21 use Luracast\Restler\RestException;
22 use Luracast\Restler\Format\UploadFormat;
24 require_once DOL_DOCUMENT_ROOT.
'/main.inc.php';
25 require_once DOL_DOCUMENT_ROOT.
'/core/lib/files.lib.php';
39 public static $DOCUMENT_FIELDS = array(
69 public function index($modulepart, $original_file =
'')
73 if (empty($modulepart)) {
74 throw new RestException(400,
'bad value for parameter modulepart');
76 if (empty($original_file)) {
77 throw new RestException(400,
'bad value for parameter original_file');
81 $entity = $conf->entity;
92 $relativefile = $original_file;
95 $accessallowed = $check_access[
'accessallowed'];
96 $sqlprotectagainstexternals = $check_access[
'sqlprotectagainstexternals'];
97 $original_file = $check_access[
'original_file'];
99 if (preg_match(
'/\.\./', $original_file) || preg_match(
'/[<>|]/', $original_file)) {
100 throw new RestException(401);
102 if (!$accessallowed) {
103 throw new RestException(401);
106 $filename = basename($original_file);
107 $original_file_osencoded =
dol_osencode($original_file);
109 if (!file_exists($original_file_osencoded)) {
110 dol_syslog(
"Try to download not found file ".$original_file_osencoded, LOG_WARNING);
111 throw new RestException(404,
'File not found');
114 $file_content = file_get_contents($original_file_osencoded);
115 return array(
'filename'=>$filename,
'content-type' =>
dol_mimetype($filename),
'filesize'=>filesize($original_file),
'content'=>base64_encode($file_content),
'encoding'=>
'base64');
140 public function builddoc($modulepart, $original_file =
'', $doctemplate =
'', $langcode =
'')
142 global $conf, $langs;
144 if (empty($modulepart)) {
145 throw new RestException(400,
'bad value for parameter modulepart');
147 if (empty($original_file)) {
148 throw new RestException(400,
'bad value for parameter original_file');
151 $outputlangs = $langs;
152 if ($langcode && $langs->defaultlang != $langcode) {
154 $outputlangs->setDefaultLang($langcode);
158 $entity = $conf->entity;
169 $relativefile = $original_file;
172 $accessallowed = $check_access[
'accessallowed'];
173 $sqlprotectagainstexternals = $check_access[
'sqlprotectagainstexternals'];
174 $original_file = $check_access[
'original_file'];
176 if (preg_match(
'/\.\./', $original_file) || preg_match(
'/[<>|]/', $original_file)) {
177 throw new RestException(401);
179 if (!$accessallowed) {
180 throw new RestException(401);
184 $hidedetails = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 0 : 1;
185 $hidedesc = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 0 : 1;
186 $hideref = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 0 : 1;
190 if ($modulepart ==
'facture' || $modulepart ==
'invoice') {
191 require_once DOL_DOCUMENT_ROOT.
'/compta/facture/class/facture.class.php';
192 $this->invoice =
new Facture($this->db);
193 $result = $this->invoice->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
195 throw new RestException(404,
'Invoice not found');
198 $templateused = $doctemplate ? $doctemplate : $this->invoice->model_pdf;
199 $result = $this->invoice->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
201 throw new RestException(500,
'Error generating document');
203 } elseif ($modulepart ==
'facture_fournisseur' || $modulepart ==
'invoice_supplier') {
204 require_once DOL_DOCUMENT_ROOT .
'/fourn/class/fournisseur.facture.class.php';
206 $result = $this->supplier_invoice->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
208 throw new RestException(404,
'Supplier invoice not found');
211 $templateused = $doctemplate ? $doctemplate : $this->supplier_invoice->model_pdf;
212 $result = $this->supplier_invoice->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
214 throw new RestException(500,
'Error generating document');
216 } elseif ($modulepart ==
'commande' || $modulepart ==
'order') {
217 require_once DOL_DOCUMENT_ROOT.
