31if (
GETPOSTINT(
'uploadform') && empty($_POST) && empty($_FILES)) {
32 dol_syslog(
"The PHP parameter 'post_max_size' is too low. All POST parameters and FILES were set to empty.");
33 $langs->loadLangs(array(
"errors",
"install"));
34 print $langs->trans(
"ErrorFileSizeTooLarge").
' ';
35 print $langs->trans(
"ErrorGoBackAndCorrectParameters");
40 ||
GETPOST(
'linkit',
'restricthtml')
41 || ($action ==
'confirm_deletefile' && $confirm ==
'yes')
42 || ($action ==
'confirm_updateline' &&
GETPOST(
'save',
'alpha') &&
GETPOST(
'link',
'alpha'))
43 || ($action ==
'renamefile' &&
GETPOST(
'renamefilesave',
'alpha'))) && empty($permissiontoadd)) {
44 dol_syslog(
'The file actions_linkedfiles.inc.php was included but parameter $permissiontoadd was not set before.');
45 print
'The file actions_linkedfiles.inc.php was included but parameter $permissiontoadd was not set before.';
52 if (!empty($_FILES) && is_array($_FILES[
'userfile'])) {
53 if (is_array($_FILES[
'userfile'][
'tmp_name'])) {
54 $userfiles = $_FILES[
'userfile'][
'tmp_name'];
56 $userfiles = array($_FILES[
'userfile'][
'tmp_name']);
59 foreach ($userfiles as $key => $userfile) {
60 if (empty($_FILES[
'userfile'][
'tmp_name'][$key])) {
62 if ($_FILES[
'userfile'][
'error'][$key] == 1 || $_FILES[
'userfile'][
'error'][$key] == 2) {
65 setEventMessages($langs->trans(
"ErrorFieldRequired", $langs->transnoentitiesnoconv(
"File")),
null,
'errors');
68 if (preg_match(
'/__.*__/', $_FILES[
'userfile'][
'name'][$key])) {
77 if (
GETPOST(
'section_dir',
'alpha')) {
80 $allowoverwrite = (
GETPOSTINT(
'overwritefile') ? 1 : 0);
82 if (!empty($upload_dirold) &&
getDolGlobalInt(
'PRODUCT_USE_OLD_PATH_FOR_PHOTO')) {
84 } elseif (!empty($upload_dir)) {
90 $link =
GETPOST(
'link',
'alpha');
92 if (substr($link, 0, 7) !=
'http://' && substr($link, 0, 8) !=
'https://' && substr($link, 0, 7) !=
'file://' && substr($link, 0, 7) !=
'davs://') {
93 $link =
'http://'.$link;
97 $newUrlArray = parse_url($link);
101 if (!empty($newUrlArray[
'path']) && preg_match(
'/\.svg$/i', $newUrlArray[
'path'])) {
103 $langs->load(
"errors");
104 setEventMessages($langs->trans(
'ErrorSVGFilesNotAllowedAsLinksWithout',
'MAIN_ALLOW_SVG_FILES_AS_EXTERNAL_LINKS'),
null,
'errors');
120if ($action ==
'confirm_deletefile' && $confirm ==
'yes' && !empty($permissiontoadd)) {
121 $urlfile =
GETPOST(
'urlfile',
'alpha', 0,
null,
null, 1);
122 if (
GETPOST(
'section',
'alpha')) {
124 $file = $upload_dir.(preg_match(
'/\/$/', $upload_dir) ?
'' :
'/').$urlfile;
126 $urlfile = basename($urlfile);
127 $file = $upload_dir.(preg_match(
'/\/$/', $upload_dir) ?
'' :
'/').$urlfile;
128 if (!empty($upload_dirold)) {
129 $fileold = $upload_dirold.
"/".$urlfile;
136 $dir = dirname($file).
'/';
137 $dirthumb = $dir.
'/thumbs/';
140 if (!empty($fileold)) {
147 if (preg_match(
'/(\.jpg|\.jpeg|\.bmp|\.gif|\.png|\.tiff)$/i', $file, $regs)) {
148 $photo_vignette = basename(preg_replace(
'/'.$regs[0].
'/i',
'', $file).
'_small'.$regs[0]);
149 if (file_exists(
dol_osencode($dirthumb.$photo_vignette))) {
153 $photo_vignette = basename(preg_replace(
'/'.$regs[0].
'/i',
'', $file).
'_mini'.$regs[0]);
154 if (file_exists(
dol_osencode($dirthumb.$photo_vignette))) {
160 setEventMessages($langs->trans(
"ErrorFailToDeleteFile", $urlfile),
null,
'errors');
163 require_once DOL_DOCUMENT_ROOT.
'/core/class/link.class.php';
164 $link =
new Link($db);
165 $link->fetch($linkid);
166 $res = $link->delete($user);
168 $langs->load(
'link');
170 setEventMessages($langs->trans(
"LinkRemoved", $link->label),
null,
'mesgs');
172 if (count($link->errors)) {
175 setEventMessages($langs->trans(
"ErrorFailedToDeleteLink", $link->label),
null,
'errors');
181 if (!empty($backtopage)) {
182 header(
'Location: '.$backtopage);
185 $tmpurl = $_SERVER[
"PHP_SELF"].
