dolibarr 20.0.0
wrapper.php
1<?php
2
3// BEGIN PHP File wrapper.php used to download rss, logo, shared files - DO NOT MODIFY - It is just a copy of file website/samples/wrapper.php
4$websitekey = basename(__DIR__);
5if (strpos($_SERVER["PHP_SELF"], 'website/samples/wrapper.php')) {
6 die("Sample file for website module. Can't be called directly.");
7}
8if (!defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) {
9 require_once './master.inc.php';
10} // Load master if not already loaded
11include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
12
13$encoding = '';
14
15// Parameters to download files
16$hashp = GETPOST('hashp', 'aZ09');
17$modulepart = GETPOST('modulepart', 'aZ09');
18$entity = GETPOSTINT('entity') ? GETPOSTINT('entity') : $conf->entity;
19$original_file = GETPOST("file", "alpha");
20$l = GETPOST('l', 'aZ09');
21$limit = GETPOSTINT('limit');
22
23// Parameters for RSS
24$rss = GETPOST('rss', 'aZ09');
25if ($rss) {
26 $original_file = 'blog.rss';
27}
28
29// If we have a hash public (hashp), we guess the original_file.
30if (!empty($hashp)) {
31 include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
32 $ecmfile = new EcmFiles($db);
33 $result = $ecmfile->fetch(0, '', '', '', $hashp);
34 if ($result > 0) {
35 $tmp = explode('/', $ecmfile->filepath, 2); // $ecmfile->filepath is relative to document directory
36 // filepath can be 'users/X' or 'X/propale/PR11111'
37 if (is_numeric($tmp[0])) { // If first tmp is numeric, it is subdir of company for multicompany, we take next part.
38 $tmp = explode('/', $tmp[1], 2);
39 }
40 $moduleparttocheck = $tmp[0]; // moduleparttocheck is first part of path
41
42 if ($modulepart) { // Not required, so often not defined, for link using public hashp parameter.
43 if ($moduleparttocheck == $modulepart) {
44 // We remove first level of directory
45 $original_file = (($tmp[1] ? $tmp[1].'/' : '').$ecmfile->filename); // this is relative to module dir
46 //var_dump($original_file); exit;
47 } else {
48 print 'Bad link. File is from another module part.';
49 }
50 } else {
51 $modulepart = $moduleparttocheck;
52 $original_file = (($tmp[1] ? $tmp[1].'/' : '').$ecmfile->filename); // this is relative to module dir
53 }
54 } else {
55 print "ErrorFileNotFoundWithSharedLink";
56 exit;
57 }
58}
59
60// Define attachment (attachment=true to force choice popup 'open'/'save as')
61$attachment = true;
62if (preg_match('/\.(html|htm)$/i', $original_file)) {
63 $attachment = false;
64}
65if (GETPOSTISSET("attachment")) {
66 $attachment = (GETPOST("attachment", 'alphanohtml') ? true : false);
67}
68if (getDolGlobalString('MAIN_DISABLE_FORCE_SAVEAS_WEBSITE')) {
69 $attachment = false;
70}
71
72// Define mime type
73$type = 'application/octet-stream';
74if (GETPOSTISSET('type')) {
75 $type = GETPOST('type', 'alpha');
76} else {
77 $type = dol_mimetype($original_file);
78}
79
80// Security: Delete string ../ into $original_file
81$original_file = str_replace("../", "/", $original_file);
82
83// Cache or not
84if (GETPOST("cache", 'aZ09') || image_format_supported($original_file) >= 0) {
85 // Important: Following code is to avoid page request by browser and PHP CPU at
86 // each Dolibarr page access.
