dolibarr 20.0.0
files.lib.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2008-2012 Laurent Destailleur <eldy@users.sourceforge.net>
3 * Copyright (C) 2012-2021 Regis Houssin <regis.houssin@inodbox.com>
4 * Copyright (C) 2012-2016 Juanjo Menent <jmenent@2byte.es>
5 * Copyright (C) 2015 Marcos García <marcosgdf@gmail.com>
6 * Copyright (C) 2016 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
7 * Copyright (C) 2019-2024 Frédéric France <frederic.france@free.fr>
8 * Copyright (C) 2023 Lenin Rivas <lenin.rivas777@gmail.com>
9 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program. If not, see <https://www.gnu.org/licenses/>.
23 * or see https://www.gnu.org/
24 */
25
38function dol_basename($pathfile)
39{
40 return preg_replace('/^.*\/([^\/]+)$/', '$1', rtrim($pathfile, '/'));
41}
42
63function dol_dir_list($utf8_path, $types = "all", $recursive = 0, $filter = "", $excludefilter = null, $sortcriteria = "name", $sortorder = SORT_ASC, $mode = 0, $nohook = 0, $relativename = "", $donotfollowsymlinks = 0, $nbsecondsold = 0)
64{
65 global $db, $hookmanager;
66 global $object;
67
68 if ($recursive <= 1) { // Avoid too verbose log
69 // Verify filters (only on first call to function)
70 $filters_ok = true;
71 $error_info = "";
72 // Ensure we have an array for the exclusions
73 $exclude_array = ($excludefilter === null || $excludefilter === '') ? array() : (is_array($excludefilter) ? $excludefilter : array($excludefilter));
74 foreach ((array($filter) + $exclude_array) as $f) {
75 // Check that all '/' are escaped.
76 if ((int) preg_match('/(?:^|[^\\\\])\//', $f) > 0) {
77 $filters_ok = false;
78 $error_info .= " error='$f unescaped_slash'";
79 dol_syslog("'$f' has unescaped '/'", LOG_ERR);
80 }
81 }
82 dol_syslog("files.lib.php::dol_dir_list path=".$utf8_path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($excludefilter).$error_info);
83 // print 'xxx'."files.lib.php::dol_dir_list path=".$utf8_path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($exclude_array);
84 if (!$filters_ok) {
85 // Return empty array when filters are invalid
86 return array();
87 }
88 } else {
89 // Already computed before
90 $exclude_array = ($excludefilter === null || $excludefilter === '') ? array() : (is_array($excludefilter) ? $excludefilter : array($excludefilter));
91 }
92
93 // Define excludefilterarray (before while, for speed)
94 $excludefilterarray = array_merge(array('^\.'), $exclude_array);
95
96 $loaddate = ($mode == 1 || $mode == 2 || $nbsecondsold != 0 || $sortcriteria == 'date');
97 $loadsize = ($mode == 1 || $mode == 3 || $sortcriteria == 'size');
98 $loadperm = ($mode == 1 || $mode == 4 || $sortcriteria == 'perm');
99
100 // Clean parameters
101 $utf8_path = preg_replace('/([\\/]+)$/', '', $utf8_path);
102 $os_path = dol_osencode($utf8_path);
103 $now = dol_now();
104
105 $reshook = 0;
106 $file_list = array();
107
108 if (!$nohook && $hookmanager instanceof HookManager) {
109 $hookmanager->resArray = array();
110
111 $hookmanager->initHooks(array('fileslib'));
112
113 $parameters = array(
114 'path' => $os_path,
115 'types' => $types,
116 'recursive' => $recursive,
117 'filter' => $filter,
118 'excludefilter' => $exclude_array, // Already converted to array.
119 'sortcriteria' => $sortcriteria,
120 'sortorder' => $sortorder,
121 'loaddate' => $loaddate,
122 'loadsize' => $loadsize,
123 'mode' => $mode
124 );
125 $reshook = $hookmanager->executeHooks('getDirList', $parameters, $object);
126 }
127
128 // $hookmanager->resArray may contain array stacked by other modules
129 if (empty($reshook)) {
130 if (!is_dir($os_path)) {
131 return array();
132 }
133
134 if (($dir = opendir($os_path)) === false) {
135 return array();
136 } else {
137 $filedate = '';
138 $filesize = '';
139 $fileperm = '';
140
141 while (false !== ($os_file = readdir($dir))) { // $utf8_file is always a basename (in directory $os_path)
142 $os_fullpathfile = ($os_path ? $os_path.'/' : '').$os_file;
143
144 if (!utf8_check($os_file)) {
145 $utf8_file = mb_convert_encoding($os_file, 'UTF-8', 'ISO-8859-1'); // Make sure data is stored in utf8 in memory
146 } else {
147 $utf8_file = $os_file;
148 }
149
150 $qualified = 1;
151
152 $utf8_fullpathfile = "$utf8_path/$utf8_file"; // Temp variable for speed
153
154 // Check if file is qualified
155 foreach ($excludefilterarray as $filt) {
156 if (preg_match('/'.$filt.'/i', $utf8_file) || preg_match('/'.$filt.'/i', $utf8_fullpathfile)) {
157 $qualified = 0;
158 break;
159 }
160 }
161 //print $utf8_fullpathfile.' '.$utf8_file.' '.$qualified.'<br>';
162
163 if ($qualified) {
164 $isdir = is_dir($os_fullpathfile);
165 // Check whether this is a file or directory and whether we're interested in that type
166 if ($isdir) {
167 // Add entry into file_list array
168 if (($types == "directories") || ($types == "all")) {
169 if ($loaddate || $sortcriteria == 'date') {
170 $filedate = dol_filemtime($utf8_fullpathfile);
171 }
172 if ($loadsize || $sortcriteria == 'size') {
173 $filesize = dol_filesize($utf8_fullpathfile);
174 }
175 if ($loadperm || $sortcriteria == 'perm') {
176 $fileperm = dol_fileperm($utf8_fullpathfile);
177 }
178
179 if (!$filter || preg_match('/'.$filter.'/i', $utf8_file)) { // We do not search key $filter into all $path, only into $file part
180 $reg = array();
181 preg_match('/([^\/]+)\/[^\/]+$/', $utf8_fullpathfile, $reg);
182 $level1name = (isset($reg[1]) ? $reg[1] : '');
183 $file_list[] = array(
184 "name" => $utf8_file,
185 "path" => $utf8_path,
186 "level1name" => $level1name,
187 "relativename" => ($relativename ? $relativename.'/' : '').$utf8_file,
188 "fullname" => $utf8_fullpathfile,
189 "date" => $filedate,
190 "size" => $filesize,
191 "perm" => $fileperm,
