dolibarr 20.0.0
files.lib.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2008-2012 Laurent Destailleur <eldy@users.sourceforge.net>
3 * Copyright (C) 2012-2021 Regis Houssin <regis.houssin@inodbox.com>
4 * Copyright (C) 2012-2016 Juanjo Menent <jmenent@2byte.es>
5 * Copyright (C) 2015 Marcos García <marcosgdf@gmail.com>
6 * Copyright (C) 2016 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
7 * Copyright (C) 2019-2024 Frédéric France <frederic.france@free.fr>
8 * Copyright (C) 2023 Lenin Rivas <lenin.rivas777@gmail.com>
9 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program. If not, see <https://www.gnu.org/licenses/>.
23 * or see https://www.gnu.org/
24 */
25
38function dol_basename($pathfile)
39{
40 return preg_replace('/^.*\/([^\/]+)$/', '$1', rtrim($pathfile, '/'));
41}
42
63function dol_dir_list($utf8_path, $types = "all", $recursive = 0, $filter = "", $excludefilter = null, $sortcriteria = "name", $sortorder = SORT_ASC, $mode = 0, $nohook = 0, $relativename = "", $donotfollowsymlinks = 0, $nbsecondsold = 0)
64{
65 global $db, $hookmanager;
66 global $object;
67
68 if ($recursive <= 1) { // Avoid too verbose log
69 // Verify filters (only on first call to function)
70 $filters_ok = true;
71 $error_info = "";
72 // Ensure we have an array for the exclusions
73 $exclude_array = ($excludefilter === null || $excludefilter === '') ? array() : (is_array($excludefilter) ? $excludefilter : array($excludefilter));
74 foreach ((array($filter) + $exclude_array) as $f) {
75 // Check that all '/' are escaped.
76 if ((int) preg_match('/(?:^|[^\\\\])\//', $f) > 0) {
77 $filters_ok = false;
78 $error_info .= " error='$f unescaped_slash'";
79 dol_syslog("'$f' has unescaped '/'", LOG_ERR);
80 }
81 }
82 dol_syslog("files.lib.php::dol_dir_list path=".$utf8_path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($excludefilter).$error_info);
83 // print 'xxx'."files.lib.php::dol_dir_list path=".$utf8_path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($exclude_array);
84 if (!$filters_ok) {
85 // Return empty array when filters are invalid
86 return array();
87 }
88 } else {
89 // Already computed before
90 $exclude_array = ($excludefilter === null || $excludefilter === '') ? array() : (is_array($excludefilter) ? $excludefilter : array($excludefilter));
91 }
92
93 // Define excludefilterarray (before while, for speed)
94 $excludefilterarray = array_merge(array('^\.'), $exclude_array);
95
96 $loaddate = ($mode == 1 || $mode == 2 || $nbsecondsold != 0 || $sortcriteria == 'date');
97 $loadsize = ($mode == 1 || $mode == 3 || $sortcriteria == 'size');
98 $loadperm = ($mode == 1 || $mode == 4 || $sortcriteria == 'perm');
99
100 // Clean parameters
101 $utf8_path = preg_replace('/([\\/]+)$/', '', $utf8_path);
102 $os_path = dol_osencode($utf8_path);
103 $now = dol_now();
104
105 $reshook = 0;
106 $file_list = array();
107
108 if (!$nohook && $hookmanager instanceof HookManager) {
109 $hookmanager->resArray = array();
110
111 $hookmanager->initHooks(array('fileslib'));
112
113 $parameters = array(
114 'path' => $os_path,
115 'types' => $types,
116 'recursive' => $recursive,
117 'filter' => $filter,
118 'excludefilter' => $exclude_array, // Already converted to array.
119 'sortcriteria' => $sortcriteria,
120 'sortorder' => $sortorder,
121 'loaddate' => $loaddate,
122 'loadsize' => $loadsize,
123 'mode' => $mode
124 );
125 $reshook = $hookmanager->executeHooks('getDirList', $parameters, $object);
126 }
127
128 // $hookmanager->resArray may contain array stacked by other modules
129 if (empty($reshook)) {
130 if (!is_dir($os_path)) {
131 return array();
132 }
133
134 if (($dir = opendir($os_path)) === false) {
135 return array();
136 } else {
137 $filedate = '';
138 $filesize = '';
139 $fileperm = '';
140
141 while (false !== ($os_file = readdir($dir))) { // $utf8_file is always a basename (in directory $os_path)
142 $os_fullpathfile = ($os_path ? $os_path.'/' : '').$os_file;
143
144 if (!utf8_check($os_file)) {
145 $utf8_file = mb_convert_encoding($os_file, 'UTF-8', 'ISO-8859-1'); // Make sure data is stored in utf8 in memory
146 } else {
147 $utf8_file = $os_file;
148 }
149
150 $qualified = 1;
151
152 $utf8_fullpathfile = "$utf8_path/$utf8_file"; // Temp variable for speed
153
154 // Check if file is qualified
155 foreach ($excludefilterarray as $filt) {
156 if (preg_match('/'.$filt.'/i', $utf8_file) || preg_match('/'.$filt.'/i', $utf8_fullpathfile)) {
157 $qualified = 0;
158 break;
159 }
160 }
161 //print $utf8_fullpathfile.' '.$utf8_file.' '.$qualified.'<br>';
162
163 if ($qualified) {
164 $isdir = is_dir($os_fullpathfile);
165 // Check whether this is a file or directory and whether we're interested in that type
166 if ($isdir) {
167 // Add entry into file_list array
168 if (($types == "directories") || ($types == "all")) {
169 if ($loaddate || $sortcriteria == 'date') {
170 $filedate = dol_filemtime($utf8_fullpathfile);
171 }
172 if ($loadsize || $sortcriteria == 'size') {
173 $filesize = dol_filesize($utf8_fullpathfile);
174 }
175 if ($loadperm || $sortcriteria == 'perm') {
176 $fileperm = dol_fileperm($utf8_fullpathfile);
177 }
178
179 if (!$filter || preg_match('/'.$filter.'/i', $utf8_file)) { // We do not search key $filter into all $path, only into $file part
180 $reg = array();
181 preg_match('/([^\/]+)\/[^\/]+$/', $utf8_fullpathfile, $reg);
182 $level1name = (isset($reg[1]) ? $reg[1] : '');
183 $file_list[] = array(
184 "name" => $utf8_file,
185 "path" => $utf8_path,
186 "level1name" => $level1name,
187 "relativename" => ($relativename ? $relativename.'/' : '').$utf8_file,
188 "fullname" => $utf8_fullpathfile,
189 "date" => $filedate,
190 "size" => $filesize,
191 "perm" => $fileperm,
192 "type" => 'dir'
193 );
194 }
195 }
196
197 // if we're in a directory and we want recursive behavior, call this function again
198 if ($recursive > 0) {
199 if (empty($donotfollowsymlinks) || !is_link($os_fullpathfile)) {
200 //var_dump('eee '. $utf8_fullpathfile. ' '.is_dir($utf8_fullpathfile).' '.is_link($utf8_fullpathfile));
201 $file_list = array_merge($file_list, dol_dir_list($utf8_fullpathfile, $types, $recursive + 1, $filter, $exclude_array, $sortcriteria, $sortorder, $mode, $nohook, ($relativename != '' ? $relativename.'/' : '').$utf8_file, $donotfollowsymlinks, $nbsecondsold));
202 }
203 }
204 } elseif (in_array($types, array("files", "all"))) {
205 // Add file into file_list array
206 if ($loaddate || $sortcriteria == 'date') {
207 $filedate = dol_filemtime($utf8_fullpathfile);
208 }
209 if ($loadsize || $sortcriteria == 'size') {
210 $filesize = dol_filesize($utf8_fullpathfile);
211 }
212
213 if (!$filter || preg_match('/'.$filter.'/i', $utf8_file)) { // We do not search key $filter into $utf8_path, only into $utf8_file
214 if (empty($nbsecondsold) || $filedate <= ($now - $nbsecondsold)) {
215 preg_match('/([^\/]+)\/[^\/]+$/', $utf8_fullpathfile, $reg);
216 $level1name = (isset($reg[1]) ? $reg[1] : '');
217 $file_list[] = array(
218 "name" => $utf8_file,
219 "path" => $utf8_path,
220 "level1name" => $level1name,
221 "relativename" => ($relativename ? $relativename.'/' : '').$utf8_file,
222 "fullname" => $utf8_fullpathfile,
223 "date" => $filedate,
224 "size" => $filesize,
225 "type" => 'file'
226 );
227 }
228 }
229 }
230 }
231 }
232 closedir($dir);
233
234 // Obtain a list of columns
235 if (!empty($sortcriteria) && $sortorder) {
236 $file_list = dol_sort_array($file_list, $sortcriteria, ($sortorder == SORT_ASC ? 'asc' : 'desc'));
237 }
238 }
239 }
240
241 if ($hookmanager instanceof HookManager && is_array($hookmanager->resArray)) {
242 $file_list = array_merge($file_list, $hookmanager->resArray);
243 }
244
245 return $file_list;
246}
247
248
262function dol_dir_list_in_database($path, $filter = "", $excludefilter = null, $sortcriteria = "name", $sortorder = SORT_ASC, $mode = 0)
263{
264 global $conf, $db;
265
266
267 $sql = " SELECT rowid, label, entity, filename, filepath, fullpath_orig, keywords, cover, gen_or_uploaded, extraparams,";
268 $sql .= " date_c, tms as date_m, fk_user_c, fk_user_m, acl, position, share";
269 if ($mode) {
270 $sql .= ", description";
271 }
272 $sql .= " FROM ".MAIN_DB_PREFIX."ecm_files";
273 $sql .= " WHERE entity = ".$conf->entity;
274 if (preg_match('/%$/', $path)) {
275 $sql .= " AND filepath LIKE '".$db->escape($path)."'";
276 } else {
277 $sql .= " AND filepath = '".$db->escape($path)."'";
278 }
279
280 $resql = $db->query($sql);
281 if ($resql) {
282 $file_list = array();
283 $num = $db->num_rows($resql);
284 $i = 0;
285 while ($i < $num) {
286 $obj = $db->fetch_object($resql);
287 if ($obj) {
288 $reg = array();
289 preg_match('/([^\/]+)\/[^\/]+$/', DOL_DATA_ROOT.'/'.$obj->filepath.'/'.$obj->filename, $reg);
290 $level1name = (isset($reg[1]) ? $reg[1] : '');
291 $file_list[] = array(
292 "rowid" => $obj->rowid,
293 "label" => $obj->label, // md5
294 "name" => $obj->filename,
295 "path" => DOL_DATA_ROOT.'/'.$obj->filepath,
296 "level1name" => $level1name,
297 "fullname" => DOL_DATA_ROOT.'/'.$obj->filepath.'/'.$obj->filename,
298 "fullpath_orig" => $obj->fullpath_orig,
299 "date_c" => $db->jdate($obj->date_c),
300 "date_m" => $db->jdate($obj->date_m),
301 "type" => 'file',
302 "keywords" => $obj->keywords,
303 "cover" => $obj->cover,
304 "position" => (int) $obj->position,
305 "acl" => $obj->acl,
306 "share" => $obj->share,
307 "description" => ($mode ? $obj->description : '')
308 );
309 }
310 $i++;
311 }
312
313 // Obtain a list of columns
314 if (!empty($sortcriteria)) {
315 $myarray = array();
316 foreach ($file_list as $key => $row) {
317 $myarray[$key] = (isset($row[$sortcriteria]) ? $row[$sortcriteria] : '');
318 }
319 // Sort the data
320 if ($sortorder) {
321 array_multisort($myarray, $sortorder, SORT_REGULAR, $file_list);
322 }
323 }
324
325 return $file_list;
326 } else {
327 dol_print_error($db);
328 return array();
329 }
330}
331
332
341function completeFileArrayWithDatabaseInfo(&$filearray, $relativedir)
342{
343 global $conf, $db, $user;
344
345 $filearrayindatabase = dol_dir_list_in_database($relativedir, '', null, 'name', SORT_ASC);
346
347 // TODO Remove this when PRODUCT_USE_OLD_PATH_FOR_PHOTO will be removed
348 global $modulepart;
349 if ($modulepart == 'produit' && getDolGlobalInt('PRODUCT_USE_OLD_PATH_FOR_PHOTO')) {
350 global $object;
351 if (!empty($object->id)) {
352 if (isModEnabled("product")) {
353 $upload_dirold = $conf->product->multidir_output[$object->entity].'/'.substr(substr("000".$object->id, -2), 1, 1).'/'.substr(substr("000".$object->id, -2), 0, 1).'/'.$object->id."/photos";
354 } else {
355 $upload_dirold = $conf->service->multidir_output[$object->entity].'/'.substr(substr("000".$object->id, -2), 1, 1).'/'.substr(substr("000".$object->id, -2), 0, 1).'/'.$object->id."/photos";
356 }
357
358 $relativedirold = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $upload_dirold);
359 $relativedirold = preg_replace('/^[\\/]/', '', $relativedirold);
360
361 $filearrayindatabase = array_merge($filearrayindatabase, dol_dir_list_in_database($relativedirold, '', null, 'name', SORT_ASC));
362 }
363 } elseif ($modulepart == 'ticket') {
364 foreach ($filearray as $key => $val) {
365 $rel_dir = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filearray[$key]['path']);
366 $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir);
367 $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir);
368 if ($rel_dir != $relativedir) {
369 $filearrayindatabase = array_merge($filearrayindatabase, dol_dir_list_in_database($rel_dir, '', null, 'name', SORT_ASC));
370 }
371 }
372 }
373
374 //var_dump($relativedir);
375 //var_dump($filearray);
376 //var_dump($filearrayindatabase);
377
378 // Complete filearray with properties found into $filearrayindatabase
379 foreach ($filearray as $key => $val) {
380 $tmpfilename = preg_replace('/\.noexe$/', '', $filearray[$key]['name']);
381 $found = 0;
382 // Search if it exists into $filearrayindatabase
383 foreach ($filearrayindatabase as $key2 => $val2) {
384 if (($filearrayindatabase[$key2]['path'] == $filearray[$key]['path']) && ($filearrayindatabase[$key2]['name'] == $tmpfilename)) {
385 $filearray[$key]['position_name'] = ($filearrayindatabase[$key2]['position'] ? $filearrayindatabase[$key2]['position'] : '0').'_'.$filearrayindatabase[$key2]['name'];
386 $filearray[$key]['position'] = $filearrayindatabase[$key2]['position'];
387 $filearray[$key]['cover'] = $filearrayindatabase[$key2]['cover'];
388 $filearray[$key]['keywords'] = $filearrayindatabase[$key2]['keywords'];
389 $filearray[$key]['acl'] = $filearrayindatabase[$key2]['acl'];
390 $filearray[$key]['rowid'] = $filearrayindatabase[$key2]['rowid'];
391 $filearray[$key]['label'] = $filearrayindatabase[$key2]['label'];
392 $filearray[$key]['share'] = $filearrayindatabase[$key2]['share'];
393 $found = 1;
394 break;
395 }
396 }
397
398 if (!$found) { // This happen in transition toward version 6, or if files were added manually into os dir.
399 $filearray[$key]['position'] = '999999'; // File not indexed are at end. So if we add a file, it will not replace an existing position
400 $filearray[$key]['cover'] = 0;
401 $filearray[$key]['acl'] = '';
402 $filearray[$key]['share'] = 0;
403
404 $rel_filename = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filearray[$key]['fullname']);
405
406 if (!preg_match('/([\\/]temp[\\/]|[\\/]thumbs|\.meta$)/', $rel_filename)) { // If not a tmp file
407 dol_syslog("list_of_documents We found a file called '".$filearray[$key]['name']."' not indexed into database. We add it");
408 include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
409 $ecmfile = new EcmFiles($db);
410
411 // Add entry into database
412 $filename = basename($rel_filename);
413 $rel_dir = dirname($rel_filename);
414 $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir);
415 $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir);
416
417 $ecmfile->filepath = $rel_dir;
418 $ecmfile->filename = $filename;
419 $ecmfile->label = md5_file(dol_osencode($filearray[$key]['fullname'])); // $destfile is a full path to file
420 $ecmfile->fullpath_orig = $filearray[$key]['fullname'];
421 $ecmfile->gen_or_uploaded = 'unknown';
422 $ecmfile->description = ''; // indexed content
423 $ecmfile->keywords = ''; // keyword content
424 $result = $ecmfile->create($user);
425 if ($result < 0) {
426 setEventMessages($ecmfile->error, $ecmfile->errors, 'warnings');
427 } else {
428 $filearray[$key]['rowid'] = $result;
429 }
430 } else {
431 $filearray[$key]['rowid'] = 0; // Should not happened
432 }
433 }
434 }
435 //var_dump($filearray); var_dump($relativedir.' - tmpfilename='.$tmpfilename.' - found='.$found);
436}
437
438
446function dol_compare_file($a, $b)
447{
448 global $sortorder, $sortfield;
449
450 $sortorder = strtoupper($sortorder);
451
452 if ($sortorder == 'ASC') {
453 $retup = -1;
454 $retdown = 1;
455 } else {
456 $retup = 1;
457 $retdown = -1;
458 }
459
460 if ($sortfield == 'name') {
461 if ($a->name == $b->name) {
462 return 0;
463 }
464 return ($a->name < $b->name) ? $retup : $retdown;
465 }
466 if ($sortfield == 'date') {
467 if ($a->date == $b->date) {
468 return 0;
469 }
470 return ($a->date < $b->date) ? $retup : $retdown;
471 }
472 if ($sortfield == 'size') {
473 if ($a->size == $b->size) {
474 return 0;
475 }
476 return ($a->size < $b->size) ? $retup : $retdown;
477 }
478
479 return 0;
480}
481
482
489function dol_is_dir($folder)
490{
491 $newfolder = dol_osencode($folder);
492 if (is_dir($newfolder)) {
493 return true;
494 } else {
495 return false;
496 }
497}
498
505function dol_is_dir_empty($dir)
506{
507 if (!is_readable($dir)) {
508 return false;
509 }
510 return (count(scandir($dir)) == 2);
511}
512
519function dol_is_file($pathoffile)
520{
521 $newpathoffile = dol_osencode($pathoffile);
522 return is_file($newpathoffile);
523}
524
531function dol_is_link($pathoffile)
532{
533 $newpathoffile = dol_osencode($pathoffile);
534 return is_link($newpathoffile);
535}
536
543function dol_is_writable($folderorfile)
544{
545 $newfolderorfile = dol_osencode($folderorfile);
546 return is_writable($newfolderorfile);
547}
548
557function dol_is_url($uri)
558{
559 $prots = array('file', 'http', 'https', 'ftp', 'zlib', 'data', 'ssh', 'ssh2', 'ogg', 'expect');
560 return false !== preg_match('/^('.implode('|', $prots).'):/i', $uri);
561}
562
569function dol_dir_is_emtpy($folder)
570{
571 $newfolder = dol_osencode($folder);
572 if (is_dir($newfolder)) {
573 $handle = opendir($newfolder);
574 $folder_content = '';
575 $name_array = [];
576 while ((gettype($name = readdir($handle)) != "boolean")) {
577 $name_array[] = $name;
578 }
579 foreach ($name_array as $temp) {
580 $folder_content .= $temp;
581 }
582
583 closedir($handle);
584
585 if ($folder_content == "...") {
586 return true;
587 } else {
588 return false;
589 }
590 } else {
591 return true; // Dir does not exists
592 }
593}
594
602function dol_count_nb_of_line($file)
603{
604 $nb = 0;
605
606 $newfile = dol_osencode($file);
607 //print 'x'.$file;
608 $fp = fopen($newfile, 'r');
609 if ($fp) {
610 while (!feof($fp)) {
611 $line = fgets($fp);
612 // Increase count only if read was success.
613 // Test needed because feof returns true only after fgets
614 // so we do n+1 fgets for a file with n lines.