'/commande/class/commande.class.php';
218 $this->order =
new Commande($this->db);
219 $result = $this->order->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
221 throw new RestException(404,
'Order not found');
223 $templateused = $doctemplate ? $doctemplate : $this->order->model_pdf;
224 $result = $this->order->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
226 throw new RestException(500,
'Error generating document');
228 } elseif ($modulepart ==
'propal' || $modulepart ==
'proposal') {
229 require_once DOL_DOCUMENT_ROOT.
'/comm/propal/class/propal.class.php';
230 $this->propal =
new Propal($this->db);
231 $result = $this->propal->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
233 throw new RestException(404,
'Proposal not found');
235 $templateused = $doctemplate ? $doctemplate : $this->propal->model_pdf;
236 $result = $this->propal->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
238 throw new RestException(500,
'Error generating document');
240 } elseif ($modulepart ==
'contrat' || $modulepart ==
'contract') {
241 require_once DOL_DOCUMENT_ROOT .
'/contrat/class/contrat.class.php';
243 $this->contract =
new Contrat($this->db);
244 $result = $this->contract->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
247 throw new RestException(404,
'Contract not found');
250 $templateused = $doctemplate ? $doctemplate : $this->contract->model_pdf;
251 $result = $this->contract->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
254 throw new RestException(500,
'Error generating document missing doctemplate parameter');
257 throw new RestException(403,
'Generation not available for this modulepart');
260 $filename = basename($original_file);
261 $original_file_osencoded =
dol_osencode($original_file);
263 if (!file_exists($original_file_osencoded)) {
264 throw new RestException(404,
'File not found');
267 $file_content = file_get_contents($original_file_osencoded);
268 return array(
'filename'=>$filename,
'content-type' =>
dol_mimetype($filename),
'filesize'=>filesize($original_file),
'content'=>base64_encode($file_content),
'langcode'=>$outputlangs->defaultlang,
'template'=>$templateused,
'encoding'=>
'base64');
294 if (empty($modulepart)) {
295 throw new RestException(400,
'bad value for parameter modulepart');
298 if (empty($id) && empty($ref)) {
299 throw new RestException(400,
'bad value for parameter id or ref');
302 $id = (empty($id) ? 0 : $id);
306 if ($modulepart ==
'societe' || $modulepart ==
'thirdparty') {
307 require_once DOL_DOCUMENT_ROOT.
'/societe/class/societe.class.php';
309 if (!DolibarrApiAccess::$user->hasRight(
'societe',
'lire')) {
310 throw new RestException(401);
313 $object =
new Societe($this->db);
314 $result = $object->fetch($id, $ref);
316 throw new RestException(404,
'Thirdparty not found');
319 $upload_dir = $conf->societe->multidir_output[$object->entity].
"/".$object->id;
320 } elseif ($modulepart ==
'user') {
321 require_once DOL_DOCUMENT_ROOT.
'/user/class/user.class.php';
324 if (!DolibarrApiAccess::$user->rights->user->user->lire && DolibarrApiAccess::$user->id != $id) {
325 throw new RestException(401);
328 $object =
new User($this->db);
329 $result = $object->fetch($id, $ref);
331 throw new RestException(404,
'User not found');
334 $upload_dir = $conf->user->dir_output.
'/'.
get_exdir(0, 0, 0, 0, $object,
'user').
'/'.$object->id;
335 } elseif ($modulepart ==
'adherent' || $modulepart ==
'member') {
336 require_once DOL_DOCUMENT_ROOT.
'/adherents/class/adherent.class.php';
338 if (!DolibarrApiAccess::$user->rights->adherent->lire) {
339 throw new RestException(401);
343 $result = $object->fetch($id, $ref);
345 throw new RestException(404,
'Member not found');
348 $upload_dir = $conf->adherent->dir_output.