192 "type" => 'dir'
193 );
194 }
195 }
196
197 // if we're in a directory and we want recursive behavior, call this function again
198 if ($recursive > 0) {
199 if (empty($donotfollowsymlinks) || !is_link($os_fullpathfile)) {
200 //var_dump('eee '. $utf8_fullpathfile. ' '.is_dir($utf8_fullpathfile).' '.is_link($utf8_fullpathfile));
201 $file_list = array_merge($file_list, dol_dir_list($utf8_fullpathfile, $types, $recursive + 1, $filter, $exclude_array, $sortcriteria, $sortorder, $mode, $nohook, ($relativename != '' ? $relativename.'/' : '').$utf8_file, $donotfollowsymlinks, $nbsecondsold));
202 }
203 }
204 } elseif (in_array($types, array("files", "all"))) {
205 // Add file into file_list array
206 if ($loaddate || $sortcriteria == 'date') {
207 $filedate = dol_filemtime($utf8_fullpathfile);
208 }
209 if ($loadsize || $sortcriteria == 'size') {
210 $filesize = dol_filesize($utf8_fullpathfile);
211 }
212
213 if (!$filter || preg_match('/'.$filter.'/i', $utf8_file)) { // We do not search key $filter into $utf8_path, only into $utf8_file
214 if (empty($nbsecondsold) || $filedate <= ($now - $nbsecondsold)) {
215 preg_match('/([^\/]+)\/[^\/]+$/', $utf8_fullpathfile, $reg);
216 $level1name = (isset($reg[1]) ? $reg[1] : '');
217 $file_list[] = array(
218 "name" => $utf8_file,
219 "path" => $utf8_path,
220 "level1name" => $level1name,
221 "relativename" => ($relativename ? $relativename.'/' : '').$utf8_file,
222 "fullname" => $utf8_fullpathfile,
223 "date" => $filedate,
224 "size" => $filesize,
225 "type" => 'file'
226 );
227 }
228 }
229 }
230 }
231 }
232 closedir($dir);
233
234 // Obtain a list of columns
235 if (!empty($sortcriteria) && $sortorder) {
236 $file_list = dol_sort_array($file_list, $sortcriteria, ($sortorder == SORT_ASC ? 'asc' : 'desc'));
237 }
238 }
239 }
240
241 if ($hookmanager instanceof HookManager && is_array($hookmanager->resArray)) {
242 $file_list = array_merge($file_list, $hookmanager->resArray);
243 }
244
245 return $file_list;
246}
247
248
262function dol_dir_list_in_database($path, $filter = "", $excludefilter = null, $sortcriteria = "name", $sortorder = SORT_ASC, $mode = 0)
263{
264 global $conf, $db;
265
266
267 $sql = " SELECT rowid, label, entity, filename, filepath, fullpath_orig, keywords, cover, gen_or_uploaded, extraparams,";
268 $sql .= " date_c, tms as date_m, fk_user_c, fk_user_m, acl, position, share";
269 if ($mode) {
270 $sql .= ", description";
271 }
272 $sql .= " FROM ".MAIN_DB_PREFIX."ecm_files";
273 $sql .= " WHERE entity = ".$conf->entity;
274 if (preg_match('/%$/', $path)) {
275 $sql .= " AND filepath LIKE '".$db->escape($path)."'";
276 } else {
277 $sql .= " AND filepath = '".$db->escape($path)."'";
278 }
279
280 $resql = $db->query($sql);
281 if ($resql) {
282 $file_list = array();
283 $num = $db->num_rows($resql);
284 $i = 0;
285 while ($i < $num) {
286 $obj = $db->fetch_object($resql);
287 if ($obj) {
288 $reg = array();
289 preg_match('/([^\/]+)\/[^\/]+$/', DOL_DATA_ROOT.'/'.$obj->filepath.'/'.$obj->filename, $reg);
290 $level1name = (isset($reg[1]) ? $reg[1] : '');
291 $file_list[] = array(
292 "rowid" => $obj->rowid,
293 "label" => $obj->label, // md5
294 "name" => $obj->filename,
295 "path" => DOL_DATA_ROOT.'/'.$obj->filepath,
296 "level1name" => $level1name,
297 "fullname" => DOL_DATA_ROOT.'/'.$obj->filepath.'/'.$obj->filename,
298 "fullpath_orig" => $obj->fullpath_orig,
299 "date_c" => $db->jdate($obj->date_c),
300 "date_m" => $db->jdate($obj->date_m),
301 "type" => 'file',
302 "keywords" => $obj->keywords,
303 "cover" => $obj->cover,
304 "position" => (int) $obj->position,
305 "acl" => $obj->acl,
306 "share" => $obj->share,
307 "description" => ($mode ? $obj->description : '')
308 );
309 }
310 $i++;
311 }
312
313 // Obtain a list of columns
314 if (!empty($sortcriteria)) {
315 $myarray = array();
316 foreach ($file_list as $key => $row) {
317 $myarray[$key] = (isset($row[$sortcriteria]) ? $row[$sortcriteria] : '');
318 }
319 // Sort the data
320 if ($sortorder) {
321 array_multisort($myarray, $sortorder, SORT_REGULAR, $file_list);
322 }
323 }
324
325 return $file_list;
326 } else {
327 dol_print_error($db);
328 return array();
329 }
330}
331
332
341function completeFileArrayWithDatabaseInfo(&$filearray, $relativedir)
342{
343 global $conf, $db, $user;
344
345 $filearrayindatabase = dol_dir_list_in_database($relativedir, '', null, 'name', SORT_ASC);
346
347 // TODO Remove this when PRODUCT_USE_OLD_PATH_FOR_PHOTO will be removed
348 global $modulepart;
349 if ($modulepart == 'produit' && getDolGlobalInt('PRODUCT_USE_OLD_PATH_FOR_PHOTO')) {
350 global $object;
351 if (!empty($object->id)) {
352 if (isModEnabled("product")) {
353 $upload_dirold = $conf->product->multidir_output[$object->entity].'/'.substr(substr("000".$object->id, -2), 1, 1).'/'.substr(substr("000".$object->id, -2), 0, 1).'/'.$object->id."/photos";
354 } else {
355 $upload_dirold = $conf->service->multidir_output[$object->entity].'/'.substr(substr("000".$object->id, -2), 1, 1).'/'.substr(substr("000".$object->id, -2), 0, 1).'/'.$object->id."/photos";
356 }
357
358 $relativedirold = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $upload_dirold);
359 $relativedirold = preg_replace('/^[\\/]/', '', $relativedirold);
360
361 $filearrayindatabase = array_merge($filearrayindatabase, dol_dir_list_in_database($relativedirold, '', null, 'name', SORT_ASC));
362 }
363 } elseif ($modulepart == 'ticket') {
364 foreach ($filearray as $key => $val) {
365 $rel_dir = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filearray[$key]['path']);
366 $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir);
367 $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir);
368 if ($rel_dir != $relativedir) {