87 header('Cache-Control: max-age=3600, public, must-revalidate');
88 header('Pragma: cache'); // This is to avoid having Pragma: no-cache
89}
90
91$refname = basename(dirname($original_file)."/");
92
93// Get RSS news
94if ($rss) {
95 $format = 'rss';
96 $type = '';
97 $cachedelay = 0;
98 $filename = $original_file;
99 $dir_temp = $conf->website->dir_temp;
100
101 include_once DOL_DOCUMENT_ROOT.'/website/class/website.class.php';
102 include_once DOL_DOCUMENT_ROOT.'/website/class/websitepage.class.php';
103 $website = new Website($db);
104 $websitepage = new WebsitePage($db);
105
106 $website->fetch('', $websitekey);
107
108 $filters = array('type_container'=>'blogpost', 'status'=>1);
109 if ($l) {
110 $filters['lang'] = $l;
111 }
112
113 $MAXNEWS = ($limit ? $limit : 20);
114 $arrayofblogs = $websitepage->fetchAll($website->id, 'DESC', 'date_creation', $MAXNEWS, 0, $filters);
115 $eventarray = array();
116 if (is_array($arrayofblogs)) {
117 foreach ($arrayofblogs as $blog) {
118 $blog->fullpageurl = $website->virtualhost.'/'.$blog->pageurl.'.php';
119 $blog->image = preg_replace('/__WEBSITE_KEY__/', $websitekey, $blog->image);
120
121 $eventarray[] = $blog;
122 }
123 }
124
125 require_once DOL_DOCUMENT_ROOT."/core/lib/xcal.lib.php";
126 require_once DOL_DOCUMENT_ROOT."/core/lib/date.lib.php";
127 require_once DOL_DOCUMENT_ROOT."/core/lib/files.lib.php";
128
129 dol_syslog("build_exportfile Build export file format=".$format.", type=".$type.", cachedelay=".$cachedelay.", filename=".$filename.", filters size=".count($filters), LOG_DEBUG);
130
131 // Clean parameters
132 if (!$filename) {
133 $extension = 'rss';
134 $filename = $format.'.'.$extension;
135 }
136
137 // Create dir and define output file (definitive and temporary)
138 $result = dol_mkdir($dir_temp);
139 $outputfile = $dir_temp.'/'.$filename;
140
141 $result = 0;
142
143 $buildfile = true;
144
145 if ($cachedelay) {
146 $nowgmt = dol_now();
147 include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
148 if (dol_filemtime($outputfile) > ($nowgmt - $cachedelay)) {
149 dol_syslog("build_exportfile file ".$outputfile." is not older than now - cachedelay (".$nowgmt." - ".$cachedelay."). Build is canceled");
150 $buildfile = false;
151 }
152 }
153
154 if ($buildfile) {
155 $outputlangs = new Translate('', $conf);
156 $outputlangs->setDefaultLang($l);
157 $outputlangs->loadLangs(array("main", "other"));
158 $title = $outputlangs->transnoentities('LatestBlogPosts').' - '.$website->virtualhost;
159 $desc = $title.($l ? ' ('.$l.')' : '');
160
161 // Create temp file
162 $outputfiletmp = tempnam($dir_temp, 'tmp'); // Temporary file (allow call of function by different threads
163 dolChmod($outputfiletmp);
164
165 // Write file
166 $result = build_rssfile($format, $title, $desc, $eventarray, $outputfiletmp, '', $website->virtualhost.'/wrapper.php?rss=1'.($l ? '&l='.$l : ''), $l);
167
168 if ($result >= 0) {
169 if (dol_move($outputfiletmp, $outputfile, 0, 1, 0, 0)) {
170 $result = 1;
171 } else {
172 $error = 'Failed to rename '.$outputfiletmp.' into '.$outputfile;
173 dol_syslog("build_exportfile ".$error, LOG_ERR);
174 dol_delete_file($outputfiletmp, 0, 1);
175 print $error;
176 exit(-1);
177 }
178 } else {
179 dol_syslog("build_exportfile build_xxxfile function fails to for format=".$format." outputfiletmp=".$outputfile, LOG_ERR);
180 dol_delete_file($outputfiletmp, 0, 1);
181 $langs->load("errors");
182 print $langs->trans("ErrorFailToCreateFile", $outputfile);
183 exit(-1);
184 }
185 }
186
187 if ($result >= 0) {
188 $attachment = false;
189 if (GETPOSTISSET("attachment")) {
190 $attachment = GETPOST("attachment");
191 }
192 //$attachment = false;
193 $contenttype = 'application/rss+xml';
194 if (GETPOSTISSET("contenttype")) {
195 $contenttype = GETPOST("contenttype");
196 }
197 //$contenttype='text/plain';
198 $outputencoding = 'UTF-8';
199
200 if ($contenttype) {
201 header('Content-Type: '.$contenttype.($outputencoding ? '; charset='.$outputencoding : ''));
202 }
203 if ($attachment) {
204 header('Content-Disposition: attachment; filename="'.$filename.'"');