"/".
get_exdir(0, 0, 0, 1, $object,
'member');
349 } elseif ($modulepart ==
'propal' || $modulepart ==
'proposal') {
350 require_once DOL_DOCUMENT_ROOT.
'/comm/propal/class/propal.class.php';
352 if (!DolibarrApiAccess::$user->hasRight(
'propal',
'lire')) {
353 throw new RestException(401);
356 $object =
new Propal($this->db);
357 $result = $object->fetch($id, $ref);
359 throw new RestException(404,
'Proposal not found');
362 $upload_dir = $conf->propal->multidir_output[$object->entity].
"/".
get_exdir(0, 0, 0, 1, $object,
'propal');
363 } elseif ($modulepart ==
'supplier_proposal') {
364 require_once DOL_DOCUMENT_ROOT.
'/supplier_proposal/class/supplier_proposal.class.php';
366 if (!DolibarrApiAccess::$user->rights->supplier_proposal->read) {
367 throw new RestException(401);
370 $object =
new Propal($this->db);
371 $result = $object->fetch($id, $ref);
373 throw new RestException(404,
'Supplier proposal not found');
376 $upload_dir = $conf->propal->multidir_output[$object->entity].
"/".
get_exdir(0, 0, 0, 1, $object,
'propal');
377 } elseif ($modulepart ==
'commande' || $modulepart ==
'order') {
378 require_once DOL_DOCUMENT_ROOT.
'/commande/class/commande.class.php';
380 if (!DolibarrApiAccess::$user->hasRight(
'commande',
'lire')) {
381 throw new RestException(401);
385 $result = $object->fetch($id, $ref);
387 throw new RestException(404,
'Order not found');
390 $upload_dir = $conf->commande->dir_output.
"/".
get_exdir(0, 0, 0, 1, $object,
'commande');
391 } elseif ($modulepart ==
'commande_fournisseur' || $modulepart ==
'supplier_order') {
392 $modulepart =
'supplier_order';
394 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.commande.class.php';
396 if (empty(DolibarrApiAccess::$user->rights->fournisseur->commande->lire) && empty(DolibarrApiAccess::$user->rights->supplier_order->lire)) {
397 throw new RestException(401);
401 $result = $object->fetch($id, $ref);
403 throw new RestException(404,
'Purchase order not found');
407 } elseif ($modulepart ==
'shipment' || $modulepart ==
'expedition') {
408 require_once DOL_DOCUMENT_ROOT.
'/expedition/class/expedition.class.php';
410 if (!DolibarrApiAccess::$user->rights->expedition->lire) {
411 throw new RestException(401);
415 $result = $object->fetch($id, $ref);
417 throw new RestException(404,
'Shipment not found');
420 $upload_dir = $conf->expedition->dir_output.
"/sending/".
get_exdir(0, 0, 0, 1, $object,
'shipment');
421 } elseif ($modulepart ==
'facture' || $modulepart ==
'invoice') {
422 require_once DOL_DOCUMENT_ROOT.
'/compta/facture/class/facture.class.php';
424 if (!DolibarrApiAccess::$user->hasRight(
'facture',
'lire')) {
425 throw new RestException(401);
428 $object =
new Facture($this->db);
429 $result = $object->fetch($id, $ref);
431 throw new RestException(404,
'Invoice not found');
434 $upload_dir = $conf->facture->dir_output.
"/".
get_exdir(0, 0, 0, 1, $object,
'invoice');
435 } elseif ($modulepart ==
'facture_fournisseur' || $modulepart ==
'supplier_invoice') {
436 $modulepart =
'supplier_invoice';
438 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.facture.class.php';
440 if (empty(DolibarrApiAccess::$user->rights->fournisseur->facture->lire) && empty(DolibarrApiAccess::$user->rights->supplier_invoice->lire)) {
441 throw new RestException(401);
445 $result = $object->fetch($id, $ref);
447 throw new RestException(404,
'Invoice not found');
450 $upload_dir = $conf->fournisseur->dir_output.