369 $filearrayindatabase = array_merge($filearrayindatabase, dol_dir_list_in_database($rel_dir, '', null, 'name', SORT_ASC));
370 }
371 }
372 }
373
374 //var_dump($relativedir);
375 //var_dump($filearray);
376 //var_dump($filearrayindatabase);
377
378 // Complete filearray with properties found into $filearrayindatabase
379 foreach ($filearray as $key => $val) {
380 $tmpfilename = preg_replace('/\.noexe$/', '', $filearray[$key]['name']);
381 $found = 0;
382 // Search if it exists into $filearrayindatabase
383 foreach ($filearrayindatabase as $key2 => $val2) {
384 if (($filearrayindatabase[$key2]['path'] == $filearray[$key]['path']) && ($filearrayindatabase[$key2]['name'] == $tmpfilename)) {
385 $filearray[$key]['position_name'] = ($filearrayindatabase[$key2]['position'] ? $filearrayindatabase[$key2]['position'] : '0').'_'.$filearrayindatabase[$key2]['name'];
386 $filearray[$key]['position'] = $filearrayindatabase[$key2]['position'];
387 $filearray[$key]['cover'] = $filearrayindatabase[$key2]['cover'];
388 $filearray[$key]['keywords'] = $filearrayindatabase[$key2]['keywords'];
389 $filearray[$key]['acl'] = $filearrayindatabase[$key2]['acl'];
390 $filearray[$key]['rowid'] = $filearrayindatabase[$key2]['rowid'];
391 $filearray[$key]['label'] = $filearrayindatabase[$key2]['label'];
392 $filearray[$key]['share'] = $filearrayindatabase[$key2]['share'];
393 $found = 1;
394 break;
395 }
396 }
397
398 if (!$found) { // This happen in transition toward version 6, or if files were added manually into os dir.
399 $filearray[$key]['position'] = '999999'; // File not indexed are at end. So if we add a file, it will not replace an existing position
400 $filearray[$key]['cover'] = 0;
401 $filearray[$key]['acl'] = '';
402 $filearray[$key]['share'] = 0;
403
404 $rel_filename = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filearray[$key]['fullname']);
405
406 if (!preg_match('/([\\/]temp[\\/]|[\\/]thumbs|\.meta$)/', $rel_filename)) { // If not a tmp file
407 dol_syslog("list_of_documents We found a file called '".$filearray[$key]['name']."' not indexed into database. We add it");
408 include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
409 $ecmfile = new EcmFiles($db);
410
411 // Add entry into database
412 $filename = basename($rel_filename);
413 $rel_dir = dirname($rel_filename);
414 $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir);
415 $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir);
416
417 $ecmfile->filepath = $rel_dir;
418 $ecmfile->filename = $filename;
419 $ecmfile->label = md5_file(dol_osencode($filearray[$key]['fullname'])); // $destfile is a full path to file
420 $ecmfile->fullpath_orig = $filearray[$key]['fullname'];
421 $ecmfile->gen_or_uploaded = 'unknown';
422 $ecmfile->description = ''; // indexed content
423 $ecmfile->keywords = ''; // keyword content
424 $result = $ecmfile->create($user);
425 if ($result < 0) {
426 setEventMessages($ecmfile->error, $ecmfile->errors, 'warnings');
427 } else {
428 $filearray[$key]['rowid'] = $result;
429 }
430 } else {
431 $filearray[$key]['rowid'] = 0; // Should not happened
432 }
433 }
434 }
435 //var_dump($filearray); var_dump($relativedir.' - tmpfilename='.$tmpfilename.' - found='.$found);
436}
437
438
446function dol_compare_file($a, $b)
447{
448 global $sortorder, $sortfield;
449
450 $sortorder = strtoupper($sortorder);
451
452 if ($sortorder == 'ASC') {
453 $retup = -1;
454 $retdown = 1;
455 } else {
456 $retup = 1;
457 $retdown = -1;
458 }
459
460 if ($sortfield == 'name') {
461 if ($a->name == $b->name) {
462 return 0;
463 }
464 return ($a->name < $b->name) ? $retup : $retdown;
465 }
466 if ($sortfield == 'date') {
467 if ($a->date == $b->date) {
468 return 0;
469 }
470 return ($a->date < $b->date) ? $retup : $retdown;
471 }
472 if ($sortfield == 'size') {
473 if ($a->size == $b->size) {
474 return 0;
475 }
476 return ($a->size < $b->size) ? $retup : $retdown;
477 }
478
479 return 0;
480}
481
482
489function dol_is_dir($folder)
490{
491 $newfolder = dol_osencode($folder);
492 if (is_dir($newfolder)) {
493 return true;
494 } else {
495 return false;
496 }
497}
498
505function dol_is_dir_empty($dir)
506{
507 if (!is_readable($dir)) {
508 return false;
509 }
510 return (count(scandir($dir)) == 2);
511}
512
519function dol_is_file($pathoffile)
520{
521 $newpathoffile = dol_osencode($pathoffile);
522 return is_file($newpathoffile);
523}
524
531function dol_is_link($pathoffile)
532{
533 $newpathoffile = dol_osencode($pathoffile);
534 return is_link($newpathoffile);
535}
536
543function dol_is_writable($folderorfile)
544{
545 $newfolderorfile = dol_osencode($folderorfile);
546 return is_writable($newfolderorfile);
547}
548
557function dol_is_url($uri)
558{
559 $prots = array('file', 'http', 'https', 'ftp', 'zlib', 'data', 'ssh', 'ssh2', 'ogg', 'expect');
560 return false !== preg_match('/^('.implode('|', $prots).'):/i', $uri);
561}
562
569function dol_dir_is_emtpy($folder)
570{
571 $newfolder = dol_osencode($folder);
572 if (is_dir($newfolder)) {
573 $handle = opendir($newfolder);
574 $folder_content = '';
575 $name_array = [];
576 while ((gettype($name = readdir($handle)) != "boolean")) {
577 $name_array[] = $name;
578 }
579 foreach ($name_array as $temp) {
580 $folder_content .= $temp;
581 }
582
583 closedir($handle);
584
585 if ($folder_content == "...") {
586 return true;
587 } else {
588 return false;
589 }
590 } else {
591 return true; // Dir does not exists
592 }
593}
594
602function dol_count_nb_of_line($file)
603{
604 $nb = 0;
605
606 $newfile = dol_osencode($file);
607 //print 'x'.$file;
608 $fp = fopen($newfile, 'r');
609 if ($fp) {
610 while (!feof($fp)) {
611 $line = fgets($fp);
612 // Increase count only if read was success.
