dolibarr 19.0.4
ajaxdirpreview.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2004-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
3 * Copyright (C) 2004-2012 Laurent Destailleur <eldy@users.sourceforge.net>
4 * Copyright (C) 2005 Simon Tosser <simon@kornog-computing.com>
5 * Copyright (C) 2005-2012 Regis Houssin <regis.houssin@inodbox.com>
6 * Copyright (C) 2010 Pierre Morin <pierre.morin@auguria.net>
7 * Copyright (C) 2013 Marcos GarcĂ­a <marcosgdf@gmail.com>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program. If not, see <https://www.gnu.org/licenses/>.
21 */
22
30if (!defined('NOTOKENRENEWAL')) {
31 define('NOTOKENRENEWAL', 1); // Disables token renewal
32}
33if (!defined('NOREQUIREMENU')) {
34 define('NOREQUIREMENU', '1');
35}
36if (!defined('NOREQUIREHTML')) {
37 define('NOREQUIREHTML', '1');
38}
39if (!defined('NOREQUIREAJAX')) {
40 define('NOREQUIREAJAX', '1');
41}
42
43if (!isset($mode) || $mode != 'noajax') { // For ajax call
44 require_once '../../main.inc.php';
45 require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
46 require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
47 require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
48
49 $action = GETPOST('action', 'aZ09');
50 $file = urldecode(GETPOST('file', 'alpha'));
51 $section = GETPOST("section", 'alpha');
52 $module = GETPOST("module", 'alpha');
53 $urlsource = GETPOST("urlsource", 'alpha');
54 $search_doc_ref = GETPOST('search_doc_ref', 'alpha');
55
56 $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
57 $sortfield = GETPOST("sortfield", 'aZ09comma');
58 $sortorder = GETPOST("sortorder", 'aZ09comma');
59 $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
60 if (empty($page) || $page == -1) {
61 $page = 0;
62 } // If $page is not defined, or '' or -1
63 $offset = $limit * $page;
64 $pageprev = $page - 1;
65 $pagenext = $page + 1;
66 if (!$sortorder) {
67 $sortorder = "ASC";
68 }
69 if (!$sortfield) {
70 $sortfield = "name";
71 }
72
73 $rootdirfordoc = $conf->ecm->dir_output;
74
75 $upload_dir = dirname(str_replace("../", "/", $rootdirfordoc.'/'.$file));
76
77 $ecmdir = new EcmDirectory($db);
78 if ($section > 0) {
79 $result = $ecmdir->fetch($section);
80 if (!($result > 0)) {
81 //dol_print_error($db,$ecmdir->error);
82 //exit;
83 }
84 }
85} else {
86 // For no ajax call
87 $rootdirfordoc = $conf->ecm->dir_output;
88
89 $ecmdir = new EcmDirectory($db);
90 $relativepath = '';
91 if ($section > 0) {
92 $result = $ecmdir->fetch($section);
93 if (!($result > 0)) {
94 dol_print_error($db, $ecmdir->error);
95 exit;
96 }
97
98 $relativepath = $ecmdir->getRelativePath(); // Example 'mydir/'
99 } elseif (GETPOST('section_dir')) {
100 $relativepath = GETPOST('section_dir');
101 }
102 //var_dump($section.'-'.GETPOST('section_dir').'-'.$relativepath);
103
104 $upload_dir = $rootdirfordoc.'/'.$relativepath;
105}
106
107if (empty($url)) { // autoset $url but it is better to have it defined before into filemanager.tpl.php (not possible when in auto tree)
108 if (!empty($module) && $module == 'medias' && !GETPOST('website')) {
109 $url = DOL_URL_ROOT.'/ecm/index_medias.php';
110 } elseif (GETPOSTISSET('website')) {
111 $url = DOL_URL_ROOT.'/website/index.php';
112 } else {
113 $url = DOL_URL_ROOT.'/ecm/index.php';
114 }
115}
116
117// Load translation files required by the page
118$langs->loadLangs(array("ecm", "companies", "other"));
119
120if (empty($modulepart)) {
121 $modulepart = $module;
122}
123
124// Security check
125if ($user->socid > 0) {
126 $socid = $user->socid;
127}
128// On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers.