'?id='.
$object->id.(GETPOST(
'section_dir',
'alpha') ?
'§ion_dir='.urlencode(
GETPOST(
'section_dir',
'alpha')) :
'').(!empty($withproject) ?
'&withproject=1' :
'');
186 header(
'Location: '.$tmpurl);
190} elseif ($action ==
'confirm_updateline' &&
GETPOST(
'save',
'alpha') &&
GETPOST(
'link',
'alpha') && !empty($permissiontoadd)) {
191 require_once DOL_DOCUMENT_ROOT.
'/core/class/link.class.php';
193 $link =
new Link($db);
196 $link->url =
GETPOST(
'link',
'alpha');
197 if (substr($link->url, 0, 7) !=
'http://' && substr($link->url, 0, 8) !=
'https://' && substr($link->url, 0, 7) !=
'file://') {
198 $link->url =
'http://'.$link->url;
200 $link->label =
GETPOST(
'label',
'alphanohtml');
201 $res = $link->update($user);
203 setEventMessages($langs->trans(
"ErrorFailedToUpdateLink", $link->label),
null,
'mesgs');
208} elseif ($action ==
'renamefile' &&
GETPOST(
'renamefilesave',
'alpha') && !empty($permissiontoadd)) {
210 if (!empty($upload_dir)) {
217 if (preg_match(
'/__.*__/', $filenameto)) {
224 global $dolibarr_main_restrict_os_commands;
225 if (!empty($dolibarr_main_restrict_os_commands)) {
226 $arrayofallowedcommand = explode(
',', $dolibarr_main_restrict_os_commands);
227 $arrayofallowedcommand = array_map(
'trim', $arrayofallowedcommand);
228 if (in_array(basename($filenameto), $arrayofallowedcommand)) {
230 $langs->load(
"errors");
231 setEventMessages($langs->trans(
"ErrorFilenameReserved", basename($filenameto)),
null,
'errors');
236 if (empty($error) && $filenamefrom != $filenameto) {
242 $publicmediasdirwithslash = $conf->medias->multidir_output[$conf->entity];
243 if (!preg_match(
'/\/$/', $publicmediasdirwithslash)) {
244 $publicmediasdirwithslash .=
'/';
247 if (strpos($upload_dir, $publicmediasdirwithslash) !== 0) {
248 $filenameto .=
'.noexe';
252 if ($filenamefrom && $filenameto) {
253 $srcpath = $upload_dir.
'/'.$filenamefrom;
254 $destpath = $upload_dir.
'/'.$filenameto;
264 $reshook = $hookmanager->initHooks(array(
'actionlinkedfiles'));
265 $parameters = array(
'filenamefrom' => $filenamefrom,
'filenameto' => $filenameto,
'upload_dir' => $upload_dir);
266 $reshook = $hookmanager->executeHooks(
'renameUploadedFile', $parameters,
$object);
268 if (empty($reshook)) {
269 if (preg_match(
'/^\./', $filenameto)) {
270 $langs->load(
"errors");
271 setEventMessages($langs->trans(
"ErrorFilenameCantStartWithDot", $filenameto),
null,
'errors');
272 } elseif (!file_exists($destpath)) {
273 $result =
dol_move($srcpath, $destpath);
280 if (
GETPOST(
'modulepart',
'aZ09') ==
'medias') {
284 if ($generatethumbs) {
296 $langs->load(
"errors");
297 setEventMessages($langs->trans(
"ErrorFailToRenameFile", $filenamefrom, $filenameto),
null,
'errors');
300 $langs->load(
"errors");
301 setEventMessages($langs->trans(
"ErrorDestinationAlreadyExists", $filenameto),
null,
'errors');
310 $shareenabled =
GETPOST(
'shareenabled',
'alpha');
312 include_once DOL_DOCUMENT_ROOT.
'/ecm/class/ecmfiles.class.php';
314 $result = $ecmfile->fetch(
GETPOSTINT(
'ecmfileid'));
317 if (empty($ecmfile->share)) {
318 require_once DOL_DOCUMENT_ROOT.
'/core/lib/security2.lib.php';
322 $ecmfile->share =
'';
324 $result = $ecmfile->update($user);
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Class to manage ECM files.
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
dol_add_file_process($upload_dir, $allowoverwrite=0, $updatesessionordb=0, $varfiles='addedfile', $savingdocmask='', $link=null, $trackid='', $generatethumbs=1, $object=null)
Get and save an upload file (for example after submitting a new file a mail form).
dol_move($srcfile, $destfile, $newmask='0', $overwriteifexists=1, $testvirus=0, $indexdatabase=1, $moreinfo=array())
Move a file into another name.
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
dol_string_nohtmltag($stringtoclean, $removelinefeed=1, $pagecodeto='UTF-8', $strip_tags=0, $removedoublespaces=1)
Clean a string from all HTML tags and entities.
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='', $noduplicate=0)
Set event messages in dol_events session object.
dol_sanitizeFileName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a file name.
isAFileWithExecutableContent($filename)
Return if a file can contains executable content.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
getRandomPassword($generic=false, $replaceambiguouschars=null, $length=32)
Return a generated password using default module.