615 if ($line !== false) {
616 $nb++;
617 }
618 }
619 fclose($fp);
620 } else {
621 $nb = -1;
622 }
623
624 return $nb;
625}
626
627
635function dol_filesize($pathoffile)
636{
637 $newpathoffile = dol_osencode($pathoffile);
638 return filesize($newpathoffile);
639}
640
647function dol_filemtime($pathoffile)
648{
649 $newpathoffile = dol_osencode($pathoffile);
650 return @filemtime($newpathoffile); // @Is to avoid errors if files does not exists
651}
652
659function dol_fileperm($pathoffile)
660{
661 $newpathoffile = dol_osencode($pathoffile);
662 return fileperms($newpathoffile);
663}
664
677function dolReplaceInFile($srcfile, $arrayreplacement, $destfile = '', $newmask = '0', $indexdatabase = 0, $arrayreplacementisregex = 0)
678{
679 dol_syslog("files.lib.php::dolReplaceInFile srcfile=".$srcfile." destfile=".$destfile." newmask=".$newmask." indexdatabase=".$indexdatabase." arrayreplacementisregex=".$arrayreplacementisregex);
680
681 if (empty($srcfile)) {
682 return -1;
683 }
684 if (empty($destfile)) {
685 $destfile = $srcfile;
686 }
687
688 // Clean the aa/bb/../cc into aa/cc
689 $srcfile = preg_replace('/\.\.\/?/', '', $srcfile);
690 $destfile = preg_replace('/\.\.\/?/', '', $destfile);
691
692 $destexists = dol_is_file($destfile);
693 if (($destfile != $srcfile) && $destexists) {
694 return 0;
695 }
696
697 $srcexists = dol_is_file($srcfile);
698 if (!$srcexists) {
699 dol_syslog("files.lib.php::dolReplaceInFile failed to read src file", LOG_WARNING);
700 return -3;
701 }
702
703 $tmpdestfile = $destfile.'.tmp';
704
705 $newpathofsrcfile = dol_osencode($srcfile);
706 $newpathoftmpdestfile = dol_osencode($tmpdestfile);
707 $newpathofdestfile = dol_osencode($destfile);
708 $newdirdestfile = dirname($newpathofdestfile);
709
710 if ($destexists && !is_writable($newpathofdestfile)) {
711 dol_syslog("files.lib.php::dolReplaceInFile failed Permission denied to overwrite target file", LOG_WARNING);
712 return -1;
713 }
714 if (!is_writable($newdirdestfile)) {
715 dol_syslog("files.lib.php::dolReplaceInFile failed Permission denied to write into target directory ".$newdirdestfile, LOG_WARNING);
716 return -2;
717 }
718
719 dol_delete_file($tmpdestfile);
720
721 // Create $newpathoftmpdestfile from $newpathofsrcfile
722 $content = file_get_contents($newpathofsrcfile);
723
724 if (empty($arrayreplacementisregex)) {
725 $content = make_substitutions($content, $arrayreplacement, null);
726 } else {
727 foreach ($arrayreplacement as $key => $value) {
728 $content = preg_replace($key, $value, $content);
729 }
730 }
731
732 file_put_contents($newpathoftmpdestfile, $content);
733 dolChmod($newpathoftmpdestfile, $newmask);
734
735 // Rename
736 $result = dol_move($newpathoftmpdestfile, $newpathofdestfile, $newmask, (($destfile == $srcfile) ? 1 : 0), 0, $indexdatabase);
737 if (!$result) {
738 dol_syslog("files.lib.php::dolReplaceInFile failed to move tmp file to final dest", LOG_WARNING);
739 return -3;
740 }
741 if (empty($newmask) && getDolGlobalString('MAIN_UMASK')) {
742 $newmask = getDolGlobalString('MAIN_UMASK');
743 }
744 if (empty($newmask)) { // This should no happen
745 dol_syslog("Warning: dolReplaceInFile called with empty value for newmask and no default value defined", LOG_WARNING);
746 $newmask = '0664';
747 }
748
749 dolChmod($newpathofdestfile, $newmask);
750
751 return 1;
752}
753
754
767function dol_copy($srcfile, $destfile, $newmask = '0', $overwriteifexists = 1, $testvirus = 0, $indexdatabase = 0)
768{
769 global $db, $user;
770
771 dol_syslog("files.lib.php::dol_copy srcfile=".$srcfile." destfile=".$destfile." newmask=".$newmask." overwriteifexists=".$overwriteifexists);
772
773 if (empty($srcfile) || empty($destfile)) {
774 return -1;
775 }
776
777 $destexists = dol_is_file($destfile);
778 if (!$overwriteifexists && $destexists) {
779 return 0;
780 }
781
782 $newpathofsrcfile = dol_osencode($srcfile);
783 $newpathofdestfile = dol_osencode($destfile);
784 $newdirdestfile = dirname($newpathofdestfile);
785
786 if ($destexists && !is_writable($newpathofdestfile)) {
787 dol_syslog("files.lib.php::dol_copy failed Permission denied to overwrite target file", LOG_WARNING);
788 return -1;
789 }
790 if (!is_writable($newdirdestfile)) {
791 dol_syslog("files.lib.php::dol_copy failed Permission denied to write into target directory ".$newdirdestfile, LOG_WARNING);
792 return -2;
793 }
794
795 // Check virus
796 $testvirusarray = array();
797 if ($testvirus) {
798 $testvirusarray = dolCheckVirus($srcfile, $destfile);
799 if (count($testvirusarray)) {
800 dol_syslog("files.lib.php::dol_copy canceled because a virus was found into source file. we ignore the copy request.", LOG_WARNING);
801 return -3;
802 }
803 }
804
805 // Copy with overwriting if exists
806 $result = @copy($newpathofsrcfile, $newpathofdestfile);
807 //$result=copy($newpathofsrcfile, $newpathofdestfile); // To see errors, remove @
808 if (!$result) {
809 dol_syslog("files.lib.php::dol_copy failed to copy", LOG_WARNING);
810 return -3;
811 }
812 if (empty($newmask) && getDolGlobalString('MAIN_UMASK')) {
813 $newmask = getDolGlobalString('MAIN_UMASK');
814 }
815 if (empty($newmask)) { // This should no happen
816 dol_syslog("Warning: dol_copy called with empty value for newmask and no default value defined", LOG_WARNING);
817 $newmask = '0664';
818 }
819
820 dolChmod($newpathofdestfile, $newmask);
821
822 if ($result && $indexdatabase) {
823 // Add entry into ecm database
824 $rel_filetocopyafter = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $newpathofdestfile);
825 if (!preg_match('/([\\/]temp[\\/]|[\\/]thumbs|\.meta$)/', $rel_filetocopyafter)) { // If not a tmp file
826 $rel_filetocopyafter = preg_replace('/^[\\/]/', '', $rel_filetocopyafter);
827 //var_dump($rel_filetorenamebefore.' - '.$rel_filetocopyafter);exit;
828
829 dol_syslog("Try to copy also entries in database for: ".$rel_filetocopyafter, LOG_DEBUG);
830 include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
831
832 $ecmfiletarget = new EcmFiles($db);
833 $resultecmtarget = $ecmfiletarget->fetch(0, '', $rel_filetocopyafter);
834 if ($resultecmtarget > 0) { // An entry for target name already exists for target, we delete it, a new one will be created.
835 dol_syslog("ECM dest file found, remove it", LOG_DEBUG);
836 $ecmfiletarget->delete($user);
837 } else {
838 dol_syslog("ECM dest file not found, create it", LOG_DEBUG);
839 }
840
841 $ecmSrcfile = new EcmFiles($db);
842 $resultecm = $ecmSrcfile->fetch(0, '', $srcfile);
843 if ($resultecm) {
844 dol_syslog("Fetch src file ok", LOG_DEBUG);
845 } else {
846 dol_syslog("Fetch src file error", LOG_DEBUG);
847 }
848
849 $ecmfile = new EcmFiles($db);
850 $filename = basename($rel_filetocopyafter);
851 $rel_dir = dirname($rel_filetocopyafter);
852 $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir);
853 $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir);
854
855 $ecmfile->filepath = $rel_dir;
856 $ecmfile->filename = $filename;
857 $ecmfile->label = md5_file(dol_osencode($destfile)); // $destfile is a full path to file
858 $ecmfile->fullpath_orig = $srcfile;
859 $ecmfile->gen_or_uploaded = 'copy';
860 $ecmfile->description = $ecmSrcfile->description;
861 $ecmfile->keywords = $ecmSrcfile->keywords;
862 $resultecm = $ecmfile->create($user);
863 if ($resultecm < 0) {
864 dol_syslog("Create ECM file ok", LOG_DEBUG);
865 setEventMessages($ecmfile->error, $ecmfile->errors, 'warnings');
866 } else {
867 dol_syslog("Create ECM file error", LOG_DEBUG);
868 setEventMessages($ecmfile->error, $ecmfile->errors, 'warnings');
869 }
870
871 if ($resultecm > 0) {
872 $result = 1;
873 } else {
874 $result = -1;
875 }
876 }
877 }
878
879 return (int) $result;
880}
881
896function dolCopyDir($srcfile, $destfile, $newmask, $overwriteifexists, $arrayreplacement = null, $excludesubdir = 0, $excludefileext = null, $excludearchivefiles = 0)
897{
898 $result = 0;
899
900 dol_syslog("files.lib.php::dolCopyDir srcfile=".$srcfile." destfile=".$destfile." newmask=".$newmask." overwriteifexists=".$overwriteifexists);
901
902 if (empty($srcfile) || empty($destfile)) {
903 return -1;
904 }
905
906 $destexists = dol_is_dir($destfile);
907
908 //if (! $overwriteifexists && $destexists) return 0; // The overwriteifexists is for files only, so propagated to dol_copy only.
909
910 if (!$destexists) {
911 // We must set mask just before creating dir, because it can be set differently by dol_copy
912 umask(0);
913 $dirmaskdec = octdec($newmask);
914 if (empty($newmask) && getDolGlobalString('MAIN_UMASK')) {
915 $dirmaskdec = octdec(getDolGlobalString('MAIN_UMASK'));
916 }
917 $dirmaskdec |= octdec('0200'); // Set w bit required to be able to create content for recursive subdirs files
918
919 $result = dol_mkdir($destfile, '', decoct($dirmaskdec));
920
921 if (!dol_is_dir($destfile)) {
922 // The output directory does not exists and we failed to create it. So we stop here.
923 return -1;
924 }
925 }
926
927 $ossrcfile = dol_osencode($srcfile);
928 $osdestfile = dol_osencode($destfile);
929
930 // Recursive function to copy all subdirectories and contents:
931 if (is_dir($ossrcfile)) {
932 $dir_handle = opendir($ossrcfile);
933 while ($file = readdir($dir_handle)) {
934 if ($file != "." && $file != ".." && !is_link($ossrcfile."/".$file)) {
935 if (is_dir($ossrcfile."/".$file)) {
936 if (empty($excludesubdir) || ($excludesubdir == 2 && strlen($file) == 2)) {
937 $newfile = $file;
938 // Replace destination filename with a new one
939 if (is_array($arrayreplacement)) {
940 foreach ($arrayreplacement as $key => $val) {
941 $newfile = str_replace($key, $val, $newfile);
942 }
943 }
944 //var_dump("xxx dolCopyDir $srcfile/$file, $destfile/$file, $newmask, $overwriteifexists");
945 $tmpresult = dolCopyDir($srcfile."/".$file, $destfile."/".$newfile, $newmask, $overwriteifexists, $arrayreplacement, $excludesubdir, $excludefileext, $excludearchivefiles);
946 }
947 } else {
948 $newfile = $file;
949
950 if (is_array($excludefileext)) {
951 $extension = pathinfo($file, PATHINFO_EXTENSION);
952 if (in_array($extension, $excludefileext)) {
953 //print "We exclude the file ".$file." because its extension is inside list ".join(', ', $excludefileext); exit;
954 continue;
955 }
956 }
957
958 if ($excludearchivefiles == 1) {
959 $extension = pathinfo($file, PATHINFO_EXTENSION);
960 if (preg_match('/^[v|d]\d+$/', $extension)) {
961 continue;
962 }
963 }
964
965 // Replace destination filename with a new one
966 if (is_array($arrayreplacement)) {
967 foreach ($arrayreplacement as $key => $val) {
968 $newfile = str_replace($key, $val, $newfile);
969 }
970 }
971 $tmpresult = dol_copy($srcfile."/".$file, $destfile."/".$newfile, $newmask, $overwriteifexists);
972 }
973 // Set result
974 if ($result > 0 && $tmpresult >= 0) {
975 // Do nothing, so we don't set result to 0 if tmpresult is 0 and result was success in a previous pass
976 } else {
977 $result = $tmpresult;
978 }
979 if ($result < 0) {
980 break;
981 }
982 }
983 }
984 closedir($dir_handle);
985 } else {
986 // Source directory does not exists
987 $result = -2;
988 }
989
990 return (int) $result;
991}
992
993
1011function dol_move($srcfile, $destfile, $newmask = '0', $overwriteifexists = 1, $testvirus = 0, $indexdatabase = 1, $moreinfo = array())
1012{
1013 global $user, $db, $conf;
1014 $result = false;
1015
1016 dol_syslog("files.lib.php::dol_move srcfile=".$srcfile." destfile=".$destfile." newmask=".$newmask." overwritifexists=".$overwriteifexists);
1017 $srcexists = dol_is_file($srcfile);
1018 $destexists = dol_is_file($destfile);
1019
1020 if (!$srcexists) {
1021 dol_syslog("files.lib.php::dol_move srcfile does not exists. we ignore the move request.");
1022 return false;
1023 }
1024
1025 if ($overwriteifexists || !$destexists) {
1026 $newpathofsrcfile = dol_osencode($srcfile);
1027 $newpathofdestfile = dol_osencode($destfile);
1028
1029 // Check on virus
1030 $testvirusarray = array();
1031 if ($testvirus) {
1032 // Check using filename + antivirus
1033 $testvirusarray = dolCheckVirus($newpathofsrcfile, $newpathofdestfile);
1034 if (count($testvirusarray)) {
1035 dol_syslog("files.lib.php::dol_move canceled because a virus was found into source file. We ignore the move request.", LOG_WARNING);
1036 return false;
1037 }
1038 } else {
1039 // Check using filename only
1040 $testvirusarray = dolCheckOnFileName($newpathofsrcfile, $newpathofdestfile);
1041 if (count($testvirusarray)) {
1042 dol_syslog("files.lib.php::dol_move canceled because a virus was found into source file. We ignore the move request.", LOG_WARNING);
1043 return false;
1044 }
1045 }
1046
1047 global $dolibarr_main_restrict_os_commands;
1048 if (!empty($dolibarr_main_restrict_os_commands)) {
1049 $arrayofallowedcommand = explode(',', $dolibarr_main_restrict_os_commands);
1050 $arrayofallowedcommand = array_map('trim', $arrayofallowedcommand);
1051 if (in_array(basename($destfile), $arrayofallowedcommand)) {
1052 //$langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now.
1053 //setEventMessages($langs->trans("ErrorFilenameReserved", basename($destfile)), null, 'errors');
1054 dol_syslog("files.lib.php::dol_move canceled because target filename ".basename($destfile)." is using a reserved command name. we ignore the move request.", LOG_WARNING);
1055 return false;
1056 }
1057 }
1058
1059 $result = @rename($newpathofsrcfile, $newpathofdestfile); // To see errors, remove @
1060 if (!$result) {
1061 if ($destexists) {
1062 dol_syslog("files.lib.php::dol_move Failed. We try to delete target first and move after.", LOG_WARNING);
1063 // We force delete and try again. Rename function sometimes fails to replace dest file with some windows NTFS partitions.
1064 dol_delete_file($destfile);
1065 $result = @rename($newpathofsrcfile, $newpathofdestfile); // To see errors, remove @
1066 } else {
1067 dol_syslog("files.lib.php::dol_move Failed.", LOG_WARNING);
1068 }
1069 }
1070
1071 // Move ok
1072 if ($result && $indexdatabase) {
1073 // Rename entry into ecm database
1074 $rel_filetorenamebefore = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $srcfile);
1075 $rel_filetorenameafter = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $destfile);
1076 if (!preg_match('/([\\/]temp[\\/]|[\\/]thumbs|\.meta$)/', $rel_filetorenameafter)) { // If not a tmp file
1077 $rel_filetorenamebefore = preg_replace('/^[\\/]/', '', $rel_filetorenamebefore);
1078 $rel_filetorenameafter = preg_replace('/^[\\/]/', '', $rel_filetorenameafter);
1079 //var_dump($rel_filetorenamebefore.' - '.$rel_filetorenameafter);exit;
1080
1081 dol_syslog("Try to rename also entries in database for full relative path before = ".$rel_filetorenamebefore." after = ".$rel_filetorenameafter, LOG_DEBUG);
1082 include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
1083
1084 $ecmfiletarget = new EcmFiles($db);
1085 $resultecmtarget = $ecmfiletarget->fetch(0, '', $rel_filetorenameafter);
1086 if ($resultecmtarget > 0) { // An entry for target name already exists for target, we delete it, a new one will be created.
1087 $ecmfiletarget->delete($user);
1088 }
1089
1090 $ecmfile = new EcmFiles($db);
1091 $resultecm = $ecmfile->fetch(0, '', $rel_filetorenamebefore);
1092 if ($resultecm > 0) { // If an entry was found for src file, we use it to move entry
1093 $filename = basename($rel_filetorenameafter);
1094 $rel_dir = dirname($rel_filetorenameafter);
1095 $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir);
1096 $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir);
1097
1098 $ecmfile->filepath = $rel_dir;
1099 $ecmfile->filename = $filename;
1100
1101 $resultecm = $ecmfile->update($user);
1102 } elseif ($resultecm == 0) { // If no entry were found for src files, create/update target file
1103 $filename = basename($rel_filetorenameafter);
1104 $rel_dir = dirname($rel_filetorenameafter);
1105 $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir);
1106 $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir);
1107
1108 $ecmfile->filepath = $rel_dir;
1109 $ecmfile->filename = $filename;
1110 $ecmfile->label = md5_file(dol_osencode($destfile)); // $destfile is a full path to file
1111 $ecmfile->fullpath_orig = basename($srcfile);
1112 $ecmfile->gen_or_uploaded = 'uploaded';
1113 if (!empty($moreinfo) && !empty($moreinfo['description'])) {
1114 $ecmfile->description = $moreinfo['description']; // indexed content
1115 } else {
1116 $ecmfile->description = ''; // indexed content
1117 }
1118 if (!empty($moreinfo) && !empty($moreinfo['keywords'])) {
1119 $ecmfile->keywords = $moreinfo['keywords']; // indexed content
1120 } else {
1121 $ecmfile->keywords = ''; // keyword content
1122 }
1123 if (!empty($moreinfo) && !empty($moreinfo['note_private'])) {
1124 $ecmfile->note_private = $moreinfo['note_private'];
1125 }
1126 if (!empty($moreinfo) && !empty($moreinfo['note_public'])) {
1127 $ecmfile->note_public = $moreinfo['note_public'];
1128 }
1129 if (!empty($moreinfo) && !empty($moreinfo['src_object_type'])) {
1130 $ecmfile->src_object_type = $moreinfo['src_object_type'];
1131 }
1132 if (!empty($moreinfo) && !empty($moreinfo['src_object_id'])) {
1133 $ecmfile->src_object_id = $moreinfo['src_object_id'];
1134 }
1135
1136 $resultecm = $ecmfile->create($user);
1137 if ($resultecm < 0) {
1138 setEventMessages($ecmfile->error, $ecmfile->errors, 'warnings');
1139 }
1140 } elseif ($resultecm < 0) {
1141 setEventMessages($ecmfile->error, $ecmfile->errors, 'warnings');
1142 }
1143
1144 if ($resultecm > 0) {
1145 $result = true;
1146 } else {
1147 $result = false;
1148 }
1149 }
1150 }
1151
1152 if (empty($newmask)) {
1153 $newmask = getDolGlobalString('MAIN_UMASK', '0755');
1154 }
1155
1156 // Currently method is restricted to files (dol_delete_files previously used is for files, and mask usage if for files too)
1157 // to allow mask usage for dir, we should introduce a new param "isdir" to 1 to complete newmask like this
1158 // if ($isdir) $newmaskdec |= octdec('0111'); // Set x bit required for directories
1159 dolChmod($newpathofdestfile, $newmask);
1160 }
1161
1162 return $result;
1163}
1164
1175function dol_move_dir($srcdir, $destdir, $overwriteifexists = 1, $indexdatabase = 1, $renamedircontent = 1)
1176{
1177 $result = false;
1178
1179 dol_syslog("files.lib.php::dol_move_dir srcdir=".$srcdir." destdir=".$destdir." overwritifexists=".$overwriteifexists." indexdatabase=".$indexdatabase." renamedircontent=".$renamedircontent);
1180 $srcexists = dol_is_dir($srcdir);
1181 $srcbasename = basename($srcdir);
1182 $destexists = dol_is_dir($destdir);
1183
1184 if (!$srcexists) {
1185 dol_syslog("files.lib.php::dol_move_dir srcdir does not exists. Move fails");
1186 return false;
1187 }
1188
1189 if ($overwriteifexists || !$destexists) {
1190 $newpathofsrcdir = dol_osencode($srcdir);
1191 $newpathofdestdir = dol_osencode($destdir);
1192
1193 // On windows, if destination directory exists and is empty, command fails. So if overwrite is on, we first remove destination directory.
1194 // On linux, if destination directory exists and is empty, command succeed. So no need to delete di destination directory first.
1195 // Note: If dir exists and is not empty, it will and must fail on both linux and windows even, if option $overwriteifexists is on.