129if (preg_match('/\.\./', $upload_dir) || preg_match('/[<>|]/', $upload_dir)) {
130 dol_syslog("Refused to deliver file ".$upload_dir);
131 // Do no show plain path in shown error message
132 dol_print_error(0, $langs->trans("ErrorFileNameInvalid", $upload_dir));
133 exit;
134}
135// Check permissions
136if ($modulepart == 'ecm') {
137 if (!$user->hasRight('ecm', 'read')) {
139 }
140} elseif ($modulepart == 'medias' || $modulepart == 'website') {
141 // Always allowed
142} else {
144}
145
146
147/*
148 * Action
149 */
150
151// None
152
153
154
155/*
156 * View
157 */
158
159if (!isset($mode) || $mode != 'noajax') {
160 // Ajout directives pour resoudre bug IE
161 header('Cache-Control: Public, must-revalidate');
162 header('Pragma: public');
163
164 top_httphead();
165}
166
167$type = 'directory';
168
169// This test if file exists should be useless. We keep it to find bug more easily
170if (!dol_is_dir($upload_dir)) {
171 //dol_mkdir($upload_dir);
172 /*$langs->load("install");
173 dol_print_error(0,$langs->trans("ErrorDirDoesNotExists",$upload_dir));
174 exit;*/
175}
176
177print '<!-- ajaxdirpreview type='.$type.' module='.$module.' modulepart='.$modulepart.'-->'."\n";
178//print '<!-- Page called with mode='.dol_escape_htmltag(isset($mode)?$mode:'').' type='.dol_escape_htmltag($type).' module='.dol_escape_htmltag($module).' url='.dol_escape_htmltag($url).' '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
179
180$param = ($sortfield ? '&sortfield='.urlencode($sortfield) : '').($sortorder ? '&sortorder='.urlencode($sortorder) : '');
181if (!empty($websitekey)) {
182 $param .= '&website='.urlencode($websitekey);
183}
184if (!empty($pageid)) {
185 $param .= '&pageid='.urlencode($pageid);
186}
187
188
189// Dir scan
190if ($type == 'directory') {
191 $formfile = new FormFile($db);
192
193 $maxlengthname = 40;
194 $excludefiles = array('^SPECIMEN\.pdf$', '^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^payments$', '^CVS$', '^thumbs$');
195 $sorting = (strtolower($sortorder) == 'desc' ? SORT_DESC : SORT_ASC);
196
197 // Right area. If module is defined here, we are in automatic ecm.
198 $automodules = array(
199 'company',
200 'invoice',
201 'invoice_supplier',
202 'propal',
203 'supplier_proposal',
204 'order',
205 'order_supplier',
206 'contract',
207 'product',
208 'tax',
209 'tax-vat',
210 'salaries',
211 'project',
212 'project_task',
213 'fichinter',
214 'user',
215 'expensereport',
216 'holiday',
217 'recruitment-recruitmentcandidature',
218 'banque',
219 'chequereceipt',
220 'mrp-mo'
221 );
222
223 $parameters = array('modulepart'=>$module);
224 $reshook = $hookmanager->executeHooks('addSectionECMAuto', $parameters);
225 if ($reshook > 0 && is_array($hookmanager->resArray) && count($hookmanager->resArray) > 0) {
226 $automodules[] = $hookmanager->resArray['module'];
227 }
228
229 // TODO change for multicompany sharing
230 if ($module == 'company') {
231 $upload_dir = $conf->societe->dir_output;
232 $excludefiles[] = '^contact$'; // The subdir 'contact' contains files of contacts.
233 } elseif ($module == 'invoice') {
234 $upload_dir = $conf->facture->dir_output;
235 } elseif ($module == 'invoice_supplier') {
236 $upload_dir = $conf->fournisseur->facture->dir_output;
237 } elseif ($module == 'propal') {
238 $upload_dir = $conf->propal->dir_output;
239 } elseif ($module == 'supplier_proposal') {
240 $upload_dir = $conf->supplier_proposal->dir_output;
241 } elseif ($module == 'order') {
242 $upload_dir = $conf->commande->dir_output;
243 } elseif ($module == 'order_supplier') {
244 $upload_dir = $conf->fournisseur->commande->dir_output;
245 } elseif ($module == 'contract') {
246 $upload_dir = $conf->contrat->dir_output;
247 } elseif ($module == 'product') {
248 $upload_dir = $conf->product->dir_output;
249 } elseif ($module == 'tax') {
250 $upload_dir = $conf->tax->dir_output;
251 $excludefiles[] = '^vat$'; // The subdir 'vat' contains files of vats.