613 // Test needed because feof returns true only after fgets
614 // so we do n+1 fgets for a file with n lines.
615 if ($line !== false) {
616 $nb++;
617 }
618 }
619 fclose($fp);
620 } else {
621 $nb = -1;
622 }
623
624 return $nb;
625}
626
627
635function dol_filesize($pathoffile)
636{
637 $newpathoffile = dol_osencode($pathoffile);
638 return filesize($newpathoffile);
639}
640
647function dol_filemtime($pathoffile)
648{
649 $newpathoffile = dol_osencode($pathoffile);
650 return @filemtime($newpathoffile); // @Is to avoid errors if files does not exists
651}
652
659function dol_fileperm($pathoffile)
660{
661 $newpathoffile = dol_osencode($pathoffile);
662 return fileperms($newpathoffile);
663}
664
677function dolReplaceInFile($srcfile, $arrayreplacement, $destfile = '', $newmask = '0', $indexdatabase = 0, $arrayreplacementisregex = 0)
678{
679 dol_syslog("files.lib.php::dolReplaceInFile srcfile=".$srcfile." destfile=".$destfile." newmask=".$newmask." indexdatabase=".$indexdatabase." arrayreplacementisregex=".$arrayreplacementisregex);
680
681 if (empty($srcfile)) {
682 return -1;
683 }
684 if (empty($destfile)) {
685 $destfile = $srcfile;
686 }
687
688 // Clean the aa/bb/../cc into aa/cc
689 $srcfile = preg_replace('/\.\.\/?/', '', $srcfile);
690 $destfile = preg_replace('/\.\.\/?/', '', $destfile);
691
692 $destexists = dol_is_file($destfile);
693 if (($destfile != $srcfile) && $destexists) {
694 return 0;
695 }
696
697 $srcexists = dol_is_file($srcfile);
698 if (!$srcexists) {
699 dol_syslog("files.lib.php::dolReplaceInFile failed to read src file", LOG_WARNING);
700 return -3;
701 }
702
703 $tmpdestfile = $destfile.'.tmp';
704
705 $newpathofsrcfile = dol_osencode($srcfile);
706 $newpathoftmpdestfile = dol_osencode($tmpdestfile);
707 $newpathofdestfile = dol_osencode($destfile);
708 $newdirdestfile = dirname($newpathofdestfile);
709
710 if ($destexists && !is_writable($newpathofdestfile)) {
711 dol_syslog("files.lib.php::dolReplaceInFile failed Permission denied to overwrite target file", LOG_WARNING);
712 return -1;
713 }
714 if (!is_writable($newdirdestfile)) {
715 dol_syslog("files.lib.php::dolReplaceInFile failed Permission denied to write into target directory ".$newdirdestfile, LOG_WARNING);
716 return -2;
717 }
718
719 dol_delete_file($tmpdestfile);
720
721 // Create $newpathoftmpdestfile from $newpathofsrcfile
722 $content = file_get_contents($newpathofsrcfile);
723
724 if (empty($arrayreplacementisregex)) {
725 $content = make_substitutions($content, $arrayreplacement, null);
726 } else {
727 foreach ($arrayreplacement as $key => $value) {
728 $content = preg_replace($key, $value, $content);
729 }
730 }
731
732 file_put_contents($newpathoftmpdestfile, $content);
733 dolChmod($newpathoftmpdestfile, $newmask);
734
735 // Rename
736 $result = dol_move($newpathoftmpdestfile, $newpathofdestfile, $newmask, (($destfile == $srcfile) ? 1 : 0), 0, $indexdatabase);
737 if (!$result) {
738 dol_syslog("files.lib.php::dolReplaceInFile failed to move tmp file to final dest", LOG_WARNING);
739 return -3;
740 }
741 if (empty($newmask) && getDolGlobalString('MAIN_UMASK')) {
742 $newmask = getDolGlobalString('MAIN_UMASK');
743 }
744 if (empty($newmask)) { // This should no happen
745 dol_syslog("Warning: dolReplaceInFile called with empty value for newmask and no default value defined", LOG_WARNING);
746 $newmask = '0664';
747 }
748
749 dolChmod($newpathofdestfile, $newmask);
750
751 return 1;
752}
753
754
767function dol_copy($srcfile, $destfile, $newmask = '0', $overwriteifexists = 1, $testvirus = 0, $indexdatabase = 0)
768{
769 global $db, $user;
770
771 dol_syslog("files.lib.php::dol_copy srcfile=".$srcfile." destfile=".$destfile." newmask=".$newmask." overwriteifexists=".$overwriteifexists);
772
773 if (empty($srcfile) || empty($destfile)) {
774 return -1;
775 }
776
777 $destexists = dol_is_file($destfile);
778 if (!$overwriteifexists && $destexists) {
779 return 0;
780 }
781
782 $newpathofsrcfile = dol_osencode($srcfile);
783 $newpathofdestfile = dol_osencode($destfile);
784 $newdirdestfile = dirname($newpathofdestfile);
785
786 if ($destexists && !is_writable($newpathofdestfile)) {
787 dol_syslog("files.lib.php::dol_copy failed Permission denied to overwrite target file", LOG_WARNING);
788 return -1;
789 }
790 if (!is_writable($newdirdestfile)) {
791 dol_syslog("files.lib.php::dol_copy failed Permission denied to write into target directory ".$newdirdestfile, LOG_WARNING);
792 return -2;
793 }
794
795 // Check virus
796 $testvirusarray = array();
797 if ($testvirus) {
798 $testvirusarray = dolCheckVirus($srcfile, $destfile);
799 if (count($testvirusarray)) {
800 dol_syslog("files.lib.php::dol_copy canceled because a virus was found into source file. we ignore the copy request.", LOG_WARNING);
801 return -3;
802 }
803 }
804
805 // Copy with overwriting if exists
806 $result = @copy($newpathofsrcfile, $newpathofdestfile);
807 //$result=copy($newpathofsrcfile, $newpathofdestfile); // To see errors, remove @
808 if (!$result) {
809 dol_syslog("files.lib.php::dol_copy failed to copy", LOG_WARNING);
810 return -3;
811 }
812 if (empty($newmask) && getDolGlobalString('MAIN_UMASK')) {
813 $newmask = getDolGlobalString('MAIN_UMASK');
814 }
815 if (empty($newmask)) { // This should no happen
816 dol_syslog("Warning: dol_copy called with empty value for newmask and no default value defined", LOG_WARNING);
817 $newmask = '0664';
818 }
819
820 dolChmod($newpathofdestfile, $newmask);
821
822 if ($result && $indexdatabase) {
823 // Add entry into ecm database
824 $rel_filetocopyafter = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $newpathofdestfile);
825 if (!preg_match('/([\\/]temp[\\/]|[\\/]thumbs|\.meta$)/', $rel_filetocopyafter)) { // If not a tmp file
826 $rel_filetocopyafter = preg_replace('/^[\\/]/', '', $rel_filetocopyafter);
827 //var_dump($rel_filetorenamebefore.' - '.$rel_filetocopyafter);exit;
828
829 dol_syslog("Try to copy also entries in database for: ".$rel_filetocopyafter, LOG_DEBUG);
830 include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
831
832 $ecmfiletarget = new EcmFiles($db);
833 $resultecmtarget = $ecmfiletarget->fetch(0, '', $rel_filetocopyafter);
834 if ($resultecmtarget > 0) { // An entry for target name already exists for target, we delete it, a new one will be created.