1196 if ($overwriteifexists) {
1197 if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
1198 if (is_dir($newpathofdestdir)) {
1199 @rmdir($newpathofdestdir);
1200 }
1201 }
1202 }
1203
1204 $result = @rename($newpathofsrcdir, $newpathofdestdir);
1205
1206 // Now rename contents in the directory after the move to match the new destination
1207 if ($result && $renamedircontent) {
1208 if (file_exists($newpathofdestdir)) {
1209 $destbasename = basename($newpathofdestdir);
1210 $files = dol_dir_list($newpathofdestdir);
1211 if (!empty($files) && is_array($files)) {
1212 foreach ($files as $key => $file) {
1213 if (!file_exists($file["fullname"])) {
1214 continue;
1215 }
1216 $filepath = $file["path"];
1217 $oldname = $file["name"];
1218
1219 $newname = str_replace($srcbasename, $destbasename, $oldname);
1220 if (!empty($newname) && $newname !== $oldname) {
1221 if ($file["type"] == "dir") {
1222 $res = dol_move_dir($filepath.'/'.$oldname, $filepath.'/'.$newname, $overwriteifexists, $indexdatabase, $renamedircontent);
1223 } else {
1224 $res = dol_move($filepath.'/'.$oldname, $filepath.'/'.$newname, 0, $overwriteifexists, 0, $indexdatabase);
1225 }
1226 if (!$res) {
1227 return $result;
1228 }
1229 }
1230 }
1231 $result = true;
1232 }
1233 }
1234 }
1235 }
1236 return $result;
1237}
1238
1246function dol_unescapefile($filename)
1247{
1248 // Remove path information and dots around the filename, to prevent uploading
1249 // into different directories or replacing hidden system files.
1250 // Also remove control characters and spaces (\x00..\x20) around the filename:
1251 return trim(basename($filename), ".\x00..\x20");
1252}
1253
1254
1262function dolCheckVirus($src_file, $dest_file = '')
1263{
1264 global $db;
1265
1266 $reterrors = dolCheckOnFileName($src_file, $dest_file);
1267 if (!empty($reterrors)) {
1268 return $reterrors;
1269 }
1270
1271 if (getDolGlobalString('MAIN_ANTIVIRUS_COMMAND')) {
1272 if (!class_exists('AntiVir')) {
1273 require_once DOL_DOCUMENT_ROOT.'/core/class/antivir.class.php';
1274 }
1275 $antivir = new AntiVir($db);
1276 $result = $antivir->dol_avscan_file($src_file);
1277 if ($result < 0) { // If virus or error, we stop here
1278 $reterrors = $antivir->errors;
1279 return $reterrors;
1280 }
1281 }
1282 return array();
1283}
1284
1292function dolCheckOnFileName($src_file, $dest_file = '')
1293{
1294 if (preg_match('/\.pdf$/i', $dest_file)) {
1295 if (!getDolGlobalString('MAIN_ANTIVIRUS_ALLOW_JS_IN_PDF')) {
1296 dol_syslog("dolCheckOnFileName Check that pdf does not contains js code");
1297
1298 $tmp = file_get_contents(trim($src_file));
1299 if (preg_match('/[\n\s]+\/JavaScript[\n\s]+/m', $tmp)) {
1300 return array('File is a PDF with javascript inside');
1301 }
1302 } else {
1303 dol_syslog("dolCheckOnFileName Check js into pdf disabled");
1304 }
1305 }
1306
1307 return array();
1308}
1309
1310
1331function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disablevirusscan = 0, $uploaderrorcode = 0, $nohook = 0, $varfiles = 'addedfile', $upload_dir = '')
1332{
1333 global $conf;
1334 global $object, $hookmanager;
1335
1336 $reshook = 0;
1337 $file_name = $dest_file;
1338 $successcode = 1;
1339
1340 if (empty($nohook)) {
1341 $reshook = $hookmanager->initHooks(array('fileslib'));
1342
1343 $parameters = array('dest_file' => $dest_file, 'src_file' => $src_file, 'file_name' => $file_name, 'varfiles' => $varfiles, 'allowoverwrite' => $allowoverwrite);
1344 $reshook = $hookmanager->executeHooks('moveUploadedFile', $parameters, $object);
1345 }
1346
1347 if (empty($reshook)) {
1348 // If an upload error has been reported
1349 if ($uploaderrorcode) {
1350 switch ($uploaderrorcode) {
1351 case UPLOAD_ERR_INI_SIZE: // 1
1352 return 'ErrorFileSizeTooLarge';
1353 case UPLOAD_ERR_FORM_SIZE: // 2
1354 return 'ErrorFileSizeTooLarge';
1355 case UPLOAD_ERR_PARTIAL: // 3
1356 return 'ErrorPartialFile';
1357 case UPLOAD_ERR_NO_TMP_DIR: //
1358 return 'ErrorNoTmpDir';
1359 case UPLOAD_ERR_CANT_WRITE:
1360 return 'ErrorFailedToWriteInDir';
1361 case UPLOAD_ERR_EXTENSION:
1362 return 'ErrorUploadBlockedByAddon';
1363 default:
1364 break;
1365 }
1366 }
1367
1368 // Security:
1369 // If we need to make a virus scan
1370 if (empty($disablevirusscan) && file_exists($src_file)) {
1371 $checkvirusarray = dolCheckVirus($src_file, $dest_file);
1372 if (count($checkvirusarray)) {
1373 dol_syslog('Files.lib::dol_move_uploaded_file File "'.$src_file.'" (target name "'.$dest_file.'") KO with antivirus: errors='.implode(',', $checkvirusarray), LOG_WARNING);
1374 return 'ErrorFileIsInfectedWithAVirus: '.implode(',', $checkvirusarray);
1375 }
1376 }
1377
1378 // Security:
1379 // Disallow file with some extensions. We rename them.
1380 // Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code.
1381 if (isAFileWithExecutableContent($dest_file) && !getDolGlobalString('MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED')) {
1382 // $upload_dir ends with a slash, so be must be sure the medias dir to compare to ends with slash too.
1383 $publicmediasdirwithslash = $conf->medias->multidir_output[$conf->entity];
1384 if (!preg_match('/\/$/', $publicmediasdirwithslash)) {
1385 $publicmediasdirwithslash .= '/';
1386 }
1387
1388 if (strpos($upload_dir, $publicmediasdirwithslash) !== 0 || !getDolGlobalInt("MAIN_DOCUMENT_DISABLE_NOEXE_IN_MEDIAS_DIR")) { // We never add .noexe on files into media directory
1389 $file_name .= '.noexe';
1390 $successcode = 2;
1391 }
1392 }
1393
1394 // Security:
1395 // We refuse cache files/dirs, upload using .. and pipes into filenames.
1396 if (preg_match('/^\./', basename($src_file)) || preg_match('/\.\./', $src_file) || preg_match('/[<>|]/', $src_file)) {
1397 dol_syslog("Refused to deliver file ".$src_file, LOG_WARNING);
1398 return -1;
1399 }
1400
1401 // Security:
1402 // We refuse cache files/dirs, upload using .. and pipes into filenames.
1403 if (preg_match('/^\./', basename($dest_file)) || preg_match('/\.\./', $dest_file) || preg_match('/[<>|]/', $dest_file)) {
1404 dol_syslog("Refused to deliver file ".$dest_file, LOG_WARNING);
1405 return -2;
1406 }
1407 }
1408
1409 if ($reshook < 0) { // At least one blocking error returned by one hook
1410 $errmsg = implode(',', $hookmanager->errors);
1411 if (empty($errmsg)) {
1412 $errmsg = 'ErrorReturnedBySomeHooks'; // Should not occurs. Added if hook is bugged and does not set ->errors when there is error.
1413 }
1414 return $errmsg;
1415 } elseif (empty($reshook)) {
1416 // The file functions must be in OS filesystem encoding.
1417 $src_file_osencoded = dol_osencode($src_file);
1418 $file_name_osencoded = dol_osencode($file_name);
1419
1420 // Check if destination dir is writable
1421 if (!is_writable(dirname($file_name_osencoded))) {
1422 dol_syslog("Files.lib::dol_move_uploaded_file Dir ".dirname($file_name_osencoded)." is not writable. Return 'ErrorDirNotWritable'", LOG_WARNING);
1423 return 'ErrorDirNotWritable';
1424 }
1425
1426 // Check if destination file already exists
1427 if (!$allowoverwrite) {
1428 if (file_exists($file_name_osencoded)) {
1429 dol_syslog("Files.lib::dol_move_uploaded_file File ".$file_name." already exists. Return 'ErrorFileAlreadyExists'", LOG_WARNING);
1430 return 'ErrorFileAlreadyExists';
1431 }
1432 } else { // We are allowed to erase
1433 if (is_dir($file_name_osencoded)) { // If there is a directory with name of file to create
1434 dol_syslog("Files.lib::dol_move_uploaded_file A directory with name ".$file_name." already exists. Return 'ErrorDirWithFileNameAlreadyExists'", LOG_WARNING);
1435 return 'ErrorDirWithFileNameAlreadyExists';
1436 }
1437 }
1438
1439 // Move file
1440 $return = move_uploaded_file($src_file_osencoded, $file_name_osencoded);
1441 if ($return) {
1442 dolChmod($file_name_osencoded);
1443 dol_syslog("Files.lib::dol_move_uploaded_file Success to move ".$src_file." to ".$file_name." - Umask=" . getDolGlobalString('MAIN_UMASK'), LOG_DEBUG);
1444 return $successcode; // Success
1445 } else {
1446 dol_syslog("Files.lib::dol_move_uploaded_file Failed to move ".$src_file." to ".$file_name, LOG_ERR);
1447 return -3; // Unknown error
1448 }
1449 }
1450
1451 return $successcode; // Success
1452}
1453
1469function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $object = null, $allowdotdot = false, $indexdatabase = 1, $nolog = 0)
1470{
1471 global $db, $user, $langs;
1472 global $hookmanager;
1473
1474 // Load translation files required by the page
1475 $langs->loadLangs(array('other', 'errors'));
1476
1477 if (empty($nolog)) {
1478 dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook);
1479 }
1480
1481 // Security:
1482 // We refuse transversal using .. and pipes into filenames.
1483 if ((!$allowdotdot && preg_match('/\.\./', $file)) || preg_match('/[<>|]/', $file)) {
1484 dol_syslog("Refused to delete file ".$file, LOG_WARNING);
1485 return false;
1486 }
1487
1488 $reshook = 0;
1489 if (empty($nohook) && !empty($hookmanager)) {
1490 $hookmanager->initHooks(array('fileslib'));
1491
1492 $parameters = array(
1493 'file' => $file,
1494 'disableglob' => $disableglob,
1495 'nophperrors' => $nophperrors
1496 );
1497 $reshook = $hookmanager->executeHooks('deleteFile', $parameters, $object);
1498 }
1499
1500 if (empty($nohook) && $reshook != 0) { // reshook = 0 to do standard actions, 1 = ok and replace, -1 = ko
1501 dol_syslog("reshook=".$reshook);
1502 if ($reshook < 0) {
1503 return false;
1504 }
1505 return true;
1506 } else {
1507 $file_osencoded = dol_osencode($file); // New filename encoded in OS filesystem encoding charset
1508 if (empty($disableglob) && !empty($file_osencoded)) {
1509 $ok = true;
1510 $globencoded = str_replace('[', '\[', $file_osencoded);
1511 $globencoded = str_replace(']', '\]', $globencoded);
1512 $listofdir = glob($globencoded);
1513 if (!empty($listofdir) && is_array($listofdir)) {
1514 foreach ($listofdir as $filename) {
1515 if ($nophperrors) {
1516 $ok = @unlink($filename);
1517 } else {
1518 $ok = unlink($filename);
1519 }
1520
1521 // If it fails and it is because of the missing write permission on parent dir
1522 if (!$ok && file_exists(dirname($filename)) && !(fileperms(dirname($filename)) & 0200)) {
1523 dol_syslog("Error in deletion, but parent directory exists with no permission to write, we try to change permission on parent directory and retry...", LOG_DEBUG);
1524 dolChmod(dirname($filename), decoct(fileperms(dirname($filename)) | 0200));
1525 // Now we retry deletion
1526 if ($nophperrors) {
1527 $ok = @unlink($filename);
1528 } else {
1529 $ok = unlink($filename);
1530 }
1531 }
1532
1533 if ($ok) {
1534 if (empty($nolog)) {
1535 dol_syslog("Removed file ".$filename, LOG_DEBUG);
1536 }
1537
1538 // Delete entry into ecm database
1539 $rel_filetodelete = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filename);
1540 if (!preg_match('/(\/temp\/|\/thumbs\/|\.meta$)/', $rel_filetodelete)) { // If not a tmp file
1541 if (is_object($db) && $indexdatabase) { // $db may not be defined when lib is in a context with define('NOREQUIREDB',1)
1542 $rel_filetodelete = preg_replace('/^[\\/]/', '', $rel_filetodelete);
1543 $rel_filetodelete = preg_replace('/\.noexe$/', '', $rel_filetodelete);
1544
1545 dol_syslog("Try to remove also entries in database for full relative path = ".$rel_filetodelete, LOG_DEBUG);
1546 include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
1547 $ecmfile = new EcmFiles($db);
1548 $result = $ecmfile->fetch(0, '', $rel_filetodelete);
1549 if ($result >= 0 && $ecmfile->id > 0) {
1550 $result = $ecmfile->delete($user);
1551 }
1552 if ($result < 0) {
1553 setEventMessages($ecmfile->error, $ecmfile->errors, 'warnings');
1554 }
1555 }
1556 }
1557 } else {
1558 dol_syslog("Failed to remove file ".$filename, LOG_WARNING);
1559 // TODO Failure to remove can be because file was already removed or because of permission
1560 // If error because it does not exists, we should return true, and we should return false if this is a permission problem
1561 }
1562 }
1563 } else {
1564 dol_syslog("No files to delete found", LOG_DEBUG);
1565 }
1566 } else {
1567 $ok = false;
1568 if ($nophperrors) {
1569 $ok = @unlink($file_osencoded);
1570 } else {
1571 $ok = unlink($file_osencoded);
1572 }
1573 if ($ok) {
1574 if (empty($nolog)) {
1575 dol_syslog("Removed file ".$file_osencoded, LOG_DEBUG);
1576 }
1577 } else {
1578 dol_syslog("Failed to remove file ".$file_osencoded, LOG_WARNING);
1579 }
1580 }
1581
1582 return $ok;
1583 }
1584}
1585
1595function dol_delete_dir($dir, $nophperrors = 0)
1596{
1597 // Security:
1598 // We refuse transversal using .. and pipes into filenames.
1599 if (preg_match('/\.\./', $dir) || preg_match('/[<>|]/', $dir)) {
1600 dol_syslog("Refused to delete dir ".$dir.' (contains invalid char sequence)', LOG_WARNING);
1601 return false;
1602 }
1603
1604 $dir_osencoded = dol_osencode($dir);
1605 return ($nophperrors ? @rmdir($dir_osencoded) : rmdir($dir_osencoded));
1606}
1607
1620function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = 0, &$countdeleted = 0, $indexdatabase = 1, $nolog = 0)
1621{
1622 if (empty($nolog)) {
1623 dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir, LOG_DEBUG);
1624 }
1625 if (dol_is_dir($dir)) {
1626 $dir_osencoded = dol_osencode($dir);
1627 if ($handle = opendir("$dir_osencoded")) {
1628 while (false !== ($item = readdir($handle))) {
1629 if (!utf8_check($item)) {
1630 $item = mb_convert_encoding($item, 'UTF-8', 'ISO-8859-1'); // should be useless
1631 }
1632
1633 if ($item != "." && $item != "..") {
1634 if (is_dir(dol_osencode("$dir/$item")) && !is_link(dol_osencode("$dir/$item"))) {
1635 $count = dol_delete_dir_recursive("$dir/$item", $count, $nophperrors, 0, $countdeleted, $indexdatabase, $nolog);
1636 } else {
1637 $result = dol_delete_file("$dir/$item", 1, $nophperrors, 0, null, false, $indexdatabase, $nolog);
1638 $count++;
1639 if ($result) {
1640 $countdeleted++;
1641 }
1642 //else print 'Error on '.$item."\n";
1643 }
1644 }
1645 }
1646 closedir($handle);
1647
1648 // Delete also the main directory
1649 if (empty($onlysub)) {
1650 $result = dol_delete_dir($dir, $nophperrors);
1651 $count++;
1652 if ($result) {
1653 $countdeleted++;
1654 }
1655 //else print 'Error on '.$dir."\n";
1656 }
1657 }
1658 }
1659
1660 return $count;
1661}
1662
1663
1672function dol_delete_preview($object)
1673{
1674 global $langs, $conf;
1675
1676 // Define parent dir of elements
1677 $element = $object->element;
1678
1679 if ($object->element == 'order_supplier') {
1680 $dir = $conf->fournisseur->commande->dir_output;
1681 } elseif ($object->element == 'invoice_supplier') {
1682 $dir = $conf->fournisseur->facture->dir_output;
1683 } elseif ($object->element == 'project') {
1684 $dir = $conf->project->dir_output;
1685 } elseif ($object->element == 'shipping') {
1686 $dir = $conf->expedition->dir_output.'/sending';
1687 } elseif ($object->element == 'delivery') {
1688 $dir = $conf->expedition->dir_output.'/receipt';
1689 } elseif ($object->element == 'fichinter') {
1690 $dir = $conf->ficheinter->dir_output;
1691 } else {
1692 $dir = empty($conf->$element->dir_output) ? '' : $conf->$element->dir_output;
1693 }
1694
1695 if (empty($dir)) {
1696 $object->error = $langs->trans('ErrorObjectNoSupportedByFunction');
1697 return 0;
1698 }
1699
1700 $refsan = dol_sanitizeFileName($object->ref);
1701 $dir = $dir."/".$refsan;
1702 $filepreviewnew = $dir."/".$refsan.".pdf_preview.png";
1703 $filepreviewnewbis = $dir."/".$refsan.".pdf_preview-0.png";
1704 $filepreviewold = $dir."/".$refsan.".pdf.png";
1705
1706 // For new preview files
1707 if (file_exists($filepreviewnew) && is_writable($filepreviewnew)) {
1708 if (!dol_delete_file($filepreviewnew, 1)) {
1709 $object->error = $langs->trans("ErrorFailedToDeleteFile", $filepreviewnew);
1710 return 0;
1711 }
1712 }
1713 if (file_exists($filepreviewnewbis) && is_writable($filepreviewnewbis)) {
1714 if (!dol_delete_file($filepreviewnewbis, 1)) {
1715 $object->error = $langs->trans("ErrorFailedToDeleteFile", $filepreviewnewbis);
1716 return 0;
1717 }
1718 }
1719 // For old preview files
1720 if (file_exists($filepreviewold) && is_writable($filepreviewold)) {
1721 if (!dol_delete_file($filepreviewold, 1)) {
1722 $object->error = $langs->trans("ErrorFailedToDeleteFile", $filepreviewold);
1723 return 0;
1724 }
1725 } else {
1726 $multiple = $filepreviewold.".";
1727 for ($i = 0; $i < 20; $i++) {
1728 $preview = $multiple.$i;
1729
1730 if (file_exists($preview) && is_writable($preview)) {
1731 if (!dol_delete_file($preview, 1)) {
1732 $object->error = $langs->trans("ErrorFailedToOpenFile", $preview);
1733 return 0;
1734 }
1735 }
1736 }
1737 }
1738
1739 return 1;
1740}
1741
1750function dol_meta_create($object)
1751{
1752 global $conf;
1753
1754 // Create meta file
1755 if (!getDolGlobalString('MAIN_DOC_CREATE_METAFILE')) {
1756 return 0; // By default, no metafile.