252 } elseif ($module == 'tax-vat') {
253 $upload_dir = $conf->tax->dir_output.'/vat';
254 } elseif ($module == 'salaries') {
255 $upload_dir = $conf->salaries->dir_output;
256 } elseif ($module == 'project') {
257 $upload_dir = $conf->project->dir_output;
258 } elseif ($module == 'project_task') {
259 $upload_dir = $conf->project->dir_output;
260 } elseif ($module == 'fichinter') {
261 $upload_dir = $conf->ficheinter->dir_output;
262 } elseif ($module == 'user') {
263 $upload_dir = $conf->user->dir_output;
264 } elseif ($module == 'expensereport') {
265 $upload_dir = $conf->expensereport->dir_output;
266 } elseif ($module == 'holiday') {
267 $upload_dir = $conf->holiday->dir_output;
268 } elseif ($module == 'recruitment-recruitmentcandidature') {
269 $upload_dir = $conf->recruitment->dir_output.'/recruitmentcandidature';
270 } elseif ($module == 'banque') {
271 $upload_dir = $conf->bank->dir_output;
272 } elseif ($module == 'chequereceipt') {
273 $upload_dir = $conf->bank->dir_output.'/checkdeposits';
274 } elseif ($module == 'mrp-mo') {
275 $upload_dir = $conf->mrp->dir_output;
276 } else {
277 $parameters = array('modulepart'=>$module);
278 $reshook = $hookmanager->executeHooks('addSectionECMAuto', $parameters);
279 if ($reshook > 0 && is_array($hookmanager->resArray) && count($hookmanager->resArray) > 0) {
280 $upload_dir = $hookmanager->resArray['directory'];
281 }
282 }
283
284 // Automatic list
285 if (in_array($module, $automodules)) {
286 $param .= '&module='.$module;
287 if (isset($search_doc_ref) && $search_doc_ref != '') {
288 $param .= '&search_doc_ref='.urlencode($search_doc_ref);
289 }
290
291 $textifempty = ($section ? $langs->trans("NoFileFound") : ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("NoFileFound")));
292
293 $filter = preg_quote($search_doc_ref, '/');
294 $filearray = dol_dir_list($upload_dir, "files", 1, $filter, $excludefiles, $sortfield, $sorting, 1);
295
296 $perm = $user->rights->ecm->upload;
297
298 $formfile->list_of_autoecmfiles($upload_dir, $filearray, $module, $param, 1, '', $perm, 1, $textifempty, $maxlengthname, $url, 1);
299 } else {
300 // Manual list
301 if ($module == 'medias') {
302 /*
303 $_POST is array like
304 'token' => string '062380e11b7dcd009d07318b57b71750' (length=32)
305 'action' => string 'file_manager' (length=12)
306 'website' => string 'template' (length=8)
307 'pageid' => string '124' (length=3)
308 'section_dir' => string 'mydir/' (length=3)
309 'section_id' => string '0' (length=1)
310 'max_file_size' => string '2097152' (length=7)
311 'sendit' => string 'Envoyer fichier' (length=15)
312 */
313 $relativepath = GETPOST('file', 'alpha') ? GETPOST('file', 'alpha') : GETPOST('section_dir', 'alpha');
314 if ($relativepath && $relativepath != '/') {
315 $relativepath .= '/';
316 }
317 $upload_dir = $dolibarr_main_data_root.'/'.$module.'/'.$relativepath;
318 if (GETPOSTISSET('website') || GETPOSTISSET('file_manager')) {
319 $param .= '&file_manager=1';
320 if (!preg_match('/website=/', $param) && GETPOST('website', 'alpha')) {
321 $param .= '&website='.urlencode(GETPOST('website', 'alpha'));
322 }
323 if (!preg_match('/pageid=/', $param)) {
324 $param .= '&pageid='.urlencode(GETPOST('pageid', 'int'));
325 }
326 //if (!preg_match('/backtopage=/',$param)) $param.='&backtopage='.urlencode($_SERVER["PHP_SELF"].'?file_manager=1&website='.$websitekey.'&pageid='.$pageid);
327 }
328 } else {
329 $relativepath = $ecmdir->getRelativePath();
330 $upload_dir = $conf->ecm->dir_output.'/'.$relativepath;
331 }
332
