dolibarr  7.0.0-beta
security_file.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2004-2017 Laurent Destailleur <eldy@users.sourceforge.net>
3  * Copyright (C) 2005-2017 Regis Houssin <regis.houssin@capnetworks.com>
4  * Copyright (C) 2013 Juanjo Menent <jmenent@2byte.es>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  */
19 
26 require '../main.inc.php';
27 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
28 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
29 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
30 
31 $langs->load("users");
32 $langs->load("admin");
33 $langs->load("other");
34 
35 if (! $user->admin)
37 
38 $action=GETPOST('action','alpha');
39 
40 $upload_dir=$conf->admin->dir_temp;
41 
42 
43 /*
44  * Actions
45  */
46 
47 if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
48 {
49  require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
50 
51  dol_add_file_process($upload_dir, 0, 0, 'userfile');
52 }
53 
54 if (preg_match('/set_(.*)/',$action,$reg))
55 {
56  $code=$reg[1];
57  $value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1);
58  if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
59  {
60  Header("Location: ".$_SERVER["PHP_SELF"]);
61  exit;
62  }
63  else
64  {
65  dol_print_error($db);
66  }
67 }
68 
69 else if (preg_match('/del_(.*)/',$action,$reg))
70 {
71  $code=$reg[1];
72  if (dolibarr_del_const($db, $code, $conf->entity) > 0)
73  {
74  Header("Location: ".$_SERVER["PHP_SELF"]);
75  exit;
76  }
77  else
78  {
79  dol_print_error($db);
80  }
81 }
82 
83 else if ($action == 'updateform')
84 {
85  $res3=dolibarr_set_const($db, 'MAIN_UPLOAD_DOC',GETPOST('MAIN_UPLOAD_DOC','alpha'),'chaine',0,'',$conf->entity);
86  $res4=dolibarr_set_const($db, "MAIN_UMASK", GETPOST('MAIN_UMASK','alpha'),'chaine',0,'',$conf->entity);
87  $res5=dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", trim(GETPOST('MAIN_ANTIVIRUS_COMMAND','none')),'chaine',0,'',$conf->entity); // Use GETPOST none because we must accept "
88  $res6=dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", trim(GETPOST('MAIN_ANTIVIRUS_PARAM','none')),'chaine',0,'',$conf->entity); // Use GETPOST none because we must accept "
89  if ($res3 && $res4 && $res5 && $res6) setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs');
90 }
91 
92 
93 
94 // Delete file
95 else if ($action == 'delete')
96 {
97  $langs->load("other");
98  $file = $conf->admin->dir_temp . '/' . GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
99  $ret=dol_delete_file($file);
100  if ($ret) setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile')), null, 'mesgs');
101  else setEventMessages($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), null, 'errors');
102  Header('Location: '.$_SERVER["PHP_SELF"]);
103  exit;
104 }
105 
106 
107 /*
108  * View
109  */
110 
111 $form = new Form($db);
112 
113 $wikihelp='EN:Setup_Security|FR:Paramétrage_Sécurité|ES:Configuración_Seguridad';
114 llxHeader('',$langs->trans("Files"),$wikihelp);
115 
116 print load_fiche_titre($langs->trans("SecuritySetup"),'','title_setup');
117 
118 print $langs->trans("SecurityFilesDesc")."<br>\n";
119 print "<br>\n";
120 
121 
122 print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
123 print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
124 print '<input type="hidden" name="action" value="updateform">';
125 
126 $head=security_prepare_head();
127 
128 dol_fiche_head($head, 'file', $langs->trans("Security"), -1);
129 
130 
131 // Upload options
132 $var=false;
133 
134 print '<div class="div-table-responsive-no-min">';
135 print '<table class="noborder" width="100%">';
136 print '<tr class="liste_titre">';
137 print '<td colspan="2">'.$langs->trans("Parameters").'</td>';
138 print '<td>'.$langs->trans("Value").'</td>';
139 print '</tr>';
140 
141 print '<tr class="oddeven">';
142 print '<td colspan="2">'.$langs->trans("MaxSizeForUploadedFiles").'.';
143 $max=@ini_get('upload_max_filesize');
144 if ($max) print ' '.$langs->trans("MustBeLowerThanPHPLimit",$max*1024,$langs->trans("Kb")).'.';
145 else print ' '.$langs->trans("NoMaxSizeByPHPLimit").'.';
146 print '</td>';
147 print '<td class="nowrap">';
148 print '<input class="flat" name="MAIN_UPLOAD_DOC" type="text" size="6" value="'.htmlentities($conf->global->MAIN_UPLOAD_DOC).'"> '.$langs->trans("Kb");
149 print '</td>';
150 print '</tr>';
151 
152 
153 print '<tr class="oddeven">';
154 print '<td>'.$langs->trans("UMask").'</td><td align="right">';
155 print $form->textwithpicto('',$langs->trans("UMaskExplanation"));
156 print '</td>';
157 print '<td class="nowrap">';
158 print '<input class="flat" name="MAIN_UMASK" type="text" size="6" value="'.htmlentities($conf->global->MAIN_UMASK).'">';
159 print '</td>';
160 print '</tr>';
161 
162 // Use anti virus
163 
164 print '<tr class="oddeven">';
165 print '<td colspan="2">'.$langs->trans("AntiVirusCommand").'<br>';