1757 }
1758
1759 // Define parent dir of elements
1760 $element = $object->element;
1761
1762 if ($object->element == 'order_supplier') {
1763 $dir = $conf->fournisseur->dir_output.'/commande';
1764 } elseif ($object->element == 'invoice_supplier') {
1765 $dir = $conf->fournisseur->dir_output.'/facture';
1766 } elseif ($object->element == 'project') {
1767 $dir = $conf->project->dir_output;
1768 } elseif ($object->element == 'shipping') {
1769 $dir = $conf->expedition->dir_output.'/sending';
1770 } elseif ($object->element == 'delivery') {
1771 $dir = $conf->expedition->dir_output.'/receipt';
1772 } elseif ($object->element == 'fichinter') {
1773 $dir = $conf->ficheinter->dir_output;
1774 } else {
1775 $dir = empty($conf->$element->dir_output) ? '' : $conf->$element->dir_output;
1776 }
1777
1778 if ($dir) {
1779 $object->fetch_thirdparty();
1780
1781 $objectref = dol_sanitizeFileName($object->ref);
1782 $dir = $dir."/".$objectref;
1783 $file = $dir."/".$objectref.".meta";
1784
1785 if (!is_dir($dir)) {
1786 dol_mkdir($dir);
1787 }
1788
1789 if (is_dir($dir)) {
1790 if (is_countable($object->lines) && count($object->lines) > 0) {
1791 $nblines = count($object->lines);
1792 }
1793 $client = $object->thirdparty->name." ".$object->thirdparty->address." ".$object->thirdparty->zip." ".$object->thirdparty->town;
1794 $meta = "REFERENCE=\"".$object->ref."\"
1795 DATE=\"" . dol_print_date($object->date, '')."\"
1796 NB_ITEMS=\"" . $nblines."\"
1797 CLIENT=\"" . $client."\"
1798 AMOUNT_EXCL_TAX=\"" . $object->total_ht."\"
1799 AMOUNT=\"" . $object->total_ttc."\"\n";
1800
1801 for ($i = 0; $i < $nblines; $i++) {
1802 //Pour les articles
1803 $meta .= "ITEM_".$i."_QUANTITY=\"".$object->lines[$i]->qty."\"
1804 ITEM_" . $i."_AMOUNT_WO_TAX=\"".$object->lines[$i]->total_ht."\"
1805 ITEM_" . $i."_VAT=\"".$object->lines[$i]->tva_tx."\"
1806 ITEM_" . $i."_DESCRIPTION=\"".str_replace("\r\n", "", nl2br($object->lines[$i]->desc))."\"
1807 ";
1808 }
1809 }
1810
1811 $fp = fopen($file, "w");
1812 fwrite($fp, $meta);
1813 fclose($fp);
1814
1815 dolChmod($file);
1816
1817 return 1;
1818 } else {
1819 dol_syslog('FailedToDetectDirInDolMetaCreateFor'.$object->element, LOG_WARNING);
1820 }
1821
1822 return 0;
1823}
1824
1825
1826
1835function dol_init_file_process($pathtoscan = '', $trackid = '')
1836{
1837 $listofpaths = array();
1838 $listofnames = array();
1839 $listofmimes = array();
1840
1841 if ($pathtoscan) {
1842 $listoffiles = dol_dir_list($pathtoscan, 'files');
1843 foreach ($listoffiles as $key => $val) {
1844 $listofpaths[] = $val['fullname'];
1845 $listofnames[] = $val['name'];
1846 $listofmimes[] = dol_mimetype($val['name']);
1847 }
1848 }
1849 $keytoavoidconflict = empty($trackid) ? '' : '-'.$trackid;
1850 $_SESSION["listofpaths".$keytoavoidconflict] = implode(';', $listofpaths);
1851 $_SESSION["listofnames".$keytoavoidconflict] = implode(';', $listofnames);
1852 $_SESSION["listofmimes".$keytoavoidconflict] = implode(';', $listofmimes);
1853}
1854
1855
1873function dol_add_file_process($upload_dir, $allowoverwrite = 0, $updatesessionordb = 0, $varfiles = 'addedfile', $savingdocmask = '', $link = null, $trackid = '', $generatethumbs = 1, $object = null)
1874{
1875 global $db, $user, $conf, $langs;
1876
1877 $res = 0;
1878
1879 if (!empty($_FILES[$varfiles])) { // For view $_FILES[$varfiles]['error']
1880 dol_syslog('dol_add_file_process upload_dir='.$upload_dir.' allowoverwrite='.$allowoverwrite.' donotupdatesession='.$updatesessionordb.' savingdocmask='.$savingdocmask, LOG_DEBUG);
1881 $maxfilesinform = getDolGlobalInt("MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS", 10);
1882 if (is_array($_FILES[$varfiles]["name"]) && count($_FILES[$varfiles]["name"]) > $maxfilesinform) {
1883 $langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now.
1884 setEventMessages($langs->trans("ErrorTooMuchFileInForm", $maxfilesinform), null, "errors");
1885 return -1;
1886 }
1887 $result = dol_mkdir($upload_dir);
1888 // var_dump($result);exit;
1889 if ($result >= 0) {
1890 $TFile = $_FILES[$varfiles];
1891 // Convert value of $TFile
1892 if (!is_array($TFile['name'])) {
1893 foreach ($TFile as $key => &$val) {
1894 $val = array($val);
1895 }
1896 }
1897
1898 $nbfile = count($TFile['name']);
1899 $nbok = 0;
1900 for ($i = 0; $i < $nbfile; $i++) {
1901 if (empty($TFile['name'][$i])) {
1902 continue; // For example, when submitting a form with no file name
1903 }
1904
1905 // Define $destfull (path to file including filename) and $destfile (only filename)
1906 $destfile = trim($TFile['name'][$i]);
1907 $destfull = $upload_dir."/".$destfile;
1908 $destfilewithoutext = preg_replace('/\.[^\.]+$/', '', $destfile);
1909
1910 if ($savingdocmask && strpos($savingdocmask, $destfilewithoutext) !== 0) {
1911 $destfile = trim(preg_replace('/__file__/', $TFile['name'][$i], $savingdocmask));
1912 $destfull = $upload_dir."/".$destfile;
1913 }
1914
1915 $filenameto = basename($destfile);
1916 if (preg_match('/^\./', $filenameto)) {
1917 $langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now.
1918 setEventMessages($langs->trans("ErrorFilenameCantStartWithDot", $filenameto), null, 'errors');
1919 break;
1920 }
1921 // dol_sanitizeFileName the file name and lowercase extension
1922 $info = pathinfo($destfull);
1923 $destfull = $info['dirname'].'/'.dol_sanitizeFileName($info['filename'].($info['extension'] != '' ? ('.'.strtolower($info['extension'])) : ''));
1924 $info = pathinfo($destfile);
1925 $destfile = dol_sanitizeFileName($info['filename'].($info['extension'] != '' ? ('.'.strtolower($info['extension'])) : ''));
1926
1927 // We apply dol_string_nohtmltag also to clean file names (this remove duplicate spaces) because
1928 // this function is also applied when we rename and when we make try to download file (by the GETPOST(filename, 'alphanohtml') call).
1929 $destfile = dol_string_nohtmltag($destfile);
1930 $destfull = dol_string_nohtmltag($destfull);
1931
1932 // Check that filename is not the one of a reserved allowed CLI command
1933 global $dolibarr_main_restrict_os_commands;
1934 if (!empty($dolibarr_main_restrict_os_commands)) {
1935 $arrayofallowedcommand = explode(',', $dolibarr_main_restrict_os_commands);
1936 $arrayofallowedcommand = array_map('trim', $arrayofallowedcommand);
1937 if (in_array($destfile, $arrayofallowedcommand)) {
1938 $langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now.
1939 setEventMessages($langs->trans("ErrorFilenameReserved", $destfile), null, 'errors');
1940 return -1;
1941 }
1942 }
1943
1944 // Move file from temp directory to final directory. A .noexe may also be appended on file name.
1945 $resupload = dol_move_uploaded_file($TFile['tmp_name'][$i], $destfull, $allowoverwrite, 0, $TFile['error'][$i], 0, $varfiles, $upload_dir);
1946
1947 if (is_numeric($resupload) && $resupload > 0) { // $resupload can be 'ErrorFileAlreadyExists'
1948 include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
1949
1950 $tmparraysize = getDefaultImageSizes();
1951 $maxwidthsmall = $tmparraysize['maxwidthsmall'];
1952 $maxheightsmall = $tmparraysize['maxheightsmall'];
1953 $maxwidthmini = $tmparraysize['maxwidthmini'];
1954 $maxheightmini = $tmparraysize['maxheightmini'];
1955 //$quality = $tmparraysize['quality'];
1956 $quality = 50; // For thumbs, we force quality to 50
1957
1958 // Generate thumbs.
1959 if ($generatethumbs) {
1960 if (image_format_supported($destfull) == 1) {
1961 // Create thumbs
1962 // We can't use $object->addThumbs here because there is no $object known
1963
1964 // Used on logon for example
1965 $imgThumbSmall = vignette($destfull, $maxwidthsmall, $maxheightsmall, '_small', $quality, "thumbs");
1966 // Create mini thumbs for image (Ratio is near 16/9)
1967 // Used on menu or for setup page for example
1968 $imgThumbMini = vignette($destfull, $maxwidthmini, $maxheightmini, '_mini', $quality, "thumbs");
1969 }
1970 }
1971
1972 // Update session
1973 if (empty($updatesessionordb)) {
1974 include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
1975 $formmail = new FormMail($db);
1976 $formmail->trackid = $trackid;
1977 $formmail->add_attached_files($destfull, $destfile, $TFile['type'][$i]);
1978 }
1979
1980 // Update index table of files (llx_ecm_files)
1981 if ($updatesessionordb == 1) {
1982 $sharefile = 0;
1983 if ($TFile['type'][$i] == 'application/pdf' && strpos($_SERVER["REQUEST_URI"], 'product') !== false && getDolGlobalString('PRODUCT_ALLOW_EXTERNAL_DOWNLOAD')) {
1984 $sharefile = 1;
1985 }
1986 $result = addFileIntoDatabaseIndex($upload_dir, basename($destfile).($resupload == 2 ? '.noexe' : ''), $TFile['name'][$i], 'uploaded', $sharefile, $object);
1987 if ($result < 0) {
1988 if ($allowoverwrite) {
1989 // Do not show error message. We can have an error due to DB_ERROR_RECORD_ALREADY_EXISTS
1990 } else {
1991 setEventMessages('WarningFailedToAddFileIntoDatabaseIndex', null, 'warnings');
1992 }
1993 }
1994 }
1995
1996 $nbok++;
1997 } else {
1998 $langs->load("errors");
1999 if (is_numeric($resupload) && $resupload < 0) { // Unknown error
2000 setEventMessages($langs->trans("ErrorFileNotUploaded"), null, 'errors');
2001 } elseif (preg_match('/ErrorFileIsInfectedWithAVirus/', $resupload)) { // Files infected by a virus
2002 if (preg_match('/File is a PDF with javascript inside/', $resupload)) {
2003 setEventMessages($langs->trans("ErrorFileIsAnInfectedPDFWithJSInside"), null, 'errors');
2004 } else {
2005 setEventMessages($langs->trans("ErrorFileIsInfectedWithAVirus"), null, 'errors');
2006 }
2007 } else { // Known error
2008 setEventMessages($langs->trans($resupload), null, 'errors');
2009 }
2010 }
2011 }
2012 if ($nbok > 0) {
2013 $res = 1;
2014 setEventMessages($langs->trans("FileTransferComplete"), null, 'mesgs');
2015 }
2016 } else {
2017 setEventMessages($langs->trans("ErrorFailedToCreateDir", $upload_dir), null, 'errors');
2018 }
2019 } elseif ($link) {
2020 require_once DOL_DOCUMENT_ROOT.'/core/class/link.class.php';
2021 $linkObject = new Link($db);
2022 $linkObject->entity = $conf->entity;
2023 $linkObject->url = $link;
2024 $linkObject->objecttype = GETPOST('objecttype', 'alpha');
2025 $linkObject->objectid = GETPOSTINT('objectid');
2026 $linkObject->label = GETPOST('label', 'alpha');
2027 $res = $linkObject->create($user);
2028
2029 if ($res > 0) {
2030 setEventMessages($langs->trans("LinkComplete"), null, 'mesgs');
2031 } else {
2032 setEventMessages($langs->trans("ErrorFileNotLinked"), null, 'errors');
2033 }
2034 } else {
2035 $langs->load("errors");
2036 setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("File")), null, 'errors');
2037 }
2038
2039 return $res;
2040}
2041
2042
2054function dol_remove_file_process($filenb, $donotupdatesession = 0, $donotdeletefile = 1, $trackid = '')
2055{
2056 global $db, $user, $conf, $langs, $_FILES;
2057
2058 $keytodelete = $filenb;
2059 $keytodelete--;
2060
2061 $listofpaths = array();
2062 $listofnames = array();
2063 $listofmimes = array();
2064 $keytoavoidconflict = empty($trackid) ? '' : '-'.$trackid;
2065 if (!empty($_SESSION["listofpaths".$keytoavoidconflict])) {
2066 $listofpaths = explode(';', $_SESSION["listofpaths".$keytoavoidconflict]);
2067 }
2068 if (!empty($_SESSION["listofnames".$keytoavoidconflict])) {
2069 $listofnames = explode(';', $_SESSION["listofnames".$keytoavoidconflict]);
2070 }
2071 if (!empty($_SESSION["listofmimes".$keytoavoidconflict])) {
2072 $listofmimes = explode(';', $_SESSION["listofmimes".$keytoavoidconflict]);
2073 }
2074
2075 if ($keytodelete >= 0) {
2076 $pathtodelete = $listofpaths[$keytodelete];
2077 $filetodelete = $listofnames[$keytodelete];
2078 if (empty($donotdeletefile)) {
2079 $result = dol_delete_file($pathtodelete, 1); // The delete of ecm database is inside the function dol_delete_file
2080 } else {
2081 $result = 0;
2082 }
2083 if ($result >= 0) {
2084 if (empty($donotdeletefile)) {
2085 $langs->load("other");
2086 setEventMessages($langs->trans("FileWasRemoved", $filetodelete), null, 'mesgs');
2087 }
2088 if (empty($donotupdatesession)) {
2089 include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
2090 $formmail = new FormMail($db);
2091 $formmail->trackid = $trackid;
2092 $formmail->remove_attached_files($keytodelete);
2093 }
2094 }
2095 }
2096}
2097
2098
2112function addFileIntoDatabaseIndex($dir, $file, $fullpathorig = '', $mode = 'uploaded', $setsharekey = 0, $object = null)
2113{
2114 global $db, $user, $conf;
2115
2116 $result = 0;
2117
2118 $rel_dir = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $dir);
2119
2120 if (!preg_match('/[\\/]temp[\\/]|[\\/]thumbs|\.meta$/', $rel_dir)) { // If not a tmp dir
2121 $filename = basename(preg_replace('/\.noexe$/', '', $file));
2122 $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir);
2123 $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir);
2124
2125 include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
2126 $ecmfile = new EcmFiles($db);
2127 $ecmfile->filepath = $rel_dir;
2128 $ecmfile->filename = $filename;
2129 $ecmfile->label = md5_file(dol_osencode($dir.'/'.$file)); // MD5 of file content
2130 $ecmfile->fullpath_orig = $fullpathorig;
2131 $ecmfile->gen_or_uploaded = $mode;
2132 $ecmfile->description = ''; // indexed content
2133 $ecmfile->keywords = ''; // keyword content
2134
2135 if (is_object($object) && $object->id > 0) {
2136 $ecmfile->src_object_id = $object->id;
2137 if (isset($object->table_element)) {
2138 $ecmfile->src_object_type = $object->table_element;
2139 } else {
2140 dol_syslog('Error: object ' . get_class($object) . ' has no table_element attribute.');
2141 return -1;
2142 }
2143 if (isset($object->src_object_description)) {
2144 $ecmfile->description = $object->src_object_description;
2145 }
2146 if (isset($object->src_object_keywords)) {
2147 $ecmfile->keywords = $object->src_object_keywords;
2148 }
2149 }
2150
2151 if (getDolGlobalString('MAIN_FORCE_SHARING_ON_ANY_UPLOADED_FILE')) {
2152 $setsharekey = 1;
2153 }
2154
2155 if ($setsharekey) {
2156 require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
2157 $ecmfile->share = getRandomPassword(true);
2158 }
2159
2160 // Use a convertisser Doc to Text
2161 $useFullTextIndexation = getDolGlobalString('MAIN_USE_FULL_TEXT_INDEXATION');
2162 //$useFullTextIndexation = 1;
2163 if ($useFullTextIndexation) {
2164 $ecmfile->filepath = $rel_dir;
2165 $ecmfile->filename = $filename;
2166
2167 $filetoprocess = $dir.'/'.$ecmfile->filename;
2168
2169 $textforfulltextindex = '';
2170 $keywords = '';
2171 if (preg_match('/\.pdf/i', $filename)) {
2172 // TODO Move this into external submodule files
2173
2174 // TODO Develop a native PHP parser using sample code in https://github.com/adeel/php-pdf-parser
2175
2176 include_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php';
2177 $utils = new Utils($db);
2178 $outputfile = $conf->admin->dir_temp.'/tmppdttotext.'.$user->id.'.out'; // File used with popen method
2179
2180 // We also exclude '/temp/' dir and 'documents/admin/documents'
2181 // We make escapement here and call executeCLI without escapement because we don't want to have the '*.log' escaped.
2182 $cmd = getDolGlobalString('MAIN_USE_FULL_TEXT_INDEXATION_PDFTOTEXT', 'pdftotext')." -htmlmeta '".escapeshellcmd($filetoprocess)."' - ";
2183 $result = $utils->executeCLI($cmd, $outputfile, 0, null, 1);
2184
2185 if (!$result['error']) {
2186 $txt = $result['output'];
2187 $matches = array();
2188 if (preg_match('/<meta name="Keywords" content="([^\/]+)"\s*\/>/i', $txt, $matches)) {
2189 $keywords = $matches[1];
2190 }
2191 if (preg_match('/<pre>(.*)<\/pre>/si', $txt, $matches)) {
2192 $textforfulltextindex = dol_string_nospecial($matches[1]);
2193 }
2194 }
2195 }
2196
2197 $ecmfile->description = $textforfulltextindex;
2198 $ecmfile->keywords = $keywords;
2199 }
2200
2201 $result = $ecmfile->create($user);
2202 if ($result < 0) {
2203 dol_syslog($ecmfile->error);
2204 }
2205 }
2206
2207 return $result;
2208}
2209
2218function deleteFilesIntoDatabaseIndex($dir, $file, $mode = 'uploaded')
2219{
2220 global $conf, $db, $user;
2221
2222 $error = 0;
2223
2224 if (empty($dir)) {
2225 dol_syslog("deleteFilesIntoDatabaseIndex: dir parameter can't be empty", LOG_ERR);
2226 return -1;
2227 }
2228
2229 $db->begin();
2230
2231 $rel_dir = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $dir);
2232
2233 $filename = basename($file);
2234 $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir);
2235 $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir);
2236
2237 if (!$error) {
2238 $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'ecm_files';
2239 $sql .= ' WHERE entity = '.$conf->entity;
2240 $sql .= " AND filepath = '".$db->escape($rel_dir)."'";
2241 if ($file) {
2242 $sql .= " AND filename = '".$db->escape($file)."'";
2243 }
2244 if ($mode) {
2245 $sql .= " AND gen_or_uploaded = '".$db->escape($mode)."'";
2246 }
2247
2248 $resql = $db->query($sql);
2249 if (!$resql) {
2250 $error++;
2251 dol_syslog(__FUNCTION__.' '.$db->lasterror(), LOG_ERR);
2252 }
2253 }
2254
2255 // Commit or rollback
2256 if ($error) {
2257 $db->rollback();
2258 return -1 * $error;
2259 } else {
2260 $db->commit();
2261 return 1;
2262 }
2263}
2264
2265
2277function dol_convert_file($fileinput, $ext = 'png', $fileoutput = '', $page = '')
2278{
2279 if (class_exists('Imagick')) {
2280 $image = new Imagick();
2281 try {
2282 $filetoconvert = $fileinput.(($page != '') ? '['.$page.']' : '');
2283 //var_dump($filetoconvert);
2284 $ret = $image->readImage($filetoconvert);
2285 } catch (Exception $e) {
2286 $ext = pathinfo($fileinput, PATHINFO_EXTENSION);
2287 dol_syslog("Failed to read image using Imagick (Try to install package 'apt-get install php-imagick ghostscript' and check there is no policy to disable ".$ext." conversion in /etc/ImageMagick*/policy.xml): ".$e->getMessage(), LOG_WARNING);
2288 return 0;
2289 }
2290 if ($ret) {
2291 $ret = $image->setImageFormat($ext);
2292 if ($ret) {
2293 if (empty($fileoutput)) {
2294 $fileoutput = $fileinput.".".$ext;
2295 }
2296
2297 $count = $image->getNumberImages();
2298
2299 if (!dol_is_file($fileoutput) || is_writable($fileoutput)) {
2300 try {
2301 $ret = $image->writeImages($fileoutput, true);
2302 } catch (Exception $e) {
2303 dol_syslog($e->getMessage(), LOG_WARNING);
2304 }
2305 } else {
2306 dol_syslog("Warning: Failed to write cache preview file '.$fileoutput.'. Check permission on file/dir", LOG_ERR);
2307 }
2308 if ($ret) {
2309 return $count;
2310 } else {
2311 return -3;
2312 }
2313 } else {
2314 return -2;
2315 }
2316 } else {
2317 return -1;
2318 }
2319 } else {
2320 return 0;
2321 }
2322}
2323
2324
2336function dol_compress_file($inputfile, $outputfile, $mode = "gz", &$errorstring = null)
2337{
2338 $foundhandler = 0;
2339 //var_dump(basename($inputfile)); exit;
2340
2341 try {
2342 dol_syslog("dol_compress_file mode=".$mode." inputfile=".$inputfile." outputfile=".$outputfile);
2343
2344 $data = implode("", file(dol_osencode($inputfile)));
2345 if ($mode == 'gz' && function_exists('gzencode')) {
2346 $foundhandler = 1;
2347 $compressdata = gzencode($data, 9);
2348 } elseif ($mode == 'bz' && function_exists('bzcompress')) {
2349 $foundhandler = 1;
2350 $compressdata = bzcompress($data, 9);
2351 } elseif ($mode == 'zstd' && function_exists('zstd_compress')) {
2352 $foundhandler = 1;
2353 $compressdata = zstd_compress($data, 9);
2354 } elseif ($mode == 'zip') {
2355 if (class_exists('ZipArchive') && getDolGlobalString('MAIN_USE_ZIPARCHIVE_FOR_ZIP_COMPRESS')) {
2356 $foundhandler = 1;
2357
2358 $rootPath = realpath($inputfile);
2359
2360 dol_syslog("Class ZipArchive is set so we zip using ZipArchive to zip into ".$outputfile.' rootPath='.$rootPath);
2361 $zip = new ZipArchive();
2362
2363 if ($zip->open($outputfile, ZipArchive::CREATE) !== true) {
2364 $errorstring = "dol_compress_file failure - Failed to open file ".$outputfile."\n";
2365 dol_syslog($errorstring, LOG_ERR);
2366
2367 global $errormsg;
2368 $errormsg = $errorstring;
2369
2370 return -6;
2371 }
2372
2373 // Create recursive directory iterator
2375 $files = new RecursiveIteratorIterator(
2376 new RecursiveDirectoryIterator($rootPath, FilesystemIterator::UNIX_PATHS),
2377 RecursiveIteratorIterator::LEAVES_ONLY
2378 );
2379
2380 foreach ($files as $name => $file) {
2381 // Skip directories (they would be added automatically)
2382 if (!$file->isDir()) {
2383 // Get real and relative path for current file
2384 $filePath = $file->getPath(); // the full path with filename using the $inputdir root.
