28require
'../main.inc.php';
29require_once DOL_DOCUMENT_ROOT.
'/core/lib/admin.lib.php';
30require_once DOL_DOCUMENT_ROOT.
'/core/lib/files.lib.php';
31require_once DOL_DOCUMENT_ROOT.
'/core/class/html.formfile.class.php';
34$langs->loadLangs(array(
'users',
'admin',
'other'));
36$action =
GETPOST(
'action',
'aZ09');
37$sortfield =
GETPOST(
'sortfield',
'aZ09');
38$sortorder =
GETPOST(
'sortorder',
'aZ09');
39if (empty($sortfield)) {
42if (empty($sortorder)) {
46$upload_dir = $conf->admin->dir_temp;
60 require_once DOL_DOCUMENT_ROOT.
'/core/lib/files.lib.php';
65if ($action ==
'updateform') {
66 $antivircommand =
GETPOST(
'MAIN_ANTIVIRUS_COMMAND',
'restricthtml');
67 $antivirparam =
GETPOST(
'MAIN_ANTIVIRUS_PARAM',
'restricthtml');
68 $antivircommand =
dol_string_nospecial($antivircommand,
'', array(
"|",
";",
"<",
">",
"&",
"+"));
71 if ($antivircommand && !empty($dolibarr_main_restrict_os_commands)) {
72 $arrayofallowedcommand = explode(
',', $dolibarr_main_restrict_os_commands);
73 $arrayofallowedcommand = array_map(
'trim', $arrayofallowedcommand);
74 dol_syslog(
"Command are restricted to ".$dolibarr_main_restrict_os_commands.
". We check that one of this command is inside ".$antivircommand);
75 $basenamecmddump = basename(str_replace(
'\\',
'/', $antivircommand));
76 if (!in_array($basenamecmddump, $arrayofallowedcommand)) {
77 $errormsg = $langs->trans(
'CommandIsNotInsideAllowedCommands');
84 $tmpumask =
GETPOST(
'MAIN_UMASK',
'alpha');
85 $tmpumask = (octdec($tmpumask) & 0666);
86 $tmpumask = decoct($tmpumask);
87 if (!preg_match(
'/^0/', $tmpumask)) {
88 $tmpumask =
'0'.$tmpumask;
90 if (empty($tmpumask)) {
95 $res4 =
dolibarr_set_const($db,
"MAIN_UMASK", $tmpumask,
'chaine', 0,
'', $conf->entity);
96 $res5 =
dolibarr_set_const($db,
"MAIN_ANTIVIRUS_COMMAND", trim($antivircommand),
'chaine', 0,
'', $conf->entity);
97 $res6 =
dolibarr_set_const($db,
"MAIN_ANTIVIRUS_PARAM", trim($antivirparam),
'chaine', 0,
'', $conf->entity);
98 if ($res3 && $res4 && $res5 && $res6) {
99 setEventMessages($langs->trans(
"RecordModifiedSuccessfully"),
null,
'mesgs');
102} elseif ($action ==
'deletefile') {
104 $langs->load(
"other");
105 $file = $conf->admin->dir_temp.
'/'.
GETPOST(
'urlfile',
'alpha');
119$form =
new Form($db);
121$wikihelp =
'EN:Setup_Security|FR:Paramétrage_Sécurité|ES:Configuración_Seguridad';
122llxHeader(
'', $langs->trans(
"Files"), $wikihelp,
'', 0, 0,
'',
'',
'',
'mod-admin page-security_file');
126print
'<span class="opacitymedium">'.$langs->trans(
"SecurityFilesDesc").
"</span><br>\n";
130print
'<form action="'.$_SERVER[
"PHP_SELF"].
'" method="POST">';
131print
'<input type="hidden" name="token" value="'.newToken().
'">';
132print
'<input type="hidden" name="action" value="updateform">';
142print
'<div class="div-table-responsive-no-min">';
143print
'<table class="noborder centpercent nomarginbottom">';
144print
'<tr class="liste_titre">';
145print
'<td>'.$langs->trans(
"Parameters").
'</td>';
146print
'<td>'.$langs->trans(
"Value").
'</td>';
149print
'<tr class="oddeven">';
150print
'<td>'.$langs->trans(
"MaxSizeForUploadedFiles").
'.';
151$max = @ini_get(
'upload_max_filesize');
153 print
'<br><span class="opacitymedium">'.$langs->trans(
"MustBeLowerThanPHPLimit", ((
int) $max) * 1024, $langs->trans(
"Kb")).
'.</span>';
155 print
' '.$langs->trans(
"NoMaxSizeByPHPLimit").
'.';
158print
'<td class="nowrap">';
159print
'<input class="flat" name="MAIN_UPLOAD_DOC" type="text" size="6" value="'.dol_escape_htmltag(
getDolGlobalString(
'MAIN_UPLOAD_DOC')).