"/facture/".
get_exdir($object->id, 2, 0, 0, $object,
'invoice_supplier').dol_sanitizeFileName($object->ref);
451 } elseif ($modulepart ==
'produit' || $modulepart ==
'product') {
452 require_once DOL_DOCUMENT_ROOT.
'/product/class/product.class.php';
454 if (!DolibarrApiAccess::$user->rights->produit->lire) {
455 throw new RestException(401);
458 $object =
new Product($this->db);
459 $result = $object->fetch($id, $ref);
461 throw new RestException(404,
'Product not found');
462 } elseif ($result < 0) {
463 throw new RestException(500,
'Error while fetching object: '.$object->error);
466 $upload_dir = $conf->product->multidir_output[$object->entity].
'/'.
get_exdir(0, 0, 0, 1, $object,
'product');
467 } elseif ($modulepart ==
'agenda' || $modulepart ==
'action' || $modulepart ==
'event') {
468 require_once DOL_DOCUMENT_ROOT.
'/comm/action/class/actioncomm.class.php';
470 if (!DolibarrApiAccess::$user->rights->agenda->myactions->read && !DolibarrApiAccess::$user->rights->agenda->allactions->read) {
471 throw new RestException(401);
475 $result = $object->fetch($id, $ref);
477 throw new RestException(404,
'Event not found');
481 } elseif ($modulepart ==
'expensereport') {
482 require_once DOL_DOCUMENT_ROOT.
'/expensereport/class/expensereport.class.php';
484 if (!DolibarrApiAccess::$user->rights->expensereport->read && !DolibarrApiAccess::$user->rights->expensereport->read) {
485 throw new RestException(401);
489 $result = $object->fetch($id, $ref);
491 throw new RestException(404,
'Expense report not found');
495 } elseif ($modulepart ==
'knowledgemanagement') {
496 require_once DOL_DOCUMENT_ROOT.
'/knowledgemanagement/class/knowledgerecord.class.php';
498 if (!DolibarrApiAccess::$user->hasRight(
'knowledgemanagement',
'knowledgerecord',
'read') && !DolibarrApiAccess::$user->hasRight(
'knowledgemanagement',
'knowledgerecord',
'read')) {
499 throw new RestException(401);
503 $result = $object->fetch($id, $ref);
505 throw new RestException(404,
'KM article not found');
508 $upload_dir = $conf->knowledgemanagement->dir_output.
'/knowledgerecord/'.
dol_sanitizeFileName($object->ref);
509 } elseif ($modulepart ==
'categorie' || $modulepart ==
'category') {
510 require_once DOL_DOCUMENT_ROOT.
'/categories/class/categorie.class.php';
512 if (!DolibarrApiAccess::$user->rights->categorie->lire) {
513 throw new RestException(401);
517 $result = $object->fetch($id, $ref);
519 throw new RestException(404,
'Category not found');
522 $upload_dir = $conf->categorie->multidir_output[$object->entity].
'/'.
get_exdir($object->id, 2, 0, 0, $object,
'category').$object->id.
"/photos/".
dol_sanitizeFileName($object->ref);
523 } elseif ($modulepart ==
'ecm') {
524 throw new RestException(500,
'Modulepart Ecm not implemented yet.');
539 } elseif ($modulepart ==
'contrat' || $modulepart ==
'contract') {
540 $modulepart =
'contrat';
541 require_once DOL_DOCUMENT_ROOT .
'/contrat/class/contrat.class.php';
543 $object =
new Contrat($this->db);
544 $result = $object->fetch($id, $ref);
546 throw new RestException(404,
'Contract not found');
549 $upload_dir = $conf->contrat->dir_output .
"/" .
get_exdir(0, 0, 0, 1, $object,
'contract');
550 } elseif ($modulepart ==
'projet' || $modulepart ==
'project') {
551 $modulepart =
'project';
552 require_once DOL_DOCUMENT_ROOT .
