dolibarr 19.0.4
wrapper.php
1<?php
2
3// BEGIN PHP File wrapper.php - DO NOT MODIFY - It is just a copy of file website/samples/wrapper.php
4$websitekey = basename(__DIR__);
5if (strpos($_SERVER["PHP_SELF"], 'website/samples/wrapper.php')) {
6 die("Sample file for website module. Can't be called directly.");
7}
8if (!defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) {
9 require_once './master.inc.php';
10} // Load master if not already loaded
11include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
12
13$encoding = '';
14
15// Parameters to download files
16$hashp = GETPOST('hashp', 'aZ09');
17$modulepart = GETPOST('modulepart', 'aZ09');
18$entity = GETPOST('entity', 'int') ? GETPOST('entity', 'int') : $conf->entity;
19$original_file = GETPOST("file", "alpha");
20$l = GETPOST('l', 'aZ09');
21$limit = GETPOST('limit', 'int');
22
23// Parameters for RSS
24$rss = GETPOST('rss', 'aZ09');
25if ($rss) {
26 $original_file = 'blog.rss';
27}
28
29// If we have a hash public (hashp), we guess the original_file.
30if (!empty($hashp)) {
31 include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
32 $ecmfile = new EcmFiles($db);
33 $result = $ecmfile->fetch(0, '', '', '', $hashp);
34 if ($result > 0) {
35 $tmp = explode('/', $ecmfile->filepath, 2); // $ecmfile->filepath is relative to document directory
36 // filepath can be 'users/X' or 'X/propale/PR11111'
37 if (is_numeric($tmp[0])) { // If first tmp is numeric, it is subdir of company for multicompany, we take next part.
38 $tmp = explode('/', $tmp[1], 2);
39 }
40 $moduleparttocheck = $tmp[0]; // moduleparttocheck is first part of path
41
42 if ($modulepart) { // Not required, so often not defined, for link using public hashp parameter.
43 if ($moduleparttocheck == $modulepart) {
44 // We remove first level of directory
45 $original_file = (($tmp[1] ? $tmp[1].'/' : '').$ecmfile->filename); // this is relative to module dir
46 //var_dump($original_file); exit;
47 } else {
48 print 'Bad link. File is from another module part.';
49 }
50 } else {
51 $modulepart = $moduleparttocheck;
52 $original_file = (($tmp[1] ? $tmp[1].'/' : '').$ecmfile->filename); // this is relative to module dir
53 }
54 } else {
55 print "ErrorFileNotFoundWithSharedLink";
56 exit;
57 }
58}
59
60// Define attachment (attachment=true to force choice popup 'open'/'save as')
61$attachment = true;
62if (preg_match('/\.(html|htm)$/i', $original_file)) {
63 $attachment = false;
64}
65if (isset($_GET["attachment"])) {
66 $attachment = (GETPOST("attachment", 'alphanohtml') ? true : false);
67}
68if (getDolGlobalString('MAIN_DISABLE_FORCE_SAVEAS_WEBSITE')) {
69 $attachment = false;
70}
71
72// Define mime type
73$type = 'application/octet-stream';
74if (GETPOSTISSET('type')) {
75 $type = GETPOST('type', 'alpha');
76} else {
77 $type = dol_mimetype($original_file);
78}
79
80// Security: Delete string ../ into $original_file
81$original_file = str_replace("../", "/", $original_file);
82
83// Cache or not
84if (GETPOST("cache", 'aZ09') || image_format_supported($original_file) >= 0) {
85 // Important: Following code is to avoid page request by browser and PHP CPU at
86 // each Dolibarr page access.