2385 $fileName = $file->getFilename();
2386 $fileFullRealPath = $file->getRealPath(); // the full path with name and transformed to use real path directory.
2387
2388 //$relativePath = substr($fileFullRealPath, strlen($rootPath) + 1);
2389 $relativePath = substr(($filePath ? $filePath.'/' : '').$fileName, strlen($rootPath) + 1);
2390
2391 // Add current file to archive
2392 $zip->addFile($fileFullRealPath, $relativePath);
2393 }
2394 }
2395
2396 // Zip archive will be created only after closing object
2397 $zip->close();
2398
2399 dol_syslog("dol_compress_file success - ".$zip->numFiles." files");
2400 return 1;
2401 }
2402
2403 if (defined('ODTPHP_PATHTOPCLZIP')) {
2404 $foundhandler = 1;
2405
2406 include_once ODTPHP_PATHTOPCLZIP.'/pclzip.lib.php';
2407 $archive = new PclZip($outputfile);
2408
2409 $result = $archive->add($inputfile, PCLZIP_OPT_REMOVE_PATH, dirname($inputfile));
2410
2411 if ($result === 0) {
2412 global $errormsg;
2413 $errormsg = $archive->errorInfo(true);
2414
2415 if ($archive->errorCode() == PCLZIP_ERR_WRITE_OPEN_FAIL) {
2416 $errorstring = "PCLZIP_ERR_WRITE_OPEN_FAIL";
2417 dol_syslog("dol_compress_file error - archive->errorCode() = PCLZIP_ERR_WRITE_OPEN_FAIL", LOG_ERR);
2418 return -4;
2419 }
2420
2421 $errorstring = "dol_compress_file error archive->errorCode = ".$archive->errorCode()." errormsg=".$errormsg;
2422 dol_syslog("dol_compress_file failure - ".$errormsg, LOG_ERR);
2423 return -3;
2424 } else {
2425 dol_syslog("dol_compress_file success - ".count($result)." files");
2426 return 1;
2427 }
2428 }
2429 }
2430
2431 if ($foundhandler) {
2432 $fp = fopen($outputfile, "w");
2433 fwrite($fp, $compressdata);
2434 fclose($fp);
2435 return 1;
2436 } else {
2437 $errorstring = "Try to zip with format ".$mode." with no handler for this format";
2438 dol_syslog($errorstring, LOG_ERR);
2439
2440 global $errormsg;
2441 $errormsg = $errorstring;
2442 return -2;
2443 }
2444 } catch (Exception $e) {
2445 global $langs, $errormsg;
2446 $langs->load("errors");
2447 $errormsg = $langs->trans("ErrorFailedToWriteInDir");
2448
2449 $errorstring = "Failed to open file ".$outputfile;
2450 dol_syslog($errorstring, LOG_ERR);
2451 return -1;
2452 }
2453}
2454
2463function dol_uncompress($inputfile, $outputdir)
2464{
2465 global $langs, $db;
2466
2467 $fileinfo = pathinfo($inputfile);
2468 $fileinfo["extension"] = strtolower($fileinfo["extension"]);
2469
2470 if ($fileinfo["extension"] == "zip") {
2471 if (defined('ODTPHP_PATHTOPCLZIP') && !getDolGlobalString('MAIN_USE_ZIPARCHIVE_FOR_ZIP_UNCOMPRESS')) {
2472 dol_syslog("Constant ODTPHP_PATHTOPCLZIP for pclzip library is set to ".ODTPHP_PATHTOPCLZIP.", so we use Pclzip to unzip into ".$outputdir);
2473 include_once ODTPHP_PATHTOPCLZIP.'/pclzip.lib.php';
2474 $archive = new PclZip($inputfile);
2475
2476 // We create output dir manually, so it uses the correct permission (When created by the archive->extract, dir is rwx for everybody).
2477 dol_mkdir(dol_sanitizePathName($outputdir));
2478
2479 try {
2480 // Extract into outputdir, but only files that match the regex '/^((?!\.\.).)*$/' that means "does not include .."
2481 $result = $archive->extract(PCLZIP_OPT_PATH, $outputdir, PCLZIP_OPT_BY_PREG, '/^((?!\.\.).)*$/');
2482 } catch (Exception $e) {
2483 return array('error' => $e->getMessage());
2484 }
2485
2486 if (!is_array($result) && $result <= 0) {
2487 return array('error' => $archive->errorInfo(true));
2488 } else {
2489 $ok = 1;
2490 $errmsg = '';
2491 // Loop on each file to check result for unzipping file
2492 foreach ($result as $key => $val) {
2493 if ($val['status'] == 'path_creation_fail') {
2494 $langs->load("errors");
2495 $ok = 0;
2496 $errmsg = $langs->trans("ErrorFailToCreateDir", $val['filename']);
2497 break;
2498 }
2499 if ($val['status'] == 'write_protected') {
2500 $langs->load("errors");
2501 $ok = 0;
2502 $errmsg = $langs->trans("ErrorFailToCreateFile", $val['filename']);
2503 break;
2504 }
2505 }
2506
2507 if ($ok) {
2508 return array();
2509 } else {
2510 return array('error' => $errmsg);
2511 }
2512 }
2513 }
2514
2515 if (class_exists('ZipArchive')) { // Must install php-zip to have it
2516 dol_syslog("Class ZipArchive is set so we unzip using ZipArchive to unzip into ".$outputdir);
2517 $zip = new ZipArchive();
2518 $res = $zip->open($inputfile);
2519 if ($res === true) {
2520 //$zip->extractTo($outputdir.'/');
2521 // We must extract one file at time so we can check that file name does not contain '..' to avoid transversal path of zip built for example using
2522 // python3 path_traversal_archiver.py <Created_file_name> test.zip -l 10 -p tmp/
2523 // with -l is the range of dot to go back in path.
2524 // and path_traversal_archiver.py found at https://github.com/Alamot/code-snippets/blob/master/path_traversal/path_traversal_archiver.py
2525 for ($i = 0; $i < $zip->numFiles; $i++) {
2526 if (preg_match('/\.\./', $zip->getNameIndex($i))) {
2527 dol_syslog("Warning: Try to unzip a file with a transversal path ".$zip->getNameIndex($i), LOG_WARNING);
2528 continue; // Discard the file
2529 }
2530 $zip->extractTo($outputdir.'/', array($zip->getNameIndex($i)));
2531 }
2532
2533 $zip->close();
2534 return array();
2535 } else {
2536 return array('error' => 'ErrUnzipFails');
2537 }
2538 }
2539
2540 return array('error' => 'ErrNoZipEngine');
2541 } elseif (in_array($fileinfo["extension"], array('gz', 'bz2', 'zst'))) {
2542 include_once DOL_DOCUMENT_ROOT."/core/class/utils.class.php";
2543 $utils = new Utils($db);
2544
2545 dol_mkdir(dol_sanitizePathName($outputdir));
2546 $outputfilename = escapeshellcmd(dol_sanitizePathName($outputdir).'/'.dol_sanitizeFileName($fileinfo["filename"]));
2547 dol_delete_file($outputfilename.'.tmp');
2548 dol_delete_file($outputfilename.'.err');
2549
2550 $extension = strtolower(pathinfo($fileinfo["filename"], PATHINFO_EXTENSION));
2551 if ($extension == "tar") {
2552 $cmd = 'tar -C '.escapeshellcmd(dol_sanitizePathName($outputdir)).' -xvf '.escapeshellcmd(dol_sanitizePathName($fileinfo["dirname"]).'/'.dol_sanitizeFileName($fileinfo["basename"]));
2553
2554 $resarray = $utils->executeCLI($cmd, $outputfilename.'.tmp', 0, $outputfilename.'.err', 0);
2555 if ($resarray["result"] != 0) {
2556 $resarray["error"] .= file_get_contents($outputfilename.'.err');
2557 }
2558 } else {
2559 $program = "";
2560 if ($fileinfo["extension"] == "gz") {
2561 $program = 'gzip';
2562 } elseif ($fileinfo["extension"] == "bz2") {
2563 $program = 'bzip2';
2564 } elseif ($fileinfo["extension"] == "zst") {
2565 $program = 'zstd';
2566 } else {
2567 return array('error' => 'ErrorBadFileExtension');
2568 }
2569 $cmd = $program.' -dc '.escapeshellcmd(dol_sanitizePathName($fileinfo["dirname"]).'/'.dol_sanitizeFileName($fileinfo["basename"]));
2570 $cmd .= ' > '.$outputfilename;
2571
2572 $resarray = $utils->executeCLI($cmd, $outputfilename.'.tmp', 0, null, 1, $outputfilename.'.err');
2573 if ($resarray["result"] != 0) {
2574 $errfilecontent = @file_get_contents($outputfilename.'.err');
2575 if ($errfilecontent) {
2576 $resarray["error"] .= " - ".$errfilecontent;
2577 }
2578 }
2579 }
2580 return $resarray["result"] != 0 ? array('error' => $resarray["error"]) : array();
2581 }
2582
2583 return array('error' => 'ErrorBadFileExtension');
2584}
2585
2586
2599function dol_compress_dir($inputdir, $outputfile, $mode = "zip", $excludefiles = '', $rootdirinzip = '', $newmask = '0')
2600{
2601 $foundhandler = 0;
2602
2603 dol_syslog("Try to zip dir ".$inputdir." into ".$outputfile." mode=".$mode);
2604
2605 if (!dol_is_dir(dirname($outputfile)) || !is_writable(dirname($outputfile))) {
2606 global $langs, $errormsg;
2607 $langs->load("errors");
2608 $errormsg = $langs->trans("ErrorFailedToWriteInDir", $outputfile);
2609 return -3;
2610 }
2611
2612 try {
2613 if ($mode == 'gz') {
2614 $foundhandler = 0;
2615 } elseif ($mode == 'bz') {
2616 $foundhandler = 0;
2617 } elseif ($mode == 'zip') {
2618 /*if (defined('ODTPHP_PATHTOPCLZIP'))
2619 {
2620 $foundhandler=0; // TODO implement this
2621
2622 include_once ODTPHP_PATHTOPCLZIP.'/pclzip.lib.php';
2623 $archive = new PclZip($outputfile);
2624 $archive->add($inputfile, PCLZIP_OPT_REMOVE_PATH, dirname($inputfile));
2625 //$archive->add($inputfile);
2626 return 1;
2627 }
2628 else*/
2629 //if (class_exists('ZipArchive') && !empty($conf->global->MAIN_USE_ZIPARCHIVE_FOR_ZIP_COMPRESS))
2630
2631 if (class_exists('ZipArchive')) {
2632 $foundhandler = 1;
2633
2634 // Initialize archive object
2635 $zip = new ZipArchive();
2636 $result = $zip->open($outputfile, ZipArchive::CREATE | ZipArchive::OVERWRITE);
2637 if ($result !== true) {
2638 global $langs, $errormsg;
2639 $langs->load("errors");
2640 $errormsg = $langs->trans("ErrorFailedToBuildArchive", $outputfile);
2641 return -4;
2642 }
2643
2644 // Create recursive directory iterator
2645 // This does not return symbolic links
2647 $files = new RecursiveIteratorIterator(
2648 new RecursiveDirectoryIterator($inputdir, FilesystemIterator::UNIX_PATHS),
2649 RecursiveIteratorIterator::LEAVES_ONLY
2650 );
2651
2652 //var_dump($inputdir);
2653 foreach ($files as $name => $file) {
2654 // Skip directories (they would be added automatically)
2655 if (!$file->isDir()) {
2656 // Get real and relative path for current file
2657 $filePath = $file->getPath(); // the full path with filename using the $inputdir root.
2658 $fileName = $file->getFilename();
2659 $fileFullRealPath = $file->getRealPath(); // the full path with name and transformed to use real path directory.
2660
2661 //$relativePath = ($rootdirinzip ? $rootdirinzip.'/' : '').substr($fileFullRealPath, strlen($inputdir) + 1);
2662 $relativePath = ($rootdirinzip ? $rootdirinzip.'/' : '').substr(($filePath ? $filePath.'/' : '').$fileName, strlen($inputdir) + 1);
2663
2664 //var_dump($filePath);var_dump($fileFullRealPath);var_dump($relativePath);
2665 if (empty($excludefiles) || !preg_match($excludefiles, $fileFullRealPath)) {
2666 // Add current file to archive
2667 $zip->addFile($fileFullRealPath, $relativePath);
2668 }
2669 }
2670 }
2671
2672 // Zip archive will be created only after closing object
2673 $zip->close();
2674
2675 if (empty($newmask) && getDolGlobalString('MAIN_UMASK')) {
2676 $newmask = getDolGlobalString('MAIN_UMASK');
2677 }
2678 if (empty($newmask)) { // This should no happen
2679 dol_syslog("Warning: dol_copy called with empty value for newmask and no default value defined", LOG_WARNING);
2680 $newmask = '0664';
2681 }
2682
2683 dolChmod($outputfile, $newmask);
2684
2685 return 1;
2686 }
2687 }
2688
2689 if (!$foundhandler) {
2690 dol_syslog("Try to zip with format ".$mode." with no handler for this format", LOG_ERR);
2691 return -2;
2692 } else {
2693 return 0;
2694 }
2695 } catch (Exception $e) {
2696 global $langs, $errormsg;
2697 $langs->load("errors");
2698 dol_syslog("Failed to open file ".$outputfile, LOG_ERR);
2699 dol_syslog($e->getMessage(), LOG_ERR);
2700 $errormsg = $langs->trans("ErrorFailedToBuildArchive", $outputfile).' - '.$e->getMessage();
2701 return -1;
2702 }
2703}
2704
2705
2706
2717function dol_most_recent_file($dir, $regexfilter = '', $excludefilter = array('(\.meta|_preview.*\.png)$', '^\.'), $nohook = 0, $mode = 0)
2718{
2719 $tmparray = dol_dir_list($dir, 'files', 0, $regexfilter, $excludefilter, 'date', SORT_DESC, $mode, $nohook);
2720 return isset($tmparray[0]) ? $tmparray[0] : null;
2721}
2722
2736function dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser = null, $refname = '', $mode = 'read')
2737{
2738 global $conf, $db, $user, $hookmanager;
2739 global $dolibarr_main_data_root, $dolibarr_main_document_root_alt;
2740 global $object;
2741
2742 if (!is_object($fuser)) {
2743 $fuser = $user;
2744 }
2745
2746 if (empty($modulepart)) {
2747 return 'ErrorBadParameter';
2748 }
2749 if (empty($entity)) {
2750 if (!isModEnabled('multicompany')) {
2751 $entity = 1;
2752 } else {
2753 $entity = 0;
2754 }
2755 }
2756 // Fix modulepart for backward compatibility
2757 if ($modulepart == 'facture') {
2758 $modulepart = 'invoice';
2759 } elseif ($modulepart == 'users') {
2760 $modulepart = 'user';
2761 } elseif ($modulepart == 'tva') {
2762 $modulepart = 'tax-vat';
2763 } elseif ($modulepart == 'expedition' && strpos($original_file, 'receipt/') === 0) {
2764 // Fix modulepart delivery
2765 $modulepart = 'delivery';
2766 }
2767
2768 //print 'dol_check_secure_access_document modulepart='.$modulepart.' original_file='.$original_file.' entity='.$entity;
2769 dol_syslog('dol_check_secure_access_document modulepart='.$modulepart.' original_file='.$original_file.' entity='.$entity);
2770
2771 // We define $accessallowed and $sqlprotectagainstexternals
2772 $accessallowed = 0;
2773 $sqlprotectagainstexternals = '';
2774 $ret = array();
2775
2776 // Find the subdirectory name as the reference. For example original_file='10/myfile.pdf' -> refname='10'
2777 if (empty($refname)) {
2778 $refname = basename(dirname($original_file)."/");
2779 if ($refname == 'thumbs' || $refname == 'temp') {
2780 // If we get the thumbs directory, we must go one step higher. For example original_file='10/thumbs/myfile_small.jpg' -> refname='10'
2781 $refname = basename(dirname(dirname($original_file))."/");
2782 }
2783 }
2784
2785 // Define possible keys to use for permission check
2786 $lire = 'lire';
2787 $read = 'read';
2788 $download = 'download';
2789 if ($mode == 'write') {
2790 $lire = 'creer';
2791 $read = 'write';
2792 $download = 'upload';
2793 }
2794
2795 // Wrapping for miscellaneous medias files
2796 if ($modulepart == 'common') {
2797 // Wrapping for some images
2798 $accessallowed = 1;
2799 $original_file = DOL_DOCUMENT_ROOT.'/public/theme/common/'.$original_file;
2800 } elseif ($modulepart == 'medias' && !empty($dolibarr_main_data_root)) {
2801 if (empty($entity) || empty($conf->medias->multidir_output[$entity])) {
2802 return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
2803 }
2804 $accessallowed = 1;
2805 $original_file = $conf->medias->multidir_output[$entity].'/'.$original_file;
2806 } elseif ($modulepart == 'logs' && !empty($dolibarr_main_data_root)) {
2807 // Wrapping for *.log files, like when used with url http://.../document.php?modulepart=logs&file=dolibarr.log
2808 $accessallowed = ($user->admin && basename($original_file) == $original_file && preg_match('/^dolibarr.*\.(log|json)$/', basename($original_file)));
2809 $original_file = $dolibarr_main_data_root.'/'.$original_file;
2810 } elseif ($modulepart == 'doctemplates' && !empty($dolibarr_main_data_root)) {
2811 // Wrapping for doctemplates
2812 $accessallowed = $user->admin;
2813 $original_file = $dolibarr_main_data_root.'/doctemplates/'.$original_file;
2814 } elseif ($modulepart == 'doctemplateswebsite' && !empty($dolibarr_main_data_root)) {
2815 // Wrapping for doctemplates of websites
2816 $accessallowed = ($fuser->hasRight('website', 'write') && preg_match('/\.jpg$/i', basename($original_file)));
2817 $original_file = $dolibarr_main_data_root.'/doctemplates/websites/'.$original_file;
2818 } elseif ($modulepart == 'packages' && !empty($dolibarr_main_data_root)) { // To download zip of modules
2819 // Wrapping for *.zip package files, like when used with url http://.../document.php?modulepart=packages&file=module_myfile.zip
2820 // Dir for custom dirs
2821 $tmp = explode(',', $dolibarr_main_document_root_alt);
2822 $dirins = $tmp[0];
2823
2824 $accessallowed = ($user->admin && preg_match('/^module_.*\.zip$/', basename($original_file)));
2825 $original_file = $dirins.'/'.$original_file;
2826 } elseif ($modulepart == 'mycompany' && !empty($conf->mycompany->dir_output)) {
2827 // Wrapping for some images
2828 $accessallowed = 1;
2829 $original_file = $conf->mycompany->dir_output.'/'.$original_file;
2830 } elseif ($modulepart == 'userphoto' && !empty($conf->user->dir_output)) {
2831 // Wrapping for users photos (user photos are allowed to any connected users)
2832 $accessallowed = 0;
2833 if (preg_match('/^\d+\/photos\//', $original_file)) {
2834 $accessallowed = 1;
2835 }
2836 $original_file = $conf->user->dir_output.'/'.$original_file;
2837 } elseif ($modulepart == 'userphotopublic' && !empty($conf->user->dir_output)) {
2838 // Wrapping for users photos that were set to public (for virtual credit card) by their owner (public user photos can be read
2839 // with the public link and securekey)
2840 $accessok = false;
2841 $reg = array();
2842 if (preg_match('/^(\d+)\/photos\//', $original_file, $reg)) {
2843 if ($reg[1]) {
2844 $tmpobject = new User($db);
2845 $tmpobject->fetch($reg[1], '', '', 1);
2846 if (getDolUserInt('USER_ENABLE_PUBLIC', 0, $tmpobject)) {
2847 $securekey = GETPOST('securekey', 'alpha', 1);
2848 // Security check
2849 global $dolibarr_main_cookie_cryptkey, $dolibarr_main_instance_unique_id;
2850 $valuetouse = $dolibarr_main_instance_unique_id ? $dolibarr_main_instance_unique_id : $dolibarr_main_cookie_cryptkey; // Use $dolibarr_main_instance_unique_id first then $dolibarr_main_cookie_cryptkey
2851 $encodedsecurekey = dol_hash($valuetouse.'uservirtualcard'.$tmpobject->id.'-'.$tmpobject->login, 'md5');
2852 if ($encodedsecurekey == $securekey) {
2853 $accessok = true;
2854 }
2855 }
2856 }
2857 }
2858 if ($accessok) {
2859 $accessallowed = 1;
2860 }
2861 $original_file = $conf->user->dir_output.'/'.$original_file;
2862 } elseif (($modulepart == 'companylogo') && !empty($conf->mycompany->dir_output)) {
2863 // Wrapping for company logos (company logos are allowed to anyboby, they are public)
2864 $accessallowed = 1;
2865 $original_file = $conf->mycompany->dir_output.'/logos/'.$original_file;
2866 } elseif ($modulepart == 'memberphoto' && !empty($conf->member->dir_output)) {
2867 // Wrapping for members photos
2868 $accessallowed = 0;
2869 if (preg_match('/^\d+\/photos\//', $original_file)) {
2870 $accessallowed = 1;
2871 }
2872 $original_file = $conf->member->dir_output.'/'.$original_file;
2873 } elseif ($modulepart == 'apercufacture' && !empty($conf->invoice->multidir_output[$entity])) {
2874 // Wrapping for invoices (user need permission to read invoices)
2875 if ($fuser->hasRight('facture', $lire)) {
2876 $accessallowed = 1;
2877 }
2878 $original_file = $conf->invoice->multidir_output[$entity].'/'.$original_file;
2879 } elseif ($modulepart == 'apercupropal' && !empty($conf->propal->multidir_output[$entity])) {
2880 // Wrapping pour les apercu propal
2881 if ($fuser->hasRight('propal', $lire)) {
2882 $accessallowed = 1;
2883 }
2884 $original_file = $conf->propal->multidir_output[$entity].'/'.$original_file;
2885 } elseif ($modulepart == 'apercucommande' && !empty($conf->order->multidir_output[$entity])) {
2886 // Wrapping pour les apercu commande
2887 if ($fuser->hasRight('commande', $lire)) {
2888 $accessallowed = 1;
2889 }
2890 $original_file = $conf->order->multidir_output[$entity].'/'.$original_file;
2891 } elseif (($modulepart == 'apercufichinter' || $modulepart == 'apercuficheinter') && !empty($conf->ficheinter->dir_output)) {