'"> '.$langs->trans(
"Kb");
164print
'<tr class="oddeven">';
166print $form->textwithpicto($langs->trans(
"UMask"), $langs->trans(
"UMaskExplanation"));
168print
'<td class="nowrap">';
169print
'<input class="flat" name="MAIN_UMASK" type="text" size="6" value="'.dol_escape_htmltag(
getDolGlobalString(
'MAIN_UMASK')).
'">';
175print
'<tr class="oddeven">';
176print
'<td>'.$langs->trans(
"AntiVirusCommand").
'<br>';
177print
'<span class="opacitymedium">'.$langs->trans(
"AntiVirusCommandExample").
'</span>';
182 $langs->load(
"errors");
183 $basedir = preg_replace(
'/"/',
'', dirname($conf->global->MAIN_ANTIVIRUS_COMMAND));
184 $listdir = explode(
';', ini_get(
'safe_mode_exec_dir'));
185 if (!in_array($basedir, $listdir)) {
186 print
img_warning($langs->trans(
'WarningSafeModeOnCheckExecDir'));
187 dol_syslog(
"safe_mode is on, basedir is ".$basedir.
", safe_mode_exec_dir is ".ini_get(
'safe_mode_exec_dir'), LOG_WARNING);
190print
'<input type="text" '.((defined(
'MAIN_ANTIVIRUS_COMMAND') && !defined(
'MAIN_ANTIVIRUS_BYPASS_COMMAND_AND_PARAM')) ?
'disabled ' :
'').
'name="MAIN_ANTIVIRUS_COMMAND" class="minwidth500imp" value="'.
dol_escape_htmltag(GETPOSTISSET(
'MAIN_ANTIVIRUS_COMMAND') ?
GETPOST(
'MAIN_ANTIVIRUS_COMMAND') :
getDolGlobalString(
'MAIN_ANTIVIRUS_COMMAND')).
'">';
191if (defined(
'MAIN_ANTIVIRUS_COMMAND') && !defined(
'MAIN_ANTIVIRUS_BYPASS_COMMAND_AND_PARAM')) {
192 print
'<br><span class="opacitymedium">'.$langs->trans(
"ValueIsForcedBySystem").
'</span>';
199print
'<tr class="oddeven">';
200print
'<td>'.$langs->trans(
"AntiVirusParam").
'<br>';
201print
'<span class="opacitymedium">'.$langs->trans(
"AntiVirusParamExample").
'</span>';
205if (defined(
'MAIN_ANTIVIRUS_PARAM')) {
206 print
'<br><span class="opacitymedium">'.$langs->trans(
"ValueIsForcedBySystem").
'</span>';
216print $form->buttonsSaveCancel(
"Modify",
'');
224$formfile->form_attach_new_file($_SERVER[
'PHP_SELF'], $langs->trans(
"FormToTestFileUploadForm"), 0, 0, 1, 50,
'',
'', 1,
'', 0);
227$filearray =
dol_dir_list($upload_dir,
"files", 0,
'',
'', $sortfield, $sortorder ==
'desc' ? SORT_DESC : SORT_ASC, 1);
228if (count($filearray) > 0) {
229 $formfile->list_of_documents($filearray,
null,
'admin_temp',
'');
security_prepare_head()
Prepare array with list of tabs.
dolibarr_set_const($db, $name, $value, $type='chaine', $visible=0, $note='', $entity=1)
Insert a parameter (key,value) into database (delete old key then insert it again).
if(!defined('NOREQUIRESOC')) if(!defined( 'NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined( 'NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined( 'NOREQUIREAJAX')) llxHeader()
Empty header.
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
dol_add_file_process($upload_dir, $allowoverwrite=0, $updatesessionordb=0, $varfiles='addedfile', $savingdocmask='', $link=null, $trackid='', $generatethumbs=1, $object=null)
Get and save an upload file (for example after submitting a new file a mail form).
dol_dir_list($utf8_path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="", $donotfollowsymlinks=0, $nbsecondsold=0)
Scan a directory and return a list of files/directories.
load_fiche_titre($title, $morehtmlright='', $picto='generic', $pictoisfullpath=0, $id='', $morecssontable='', $morehtmlcenter='')
Load a title with picto.
img_warning($titlealt='default', $moreatt='', $morecss='pictowarning')
Show warning logo.
dol_get_fiche_head($links=array(), $active='', $title='', $notab=0, $picto='', $pictoisfullpath=0, $morehtmlright='', $morecss='', $limittoshow=0, $moretabssuffix='', $dragdropfile=0)
Show tabs of a record.
dol_get_fiche_end($notab=0)
Return tab footer of a card.
dol_string_nospecial($str, $newstr='_', $badcharstoreplace='', $badcharstoremove='', $keepspaces=0)
Clean a string from all punctuation characters to use it as a ref or login.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='', $noduplicate=0)
Set event messages in dol_events session object.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0, $noescapetags='', $escapeonlyhtmltags=0, $cleanalsojavascript=0)
Returns text escaped for inclusion in HTML alt or title or value tags, or into values of HTML input f...
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.