333 // If $section defined with value 0
334 if (($section === '0' || empty($section)) && ($module != 'medias')) {
335 $filearray = array();
336 } else {
337 $filearray = dol_dir_list($upload_dir, "files", 0, '', array('^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^CVS$'), $sortfield, $sorting, 1);
338 }
339
340 if ($section) {
341 $param .= '&section='.$section;
342 if (isset($search_doc_ref) && $search_doc_ref != '') {
343 $param .= '&search_doc_ref='.urlencode($search_doc_ref);
344 }
345
346 $textifempty = $langs->trans('NoFileFound');
347 } elseif ($section === '0') {
348 if ($module == 'ecm') {
349 $textifempty = '<br><div class="center"><span class="warning">'.$langs->trans("DirNotSynchronizedSyncFirst").'</span></div><br>';
350 } else {
351 $textifempty = $langs->trans('NoFileFound');
352 }
353 } else {
354 $textifempty = ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("ECMSelectASection"));
355 }
356
357 if ($module == 'medias') {
358 $useinecm = 6;
359 $modulepart = 'medias';
360 $perm = ($user->hasRight("website", "write") || $user->hasRight("emailing", "creer"));
361 $title = 'none';
362 } elseif ($module == 'ecm') { // DMS/ECM -> manual structure
363 if ($user->hasRight("ecm", "read")) {
364 // Buttons: Preview
365 $useinecm = 2;
366 }
367
368 if ($user->hasRight("ecm", "upload")) {
369 // Buttons: Preview + Delete
370 $useinecm = 4;
371 }
372
373 if ($user->hasRight("ecm", "setup")) {
374 // Buttons: Preview + Delete + Edit
375 $useinecm = 5;
376 }
377
378 $perm = $user->hasRight("ecm", "upload");
379 $modulepart = 'ecm';
380 $title = ''; // Use default
381 } else {
382 $useinecm = 5;
383 $modulepart = 'ecm';
384 $perm = $user->hasRight("ecm", "upload");
385 $title = ''; // Use default
386 }
387
388 // When we show list of files for ECM files, $filearray contains file list, and directory is defined with modulepart + section into $param
389 // When we show list of files for a directory, $filearray ciontains file list, and directory is defined with modulepart + $relativepath
390 //var_dump("section=".$section." title=".$title." modulepart=".$modulepart." useinecm=".$useinecm." perm=".$perm." relativepath=".$relativepath." param=".$param." url=".$url);
391 $formfile->list_of_documents($filearray, '', $modulepart, $param, 1, $relativepath, $perm, $useinecm, $textifempty, $maxlengthname, $title, $url, 0, $perm, '', $sortfield, $sortorder);
392 }
393}
394
395
396
397// Bottom of page
398$useajax = 1;
399if (!empty($conf->dol_use_jmobile)) {
400 $useajax = 0;
401}
402if (empty($conf->use_javascript_ajax)) {
403 $useajax = 0;
404}
405if (getDolGlobalString('MAIN_ECM_DISABLE_JS')) {
406 $useajax = 0;
407}
408
409//$param.=($param?'?':'').(preg_replace('/^&/','',$param));
410
411if ($useajax || $action == 'deletefile') {
412 $urlfile = '';
413 if ($action == 'deletefile') {
414 $urlfile = GETPOST('urlfile', 'alpha');
415 }
416
417 if (empty($section_dir)) {
418 $section_dir = GETPOST("file", "alpha");
419 }
420 $section_id = $section;
421
422 require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php';
423
424 $form = new Form($db);
425 $formquestion['urlfile'] = array('type'=>'hidden', 'value'=>$urlfile, 'name'=>'urlfile'); // We must always put field, even if empty because it is filled by javascript later
426 $formquestion['section'] = array('type'=>'hidden', 'value'=>$section, 'name'=>'section'); // We must always put field, even if empty because it is filled by javascript later