2892 // Wrapping pour les apercu intervention
2893 if ($fuser->hasRight('ficheinter', $lire)) {
2894 $accessallowed = 1;
2895 }
2896 $original_file = $conf->ficheinter->dir_output.'/'.$original_file;
2897 } elseif (($modulepart == 'apercucontract') && !empty($conf->contract->multidir_output[$entity])) {
2898 // Wrapping pour les apercu contrat
2899 if ($fuser->hasRight('contrat', $lire)) {
2900 $accessallowed = 1;
2901 }
2902 $original_file = $conf->contract->multidir_output[$entity].'/'.$original_file;
2903 } elseif (($modulepart == 'apercusupplier_proposal' || $modulepart == 'apercusupplier_proposal') && !empty($conf->supplier_proposal->dir_output)) {
2904 // Wrapping pour les apercu supplier proposal
2905 if ($fuser->hasRight('supplier_proposal', $lire)) {
2906 $accessallowed = 1;
2907 }
2908 $original_file = $conf->supplier_proposal->dir_output.'/'.$original_file;
2909 } elseif (($modulepart == 'apercusupplier_order' || $modulepart == 'apercusupplier_order') && !empty($conf->fournisseur->commande->dir_output)) {
2910 // Wrapping pour les apercu supplier order
2911 if ($fuser->hasRight('fournisseur', 'commande', $lire)) {
2912 $accessallowed = 1;
2913 }
2914 $original_file = $conf->fournisseur->commande->dir_output.'/'.$original_file;
2915 } elseif (($modulepart == 'apercusupplier_invoice' || $modulepart == 'apercusupplier_invoice') && !empty($conf->fournisseur->facture->dir_output)) {
2916 // Wrapping pour les apercu supplier invoice
2917 if ($fuser->hasRight('fournisseur', $lire)) {
2918 $accessallowed = 1;
2919 }
2920 $original_file = $conf->fournisseur->facture->dir_output.'/'.$original_file;
2921 } elseif (($modulepart == 'holiday') && !empty($conf->holiday->dir_output)) {
2922 if ($fuser->hasRight('holiday', $read) || $fuser->hasRight('holiday', 'readall') || preg_match('/^specimen/i', $original_file)) {
2923 $accessallowed = 1;
2924 // If we known $id of holiday, call checkUserAccessToObject to check permission on properties and hierarchy of leave request
2925 if ($refname && !$fuser->hasRight('holiday', 'readall') && !preg_match('/^specimen/i', $original_file)) {
2926 include_once DOL_DOCUMENT_ROOT.'/holiday/class/holiday.class.php';
2927 $tmpholiday = new Holiday($db);
2928 $tmpholiday->fetch('', $refname);
2929 $accessallowed = checkUserAccessToObject($user, array('holiday'), $tmpholiday, 'holiday', '', '', 'rowid', '');
2930 }
2931 }
2932 $original_file = $conf->holiday->dir_output.'/'.$original_file;
2933 } elseif (($modulepart == 'expensereport') && !empty($conf->expensereport->dir_output)) {
2934 if ($fuser->hasRight('expensereport', $lire) || $fuser->hasRight('expensereport', 'readall') || preg_match('/^specimen/i', $original_file)) {
2935 $accessallowed = 1;
2936 // If we known $id of expensereport, call checkUserAccessToObject to check permission on properties and hierarchy of expense report
2937 if ($refname && !$fuser->hasRight('expensereport', 'readall') && !preg_match('/^specimen/i', $original_file)) {
2938 include_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
2939 $tmpexpensereport = new ExpenseReport($db);
2940 $tmpexpensereport->fetch('', $refname);
2941 $accessallowed = checkUserAccessToObject($user, array('expensereport'), $tmpexpensereport, 'expensereport', '', '', 'rowid', '');
2942 }
2943 }
2944 $original_file = $conf->expensereport->dir_output.'/'.$original_file;
2945 } elseif (($modulepart == 'apercuexpensereport') && !empty($conf->expensereport->dir_output)) {
2946 // Wrapping pour les apercu expense report
2947 if ($fuser->hasRight('expensereport', $lire)) {
2948 $accessallowed = 1;
2949 }
2950 $original_file = $conf->expensereport->dir_output.'/'.$original_file;
2951 } elseif ($modulepart == 'propalstats' && !empty($conf->propal->multidir_temp[$entity])) {
2952 // Wrapping pour les images des stats propales
2953 if ($fuser->hasRight('propal', $lire)) {
2954 $accessallowed = 1;
2955 }
2956 $original_file = $conf->propal->multidir_temp[$entity].'/'.$original_file;
2957 } elseif ($modulepart == 'orderstats' && !empty($conf->order->dir_temp)) {
2958 // Wrapping pour les images des stats commandes
2959 if ($fuser->hasRight('commande', $lire)) {
2960 $accessallowed = 1;
2961 }
2962 $original_file = $conf->order->dir_temp.'/'.$original_file;
2963 } elseif ($modulepart == 'orderstatssupplier' && !empty($conf->fournisseur->dir_output)) {
2964 if ($fuser->hasRight('fournisseur', 'commande', $lire)) {
2965 $accessallowed = 1;
2966 }
2967 $original_file = $conf->fournisseur->commande->dir_temp.'/'.$original_file;
2968 } elseif ($modulepart == 'billstats' && !empty($conf->invoice->dir_temp)) {
2969 // Wrapping pour les images des stats factures
2970 if ($fuser->hasRight('facture', $lire)) {
2971 $accessallowed = 1;
2972 }
2973 $original_file = $conf->invoice->dir_temp.'/'.$original_file;
2974 } elseif ($modulepart == 'billstatssupplier' && !empty($conf->fournisseur->dir_output)) {
2975 if ($fuser->hasRight('fournisseur', 'facture', $lire)) {
2976 $accessallowed = 1;
2977 }
2978 $original_file = $conf->fournisseur->facture->dir_temp.'/'.$original_file;
2979 } elseif ($modulepart == 'expeditionstats' && !empty($conf->expedition->dir_temp)) {
2980 // Wrapping pour les images des stats expeditions
2981 if ($fuser->hasRight('expedition', $lire)) {
2982 $accessallowed = 1;
2983 }
2984 $original_file = $conf->expedition->dir_temp.'/'.$original_file;
2985 } elseif ($modulepart == 'tripsexpensesstats' && !empty($conf->deplacement->dir_temp)) {
2986 // Wrapping pour les images des stats expeditions
2987 if ($fuser->hasRight('deplacement', $lire)) {
2988 $accessallowed = 1;
2989 }
2990 $original_file = $conf->deplacement->dir_temp.'/'.$original_file;
2991 } elseif ($modulepart == 'memberstats' && !empty($conf->member->dir_temp)) {
2992 // Wrapping pour les images des stats expeditions
2993 if ($fuser->hasRight('adherent', $lire)) {
2994 $accessallowed = 1;
2995 }
2996 $original_file = $conf->member->dir_temp.'/'.$original_file;
2997 } elseif (preg_match('/^productstats_/i', $modulepart) && !empty($conf->product->dir_temp)) {
2998 // Wrapping pour les images des stats produits
2999 if ($fuser->hasRight('produit', $lire) || $fuser->hasRight('service', $lire)) {
3000 $accessallowed = 1;
3001 }
3002 $original_file = (!empty($conf->product->multidir_temp[$entity]) ? $conf->product->multidir_temp[$entity] : $conf->service->multidir_temp[$entity]).'/'.$original_file;
3003 } elseif (in_array($modulepart, array('tax', 'tax-vat', 'tva')) && !empty($conf->tax->dir_output)) {
3004 // Wrapping for taxes
3005 if ($fuser->hasRight('tax', 'charges', $lire)) {
3006 $accessallowed = 1;
3007 }
3008 $modulepartsuffix = str_replace('tax-', '', $modulepart);
3009 $original_file = $conf->tax->dir_output.'/'.($modulepartsuffix != 'tax' ? $modulepartsuffix.'/' : '').$original_file;
3010 } elseif ($modulepart == 'actions' && !empty($conf->agenda->dir_output)) {
3011 // Wrapping for events
3012 if ($fuser->hasRight('agenda', 'myactions', $read)) {
3013 $accessallowed = 1;
3014 // If we known $id of project, call checkUserAccessToObject to check permission on the given agenda event on properties and assigned users
3015 if ($refname && !preg_match('/^specimen/i', $original_file)) {
3016 include_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
3017 $tmpobject = new ActionComm($db);
3018 $tmpobject->fetch((int) $refname);
3019 $accessallowed = checkUserAccessToObject($user, array('agenda'), $tmpobject->id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id', '');
3020 if ($user->socid && $tmpobject->socid) {
3021 $accessallowed = checkUserAccessToObject($user, array('societe'), $tmpobject->socid);
3022 }
3023 }
3024 }
3025 $original_file = $conf->agenda->dir_output.'/'.$original_file;
3026 } elseif ($modulepart == 'category' && !empty($conf->categorie->multidir_output[$entity])) {
3027 // Wrapping for categories (categories are allowed if user has permission to read categories or to work on TakePos)
3028 if (empty($entity) || empty($conf->categorie->multidir_output[$entity])) {
3029 return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
3030 }
3031 if ($fuser->hasRight("categorie", $lire) || $fuser->hasRight("takepos", "run")) {
3032 $accessallowed = 1;
3033 }
3034 $original_file = $conf->categorie->multidir_output[$entity].'/'.$original_file;
3035 } elseif ($modulepart == 'prelevement' && !empty($conf->prelevement->dir_output)) {
3036 // Wrapping pour les prelevements
3037 if ($fuser->hasRight('prelevement', 'bons', $lire) || preg_match('/^specimen/i', $original_file)) {
3038 $accessallowed = 1;
3039 }
3040 $original_file = $conf->prelevement->dir_output.'/'.$original_file;
3041 } elseif ($modulepart == 'graph_stock' && !empty($conf->stock->dir_temp)) {
3042 // Wrapping pour les graph energie
3043 $accessallowed = 1;
3044 $original_file = $conf->stock->dir_temp.'/'.$original_file;
3045 } elseif ($modulepart == 'graph_fourn' && !empty($conf->fournisseur->dir_temp)) {
3046 // Wrapping pour les graph fournisseurs
3047 $accessallowed = 1;
3048 $original_file = $conf->fournisseur->dir_temp.'/'.$original_file;
3049 } elseif ($modulepart == 'graph_product' && !empty($conf->product->dir_temp)) {
3050 // Wrapping pour les graph des produits
3051 $accessallowed = 1;
3052 $original_file = $conf->product->multidir_temp[$entity].'/'.$original_file;
3053 } elseif ($modulepart == 'barcode') {
3054 // Wrapping pour les code barre
3055 $accessallowed = 1;
3056 // If viewimage is called for barcode, we try to output an image on the fly, with no build of file on disk.
3057 //$original_file=$conf->barcode->dir_temp.'/'.$original_file;
3058 $original_file = '';
3059 } elseif ($modulepart == 'iconmailing' && !empty($conf->mailing->dir_temp)) {
3060 // Wrapping for icon of background of mailings
3061 $accessallowed = 1;
3062 $original_file = $conf->mailing->dir_temp.'/'.$original_file;
3063 } elseif ($modulepart == 'scanner_user_temp' && !empty($conf->scanner->dir_temp)) {
3064 // Wrapping pour le scanner
3065 $accessallowed = 1;
3066 $original_file = $conf->scanner->dir_temp.'/'.$fuser->id.'/'.$original_file;
3067 } elseif ($modulepart == 'fckeditor' && !empty($conf->fckeditor->dir_output)) {
3068 // Wrapping pour les images fckeditor
3069 $accessallowed = 1;
3070 $original_file = $conf->fckeditor->dir_output.'/'.$original_file;
3071 } elseif ($modulepart == 'user' && !empty($conf->user->dir_output)) {
3072 // Wrapping for users
3073 $canreaduser = (!empty($fuser->admin) || $fuser->rights->user->user->{$lire});
3074 if ($fuser->id == (int) $refname) {
3075 $canreaduser = 1;
3076 } // A user can always read its own card
3077 if ($canreaduser || preg_match('/^specimen/i', $original_file)) {
3078 $accessallowed = 1;
3079 }
3080 $original_file = $conf->user->dir_output.'/'.$original_file;
3081 } elseif (($modulepart == 'company' || $modulepart == 'societe' || $modulepart == 'thirdparty') && !empty($conf->societe->multidir_output[$entity])) {
3082 // Wrapping for third parties
3083 if (empty($entity) || empty($conf->societe->multidir_output[$entity])) {
3084 return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
3085 }
3086 if ($fuser->hasRight('societe', $lire) || preg_match('/^specimen/i', $original_file)) {
3087 $accessallowed = 1;
3088 }
3089 $original_file = $conf->societe->multidir_output[$entity].'/'.$original_file;
3090 $sqlprotectagainstexternals = "SELECT rowid as fk_soc FROM ".MAIN_DB_PREFIX."societe WHERE rowid='".$db->escape($refname)."' AND entity IN (".getEntity('societe').")";
3091 } elseif ($modulepart == 'contact' && !empty($conf->societe->multidir_output[$entity])) {
3092 // Wrapping for contact
3093 if (empty($entity) || empty($conf->societe->multidir_output[$entity])) {
3094 return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
3095 }
3096 if ($fuser->hasRight('societe', $lire)) {
3097 $accessallowed = 1;
3098 }
3099 $original_file = $conf->societe->multidir_output[$entity].'/contact/'.$original_file;
3100 } elseif (($modulepart == 'facture' || $modulepart == 'invoice') && !empty($conf->invoice->multidir_output[$entity])) {
3101 // Wrapping for invoices
3102 if ($fuser->hasRight('facture', $lire) || preg_match('/^specimen/i', $original_file)) {
3103 $accessallowed = 1;
3104 }
3105 $original_file = $conf->invoice->multidir_output[$entity].'/'.$original_file;
3106 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('invoice').")";
3107 } elseif ($modulepart == 'massfilesarea_proposals' && !empty($conf->propal->multidir_output[$entity])) {
3108 // Wrapping for mass actions
3109 if ($fuser->hasRight('propal', $lire) || preg_match('/^specimen/i', $original_file)) {
3110 $accessallowed = 1;
3111 }
3112 $original_file = $conf->propal->multidir_output[$entity].'/temp/massgeneration/'.$user->id.'/'.$original_file;
3113 } elseif ($modulepart == 'massfilesarea_orders') {
3114 if ($fuser->hasRight('commande', $lire) || preg_match('/^specimen/i', $original_file)) {
3115 $accessallowed = 1;
3116 }
3117 $original_file = $conf->order->multidir_output[$entity].'/temp/massgeneration/'.$user->id.'/'.$original_file;
3118 } elseif ($modulepart == 'massfilesarea_sendings') {
3119 if ($fuser->hasRight('expedition', $lire) || preg_match('/^specimen/i', $original_file)) {
3120 $accessallowed = 1;
3121 }
3122 $original_file = $conf->expedition->dir_output.'/sending/temp/massgeneration/'.$user->id.'/'.$original_file;
3123 } elseif ($modulepart == 'massfilesarea_receipts') {
3124 if ($fuser->hasRight('reception', $lire) || preg_match('/^specimen/i', $original_file)) {
3125 $accessallowed = 1;
3126 }
3127 $original_file = $conf->reception->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3128 } elseif ($modulepart == 'massfilesarea_invoices') {
3129 if ($fuser->hasRight('facture', $lire) || preg_match('/^specimen/i', $original_file)) {
3130 $accessallowed = 1;
3131 }
3132 $original_file = $conf->invoice->multidir_output[$entity].'/temp/massgeneration/'.$user->id.'/'.$original_file;
3133 } elseif ($modulepart == 'massfilesarea_expensereport') {
3134 if ($fuser->hasRight('facture', $lire) || preg_match('/^specimen/i', $original_file)) {
3135 $accessallowed = 1;
3136 }
3137 $original_file = $conf->expensereport->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3138 } elseif ($modulepart == 'massfilesarea_interventions') {
3139 if ($fuser->hasRight('ficheinter', $lire) || preg_match('/^specimen/i', $original_file)) {
3140 $accessallowed = 1;
3141 }
3142 $original_file = $conf->ficheinter->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3143 } elseif ($modulepart == 'massfilesarea_supplier_proposal' && !empty($conf->supplier_proposal->dir_output)) {
3144 if ($fuser->hasRight('supplier_proposal', $lire) || preg_match('/^specimen/i', $original_file)) {
3145 $accessallowed = 1;
3146 }
3147 $original_file = $conf->supplier_proposal->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3148 } elseif ($modulepart == 'massfilesarea_supplier_order') {
3149 if ($fuser->hasRight('fournisseur', 'commande', $lire) || preg_match('/^specimen/i', $original_file)) {
3150 $accessallowed = 1;
3151 }
3152 $original_file = $conf->fournisseur->commande->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3153 } elseif ($modulepart == 'massfilesarea_supplier_invoice') {
3154 if ($fuser->hasRight('fournisseur', 'facture', $lire) || preg_match('/^specimen/i', $original_file)) {
3155 $accessallowed = 1;
3156 }
3157 $original_file = $conf->fournisseur->facture->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3158 } elseif ($modulepart == 'massfilesarea_contract' && !empty($conf->contract->dir_output)) {
3159 if ($fuser->hasRight('contrat', $lire) || preg_match('/^specimen/i', $original_file)) {
3160 $accessallowed = 1;
3161 }
3162 $original_file = $conf->contract->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3163 } elseif (($modulepart == 'fichinter' || $modulepart == 'ficheinter') && !empty($conf->ficheinter->dir_output)) {
3164 // Wrapping for interventions
3165 if ($fuser->hasRight('ficheinter', $lire) || preg_match('/^specimen/i', $original_file)) {
3166 $accessallowed = 1;
3167 }
3168 $original_file = $conf->ficheinter->dir_output.'/'.$original_file;
3169 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
3170 } elseif ($modulepart == 'deplacement' && !empty($conf->deplacement->dir_output)) {
3171 // Wrapping pour les deplacements et notes de frais
3172 if ($fuser->hasRight('deplacement', $lire) || preg_match('/^specimen/i', $original_file)) {
3173 $accessallowed = 1;
3174 }
3175 $original_file = $conf->deplacement->dir_output.'/'.$original_file;
3176 //$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
3177 } elseif (($modulepart == 'propal' || $modulepart == 'propale') && isset($conf->propal->multidir_output[$entity])) {
3178 // Wrapping pour les propales
3179 if ($fuser->hasRight('propal', $lire) || preg_match('/^specimen/i', $original_file)) {
3180 $accessallowed = 1;
3181 }
3182 $original_file = $conf->propal->multidir_output[$entity].'/'.$original_file;
3183 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."propal WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('propal').")";
3184 } elseif (($modulepart == 'commande' || $modulepart == 'order') && !empty($conf->order->multidir_output[$entity])) {
3185 // Wrapping pour les commandes
3186 if ($fuser->hasRight('commande', $lire) || preg_match('/^specimen/i', $original_file)) {
3187 $accessallowed = 1;
3188 }
3189 $original_file = $conf->order->multidir_output[$entity].'/'.$original_file;
3190 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."commande WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('order').")";
3191 } elseif ($modulepart == 'project' && !empty($conf->project->multidir_output[$entity])) {
3192 // Wrapping pour les projects
3193 if ($fuser->hasRight('projet', $lire) || preg_match('/^specimen/i', $original_file)) {
3194 $accessallowed = 1;
3195 // If we known $id of project, call checkUserAccessToObject to check permission on properties and contact of project
3196 if ($refname && !preg_match('/^specimen/i', $original_file)) {
3197 include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
3198 $tmpproject = new Project($db);
3199 $tmpproject->fetch('', $refname);
3200 $accessallowed = checkUserAccessToObject($user, array('projet'), $tmpproject->id, 'projet&project', '', '', 'rowid', '');
3201 }
3202 }
3203 $original_file = $conf->project->multidir_output[$entity].'/'.$original_file;
3204 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('project').")";
3205 } elseif ($modulepart == 'project_task' && !empty($conf->project->multidir_output[$entity])) {
3206 if ($fuser->hasRight('projet', $lire) || preg_match('/^specimen/i', $original_file)) {
3207 $accessallowed = 1;
3208 // If we known $id of project, call checkUserAccessToObject to check permission on properties and contact of project