835 dol_syslog("ECM dest file found, remove it", LOG_DEBUG);
836 $ecmfiletarget->delete($user);
837 } else {
838 dol_syslog("ECM dest file not found, create it", LOG_DEBUG);
839 }
840
841 $ecmSrcfile = new EcmFiles($db);
842 $resultecm = $ecmSrcfile->fetch(0, '', $srcfile);
843 if ($resultecm) {
844 dol_syslog("Fetch src file ok", LOG_DEBUG);
845 } else {
846 dol_syslog("Fetch src file error", LOG_DEBUG);
847 }
848
849 $ecmfile = new EcmFiles($db);
850 $filename = basename($rel_filetocopyafter);
851 $rel_dir = dirname($rel_filetocopyafter);
852 $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir);
853 $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir);
854
855 $ecmfile->filepath = $rel_dir;
856 $ecmfile->filename = $filename;
857 $ecmfile->label = md5_file(dol_osencode($destfile)); // $destfile is a full path to file
858 $ecmfile->fullpath_orig = $srcfile;
859 $ecmfile->gen_or_uploaded = 'copy';
860 $ecmfile->description = $ecmSrcfile->description;
861 $ecmfile->keywords = $ecmSrcfile->keywords;
862 $resultecm = $ecmfile->create($user);
863 if ($resultecm < 0) {
864 dol_syslog("Create ECM file ok", LOG_DEBUG);
865 setEventMessages($ecmfile->error, $ecmfile->errors, 'warnings');
866 } else {
867 dol_syslog("Create ECM file error", LOG_DEBUG);
868 setEventMessages($ecmfile->error, $ecmfile->errors, 'warnings');
869 }
870
871 if ($resultecm > 0) {
872 $result = 1;
873 } else {
874 $result = -1;
875 }
876 }
877 }
878
879 return (int) $result;
880}
881
896function dolCopyDir($srcfile, $destfile, $newmask, $overwriteifexists, $arrayreplacement = null, $excludesubdir = 0, $excludefileext = null, $excludearchivefiles = 0)
897{
898 $result = 0;
899
900 dol_syslog("files.lib.php::dolCopyDir srcfile=".$srcfile." destfile=".$destfile." newmask=".$newmask." overwriteifexists=".$overwriteifexists);
901
902 if (empty($srcfile) || empty($destfile)) {
903 return -1;
904 }
905
906 $destexists = dol_is_dir($destfile);
907
908 //if (! $overwriteifexists && $destexists) return 0; // The overwriteifexists is for files only, so propagated to dol_copy only.
909
910 if (!$destexists) {
911 // We must set mask just before creating dir, because it can be set differently by dol_copy
912 umask(0);
913 $dirmaskdec = octdec($newmask);
914 if (empty($newmask) && getDolGlobalString('MAIN_UMASK')) {
915 $dirmaskdec = octdec(getDolGlobalString('MAIN_UMASK'));
916 }
917 $dirmaskdec |= octdec('0200'); // Set w bit required to be able to create content for recursive subdirs files
918
919 $result = dol_mkdir($destfile, '', decoct($dirmaskdec));
920
921 if (!dol_is_dir($destfile)) {
922 // The output directory does not exists and we failed to create it. So we stop here.
923 return -1;
924 }
925 }
926
927 $ossrcfile = dol_osencode($srcfile);
928 $osdestfile = dol_osencode($destfile);
929
930 // Recursive function to copy all subdirectories and contents:
931 if (is_dir($ossrcfile)) {
932 $dir_handle = opendir($ossrcfile);
933 while ($file = readdir($dir_handle)) {
934 if ($file != "." && $file != ".." && !is_link($ossrcfile."/".$file)) {
935 if (is_dir($ossrcfile."/".$file)) {
936 if (empty($excludesubdir) || ($excludesubdir == 2 && strlen($file) == 2)) {
937 $newfile = $file;
938 // Replace destination filename with a new one
939 if (is_array($arrayreplacement)) {
940 foreach ($arrayreplacement as $key => $val) {
941 $newfile = str_replace($key, $val, $newfile);
942 }
943 }
944 //var_dump("xxx dolCopyDir $srcfile/$file, $destfile/$file, $newmask, $overwriteifexists");
945 $tmpresult = dolCopyDir($srcfile."/".$file, $destfile."/".$newfile, $newmask, $overwriteifexists, $arrayreplacement, $excludesubdir, $excludefileext, $excludearchivefiles);
946 }
947 } else {
948 $newfile = $file;
949
950 if (is_array($excludefileext)) {
951 $extension = pathinfo($file, PATHINFO_EXTENSION);
952 if (in_array($extension, $excludefileext)) {
953 //print "We exclude the file ".$file." because its extension is inside list ".join(', ', $excludefileext); exit;
954 continue;
955 }
956 }
957
958 if ($excludearchivefiles == 1) {
959 $extension = pathinfo($file, PATHINFO_EXTENSION);
960 if (preg_match('/^[v|d]\d+$/', $extension)) {
961 continue;
962 }
963 }
964
965 // Replace destination filename with a new one
966 if (is_array($arrayreplacement)) {
967 foreach ($arrayreplacement as $key => $val) {
968 $newfile = str_replace($key, $val, $newfile);
969 }
970 }
971 $tmpresult = dol_copy($srcfile."/".$file, $destfile."/".$newfile, $newmask, $overwriteifexists);
972 }
973 // Set result
974 if ($result > 0 && $tmpresult >= 0) {
975 // Do nothing, so we don't set result to 0 if tmpresult is 0 and result was success in a previous pass
976 } else {
977 $result = $tmpresult;
978 }
979 if ($result < 0) {
980 break;
981 }
982 }
983 }
984 closedir($dir_handle);
985 } else {
986 // Source directory does not exists
987 $result = -2;
988 }
989
990 return (int) $result;
991}
992
993
1011function dol_move($srcfile, $destfile, $newmask = '0', $overwriteifexists = 1, $testvirus = 0, $indexdatabase = 1, $moreinfo = array())
1012{
1013 global $user, $db, $conf;
1014 $result = false;
1015
1016 dol_syslog("files.lib.php::dol_move srcfile=".$srcfile." destfile=".$destfile." newmask=".$newmask." overwritifexists=".$overwriteifexists);
1017 $srcexists = dol_is_file($srcfile);
1018 $destexists = dol_is_file($destfile);
1019
1020 if (!$srcexists) {
1021 dol_syslog("files.lib.php::dol_move srcfile does not exists. we ignore the move request.");
1022 return false;
1023 }
1024
1025 if ($overwriteifexists || !$destexists) {
1026 $newpathofsrcfile = dol_osencode($srcfile);
1027 $newpathofdestfile = dol_osencode($destfile);
1028
1029 // Check on virus
1030 $testvirusarray = array();
1031 if ($testvirus) {
1032 // Check using filename + antivirus
1033 $testvirusarray = dolCheckVirus($newpathofsrcfile, $newpathofdestfile);
1034 if (count($testvirusarray)) {
