25require_once DOL_DOCUMENT_ROOT .
'/core/lib/files.lib.php';
61 public $fullpath_original_file;
66 public $fullpath_original_file_osencoded;
76 public $original_file;
91 global $conf, $hookmanager;
93 define(
'MAIN_SECURITY_FORCECSP',
"default-src: 'none'");
95 if (!defined(
'NOTOKENRENEWAL')) {
96 define(
'NOTOKENRENEWAL',
'1');
98 if (!defined(
'NOREQUIREMENU')) {
99 define(
'NOREQUIREMENU',
'1');
101 if (!defined(
'NOREQUIREHTML')) {
102 define(
'NOREQUIREHTML',
'1');
104 if (!defined(
'NOREQUIREAJAX')) {
105 define(
'NOREQUIREAJAX',
'1');
111 $action =
GETPOST(
'action',
'aZ09');
112 $original_file =
GETPOST(
'file',
'alphanohtml');
113 $modulepart =
GETPOST(
'modulepart',
'alpha');
118 if (empty($modulepart)) {
122 if (empty($original_file)) {
132 if (preg_match(
'/\.(html|htm)$/i', $original_file)) {
135 if (GETPOSTISSET(
"attachment")) {
136 $attachment =
GETPOST(
"attachment",
'alpha') ? true :
false;
143 if (
GETPOST(
'type',
'alpha')) {
144 $type =
GETPOST(
'type',
'alpha');
152 $type =
'application/octet-stream';
156 $original_file = preg_replace(
'/\.\.+/',
'..', $original_file);
157 $original_file = str_replace(
'../',
'/', $original_file);
158 $original_file = str_replace(
'..\\',
'/', $original_file);
162 $moduleName = $modulepart;
163 $moduleNameEn = $moduleName;
164 if ($moduleName ==
'commande') {
165 $moduleNameEn =
'order';
166 } elseif ($moduleName ==
'facture') {
167 $moduleNameEn =
'invoice';
169 $moduleNameUpperEn = strtoupper($moduleNameEn);
173 if (
getDolGlobalInt(
'WEBPORTAL_' . $moduleNameUpperEn .
'_LIST_ACCESS')
174 && in_array($type, array(
'application/pdf'))
175 && ($context->logged_thirdparty && $context->logged_thirdparty->id > 0)
176 && $context->logged_thirdparty->id == $socId
178 if (isModEnabled($moduleName) && isset($conf->{$moduleName}->multidir_output[$entity])) {
179 $original_file = $conf->{$moduleName}->multidir_output[$entity] .
'/' . $original_file;
183 $fullpath_original_file = $original_file;
187 if (!$accessallowed) {
193 if (preg_match(
'/\.\./', $fullpath_original_file) || preg_match(
'/[<>|]/', $fullpath_original_file)) {
194 dol_syslog(
"Refused to deliver file " . $fullpath_original_file);
200 $refname = basename(dirname($original_file) .
"/");
202 $filename = basename($fullpath_original_file);
203 $filename = preg_replace(
'/\.noexe$/i',
'', $filename);
206 dol_syslog(
"document controller download $fullpath_original_file filename=$filename content-type=$type");
207 $fullpath_original_file_osencoded =
dol_osencode($fullpath_original_file);
210 if (!file_exists($fullpath_original_file_osencoded)) {
211 dol_syslog(
"ErrorFileDoesNotExists: " . $fullpath_original_file);
212 print
"ErrorFileDoesNotExists: " . $original_file;
217 $fileSizeMaxDefault = 20 * 1024;
218 $fileSizeMax =
getDolGlobalInt(
'MAIN_SECURITY_MAXFILESIZE_DOWNLOADED', $fileSizeMaxDefault);
219 if ($fileSize > $fileSizeMax) {
220 dol_syslog(
'ErrorFileSizeTooLarge: ' . $fileSize);
221 print
'ErrorFileSizeTooLarge: ' . $fileSize .
' (max ' . $fileSizeMax .
')';
226 $hookmanager->initHooks(array(
'document'));
227 $parameters = array(
'ecmfile' => $ecmfile,
'modulepart' => $modulepart,
'original_file' => $original_file,
228 'entity' => $entity,
'refname' => $refname,
'fullpath_original_file' => $fullpath_original_file,
229 'filename' => $filename,
'fullpath_original_file_osencoded' => $fullpath_original_file_osencoded);
231 $reshook = $hookmanager->executeHooks(
'downloadDocument', $parameters,
$object, $action);
233 $errors = $hookmanager->error . (is_array($hookmanager->errors) ? (!empty($hookmanager->error) ?
', ' :
'') . implode(
', ', $hookmanager->errors) :
'');
234 dol_syslog(
"document.php - Errors when executing the hook 'downloadDocument' : " . $errors);
235 print
"ErrorDownloadDocumentHooks: " . $errors;
239 $this->action = $action;
240 $this->attachment = $attachment;
241 $this->encoding = $encoding;
242 $this->entity = $entity;
243 $this->filename = $filename;
244 $this->fullpath_original_file = $fullpath_original_file;
245 $this->fullpath_original_file_osencoded = $fullpath_original_file_osencoded;
246 $this->modulepart = $modulepart;
247 $this->original_file = $original_file;
258 $this->accessRight =
true;
260 return parent::checkAccess();
272 if (!$context->controllerInstance->checkAccess()) {
294 if (!$context->controllerInstance->checkAccess()) {
300 $attachment = $this->attachment;
301 $encoding = $this->encoding;
302 $filename = $this->filename;
303 $fullpath_original_file = $this->fullpath_original_file;
304 $fullpath_original_file_osencoded = $this->fullpath_original_file_osencoded;
311 header(
'Content-Description: File Transfer');
313 header(
'Content-Encoding: ' . $encoding);
317 header(
'Content-Disposition: attachment; filename="' . $filename .
'"');
319 header(
'Content-Disposition: inline; filename="' . $filename .
'"');
321 header(
'Cache-Control: Public, must-revalidate');
322 header(
'Pragma: public');
325 header(
'Content-Length: ' .
dol_filesize($fullpath_original_file));
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
static getInstance()
Singleton method to create one instance of this object.
Class for DocumentController.
action()
Action method is called before html output can be used to manage security and change context.
checkAccess()
Check current access to controller.
dol_filesize($pathoffile)
Return size of a file.
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
readfileLowMemory($fullpath_original_file_osencoded, $method=-1)
Return a file on output using a low memory.
dolIsAllowedForPreview($file)
Return if a file is qualified for preview.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0, $noescapetags='', $escapeonlyhtmltags=0, $cleanalsojavascript=0)
Returns text escaped for inclusion in HTML alt or title or value tags, or into values of HTML input f...
if(!defined( 'NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
if(preg_match('/crypted:/i', $dolibarr_main_db_pass)||!empty($dolibarr_main_db_encrypted_pass)) $conf db type
httponly_accessforbidden($message='1', $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.