'/projet/class/project.class.php';
554 $object =
new Project($this->db);
555 $result = $object->fetch($id, $ref);
557 throw new RestException(404,
'Project not found');
560 $upload_dir = $conf->projet->dir_output .
"/" .
get_exdir(0, 0, 0, 1, $object,
'project');
562 throw new RestException(500,
'Modulepart '.$modulepart.
' not implemented yet.');
565 $objectType = $modulepart;
566 if (! empty($object->id) && ! empty($object->table_element)) {
567 $objectType = $object->table_element;
570 $filearray =
dol_dir_list($upload_dir, $type, $recursive,
'',
'(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) ==
'desc' ?SORT_DESC:SORT_ASC), 1);
571 if (empty($filearray)) {
572 throw new RestException(404,
'Search for modulepart '.$modulepart.
' with Id '.$object->id.(!empty($object->ref) ?
' or Ref '.$object->ref :
'').
' does not return any document.');
574 if (($object->id) > 0 && !empty($modulepart)) {
575 require_once DOL_DOCUMENT_ROOT.
'/ecm/class/ecmfiles.class.php';
577 $result = $ecmfile->fetchAll(
'',
'', 0, 0, array(
't.src_object_type' => $objectType,
't.src_object_id' => $object->id));
579 throw new RestException(503,
'Error when retrieve ecm list : '.$this->db->lasterror());
580 } elseif (is_array($ecmfile->lines) && count($ecmfile->lines) > 0) {
581 $count = count($filearray);
582 for ($i = 0 ; $i < $count ; $i++) {
583 if ($filearray[$i][
'name'] == $ecmfile->lines[$i]->filename) $filearray[$i] = array_merge($filearray[$i], (array) $ecmfile->lines[0]);
633 public function post($filename, $modulepart, $ref =
'', $subdir =
'', $filecontent =
'', $fileencoding =
'', $overwriteifexists = 0, $createdirifnotexists = 1)
641 if (empty($modulepart)) {
642 throw new RestException(400,
'Modulepart not provided.');
645 if (!DolibarrApiAccess::$user->rights->ecm->upload) {
646 throw new RestException(401);
649 $newfilecontent =
'';
650 if (empty($fileencoding)) {
651 $newfilecontent = $filecontent;
653 if ($fileencoding ==
'base64') {
654 $newfilecontent = base64_decode($filecontent);
661 $entity = DolibarrApiAccess::$user->entity;
662 if (empty($entity)) {
670 if ($modulepart ==
'facture' || $modulepart ==
'invoice') {
671 $modulepart =
'facture';
673 require_once DOL_DOCUMENT_ROOT.
'/compta/facture/class/facture.class.php';
674 $object =
new Facture($this->db);
675 } elseif ($modulepart ==
'facture_fournisseur' || $modulepart ==
'supplier_invoice') {
676 $modulepart =
'supplier_invoice';
678 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.facture.class.php';
680 } elseif ($modulepart ==
'commande' || $modulepart ==
'order') {
681 $modulepart =
'commande';
683 require_once DOL_DOCUMENT_ROOT.
'/commande/class/commande.class.php';
685 } elseif ($modulepart ==
'commande_fournisseur' || $modulepart ==
'supplier_order') {
686 $modulepart =
'supplier_order';
688 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.commande.class.php';
690 } elseif ($modulepart ==
'projet' || $modulepart ==
'project') {
691 require_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
692 $object =
new Project($this->db);
693 } elseif ($modulepart ==
'task' || $modulepart ==
'project_task') {
694 $modulepart =
'project_task';
696 require_once DOL_DOCUMENT_ROOT.