166 print $langs->trans("AntiVirusCommandExample");
167 // Check command in inside safe_mode
168 print '</td>';
169 print '<td>';
170 if (ini_get('safe_mode') && ! empty($conf->global->MAIN_ANTIVIRUS_COMMAND))
171 {
172  $langs->load("errors");
173  $basedir=preg_replace('/"/','',dirname($conf->global->MAIN_ANTIVIRUS_COMMAND));
174  $listdir=explode(';',ini_get('safe_mode_exec_dir'));
175  if (! in_array($basedir,$listdir))
176  {
177  print img_warning($langs->trans('WarningSafeModeOnCheckExecDir'));
178  dol_syslog("safe_mode is on, basedir is ".$basedir.", safe_mode_exec_dir is ".ini_get('safe_mode_exec_dir'), LOG_WARNING);
179  }
180 }
181 print '<input type="text" name="MAIN_ANTIVIRUS_COMMAND" class="minwidth500imp" value="'.(! empty($conf->global->MAIN_ANTIVIRUS_COMMAND)?dol_escape_htmltag($conf->global->MAIN_ANTIVIRUS_COMMAND):'').'">';
182 print "</td>";
183 print '</tr>';
184 
185 // Use anti virus
186 
187 print '<tr class="oddeven">';
188 print '<td colspan="2">'.$langs->trans("AntiVirusParam").'<br>';
189 print $langs->trans("AntiVirusParamExample");
190 print '</td>';
191 print '<td>';
192 print '<input type="text" name="MAIN_ANTIVIRUS_PARAM" class="minwidth500imp" value="'.(! empty($conf->global->MAIN_ANTIVIRUS_PARAM)?dol_escape_htmltag($conf->global->MAIN_ANTIVIRUS_PARAM):'').'">';
193 print "</td>";
194 print '</tr>';
195 
196 print '</table>';
197 print '</div>';
198 
199 dol_fiche_end();
200 
201 print '<div class="center"><input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'"></div>';
202 
203 print '</form>';
204 
205 
206 
207 // Form to test upload
208 print '<br>';
209 $formfile=new FormFile($db);
210 $formfile->form_attach_new_file($_SERVER['PHP_SELF'], $langs->trans("FormToTestFileUploadForm"), 0, 0, 1, 50, '', '', 1, '', 0);
211 
212 // List of document
213 $filearray=dol_dir_list($upload_dir, "files", 0, '', '', 'name', SORT_ASC, 1);
214 $formfile->list_of_documents($filearray, null, 'admin_temp', '');
215 
216 llxFooter();
217 $db->close();
llxFooter()
Empty footer.
Definition: wrapper.php:58
setEventMessages($mesg, $mesgs, $style='mesgs')
Set event messages in dol_events session object.
dol_fiche_head($links=array(), $active='0', $title='', $notab=0, $picto='', $pictoisfullpath=0, $morehtmlright='')
Show tab header of a card.
dolibarr_set_const($db, $name, $value, $type='chaine', $visible=0, $note='', $entity=1)
Insert a parameter (key,value) into database (delete old key then insert it again).
Definition: admin.lib.php:485
dol_print_error($db='', $error='', $errors=null)
Affiche message erreur system avec toutes les informations pour faciliter le diagnostic et la remonte...
if(empty($reshook)) $form
View.
Definition: perms.php:103
dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0)
Returns text escaped for inclusion in HTML alt or title tags, or into values of HTML input fields...
dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="")
Scan a directory and return a list of files/directories.
Definition: files.lib.php:58
GETPOST($paramname, $check='none', $method=0, $filter=NULL, $options=NULL, $noreplace=0)
Return value of a param into GET or POST supervariable.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0)
Show a message to say access is forbidden and stop program Calling this function terminate execution ...
Class to manage generation of HTML components Only common components must be here.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='')
Write log message into outputs.
img_warning($titlealt= 'default', $moreatt= '')
Show warning logo.
if(GETPOST('button_removefilter_x','alpha')||GETPOST('button_removefilter.x','alpha')||GETPOST('button_removefilter','alpha')) if($action=="save"&&empty($cancel)) if(preg_match('/set_(.*)/', $action, $reg)) if(preg_match('/del_(.*)/', $action, $reg) $wikihelp)
View.
Definition: agenda.php:143
dolibarr_del_const($db, $name, $entity=1)
Effacement d'une constante dans la base de donnees.
Definition: admin.lib.php:410
dol_add_file_process($upload_dir, $allowoverwrite=0, $donotupdatesession=0, $varfiles='addedfile', $savingdocmask='', $link=null, $trackid='', $generatethumbs=1)
Get and save an upload file (for example after submitting a new file a mail form).
Definition: files.lib.php:1478
dol_fiche_end($notab=0)
Show tab footer of a card.
load_fiche_titre($titre, $morehtmlright='', $picto='title_generic.png', $pictoisfullpath=0, $id=0, $morecssontable='', $morehtmlcenter='')
Load a title with picto.
llxHeader()
Empty header.
Definition: wrapper.php:46
security_prepare_head()
Prepare array with list of tabs.
Definition: admin.lib.php:581
Class to offer components to list and upload files.
print
Draft customers invoices.
Definition: index.php:91
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null)
Remove a file or several files with a mask.
Definition: files.lib.php:1103