1035 dol_syslog("files.lib.php::dol_move canceled because a virus was found into source file. We ignore the move request.", LOG_WARNING);
1036 return false;
1037 }
1038 } else {
1039 // Check using filename only
1040 $testvirusarray = dolCheckOnFileName($newpathofsrcfile, $newpathofdestfile);
1041 if (count($testvirusarray)) {
1042 dol_syslog("files.lib.php::dol_move canceled because a virus was found into source file. We ignore the move request.", LOG_WARNING);
1043 return false;
1044 }
1045 }
1046
1047 global $dolibarr_main_restrict_os_commands;
1048 if (!empty($dolibarr_main_restrict_os_commands)) {
1049 $arrayofallowedcommand = explode(',', $dolibarr_main_restrict_os_commands);
1050 $arrayofallowedcommand = array_map('trim', $arrayofallowedcommand);
1051 if (in_array(basename($destfile), $arrayofallowedcommand)) {
1052 //$langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now.
1053 //setEventMessages($langs->trans("ErrorFilenameReserved", basename($destfile)), null, 'errors');
1054 dol_syslog("files.lib.php::dol_move canceled because target filename ".basename($destfile)." is using a reserved command name. we ignore the move request.", LOG_WARNING);
1055 return false;
1056 }
1057 }
1058
1059 $result = @rename($newpathofsrcfile, $newpathofdestfile); // To see errors, remove @
1060 if (!$result) {
1061 if ($destexists) {
1062 dol_syslog("files.lib.php::dol_move Failed. We try to delete target first and move after.", LOG_WARNING);
1063 // We force delete and try again. Rename function sometimes fails to replace dest file with some windows NTFS partitions.
1064 dol_delete_file($destfile);
1065 $result = @rename($newpathofsrcfile, $newpathofdestfile); // To see errors, remove @
1066 } else {
1067 dol_syslog("files.lib.php::dol_move Failed.", LOG_WARNING);
1068 }
1069 }
1070
1071 // Move ok
1072 if ($result && $indexdatabase) {
1073 // Rename entry into ecm database
1074 $rel_filetorenamebefore = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $srcfile);
1075 $rel_filetorenameafter = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $destfile);
1076 if (!preg_match('/([\\/]temp[\\/]|[\\/]thumbs|\.meta$)/', $rel_filetorenameafter)) { // If not a tmp file
1077 $rel_filetorenamebefore = preg_replace('/^[\\/]/', '', $rel_filetorenamebefore);
1078 $rel_filetorenameafter = preg_replace('/^[\\/]/', '', $rel_filetorenameafter);
1079 //var_dump($rel_filetorenamebefore.' - '.$rel_filetorenameafter);exit;
1080
1081 dol_syslog("Try to rename also entries in database for full relative path before = ".$rel_filetorenamebefore." after = ".$rel_filetorenameafter, LOG_DEBUG);
1082 include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
1083
1084 $ecmfiletarget = new EcmFiles($db);
1085 $resultecmtarget = $ecmfiletarget->fetch(0, '', $rel_filetorenameafter);
1086 if ($resultecmtarget > 0) { // An entry for target name already exists for target, we delete it, a new one will be created.
1087 $ecmfiletarget->delete($user);
1088 }
1089
1090 $ecmfile = new EcmFiles($db);
1091 $resultecm = $ecmfile->fetch(0, '', $rel_filetorenamebefore);
1092 if ($resultecm > 0) { // If an entry was found for src file, we use it to move entry
1093 $filename = basename($rel_filetorenameafter);
1094 $rel_dir = dirname($rel_filetorenameafter);
1095 $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir);
1096 $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir);
1097
1098 $ecmfile->filepath = $rel_dir;
1099 $ecmfile->filename = $filename;
1100
1101 $resultecm = $ecmfile->update($user);
1102 } elseif ($resultecm == 0) { // If no entry were found for src files, create/update target file
1103 $filename = basename($rel_filetorenameafter);
1104 $rel_dir = dirname($rel_filetorenameafter);
1105 $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir);
1106 $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir);
1107
1108 $ecmfile->filepath = $rel_dir;
1109 $ecmfile->filename = $filename;
1110 $ecmfile->label = md5_file(dol_osencode($destfile)); // $destfile is a full path to file
1111 $ecmfile->fullpath_orig = basename($srcfile);
1112 $ecmfile->gen_or_uploaded = 'uploaded';
1113 if (!empty($moreinfo) && !empty($moreinfo['description'])) {
1114 $ecmfile->description = $moreinfo['description']; // indexed content
1115 } else {
1116 $ecmfile->description = ''; // indexed content
1117 }
1118 if (!empty($moreinfo) && !empty($moreinfo['keywords'])) {
1119 $ecmfile->keywords = $moreinfo['keywords']; // indexed content
1120 } else {
1121 $ecmfile->keywords = ''; // keyword content
1122 }
1123 if (!empty($moreinfo) && !empty($moreinfo['note_private'])) {
1124 $ecmfile->note_private = $moreinfo['note_private'];
1125 }
1126 if (!empty($moreinfo) && !empty($moreinfo['note_public'])) {
1127 $ecmfile->note_public = $moreinfo['note_public'];
1128 }
1129 if (!empty($moreinfo) && !empty($moreinfo['src_object_type'])) {
1130 $ecmfile->src_object_type = $moreinfo['src_object_type'];
1131 }
1132 if (!empty($moreinfo) && !empty($moreinfo['src_object_id'])) {
1133 $ecmfile->src_object_id = $moreinfo['src_object_id'];
1134 }
1135
1136 $resultecm = $ecmfile->create($user);
1137 if ($resultecm < 0) {
1138 setEventMessages($ecmfile->error, $ecmfile->errors, 'warnings');
1139 }
1140 } elseif ($resultecm < 0) {
1141 setEventMessages($ecmfile->error, $ecmfile->errors, 'warnings');
1142 }
1143
1144 if ($resultecm > 0) {
1145 $result = true;
1146 } else {
1147 $result = false;
1148 }
1149 }
1150 }
1151
1152 if (empty($newmask)) {
1153 $newmask = getDolGlobalString('MAIN_UMASK', '0755');
1154 }
1155
1156 // Currently method is restricted to files (dol_delete_files previously used is for files, and mask usage if for files too)
1157 // to allow mask usage for dir, we should introduce a new param "isdir" to 1 to complete newmask like this
1158 // if ($isdir) $newmaskdec |= octdec('0111'); // Set x bit required for directories
1159 dolChmod($newpathofdestfile, $newmask);
1160 }
1161