3209 if ($refname && !preg_match('/^specimen/i', $original_file)) {
3210 include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';
3211 $tmptask = new Task($db);
3212 $tmptask->fetch('', $refname);
3213 $accessallowed = checkUserAccessToObject($user, array('projet_task'), $tmptask->id, 'projet_task&project', '', '', 'rowid', '');
3214 }
3215 }
3216 $original_file = $conf->project->multidir_output[$entity].'/'.$original_file;
3217 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('project').")";
3218 } elseif (($modulepart == 'commande_fournisseur' || $modulepart == 'order_supplier') && !empty($conf->fournisseur->commande->dir_output)) {
3219 // Wrapping pour les commandes fournisseurs
3220 if ($fuser->hasRight('fournisseur', 'commande', $lire) || preg_match('/^specimen/i', $original_file)) {
3221 $accessallowed = 1;
3222 }
3223 $original_file = $conf->fournisseur->commande->dir_output.'/'.$original_file;
3224 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."commande_fournisseur WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
3225 } elseif (($modulepart == 'facture_fournisseur' || $modulepart == 'invoice_supplier') && !empty($conf->fournisseur->facture->dir_output)) {
3226 // Wrapping pour les factures fournisseurs
3227 if ($fuser->hasRight('fournisseur', 'facture', $lire) || preg_match('/^specimen/i', $original_file)) {
3228 $accessallowed = 1;
3229 }
3230 $original_file = $conf->fournisseur->facture->dir_output.'/'.$original_file;
3231 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture_fourn WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
3232 } elseif ($modulepart == 'supplier_payment') {
3233 // Wrapping pour les rapport de paiements
3234 if ($fuser->hasRight('fournisseur', 'facture', $lire) || preg_match('/^specimen/i', $original_file)) {
3235 $accessallowed = 1;
3236 }
3237 $original_file = $conf->fournisseur->payment->dir_output.'/'.$original_file;
3238 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."paiementfournisseur WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
3239 } elseif ($modulepart == 'payment') {
3240 // Wrapping pour les rapport de paiements
3241 if ($fuser->rights->facture->{$lire} || preg_match('/^specimen/i', $original_file)) {
3242 $accessallowed = 1;
3243 }
3244 $original_file = $conf->compta->payment->dir_output.'/'.$original_file;
3245 } elseif ($modulepart == 'facture_paiement' && !empty($conf->invoice->dir_output)) {
3246 // Wrapping pour les rapport de paiements
3247 if ($fuser->hasRight('facture', $lire) || preg_match('/^specimen/i', $original_file)) {
3248 $accessallowed = 1;
3249 }
3250 if ($fuser->socid > 0) {
3251 $original_file = $conf->invoice->dir_output.'/payments/private/'.$fuser->id.'/'.$original_file;
3252 } else {
3253 $original_file = $conf->invoice->dir_output.'/payments/'.$original_file;
3254 }
3255 } elseif ($modulepart == 'export_compta' && !empty($conf->accounting->dir_output)) {
3256 // Wrapping for accounting exports
3257 if ($fuser->hasRight('accounting', 'bind', 'write') || preg_match('/^specimen/i', $original_file)) {
3258 $accessallowed = 1;
3259 }
3260 $original_file = $conf->accounting->dir_output.'/'.$original_file;
3261 } elseif (($modulepart == 'expedition' || $modulepart == 'shipment') && !empty($conf->expedition->dir_output)) {
3262 // Wrapping pour les expedition
3263 if ($fuser->hasRight('expedition', $lire) || preg_match('/^specimen/i', $original_file)) {
3264 $accessallowed = 1;
3265 }
3266 $original_file = $conf->expedition->dir_output."/".(strpos($original_file, 'sending/') === 0 ? '' : 'sending/').$original_file;
3267 //$original_file = $conf->expedition->dir_output."/".$original_file;
3268 } elseif (($modulepart == 'livraison' || $modulepart == 'delivery') && !empty($conf->expedition->dir_output)) {
3269 // Delivery Note Wrapping
3270 if ($fuser->hasRight('expedition', 'delivery', $lire) || preg_match('/^specimen/i', $original_file)) {
3271 $accessallowed = 1;
3272 }
3273 $original_file = $conf->expedition->dir_output."/".(strpos($original_file, 'receipt/') === 0 ? '' : 'receipt/').$original_file;
3274 } elseif ($modulepart == 'actionsreport' && !empty($conf->agenda->dir_temp)) {
3275 // Wrapping pour les actions
3276 if ($fuser->hasRight('agenda', 'allactions', $read) || preg_match('/^specimen/i', $original_file)) {
3277 $accessallowed = 1;
3278 }
3279 $original_file = $conf->agenda->dir_temp."/".$original_file;
3280 } elseif ($modulepart == 'product' || $modulepart == 'produit' || $modulepart == 'service' || $modulepart == 'produit|service') {
3281 // Wrapping pour les produits et services
3282 if (empty($entity) || (empty($conf->product->multidir_output[$entity]) && empty($conf->service->multidir_output[$entity]))) {
3283 return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
3284 }
3285 if (($fuser->hasRight('produit', $lire) || $fuser->hasRight('service', $lire)) || preg_match('/^specimen/i', $original_file)) {
3286 $accessallowed = 1;
3287 }
3288 if (isModEnabled("product")) {
3289 $original_file = $conf->product->multidir_output[$entity].'/'.$original_file;
3290 } elseif (isModEnabled("service")) {
3291 $original_file = $conf->service->multidir_output[$entity].'/'.$original_file;
3292 }
3293 } elseif ($modulepart == 'product_batch' || $modulepart == 'produitlot') {
3294 // Wrapping pour les lots produits
3295 if (empty($entity) || (empty($conf->productbatch->multidir_output[$entity]))) {
3296 return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
3297 }
3298 if (($fuser->hasRight('produit', $lire)) || preg_match('/^specimen/i', $original_file)) {
3299 $accessallowed = 1;
3300 }
3301 if (isModEnabled('productbatch')) {
3302 $original_file = $conf->productbatch->multidir_output[$entity].'/'.$original_file;
3303 }
3304 } elseif ($modulepart == 'movement' || $modulepart == 'mouvement') {
3305 // Wrapping for stock movements
3306 if (empty($entity) || empty($conf->stock->multidir_output[$entity])) {
3307 return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
3308 }
3309 if (($fuser->hasRight('stock', $lire) || $fuser->hasRight('stock', 'movement', $lire) || $fuser->hasRight('stock', 'mouvement', $lire)) || preg_match('/^specimen/i', $original_file)) {
3310 $accessallowed = 1;
3311 }
3312 if (isModEnabled('stock')) {
3313 $original_file = $conf->stock->multidir_output[$entity].'/movement/'.$original_file;
3314 }
3315 } elseif ($modulepart == 'contract' && !empty($conf->contract->multidir_output[$entity])) {
3316 // Wrapping pour les contrats
3317 if ($fuser->hasRight('contrat', $lire) || preg_match('/^specimen/i', $original_file)) {
3318 $accessallowed = 1;
3319 }
3320 $original_file = $conf->contract->multidir_output[$entity].'/'.$original_file;
3321 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."contrat WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('contract').")";
3322 } elseif ($modulepart == 'donation' && !empty($conf->don->dir_output)) {
3323 // Wrapping pour les dons
3324 if ($fuser->hasRight('don', $lire) || preg_match('/^specimen/i', $original_file)) {
3325 $accessallowed = 1;
3326 }
3327 $original_file = $conf->don->dir_output.'/'.$original_file;
3328 } elseif ($modulepart == 'dolresource' && !empty($conf->resource->dir_output)) {
3329 // Wrapping pour les dons
3330 if ($fuser->hasRight('resource', $read) || preg_match('/^specimen/i', $original_file)) {
3331 $accessallowed = 1;
3332 }
3333 $original_file = $conf->resource->dir_output.'/'.$original_file;
3334 } elseif (($modulepart == 'remisecheque' || $modulepart == 'chequereceipt') && !empty($conf->bank->dir_output)) {
3335 // Wrapping pour les remises de cheques
3336 if ($fuser->hasRight('banque', $lire) || preg_match('/^specimen/i', $original_file)) {
3337 $accessallowed = 1;
3338 }
3339 $original_file = $conf->bank->dir_output.'/checkdeposits/'.$original_file; // original_file should contains relative path so include the get_exdir result
3340 } elseif (($modulepart == 'banque' || $modulepart == 'bank') && !empty($conf->bank->dir_output)) {
3341 // Wrapping for bank
3342 if ($fuser->hasRight('banque', $lire)) {
3343 $accessallowed = 1;
3344 }
3345 $original_file = $conf->bank->dir_output.'/'.$original_file;
3346 } elseif ($modulepart == 'export' && !empty($conf->export->dir_temp)) {
3347 // Wrapping for export module
3348 // Note that a test may not be required because we force the dir of download on the directory of the user that export
3349 $accessallowed = $user->hasRight('export', 'lire');
3350 $original_file = $conf->export->dir_temp.'/'.$fuser->id.'/'.$original_file;
3351 } elseif ($modulepart == 'import' && !empty($conf->import->dir_temp)) {
3352 // Wrapping for import module
3353 $accessallowed = $user->hasRight('import', 'run');
3354 $original_file = $conf->import->dir_temp.'/'.$original_file;
3355 } elseif ($modulepart == 'recruitment' && !empty($conf->recruitment->dir_output)) {
3356 // Wrapping for recruitment module
3357 $accessallowed = $user->hasRight('recruitment', 'recruitmentjobposition', 'read');
3358 $original_file = $conf->recruitment->dir_output.'/'.$original_file;
3359 } elseif ($modulepart == 'editor' && !empty($conf->fckeditor->dir_output)) {
3360 // Wrapping for wysiwyg editor
3361 $accessallowed = 1;
3362 $original_file = $conf->fckeditor->dir_output.'/'.$original_file;
3363 } elseif ($modulepart == 'systemtools' && !empty($conf->admin->dir_output)) {
3364 // Wrapping for backups
3365 if ($fuser->admin) {
3366 $accessallowed = 1;
3367 }
3368 $original_file = $conf->admin->dir_output.'/'.$original_file;
3369 } elseif ($modulepart == 'admin_temp' && !empty($conf->admin->dir_temp)) {
3370 // Wrapping for upload file test
3371 if ($fuser->admin) {
3372 $accessallowed = 1;
3373 }
3374 $original_file = $conf->admin->dir_temp.'/'.$original_file;
3375 } elseif ($modulepart == 'bittorrent' && !empty($conf->bittorrent->dir_output)) {
3376 // Wrapping pour BitTorrent
3377 $accessallowed = 1;
3378 $dir = 'files';
3379 if (dol_mimetype($original_file) == 'application/x-bittorrent') {
3380 $dir = 'torrents';
3381 }
3382 $original_file = $conf->bittorrent->dir_output.'/'.$dir.'/'.$original_file;
3383 } elseif ($modulepart == 'member' && !empty($conf->member->dir_output)) {
3384 // Wrapping pour Foundation module
3385 if ($fuser->hasRight('adherent', $lire) || preg_match('/^specimen/i', $original_file)) {
3386 $accessallowed = 1;
3387 }
3388 $original_file = $conf->member->dir_output.'/'.$original_file;
3389 // If modulepart=module_user_temp Allows any module to open a file if file is in directory called DOL_DATA_ROOT/modulepart/temp/iduser
3390 // If modulepart=module_temp Allows any module to open a file if file is in directory called DOL_DATA_ROOT/modulepart/temp
3391 // If modulepart=module_user Allows any module to open a file if file is in directory called DOL_DATA_ROOT/modulepart/iduser
3392 // If modulepart=module Allows any module to open a file if file is in directory called DOL_DATA_ROOT/modulepart
3393 // If modulepart=module-abc Allows any module to open a file if file is in directory called DOL_DATA_ROOT/modulepart
3394 } else {
3395 // GENERIC Wrapping
3396 //var_dump($modulepart);
3397 //var_dump($original_file);
3398 if (preg_match('/^specimen/i', $original_file)) {
3399 $accessallowed = 1; // If link to a file called specimen. Test must be done before changing $original_file int full path.
3400 }
3401 if ($fuser->admin) {
3402 $accessallowed = 1; // If user is admin
3403 }
3404
3405 $tmpmodulepart = explode('-', $modulepart);
3406 if (!empty($tmpmodulepart[1])) {
3407 $modulepart = $tmpmodulepart[0];
3408 $original_file = $tmpmodulepart[1].'/'.$original_file;
3409 }
3410
3411 // Define $accessallowed
3412 $reg = array();
3413 if (preg_match('/^([a-z]+)_user_temp$/i', $modulepart, $reg)) {
3414 $tmpmodule = $reg[1];
3415 if (empty($conf->$tmpmodule->dir_temp)) { // modulepart not supported
3416 dol_print_error(null, 'Error call dol_check_secure_access_document with not supported value for modulepart parameter ('.$modulepart.')');
3417 exit;
3418 }
3419 if ($fuser->hasRight($tmpmodule, $lire) || $fuser->hasRight($tmpmodule, $read) || $fuser->hasRight($tmpmodule, $download)) {
3420 $accessallowed = 1;
3421 }
3422 $original_file = $conf->{$reg[1]}->dir_temp.'/'.$fuser->id.'/'.$original_file;
3423 } elseif (preg_match('/^([a-z]+)_temp$/i', $modulepart, $reg)) {
3424 $tmpmodule = $reg[1];
3425 if (empty($conf->$tmpmodule->dir_temp)) { // modulepart not supported
3426 dol_print_error(null, 'Error call dol_check_secure_access_document with not supported value for modulepart parameter ('.$modulepart.')');
3427 exit;
3428 }
3429 if ($fuser->hasRight($tmpmodule, $lire) || $fuser->hasRight($tmpmodule, $read) || $fuser->hasRight($tmpmodule, $download)) {
3430 $accessallowed = 1;
3431 }
3432 $original_file = $conf->$tmpmodule->dir_temp.'/'.$original_file;
3433 } elseif (preg_match('/^([a-z]+)_user$/i', $modulepart, $reg)) {
3434 $tmpmodule = $reg[1];
3435 if (empty($conf->$tmpmodule->dir_output)) { // modulepart not supported
3436 dol_print_error(null, 'Error call dol_check_secure_access_document with not supported value for modulepart parameter ('.$modulepart.')');
3437 exit;
3438 }
3439 if ($fuser->hasRight($tmpmodule, $lire) || $fuser->hasRight($tmpmodule, $read) || $fuser->hasRight($tmpmodule, $download)) {
3440 $accessallowed = 1;
3441 }
3442 $original_file = $conf->$tmpmodule->dir_output.'/'.$fuser->id.'/'.$original_file;
3443 } elseif (preg_match('/^massfilesarea_([a-z]+)$/i', $modulepart, $reg)) {
3444 $tmpmodule = $reg[1];
3445 if (empty($conf->$tmpmodule->dir_output)) { // modulepart not supported
3446 dol_print_error(null, 'Error call dol_check_secure_access_document with not supported value for modulepart parameter ('.$modulepart.')');
3447 exit;
3448 }
3449 if ($fuser->hasRight($tmpmodule, $lire) || preg_match('/^specimen/i', $original_file)) {
3450 $accessallowed = 1;
3451 }
3452 $original_file = $conf->$tmpmodule->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3453 } else {
3454 if (empty($conf->$modulepart->dir_output)) { // modulepart not supported
3455 dol_print_error(null, 'Error call dol_check_secure_access_document with not supported value for modulepart parameter ('.$modulepart.'). The module for this modulepart value may not be activated.');
3456 exit;
3457 }
3458
3459 // Check fuser->rights->modulepart->myobject->read and fuser->rights->modulepart->read
3460 $partsofdirinoriginalfile = explode('/', $original_file);
3461 if (!empty($partsofdirinoriginalfile[1])) { // If original_file is xxx/filename (xxx is a part we will use)
3462 $partofdirinoriginalfile = $partsofdirinoriginalfile[0];
3463 if ($partofdirinoriginalfile && ($fuser->hasRight($modulepart, $partofdirinoriginalfile, 'lire') || $fuser->hasRight($modulepart, $partofdirinoriginalfile, 'read'))) {
3464 $accessallowed = 1;
3465 }
3466 }
3467 if ($fuser->hasRight($modulepart, $lire) || $fuser->hasRight($modulepart, $read)) {
3468 $accessallowed = 1;
3469 }
3470
3471 if (is_array($conf->$modulepart->multidir_output) && !empty($conf->$modulepart->multidir_output[$entity])) {
3472 $original_file = $conf->$modulepart->multidir_output[$entity].'/'.$original_file;
3473 } else {
3474 $original_file = $conf->$modulepart->dir_output.'/'.$original_file;
3475 }
3476 }
3477
3478 $parameters = array(
3479 'modulepart' => $modulepart,
3480 'original_file' => $original_file,
3481 'entity' => $entity,
3482 'fuser' => $fuser,
3483 'refname' => '',
3484 'mode' => $mode
3485 );
3486 $reshook = $hookmanager->executeHooks('checkSecureAccess', $parameters, $object);
3487 if ($reshook > 0) {
3488 if (!empty($hookmanager->resArray['original_file'])) {
3489 $original_file = $hookmanager->resArray['original_file'];
3490 }
3491 if (!empty($hookmanager->resArray['accessallowed'])) {
3492 $accessallowed = $hookmanager->resArray['accessallowed'];
3493 }
3494 if (!empty($hookmanager->resArray['sqlprotectagainstexternals'])) {
3495 $sqlprotectagainstexternals = $hookmanager->resArray['sqlprotectagainstexternals'];
3496 }
3497 }
3498 }
3499
3500 $ret = array(
3501 'accessallowed' => ($accessallowed ? 1 : 0),
3502 'sqlprotectagainstexternals' => $sqlprotectagainstexternals,
3503 'original_file' => $original_file
3504 );
3505
3506 return $ret;
3507}
3508
3517function dol_filecache($directory, $filename, $object)
3518{
3519 if (!dol_is_dir($directory)) {
3520 $result = dol_mkdir($directory);
3521 if ($result < -1) {
3522 dol_syslog("Failed to create the cache directory ".$directory, LOG_WARNING);
3523 }
3524 }
3525 $cachefile = $directory.$filename;
3526
3527 file_put_contents($cachefile, serialize($object), LOCK_EX);
3528
3529 dolChmod($cachefile, '0644');
3530}
3531
3540function dol_cache_refresh($directory, $filename, $cachetime)
3541{
3542 $now = dol_now();
3543 $cachefile = $directory.$filename;
3544 $refresh = !file_exists($cachefile) || ($now - $cachetime) > dol_filemtime($cachefile);
3545 return $refresh;
3546}
3547
3555function dol_readcachefile($directory, $filename)
3556{
3557 $cachefile = $directory.$filename;
3558 $object = unserialize(file_get_contents($cachefile));
3559 return $object;
3560}
3561
3568function dirbasename($pathfile)
3569{
3570 return preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'\//', '', $pathfile);
3571}
3572
3573
3585function getFilesUpdated(&$file_list, SimpleXMLElement $dir, $path = '', $pathref = '', &$checksumconcat = array())
3586{
3587 global $conffile;
3588
3589 $exclude = 'install';
3590
3591 foreach ($dir->md5file as $file) { // $file is a simpleXMLElement
3592 $filename = $path.$file['name'];
3593 $file_list['insignature'][] = $filename;
3594 $expectedsize = (empty($file['size']) ? '' : $file['size']);
3595 $expectedmd5 = (string) $file;
3596
3597 if (!file_exists($pathref.'/'.$filename)) {
3598 $file_list['missing'][] = array('filename' => $filename, 'expectedmd5' => $expectedmd5, 'expectedsize' => $expectedsize);
3599 } else {
3600 $md5_local = md5_file($pathref.'/'.$filename);
3601
3602 if ($conffile == '/etc/dolibarr/conf.php' && $filename == '/filefunc.inc.php') { // For install with deb or rpm, we ignore test on filefunc.inc.php that was modified by package
3603 $checksumconcat[] = $expectedmd5;
3604 } else {
3605 if ($md5_local != $expectedmd5) {
3606 $file_list['updated'][] = array('filename' => $filename, 'expectedmd5' => $expectedmd5, 'expectedsize' => $expectedsize, 'md5' => (string) $md5_local);
3607 }
3608 $checksumconcat[] = $md5_local;
3609 }
3610 }
3611 }
3612
3613 foreach ($dir->dir as $subdir) { // $subdir['name'] is '' or '/accountancy/admin' for example
3614 getFilesUpdated($file_list, $subdir, $path.$subdir['name'].'/', $pathref, $checksumconcat);
3615 }
3616
3617 return $file_list;
3618}
3619
3627function dragAndDropFileUpload($htmlname)
3628{
3629 global $object, $langs;
3630
3631 $out = "";
