dol_delete_file($file, 0, 0, 0, (is_object($object)?$object:null));
96  if (! empty($fileold)) dol_delete_file($fileold, 0, 0, 0, (is_object($object)?$object:null)); // Delete file using old path
97 
98  // Si elle existe, on efface la vignette
99  if (preg_match('/(\.jpg|\.jpeg|\.bmp|\.gif|\.png|\.tiff)$/i',$file,$regs))
100  {
101  $photo_vignette=basename(preg_replace('/'.$regs[0].'/i','',$file).'_small'.$regs[0]);
102  if (file_exists(dol_osencode($dirthumb.$photo_vignette)))
103  {
104  dol_delete_file($dirthumb.$photo_vignette);
105  }
106 
107  $photo_vignette=basename(preg_replace('/'.$regs[0].'/i','',$file).'_mini'.$regs[0]);
108  if (file_exists(dol_osencode($dirthumb.$photo_vignette)))
109  {
110  dol_delete_file($dirthumb.$photo_vignette);
111  }
112  }
113 
114  if ($ret) setEventMessages($langs->trans("FileWasRemoved", $urlfile), null, 'mesgs');
115  else setEventMessages($langs->trans("ErrorFailToDeleteFile", $urlfile), null, 'errors');
116  }
117  elseif ($linkid)
118  {
119  require_once DOL_DOCUMENT_ROOT . '/core/class/link.class.php';
120  $link = new Link($db);
121  $link->id = $linkid;
122  $link->fetch();
123  $res = $link->delete($user);
124 
125  $langs->load('link');
126  if ($res > 0) {
127  setEventMessages($langs->trans("LinkRemoved", $link->label), null, 'mesgs');
128  } else {
129  if (count($link->errors)) {
130  setEventMessages('', $link->errors, 'errors');
131  } else {
132  setEventMessages($langs->trans("ErrorFailedToDeleteLink", $link->label), null, 'errors');
133  }
134  }
135  }
136 
137  if (is_object($object) && $object->id > 0)
138  {
139  if ($backtopage)
140  {
141  header('Location: ' . $backtopage);
142  exit;
143  }
144  else
145  {
146  header('Location: ' . $_SERVER["PHP_SELF"] . '?id=' . $object->id.(!empty($withproject)?'&withproject=1':''));
147  exit;
148  }
149  }
150 }
151 elseif ($action == 'confirm_updateline' && GETPOST('save','alpha') && GETPOST('link', 'alpha'))
152 {
153  require_once DOL_DOCUMENT_ROOT . '/core/class/link.class.php';
154  $langs->load('link');
155  $link = new Link($db);
156  $link->id = GETPOST('linkid', 'int');
157  $f = $link->fetch();
158  if ($f)
159  {
160  $link->url = GETPOST('link', 'alpha');
161  if (substr($link->url, 0, 7) != 'http://' && substr($link->url, 0, 8) != 'https://' && substr($link->url, 0, 7) != 'file://')
162  {
163  $link->url = 'http://' . $link->url;
164  }
165  $link->label = GETPOST('label', 'alpha');
166  $res = $link->update($user);
167  if (!$res)
168  {
169  setEventMessages($langs->trans("ErrorFailedToUpdateLink", $link->label), null, 'mesgs');
170  }
171  }
172  else
173  {
174  //error fetching
175  }
176 }
177 elseif ($action == 'renamefile' && GETPOST('renamefilesave','alpha'))
178 {
179  // For documents pages, upload_dir contains already path to file from module dir, so we clean path into urlfile.
180  if (! empty($upload_dir))
181  {
182  $filenamefrom=dol_sanitizeFileName(GETPOST('renamefilefrom','alpha'), '_', 0); // Do not remove accents
183  $filenameto=dol_sanitizeFileName(GETPOST('renamefileto','alpha'), '_', 0); // Do not remove accents
184 
185  // Security:
186  // Disallow file with some extensions. We rename them.
187  // Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code.
188  if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$filenameto) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED))
189  {
190  $filenameto.= '.noexe';
191  }
192 
193  if ($filenamefrom && $filenameto)
194  {
195  $srcpath = $upload_dir.'/'.$filenamefrom;
196  $destpath = $upload_dir.'/'.$filenameto;
197 
198  $result = dol_move($srcpath, $destpath);
199  if ($result)
200  {
201  if ($object->id)
202  {
203  $object->addThumbs($destpath);
204  }
205 
206  // TODO Add revert function of addThumbs to remove for old name
207  //$object->delThumbs($srcpath);
208 
209  setEventMessages($langs->trans("FileRenamed"), null);
210  }
211  else
212  {
213  $langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now.
214  setEventMessages($langs->trans("ErrorFailToRenameFile", $filenamefrom, $filenameto), null, 'errors');
215  }
216  }
217  }
218 }
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
setEventMessages($mesg, $mesgs, $style='mesgs')
Set event messages in dol_events session object.
dol_sanitizeFileName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a file name.
GETPOST($paramname, $check='none', $method=0, $filter=NULL, $options=NULL, $noreplace=0)
Return value of a param into GET or POST supervariable.
dol_move($srcfile, $destfile, $newmask=0, $overwriteifexists=1, $testvirus=0, $indexdatabase=1)
Move a file into another name.
Definition: files.lib.php:780
dol_add_file_process($upload_dir, $allowoverwrite=0, $donotupdatesession=0, $varfiles='addedfile', $savingdocmask='', $link=null, $trackid='', $generatethumbs=1)
Get and save an upload file (for example after submitting a new file a mail form).
Definition: files.lib.php:1478
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null)
Remove a file or several files with a mask.
Definition: files.lib.php:1103