1162 return $result;
1163}
1164
1175function dol_move_dir($srcdir, $destdir, $overwriteifexists = 1, $indexdatabase = 1, $renamedircontent = 1)
1176{
1177 $result = false;
1178
1179 dol_syslog("files.lib.php::dol_move_dir srcdir=".$srcdir." destdir=".$destdir." overwritifexists=".$overwriteifexists." indexdatabase=".$indexdatabase." renamedircontent=".$renamedircontent);
1180 $srcexists = dol_is_dir($srcdir);
1181 $srcbasename = basename($srcdir);
1182 $destexists = dol_is_dir($destdir);
1183
1184 if (!$srcexists) {
1185 dol_syslog("files.lib.php::dol_move_dir srcdir does not exists. Move fails");
1186 return false;
1187 }
1188
1189 if ($overwriteifexists || !$destexists) {
1190 $newpathofsrcdir = dol_osencode($srcdir);
1191 $newpathofdestdir = dol_osencode($destdir);
1192
1193 // On windows, if destination directory exists and is empty, command fails. So if overwrite is on, we first remove destination directory.
1194 // On linux, if destination directory exists and is empty, command succeed. So no need to delete di destination directory first.
1195 // Note: If dir exists and is not empty, it will and must fail on both linux and windows even, if option $overwriteifexists is on.
1196 if ($overwriteifexists) {
1197 if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
1198 if (is_dir($newpathofdestdir)) {
1199 @rmdir($newpathofdestdir);
1200 }
1201 }
1202 }
1203
1204 $result = @rename($newpathofsrcdir, $newpathofdestdir);
1205
1206 // Now rename contents in the directory after the move to match the new destination
1207 if ($result && $renamedircontent) {
1208 if (file_exists($newpathofdestdir)) {
1209 $destbasename = basename($newpathofdestdir);
1210 $files = dol_dir_list($newpathofdestdir);
1211 if (!empty($files) && is_array($files)) {
1212 foreach ($files as $key => $file) {
1213 if (!file_exists($file["fullname"])) {
1214 continue;
1215 }
1216 $filepath = $file["path"];
1217 $oldname = $file["name"];
1218
1219 $newname = str_replace($srcbasename, $destbasename, $oldname);
1220 if (!empty($newname) && $newname !== $oldname) {
1221 if ($file["type"] == "dir") {
1222 $res = dol_move_dir($filepath.'/'.$oldname, $filepath.'/'.$newname, $overwriteifexists, $indexdatabase, $renamedircontent);
1223 } else {
1224 $res = dol_move($filepath.'/'.$oldname, $filepath.'/'.$newname, 0, $overwriteifexists, 0, $indexdatabase);
1225 }
1226 if (!$res) {
1227 return $result;
1228 }
1229 }
1230 }
1231 $result = true;
1232 }
1233 }
1234 }
1235 }
1236 return $result;
1237}
1238
1246function dol_unescapefile($filename)
1247{
1248 // Remove path information and dots around the filename, to prevent uploading
1249 // into different directories or replacing hidden system files.
1250 // Also remove control characters and spaces (\x00..\x20) around the filename:
1251 return trim(basename($filename), ".\x00..\x20");
1252}
1253
1254
1262function dolCheckVirus($src_file, $dest_file = '')
1263{
1264 global $db;
1265
1266 $reterrors = dolCheckOnFileName($src_file, $dest_file);
1267 if (!empty($reterrors)) {
1268 return $reterrors;
1269 }
1270
1271 if (getDolGlobalString('MAIN_ANTIVIRUS_COMMAND')) {
1272 if (!class_exists('AntiVir')) {
1273 require_once DOL_DOCUMENT_ROOT.'/core/class/antivir.class.php';
1274 }
1275 $antivir = new AntiVir($db);
1276 $result = $antivir->dol_avscan_file($src_file);
1277 if ($result < 0) { // If virus or error, we stop here
1278 $reterrors = $antivir->errors;
1279 return $reterrors;
1280 }
1281 }
1282 return array();
1283}
1284
1292function dolCheckOnFileName($src_file, $dest_file = '')
1293{
1294 if (preg_match('/\.pdf$/i', $dest_file)) {
1295 if (!getDolGlobalString('MAIN_ANTIVIRUS_ALLOW_JS_IN_PDF')) {
1296 dol_syslog("dolCheckOnFileName Check that pdf does not contains js code");
1297
1298 $tmp = file_get_contents(trim($src_file));
1299 if (preg_match('/[\n\s]+\/JavaScript[\n\s]+/m', $tmp)) {
1300 return array('File is a PDF with javascript inside');
1301 }
1302 } else {
1303 dol_syslog("dolCheckOnFileName Check js into pdf disabled");
1304 }
1305 }
1306
1307 return array();
1308}
1309
1310
1331function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disablevirusscan = 0, $uploaderrorcode = 0, $nohook = 0, $varfiles = 'addedfile', $upload_dir = '')
1332{
1333 global $conf;
1334 global $object, $hookmanager;
1335
1336 $reshook = 0;
1337 $file_name = $dest_file;
1338 $successcode = 1;
1339
1340 if (empty($nohook)) {
1341 $reshook = $hookmanager->initHooks(array('fileslib'));
1342
1343 $parameters = array('dest_file' => $dest_file, 'src_file' => $src_file, 'file_name' => $file_name, 'varfiles' => $varfiles, 'allowoverwrite' => $allowoverwrite);
1344 $reshook = $hookmanager->executeHooks('moveUploadedFile', $parameters, $object);
1345 }
1346
1347 if (empty($reshook)) {
1348 // If an upload error has been reported
1349 if ($uploaderrorcode) {
1350 switch ($uploaderrorcode) {
1351 case UPLOAD_ERR_INI_SIZE: // 1
1352 return 'ErrorFileSizeTooLarge';
1353 case UPLOAD_ERR_FORM_SIZE: // 2
1354 return 'ErrorFileSizeTooLarge';
1355 case UPLOAD_ERR_PARTIAL: // 3
1356 return 'ErrorPartialFile';
1357 case UPLOAD_ERR_NO_TMP_DIR: //
1358 return 'ErrorNoTmpDir';
1359 case UPLOAD_ERR_CANT_WRITE:
1360 return 'ErrorFailedToWriteInDir';
1361 case UPLOAD_ERR_EXTENSION:
1362 return 'ErrorUploadBlockedByAddon';
1363 default:
1364 break;
1365 }
1366 }
1367
1368 // Security:
1369 // If we need to make a virus scan
1370 if (empty($disablevirusscan) && file_exists($src_file)) {
1371 $checkvirusarray = dolCheckVirus($src_file, $dest_file);
1372 if (count($checkvirusarray)) {
1373 dol_syslog('Files.lib::dol_move_uploaded_file File "'.$src_file.'" (target name "'.$dest_file.'") KO with antivirus: errors='.implode(',', $checkvirusarray), LOG_WARNING);
1374 return 'ErrorFileIsInfectedWithAVirus: '.implode(',', $checkvirusarray);
1375 }
1376 }
1377
1378 // Security:
1379 // Disallow file with some extensions. We rename them.