'/projet/class/task.class.php';
697 $object =
new Task($this->db);
699 $task_result = $object->fetch(
'', $ref);
702 if ($task_result > 0) {
703 $project_result = $object->fetch_projet();
705 if ($project_result >= 0) {
709 throw new RestException(500,
'Error while fetching Task '.$ref);
711 } elseif ($modulepart ==
'product' || $modulepart ==
'produit' || $modulepart ==
'service' || $modulepart ==
'produit|service') {
712 require_once DOL_DOCUMENT_ROOT.
'/product/class/product.class.php';
713 $object =
new Product($this->db);
714 } elseif ($modulepart ==
'expensereport') {
715 require_once DOL_DOCUMENT_ROOT.
'/expensereport/class/expensereport.class.php';
717 } elseif ($modulepart ==
'fichinter') {
718 require_once DOL_DOCUMENT_ROOT.
'/fichinter/class/fichinter.class.php';
720 } elseif ($modulepart ==
'adherent' || $modulepart ==
'member') {
721 $modulepart =
'adherent';
722 require_once DOL_DOCUMENT_ROOT.
'/adherents/class/adherent.class.php';
724 } elseif ($modulepart ==
'proposal' || $modulepart ==
'propal' || $modulepart ==
'propale') {
725 $modulepart =
'propale';
726 require_once DOL_DOCUMENT_ROOT.
'/comm/propal/class/propal.class.php';
727 $object =
new Propal($this->db);
728 } elseif ($modulepart ==
'agenda' || $modulepart ==
'action' || $modulepart ==
'event') {
729 $modulepart =
'agenda';
730 require_once DOL_DOCUMENT_ROOT .
'/comm/action/class/actioncomm.class.php';
732 } elseif ($modulepart ==
'contact' || $modulepart ==
'socpeople') {
733 $modulepart =
'contact';
734 require_once DOL_DOCUMENT_ROOT.
'/contact/class/contact.class.php';
735 $object =
new Contact($this->db);
737 } elseif ($modulepart ==
'contrat' || $modulepart ==
'contract') {
738 $modulepart =
'contrat';
739 require_once DOL_DOCUMENT_ROOT .
'/contrat/class/contrat.class.php';
740 $object =
new Contrat($this->db);
743 throw new RestException(500,
'Modulepart '.$modulepart.
' not implemented yet.');
746 if (is_object($object)) {
748 $result = $object->fetch($ref);
750 $result = $object->fetch(
'', $ref);
754 throw new RestException(404,
"Object with ref '".$ref.
"' was not found.");
755 } elseif ($result < 0) {
756 throw new RestException(500,
'Error while fetching object: '.$object->error);
760 if (!($object->id > 0)) {
761 throw new RestException(404,
'The object '.$modulepart.
" with ref '".$ref.
"' was not found.");
766 if ($modulepart ==
'supplier_invoice') {
767 $tmpreldir =
get_exdir($object->id, 2, 0, 0, $object,
'invoice_supplier');
770 $relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);
773 $upload_dir = $tmp[
'original_file'];
775 if (empty($upload_dir) || $upload_dir ==
'/') {
776 throw new RestException(500,
'This value of modulepart ('.$modulepart.
') does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');
779 if ($modulepart ==
'invoice') {
780 $modulepart =
'facture';
782 if ($modulepart ==
'member') {
783 $modulepart =
'adherent';
786 $relativefile = $subdir;
788 $upload_dir = $tmp[
'original_file'];
790 if (empty($upload_dir) || $upload_dir ==
'/') {
791 if (!empty($tmp[
'error'])) {
792 throw new RestException(401,
'Error returned by dol_check_secure_access_document: '.$tmp[
'error']);
794 throw new RestException(500,
'This value of modulepart ('.$modulepart.
') is not allowed with this value of subdir ('.$relativefile.
')');
802 if (!empty($createdirifnotexists)) {
804 throw new RestException(500,
'Error while trying to create directory '.$upload_dir);
808 $destfile = $upload_dir.
'/'.$original_file;
809 $destfiletmp = DOL_DATA_ROOT.