87 header('Cache-Control: max-age=3600, public, must-revalidate');
88 header('Pragma: cache'); // This is to avoid having Pragma: no-cache
89}
90
91$refname = basename(dirname($original_file)."/");
92
93// Get RSS news
94if ($rss) {
95 $format = 'rss';
96 $type = '';
97 $cachedelay = 0;
98 $filename = $original_file;
99 $dir_temp = $conf->website->dir_temp;
100
101 include_once DOL_DOCUMENT_ROOT.'/website/class/website.class.php';
102 include_once DOL_DOCUMENT_ROOT.'/website/class/websitepage.class.php';
103 $website = new Website($db);
104 $websitepage = new WebsitePage($db);
105
106 $website->fetch('', $websitekey);
107
108 $filters = array('type_container'=>'blogpost', 'status'=>1);
109 if ($l) {
110 $filters['lang'] = $l;
111 }
112
113 $MAXNEWS = ($limit ? $limit : 20);
114 $arrayofblogs = $websitepage->fetchAll($website->id, 'DESC', 'date_creation', $MAXNEWS, 0, $filters);
115 $eventarray = array();
116 if (is_array($arrayofblogs)) {
117 foreach ($arrayofblogs as $blog) {
118 $blog->fullpageurl = $website->virtualhost.'/'.$blog->pageurl.'.php';
119 $eventarray[] = $blog;
120 }
121 }
122
123 require_once DOL_DOCUMENT_ROOT."/core/lib/xcal.lib.php";
124 require_once DOL_DOCUMENT_ROOT."/core/lib/date.lib.php";
125 require_once DOL_DOCUMENT_ROOT."/core/lib/files.lib.php";
126
127 dol_syslog("build_exportfile Build export file format=".$format.", type=".$type.", cachedelay=".$cachedelay.", filename=".$filename.", filters size=".count($filters), LOG_DEBUG);
128
129 // Clean parameters
130 if (!$filename) {
131 $extension = 'rss';
132 $filename = $format.'.'.$extension;
133 }
134
135 // Create dir and define output file (definitive and temporary)
136 $result = dol_mkdir($dir_temp);
137 $outputfile = $dir_temp.'/'.$filename;
138
139 $result = 0;
140
141 $buildfile = true;
142
143 if ($cachedelay) {
144 $nowgmt = dol_now();
145 include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
146 if (dol_filemtime($outputfile) > ($nowgmt - $cachedelay)) {
147 dol_syslog("build_exportfile file ".$outputfile." is not older than now - cachedelay (".$nowgmt." - ".$cachedelay."). Build is canceled");
148 $buildfile = false;
149 }
150 }
151
152 if ($buildfile) {
153 $outputlangs = new Translate('', $conf);
154 $outputlangs->setDefaultLang($l);
155 $outputlangs->loadLangs(array("main", "other"));
156 $title = $desc = $outputlangs->transnoentities('LatestBlogPosts');
157
158 // Create temp file
159 $outputfiletmp = tempnam($dir_temp, 'tmp'); // Temporary file (allow call of function by different threads
160 dolChmod($outputfiletmp);
161
162 // Write file
163 $result = build_rssfile($format, $title, $desc, $eventarray, $outputfiletmp, '', $website->virtualhost.'/wrapper.php?rss=1'.($l ? '&l='.$l : ''), $l);
164
165 if ($result >= 0) {
166 if (dol_move($outputfiletmp, $outputfile, 0, 1, 0, 0)) {
167 $result = 1;
168 } else {
169 $error = 'Failed to rename '.$outputfiletmp.' into '.$outputfile;
170 dol_syslog("build_exportfile ".$error, LOG_ERR);
171 dol_delete_file($outputfiletmp, 0, 1);
172 print $error;
173 exit(-1);
174 }
175 } else {
176 dol_syslog("build_exportfile build_xxxfile function fails to for format=".$format." outputfiletmp=".$outputfile, LOG_ERR);
177 dol_delete_file($outputfiletmp, 0, 1);
178 $langs->load("errors");
179 print $langs->trans("ErrorFailToCreateFile", $outputfile);
180 exit(-1);
181 }
182 }
183
184 if ($result >= 0) {
185 $attachment = false;
186 if (isset($_GET["attachment"])) {
187 $attachment = $_GET["attachment"];
188 }
189 //$attachment = false;
190 $contenttype = 'application/rss+xml';
191 if (isset($_GET["contenttype"])) {
192 $contenttype = $_GET["contenttype"];
193 }
194 //$contenttype='text/plain';
195 $outputencoding = 'UTF-8';
196
197 if ($contenttype) {
198 header('Content-Type: '.$contenttype.($outputencoding ? '; charset='.$outputencoding : ''));
199 }
200 if ($attachment) {
201 header('Content-Disposition: attachment; filename="'.$filename.'"');
202 }
203