427 $formquestion['section_id'] = array('type'=>'hidden', 'value'=>$section_id, 'name'=>'section_id'); // We must always put field, even if empty because it is filled by javascript later
428 $formquestion['section_dir'] = array('type'=>'hidden', 'value'=>$section_dir, 'name'=>'section_dir'); // We must always put field, even if empty because it is filled by javascript later
429 $formquestion['sortfield'] = array('type'=>'hidden', 'value'=>$sortfield, 'name'=>'sortfield'); // We must always put field, even if empty because it is filled by javascript later
430 $formquestion['sortorder'] = array('type'=>'hidden', 'value'=>$sortorder, 'name'=>'sortorder'); // We must always put field, even if empty because it is filled by javascript later
431 if (!empty($action) && $action == 'file_manager') {
432 $formquestion['file_manager'] = array('type'=>'hidden', 'value'=>1, 'name'=>'file_manager');
433 }
434 if (!empty($websitekey)) {
435 $formquestion['website'] = array('type'=>'hidden', 'value'=>$websitekey, 'name'=>'website');
436 }
437 if (!empty($pageid) && $pageid > 0) {
438 $formquestion['pageid'] = array('type'=>'hidden', 'value'=>$pageid, 'name'=>'pageid');
439 }
440
441 print $form->formconfirm($url, $langs->trans("DeleteFile"), $langs->trans("ConfirmDeleteFile"), 'confirm_deletefile', $formquestion, "no", ($useajax ? 'deletefile' : 0));
442}
443
444if ($useajax) {
445 print '<!-- ajaxdirpreview.php: js to manage preview of doc -->'."\n";
446 print '<script nonce="'.getNonce().'" type="text/javascript">';
447
448 // Enable jquery handlers on new generated HTML objects (same code than into lib_footer.js.php)
449 // Because the content is reloaded by ajax call, we must also reenable some jquery hooks
450 // Wrapper to manage document_preview
451 if ($conf->browser->layout != 'phone') {
452 print "\n/* JS CODE TO ENABLE document_preview */\n";
453 print '
454 jQuery(document).ready(function () {
455 jQuery(".documentpreview").click(function () {
456 console.log("We click on preview for element with href="+$(this).attr(\'href\')+" mime="+$(this).attr(\'mime\'));
457 document_preview($(this).attr(\'href\'), $(this).attr(\'mime\'), \''.dol_escape_js($langs->transnoentities("Preview")).'\');
458 return false;
459 });
460 });
461 ' . "\n";
462 }
463
464 // Enable jquery handlers button to delete files
465 print 'jQuery(document).ready(function() {'."\n";
466 print ' jQuery(".deletefilelink").click(function(e) { '."\n";
467 print ' console.log("We click on button with class deletefilelink, param='.$param.', we set urlfile to "+jQuery(this).attr("rel"));'."\n";
468 print ' jQuery("#urlfile").val(jQuery(this).attr("rel"));'."\n";
469 //print ' jQuery("#section_dir").val(\'aaa\');'."\n";
470 print ' jQuery("#dialog-confirm-deletefile").dialog("open");'."\n";
471 print ' return false;'."\n";
472 print ' });'."\n";
473 print '});'."\n";
474 print '</script>'."\n";
475}
476
477// Close db if mode is not noajax
478if ((!isset($mode) || $mode != 'noajax') && is_object($db)) {
479 $db->close();
480}
Class to manage ECM directories.
Class to offer components to list and upload files.
Class to manage generation of HTML components Only common components must be here.
dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="", $donotfollowsymlinks=0, $nbsecondsold=0)
Scan a directory and return a list of files/directories.
Definition files.lib.php:62
dol_is_dir($folder)
Test if filename is a directory.
dol_print_error($db='', $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
if(!defined( 'NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.