'/admin/temp/'.$original_file;
814 throw new RestException(401,
'Directory not exists : '.dirname($destfile));
817 if (!$overwriteifexists &&
dol_is_file($destfile)) {
818 throw new RestException(500,
"File with name '".$original_file.
"' already exists.");
826 $fhandle = @fopen($destfiletmp,
'w');
828 $nbofbyteswrote = fwrite($fhandle, $newfilecontent);
832 throw new RestException(500,
"Failed to open file '".$destfiletmp.
"' for write");
835 $disablevirusscan = 0;
836 $src_file = $destfiletmp;
837 $dest_file = $destfile;
841 if (empty($disablevirusscan) && file_exists($src_file)) {
843 if (count($checkvirusarray)) {
844 dol_syslog(
'Files.lib::dol_move_uploaded_file File "'.$src_file.
'" (target name "'.$dest_file.
'") KO with antivirus: errors='.join(
',', $checkvirusarray), LOG_WARNING);
845 throw new RestException(500,
'ErrorFileIsInfectedWithAVirus: '.join(
',', $checkvirusarray));
854 $publicmediasdirwithslash = $conf->medias->multidir_output[$conf->entity];
855 if (!preg_match(
'/\/$/', $publicmediasdirwithslash)) {
856 $publicmediasdirwithslash .=
'/';
859 if (strpos($upload_dir, $publicmediasdirwithslash) !== 0 || !
getDolGlobalInt(
"MAIN_DOCUMENT_DISABLE_NOEXE_IN_MEDIAS_DIR")) {
860 $dest_file .=
'.noexe';
866 if (preg_match(
'/^\./', basename($src_file)) || preg_match(
'/\.\./', $src_file) || preg_match(
'/[<>|]/', $src_file)) {
867 dol_syslog(
"Refused to deliver file ".$src_file, LOG_WARNING);
868 throw new RestException(500,
"Refused to deliver file ".$src_file);
873 if (preg_match(
'/^\./', basename($dest_file)) || preg_match(
'/\.\./', $dest_file) || preg_match(
'/[<>|]/', $dest_file)) {
874 dol_syslog(
"Refused to deliver file ".$dest_file, LOG_WARNING);
875 throw new RestException(500,
"Refused to deliver file ".$dest_file);
878 $result =
dol_move($destfiletmp, $dest_file, 0, $overwriteifexists, 1, 1);
880 throw new RestException(500,
"Failed to move file into '".$destfile.
"'");
899 public function delete($modulepart, $original_file)
901 global $conf, $langs;
903 if (empty($modulepart)) {
904 throw new RestException(400,
'bad value for parameter modulepart');
906 if (empty($original_file)) {
907 throw new RestException(400,
'bad value for parameter original_file');
911 $entity = $conf->entity;
922 $relativefile = $original_file;
925 $accessallowed = $check_access[
'accessallowed'];
926 $sqlprotectagainstexternals = $check_access[
'sqlprotectagainstexternals'];
927 $original_file = $check_access[
'original_file'];
929 if (preg_match(
'/\.\./', $original_file) || preg_match(
'/[<>|]/', $original_file)) {
930 throw new RestException(401);
932 if (!$accessallowed) {
933 throw new RestException(401);
936 $filename = basename($original_file);
937 $original_file_osencoded =
dol_osencode($original_file);
939 if (!file_exists($original_file_osencoded)) {
940 dol_syslog(
"Try to download not found file ".$original_file_osencoded, LOG_WARNING);
941 throw new RestException(404,
'File not found');
944 if (@unlink($original_file_osencoded)) {
948 'message' =>
'Document deleted'
953 throw new RestException(401);
968 foreach (Documents::$DOCUMENT_FIELDS as $field) {
969 if (!isset($data[$field])) {
970 throw new RestException(400,
"$field field missing");
972 $result[$field] = $data[$field];