204 // Ajout directives pour resoudre bug IE
205 //header('Cache-Control: Public, must-revalidate');
206 //header('Pragma: public');
207 if ($cachedelay) {
208 header('Cache-Control: max-age='.$cachedelay.', private, must-revalidate');
209 } else {
210 header('Cache-Control: private, must-revalidate');
211 }
212
213 // Clean parameters
214 $outputfile = $dir_temp.'/'.$filename;
215 $result = readfile($outputfile);
216 if (!$result) {
217 print 'File '.$outputfile.' was empty.';
218 }
219
220 // header("Location: ".DOL_URL_ROOT.'/document.php?modulepart=agenda&file='.urlencode($filename));
221 exit;
222 }
223} elseif ($modulepart == "mycompany" && preg_match('/^\/?logos\//', $original_file)) {
224 // Get logos
225 readfile(dol_osencode($conf->mycompany->dir_output."/".$original_file));
226} else {
227 // Find the subdirectory name as the reference
228 include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
229 $check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, null, $refname);
230 $accessallowed = empty($check_access['accessallowed']) ? '' : $check_access['accessallowed'];
231 $sqlprotectagainstexternals = empty($check_access['sqlprotectagainstexternals']) ? '' : $check_access['sqlprotectagainstexternals'];
232 $fullpath_original_file = empty($check_access['original_file']) ? '' : $check_access['original_file']; // $fullpath_original_file is now a full path name
233 if ($hashp) {
234 $accessallowed = 1; // When using hashp, link is public so we force $accessallowed
235 $sqlprotectagainstexternals = '';
236 }
237
238 // Security:
239 // Limit access if permissions are wrong
240 if (!$accessallowed) {
241 print 'Access forbidden';
242 exit;
243 }
244
245 clearstatcache();
246
247 $filename = basename($fullpath_original_file);
248
249 // Output file on browser
250 dol_syslog("wrapper.php download $fullpath_original_file filename=$filename content-type=$type");
251 $fullpath_original_file_osencoded = dol_osencode($fullpath_original_file); // New file name encoded in OS encoding charset
252
253 // This test if file exists should be useless. We keep it to find bug more easily
254 if (!file_exists($fullpath_original_file_osencoded)) {
255 print "ErrorFileDoesNotExists: ".dol_escape_htmltag($original_file);
256 exit;
257 }
258
259 // Permissions are ok and file found, so we return it
260 //top_httphead($type);
261 header('Content-Type: '.$type);
262 header('Content-Description: File Transfer');
263 if ($encoding) {
264 header('Content-Encoding: '.$encoding);
265 }
266 // Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, attachment=need user action to open)
267 if ($attachment) {
268 header('Content-Disposition: attachment; filename="'.$filename.'"');
269 } else {
270 header('Content-Disposition: inline; filename="'.$filename.'"');
271 }
272 header('Content-Length: '.dol_filesize($fullpath_original_file));
273
274 readfile($fullpath_original_file_osencoded);
275}
276if (is_object($db)) {
277 $db->close();
278}
279// END PHP
Class to manage ECM files.
Class to manage translations.
Class Website.
Class Websitepage.
dol_move($srcfile, $destfile, $newmask=0, $overwriteifexists=1, $testvirus=0, $indexdatabase=1, $moreinfo=array())
Move a file into another name.
dol_filemtime($pathoffile)
Return time of a file.
dol_filesize($pathoffile)
Return size of a file.
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser='', $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
dolChmod($filepath, $newmask='')
Change mod of a file.
dol_now($mode='auto')
Return date for now.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_mkdir($dir, $dataroot='', $newmask='')
Creation of a directory (this can create recursive subdir)
image_format_supported($file, $acceptsvg=0)
Return if a filename is file name of a supported image format.
build_rssfile($format, $title, $desc, $events_array, $outputfile, $filter='', $url='', $langcode='')
Build a file from an array of events.
Definition xcal.lib.php:325