205 }
206
207 // Ajout directives pour resoudre bug IE
208 //header('Cache-Control: Public, must-revalidate');
209 //header('Pragma: public');
210 if ($cachedelay) {
211 header('Cache-Control: max-age='.$cachedelay.', private, must-revalidate');
212 } else {
213 header('Cache-Control: private, must-revalidate');
214 }
215
216 // Clean parameters
217 $outputfile = $dir_temp.'/'.$filename;
218 $result = readfile($outputfile);
219 if (!$result) {
220 print 'File '.$outputfile.' was empty.';
221 }
222
223 // header("Location: ".DOL_URL_ROOT.'/document.php?modulepart=agenda&file='.urlencode($filename));
224 exit;
225 }
226} elseif ($modulepart == "mycompany" && preg_match('/^\/?logos\//', $original_file)) {
227 // Get logos
228 readfile(dol_osencode($conf->mycompany->dir_output."/".$original_file));
229} else {
230 // Find the subdirectory name as the reference
231 include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
232 $check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, null, $refname);
233 $accessallowed = empty($check_access['accessallowed']) ? '' : $check_access['accessallowed'];
234 $sqlprotectagainstexternals = empty($check_access['sqlprotectagainstexternals']) ? '' : $check_access['sqlprotectagainstexternals'];
235 $fullpath_original_file = empty($check_access['original_file']) ? '' : $check_access['original_file']; // $fullpath_original_file is now a full path name
236 if ($hashp) {
237 $accessallowed = 1; // When using hashp, link is public so we force $accessallowed
238 $sqlprotectagainstexternals = '';
239 }
240
241 // Security:
242 // Limit access if permissions are wrong
243 if (!$accessallowed) {
244 print 'Access forbidden';
245 exit;
246 }
247
248 clearstatcache();
249
250 $filename = basename($fullpath_original_file);
251
252 // Output file on browser
253 dol_syslog("wrapper.php download $fullpath_original_file filename=$filename content-type=$type");
254 $fullpath_original_file_osencoded = dol_osencode($fullpath_original_file); // New file name encoded in OS encoding charset
255
256 // This test if file exists should be useless. We keep it to find bug more easily
257 if (!file_exists($fullpath_original_file_osencoded)) {
258 print "ErrorFileDoesNotExists: ".dol_escape_htmltag($original_file);
259 exit;
260 }
261
262 // Permissions are ok and file found, so we return it
263 //top_httphead($type);
264 header('Content-Type: '.$type);
265 header('Content-Description: File Transfer');
266 if ($encoding) {
267 header('Content-Encoding: '.$encoding);
268 }
269 // Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, attachment=need user action to open)
270 if ($attachment) {
271 header('Content-Disposition: attachment; filename="'.$filename.'"');
272 } else {
273 header('Content-Disposition: inline; filename="'.$filename.'"');
274 }
275 header('Content-Length: '.dol_filesize($fullpath_original_file));
276
277 readfile($fullpath_original_file_osencoded);
278}
279if (is_object($db)) {
280 $db->close();
281}
282// END PHP
Class to manage ECM files.
Class to manage translations.
Class Website.
Class Websitepage.
dol_filemtime($pathoffile)
Return time of a file.
dol_filesize($pathoffile)
Return size of a file.
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
dol_move($srcfile, $destfile, $newmask='0', $overwriteifexists=1, $testvirus=0, $indexdatabase=1, $moreinfo=array())
Move a file into another name.
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser=null, $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
dolChmod($filepath, $newmask='')
Change mod of a file.
dol_now($mode='auto')
Return date for now.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_mkdir($dir, $dataroot='', $newmask='')
Creation of a directory (this can create recursive subdir)
image_format_supported($file, $acceptsvg=0)
Return if a filename is file name of a supported image format.
build_rssfile($format, $title, $desc, $events_array, $outputfile, $filter='', $url='', $langcode='')
Build a file from an array of events.
Definition xcal.lib.php:325