3632 $out .= '<div id="'.$htmlname.'Message" class="dragDropAreaMessage hidden"><span>'.img_picto("", 'download').'<br>'.$langs->trans("DropFileToAddItToObject").'</span></div>';
3633 $out .= "\n<!-- JS CODE TO ENABLE DRAG AND DROP OF FILE -->\n";
3634 $out .= "<script>";
3635 $out .= '
3636 jQuery(document).ready(function() {
3637 var enterTargetDragDrop = null;
3638
3639 $("#'.$htmlname.'").addClass("cssDragDropArea");
3640
3641 $(".cssDragDropArea").on("dragenter", function(ev, ui) {
3642 var dataTransfer = ev.originalEvent.dataTransfer;
3643 var dataTypes = dataTransfer.types;
3644 //console.log(dataTransfer);
3645 //console.log(dataTypes);
3646
3647 if (!dataTypes || ($.inArray(\'Files\', dataTypes) === -1)) {
3648 // The element dragged is not a file, so we avoid the "dragenter"
3649 ev.preventDefault();
3650 return false;
3651 }
3652
3653 // Entering drop area. Highlight area
3654 console.log("dragAndDropFileUpload: We add class highlightDragDropArea")
3655 enterTargetDragDrop = ev.target;
3656 $(this).addClass("highlightDragDropArea");
3657 $("#'.$htmlname.'Message").removeClass("hidden");
3658 ev.preventDefault();
3659 });
3660
3661 $(".cssDragDropArea").on("dragleave", function(ev) {
3662 // Going out of drop area. Remove Highlight
3663 if (enterTargetDragDrop == ev.target){
3664 console.log("dragAndDropFileUpload: We remove class highlightDragDropArea")
3665 $("#'.$htmlname.'Message").addClass("hidden");
3666 $(this).removeClass("highlightDragDropArea");
3667 }
3668 });
3669
3670 $(".cssDragDropArea").on("dragover", function(ev) {
3671 ev.preventDefault();
3672 return false;
3673 });
3674
3675 $(".cssDragDropArea").on("drop", function(e) {
3676 console.log("Trigger event file dropped. fk_element='.dol_escape_js($object->id).' element='.dol_escape_js($object->element).'");
3677 e.preventDefault();
3678 fd = new FormData();
3679 fd.append("fk_element", "'.dol_escape_js($object->id).'");
3680 fd.append("element", "'.dol_escape_js($object->element).'");
3681 fd.append("token", "'.currentToken().'");
3682 fd.append("action", "linkit");
3683
3684 var dataTransfer = e.originalEvent.dataTransfer;
3685
3686 if (dataTransfer.files && dataTransfer.files.length){
3687 var droppedFiles = e.originalEvent.dataTransfer.files;
3688 $.each(droppedFiles, function(index,file){
3689 fd.append("files[]", file,file.name)
3690 });
3691 }
3692 $(".cssDragDropArea").removeClass("highlightDragDropArea");
3693 counterdragdrop = 0;
3694 $.ajax({
3695 url: "'.DOL_URL_ROOT.'/core/ajax/fileupload.php",
3696 type: "POST",
3697 processData: false,
3698 contentType: false,
3699 data: fd,
3700 success:function() {
3701 console.log("Uploaded.", arguments);
3702 /* arguments[0] is the json string of files */
3703 /* arguments[1] is the value for variable "success", can be 0 or 1 */
3704 let listoffiles = JSON.parse(arguments[0]);
3705 console.log(listoffiles);
3706 let nboferror = 0;
3707 for (let i = 0; i < listoffiles.length; i++) {
3708 console.log(listoffiles[i].error);
3709 if (listoffiles[i].error) {
3710 nboferror++;
3711 }
3712 }
3713 console.log(nboferror);
3714 if (nboferror > 0) {
3715 window.location.href = "'.$_SERVER["PHP_SELF"].'?id='.dol_escape_js($object->id).'&seteventmessages=ErrorOnAtLeastOneFileUpload:warnings";
3716 } else {
3717 window.location.href = "'.$_SERVER["PHP_SELF"].'?id='.dol_escape_js($object->id).'&seteventmessages=UploadFileDragDropSuccess:mesgs";
3718 }
3719 },
3720 error:function() {
3721 console.log("Error Uploading.", arguments)
3722 if (arguments[0].status == 403) {
3723 window.location.href = "'.$_SERVER["PHP_SELF"].'?id='.dol_escape_js($object->id).'&seteventmessages=ErrorUploadPermissionDenied:errors";
3724 }
3725 window.location.href = "'.$_SERVER["PHP_SELF"].'?id='.dol_escape_js($object->id).'&seteventmessages=ErrorUploadFileDragDropPermissionDenied:errors";
3726 },
3727 })
3728 });
3729 });
3730 ';
3731 $out .= "</script>\n";
3732 return $out;
3733}
3734
3745function archiveOrBackupFile($filetpl, $max_versions = 5, $archivedir = '', $suffix = "v", $moveorcopy = 'move')
3746{
3747 $base_file_pattern = ($archivedir ? $archivedir : dirname($filetpl)).'/'.basename($filetpl).".".$suffix;
3748 $files_in_directory = glob($base_file_pattern . "*");
3749
3750 // Extract the modification timestamps for each file
3751 $files_with_timestamps = [];
3752 foreach ($files_in_directory as $file) {
3753 $files_with_timestamps[] = [
3754 'file' => $file,
3755 'timestamp' => filemtime($file)
3756 ];
3757 }
3758
3759 // Sort the files by modification date
3760 $sorted_files = [];
3761 while (count($files_with_timestamps) > 0) {
3762 $latest_file = null;
3763 $latest_index = null;
3764
3765 // Find the latest file by timestamp
3766 foreach ($files_with_timestamps as $index => $file_info) {
3767 if ($latest_file === null || (is_array($latest_file) && $file_info['timestamp'] > $latest_file['timestamp'])) {
3768 $latest_file = $file_info;
3769 $latest_index = $index;
3770 }
3771 }
3772
3773 // Add the latest file to the sorted list and remove it from the original list
3774 if ($latest_file !== null) {
3775 $sorted_files[] = $latest_file['file'];
3776 unset($files_with_timestamps[$latest_index]);
3777 }
3778 }
3779
3780 // Delete the oldest files to keep only the allowed number of versions
3781 if (count($sorted_files) >= $max_versions) {
3782 $oldest_files = array_slice($sorted_files, $max_versions - 1);
3783 foreach ($oldest_files as $oldest_file) {
3784 dol_delete_file($oldest_file);
3785 }
3786 }
3787
3788 $timestamp = dol_now('gmt');
3789 $new_backup = $filetpl . ".v" . $timestamp;
3790
3791 // Move or copy the original file to the new backup with the timestamp
3792 if ($moveorcopy == 'move') {
3793 $result = dol_move($filetpl, $new_backup, '0', 1, 0, 0);
3794 } else {
3795 $result = dol_copy($filetpl, $new_backup, '0', 1, 0, 0);
3796 }
3797
3798 if (!$result) {
3799 return false;
3800 }
3801
3802 return true;
3803}
$object
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:58
ActionComm
Class to manage agenda events (actions)
Definition actioncomm.class.php:41
AntiVir
Class to scan for virus.
Definition antivir.class.php:32
EcmFiles
Class to manage ECM files.
Definition ecmfiles.class.php:37
ExpenseReport
Class to manage Trips and Expenses.
Definition expensereport.class.php:40
FormMail
Class permettant la generation du formulaire html d'envoi de mail unitaire Usage: $formail = new Form...
Definition html.formmail.class.php:42
Holiday
Class of the module paid holiday.
Definition holiday.class.php:36
HookManager
Class to manage hooks.
Definition hookmanager.class.php:32
Project
Class to manage projects.
Definition project.class.php:39
Task
Class to manage tasks.
Definition task.class.php:41
User
Class to manage Dolibarr users.
Definition user.class.php:50
Utils
Class to manage utility methods.
Definition utils.class.php:34
dirbasename
dirbasename($pathfile)
Return the relative dirname (relative to DOL_DATA_ROOT) of a full path string.
Definition files.lib.php:3568
dol_is_link
dol_is_link($pathoffile)
Return if path is a symbolic link.
Definition files.lib.php:531
dol_compare_file
dol_compare_file($a, $b)
Fast compare of 2 files identified by their properties ->name, ->date and ->size.
Definition files.lib.php:446
dol_meta_create
dol_meta_create($object)
Create a meta file with document file into same directory.
Definition files.lib.php:1750
dol_is_url
dol_is_url($uri)
Return if path is an URI (the name of the method is misleading).
Definition files.lib.php:557
dol_basename
dol_basename($pathfile)
Make a basename working with all page code (default PHP basenamed fails with cyrillic).
Definition files.lib.php:38
getFilesUpdated
getFilesUpdated(&$file_list, SimpleXMLElement $dir, $path='', $pathref='', &$checksumconcat=array())
Function to get list of updated or modified files.
Definition files.lib.php:3585
dol_filemtime
dol_filemtime($pathoffile)
Return time of a file.
Definition files.lib.php:647
dol_filesize
dol_filesize($pathoffile)
Return size of a file.
Definition files.lib.php:635
dol_delete_dir_recursive
dol_delete_dir_recursive($dir, $count=0, $nophperrors=0, $onlysub=0, &$countdeleted=0, $indexdatabase=1, $nolog=0)
Remove a directory $dir and its subdirectories (or only files and subdirectories)
Definition files.lib.php:1620
dol_copy
dol_copy($srcfile, $destfile, $newmask='0', $overwriteifexists=1, $testvirus=0, $indexdatabase=0)
Copy a file to another file.
Definition files.lib.php:767
archiveOrBackupFile
archiveOrBackupFile($filetpl, $max_versions=5, $archivedir='', $suffix="v", $moveorcopy='move')
Manage backup versions for a given file, ensuring only a maximum number of versions are kept.
Definition files.lib.php:3745
dol_delete_file
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
Definition files.lib.php:1469
dol_move_uploaded_file
dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disablevirusscan=0, $uploaderrorcode=0, $nohook=0, $varfiles='addedfile', $upload_dir='')
Check validity of a file upload from an GUI page, and move it to its final destination.
Definition files.lib.php:1331
dol_move_dir
dol_move_dir($srcdir, $destdir, $overwriteifexists=1, $indexdatabase=1, $renamedircontent=1)
Move a directory into another name.
Definition files.lib.php:1175
dol_fileperm
dol_fileperm($pathoffile)
Return permissions of a file.
Definition files.lib.php:659
dol_is_writable
dol_is_writable($folderorfile)
Test if directory or filename is writable.
Definition files.lib.php:543
dol_delete_dir
dol_delete_dir($dir, $nophperrors=0)
Remove a directory (not recursive, so content must be empty).
Definition files.lib.php:1595
dol_add_file_process
dol_add_file_process($upload_dir, $allowoverwrite=0, $updatesessionordb=0, $varfiles='addedfile', $savingdocmask='', $link=null, $trackid='', $generatethumbs=1, $object=null)
Get and save an upload file (for example after submitting a new file a mail form).
Definition files.lib.php:1873
dol_uncompress
dol_uncompress($inputfile, $outputdir)
Uncompress a file.
Definition files.lib.php:2463
dol_move
dol_move($srcfile, $destfile, $newmask='0', $overwriteifexists=1, $testvirus=0, $indexdatabase=1, $moreinfo=array())
Move a file into another name.
Definition files.lib.php:1011
dol_check_secure_access_document
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser=null, $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
Definition files.lib.php:2736
dol_init_file_process
dol_init_file_process($pathtoscan='', $trackid='')
Scan a directory and init $_SESSION to manage uploaded files with list of all found files.
Definition files.lib.php:1835
addFileIntoDatabaseIndex
addFileIntoDatabaseIndex($dir, $file, $fullpathorig='', $mode='uploaded', $setsharekey=0, $object=null)
Add a file into database index.
Definition files.lib.php:2112
dol_convert_file
dol_convert_file($fileinput, $ext='png', $fileoutput='', $page='')
Convert an image file or a PDF into another image format.
Definition files.lib.php:2277
dol_filecache
dol_filecache($directory, $filename, $object)
Store object in file.
Definition files.lib.php:3517
dolCopyDir
dolCopyDir($srcfile, $destfile, $newmask, $overwriteifexists, $arrayreplacement=null, $excludesubdir=0, $excludefileext=null, $excludearchivefiles=0)
Copy a dir to another dir.
Definition files.lib.php:896
dol_dir_list_in_database
dol_dir_list_in_database($path, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0)
Scan a directory and return a list of files/directories.
Definition files.lib.php:262
dragAndDropFileUpload
dragAndDropFileUpload($htmlname)
Function to manage the drag and drop of a file.
Definition files.lib.php:3627
dol_is_file
dol_is_file($pathoffile)
Return if path is a file.
Definition files.lib.php:519
dol_count_nb_of_line
dol_count_nb_of_line($file)
Count number of lines in a file.
Definition files.lib.php:602
dolCheckVirus
dolCheckVirus($src_file, $dest_file='')
Check virus into a file.
Definition files.lib.php:1262
dol_unescapefile
dol_unescapefile($filename)
Unescape a file submitted by upload.
Definition files.lib.php:1246
dol_dir_is_emtpy
dol_dir_is_emtpy($folder)
Test if a folder is empty.
Definition files.lib.php:569
dol_remove_file_process
dol_remove_file_process($filenb, $donotupdatesession=0, $donotdeletefile=1, $trackid='')
Remove an uploaded file (for example after submitting a new file a mail form).
Definition files.lib.php:2054
dolCheckOnFileName
dolCheckOnFileName($src_file, $dest_file='')
Check virus into a file.
Definition files.lib.php:1292
dol_dir_list
dol_dir_list($utf8_path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="", $donotfollowsymlinks=0, $nbsecondsold=0)
Scan a directory and return a list of files/directories.
Definition files.lib.php:63
deleteFilesIntoDatabaseIndex
deleteFilesIntoDatabaseIndex($dir, $file, $mode='uploaded')
Delete files into database index using search criteria.
Definition files.lib.php:2218
dol_readcachefile
dol_readcachefile($directory, $filename)
Read object from cachefile.
Definition files.lib.php:3555
dol_most_recent_file
dol_most_recent_file($dir, $regexfilter='', $excludefilter=array('(\.meta|_preview.*\.png) $', '^\.'), $nohook=0, $mode=0)
Return file(s) into a directory (by default most recent)
Definition files.lib.php:2717
dol_is_dir
dol_is_dir($folder)
Test if filename is a directory.
Definition files.lib.php:489
completeFileArrayWithDatabaseInfo
completeFileArrayWithDatabaseInfo(&$filearray, $relativedir)
Complete $filearray with data from database.
Definition files.lib.php:341
dol_cache_refresh
dol_cache_refresh($directory, $filename, $cachetime)
Test if Refresh needed.
Definition files.lib.php:3540
dolReplaceInFile
dolReplaceInFile($srcfile, $arrayreplacement, $destfile='', $newmask='0', $indexdatabase=0, $arrayreplacementisregex=0)
Make replacement of strings into a file.
Definition files.lib.php:677
dol_delete_preview
dol_delete_preview($object)
Delete all preview files linked to object instance.
Definition files.lib.php:1672
dol_is_dir_empty
dol_is_dir_empty($dir)
Return if path is empty.
Definition files.lib.php:505
dol_mimetype
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
Definition functions.lib.php:11572
img_picto
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=0, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
Definition functions.lib.php:4804
GETPOSTINT
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
Definition functions.lib.php:1078
getDolUserInt
getDolUserInt($key, $default=0, $tmpuser=null)
Return Dolibarr user constant int value.
Definition functions.lib.php:263
dol_osencode
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
Definition functions.lib.php:10100
dol_string_nohtmltag
dol_string_nohtmltag($stringtoclean, $removelinefeed=1, $pagecodeto='UTF-8', $strip_tags=0, $removedoublespaces=1)
Clean a string from all HTML tags and entities.
Definition functions.lib.php:7801
currentToken
currentToken()
Return the value of token currently saved into session with name 'token'.
Definition functions.lib.php:13011
dol_string_nospecial
dol_string_nospecial($str, $newstr='_', $badcharstoreplace='', $badcharstoremove='', $keepspaces=0)
Clean a string from all punctuation characters to use it as a ref or login.
Definition functions.lib.php:1721
dolChmod
dolChmod($filepath, $newmask='')
Change mod of a file.
Definition functions.lib.php:7762
dol_now
dol_now($mode='auto')
Return date for now.
Definition functions.lib.php:3604
getDolGlobalInt
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
Definition functions.lib.php:230
dol_escape_js
dol_escape_js($stringtoescape, $mode=0, $noescapebackslashn=0)
Returns text escaped for inclusion into javascript code.
Definition functions.lib.php:1772
dol_print_date
dol_print_date($time, $format='', $tzoutput='auto', $outputlangs=null, $encodetooutput=false)
Output date in a string format according to outputlangs (or langs if not defined).
Definition functions.lib.php:3215
dol_sort_array
dol_sort_array(&$array, $index, $order='asc', $natsort=0, $case_sensitive=0, $keepindex=0)
Advanced sort array by the value of a given key, which produces ascending (default) or descending out...
Definition functions.lib.php:9964
make_substitutions
make_substitutions($text, $substitutionarray, $outputlangs=null, $converttextinhtmlifnecessary=0)
Make substitution into a text string, replacing keys with vals from $substitutionarray (oldval=>newva...
Definition functions.lib.php:9344
GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition functions.lib.php:753
setEventMessages
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='', $noduplicate=0)
Set event messages in dol_events session object.
Definition functions.lib.php:9716
dol_sanitizeFileName
dol_sanitizeFileName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a file name.
Definition functions.lib.php:1547
dol_print_error
dol_print_error($db=null, $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
Definition functions.lib.php:5809
isAFileWithExecutableContent
isAFileWithExecutableContent($filename)
Return if a file can contains executable content.
Definition functions.lib.php:12983
getDolGlobalString
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
Definition functions.lib.php:215
utf8_check
utf8_check($str)
Check if a string is in UTF8.
Definition functions.lib.php:10022
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition functions.lib.php:2119
getEntity
getEntity($element, $shared=1, $currentobject=null)
Get list of entity id to use.
Definition functions.lib.php:406
dol_sanitizePathName
dol_sanitizePathName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a path name.
Definition functions.lib.php:1574
dol_mkdir
dol_mkdir($dir, $dataroot='', $newmask='')
Creation of a directory (this can create recursive subdir)
Definition functions.lib.php:7690
vignette
vignette($file, $maxWidth=160, $maxHeight=120, $extName='_small', $quality=50, $outdir='thumbs', $targetformat=0)
Create a thumbnail from an image file (Supported extensions are gif, jpg, png and bmp).
Definition images.lib.php:514
getDefaultImageSizes
if(!defined( 'IMAGETYPE_WEBP')) getDefaultImageSizes()
Return default values for image sizes.
Definition images.lib.php:45
image_format_supported
image_format_supported($file, $acceptsvg=0)
Return if a filename is file name of a supported image format.
Definition images.lib.php:85
getRandomPassword
getRandomPassword($generic=false, $replaceambiguouschars=null, $length=32)
Return a generated password using default module.
Definition security2.lib.php:488
checkUserAccessToObject
checkUserAccessToObject($user, array $featuresarray, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid', $parenttableforentity='')
Check that access by a given user to an object is ok.
Definition security.lib.php:849
dol_hash
dol_hash($chain, $type='0', $nosalt=0)
Returns a hash (non reversible encryption) of a string.
Definition security.lib.php:237
Generated on Thu Sep 5 2024 01:00:21 for dolibarr by Doxygen 1.11.0