1380 // Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code.
1381 if (isAFileWithExecutableContent($dest_file) && !getDolGlobalString('MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED')) {
1382 // $upload_dir ends with a slash, so be must be sure the medias dir to compare to ends with slash too.
1383 $publicmediasdirwithslash = $conf->medias->multidir_output[$conf->entity];
1384 if (!preg_match('/\/$/', $publicmediasdirwithslash)) {
1385 $publicmediasdirwithslash .= '/';
1386 }
1387
1388 if (strpos($upload_dir, $publicmediasdirwithslash) !== 0 || !getDolGlobalInt("MAIN_DOCUMENT_DISABLE_NOEXE_IN_MEDIAS_DIR")) { // We never add .noexe on files into media directory
1389 $file_name .= '.noexe';
1390 $successcode = 2;
1391 }
1392 }
1393
1394 // Security:
1395 // We refuse cache files/dirs, upload using .. and pipes into filenames.
1396 if (preg_match('/^\./', basename($src_file)) || preg_match('/\.\./', $src_file) || preg_match('/[<>|]/', $src_file)) {
1397 dol_syslog("Refused to deliver file ".$src_file, LOG_WARNING);
1398 return -1;
1399 }
1400
1401 // Security:
1402 // We refuse cache files/dirs, upload using .. and pipes into filenames.
1403 if (preg_match('/^\./', basename($dest_file)) || preg_match('/\.\./', $dest_file) || preg_match('/[<>|]/', $dest_file)) {
1404 dol_syslog("Refused to deliver file ".$dest_file, LOG_WARNING);
1405 return -2;
1406 }
1407 }
1408
1409 if ($reshook < 0) { // At least one blocking error returned by one hook
1410 $errmsg = implode(',', $hookmanager->errors);
1411 if (empty($errmsg)) {
1412 $errmsg = 'ErrorReturnedBySomeHooks'; // Should not occurs. Added if hook is bugged and does not set ->errors when there is error.
1413 }
1414 return $errmsg;
1415 } elseif (empty($reshook)) {
1416 // The file functions must be in OS filesystem encoding.
1417 $src_file_osencoded = dol_osencode($src_file);
1418 $file_name_osencoded = dol_osencode($file_name);
1419
1420 // Check if destination dir is writable
1421 if (!is_writable(dirname($file_name_osencoded))) {
1422 dol_syslog("Files.lib::dol_move_uploaded_file Dir ".dirname($file_name_osencoded)." is not writable. Return 'ErrorDirNotWritable'", LOG_WARNING);
1423 return 'ErrorDirNotWritable';
1424 }
1425
1426 // Check if destination file already exists
1427 if (!$allowoverwrite) {
1428 if (file_exists($file_name_osencoded)) {
1429 dol_syslog("Files.lib::dol_move_uploaded_file File ".$file_name." already exists. Return 'ErrorFileAlreadyExists'", LOG_WARNING);
1430 return 'ErrorFileAlreadyExists';
1431 }
1432 } else { // We are allowed to erase
1433 if (is_dir($file_name_osencoded)) { // If there is a directory with name of file to create
1434 dol_syslog("Files.lib::dol_move_uploaded_file A directory with name ".$file_name." already exists. Return 'ErrorDirWithFileNameAlreadyExists'", LOG_WARNING);
1435 return 'ErrorDirWithFileNameAlreadyExists';
1436 }
1437 }
1438
1439 // Move file
1440 $return = move_uploaded_file($src_file_osencoded, $file_name_osencoded);
1441 if ($return) {
1442 dolChmod($file_name_osencoded);
1443 dol_syslog("Files.lib::dol_move_uploaded_file Success to move ".$src_file." to ".$file_name." - Umask=" . getDolGlobalString('MAIN_UMASK'), LOG_DEBUG);
1444 return $successcode; // Success
1445 } else {
1446 dol_syslog("Files.lib::dol_move_uploaded_file Failed to move ".$src_file." to ".$file_name, LOG_ERR);
1447 return -3; // Unknown error
1448 }
1449 }
1450
1451 return $successcode; // Success
1452}
1453
1469function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0, $object = null, $allowdotdot = false, $indexdatabase = 1, $nolog = 0)
1470{
1471 global $db, $user, $langs;
1472 global $hookmanager;
1473
1474 // Load translation files required by the page
1475 $langs->loadLangs(array('other', 'errors'));
1476
1477 if (empty($nolog)) {
1478 dol_syslog("dol_delete_file file=".$file." disableglob=".$disableglob." nophperrors=".$nophperrors." nohook=".$nohook);
1479 }
1480
1481 // Security:
1482 // We refuse transversal using .. and pipes into filenames.
1483 if ((!$allowdotdot && preg_match('/\.\./', $file)) || preg_match('/[<>|]/', $file)) {
1484 dol_syslog("Refused to delete file ".$file, LOG_WARNING);
1485 return false;
1486 }
1487
1488 $reshook = 0;
1489 if (empty($nohook) && !empty($hookmanager)) {
1490 $hookmanager->initHooks(array('fileslib'));
1491
1492 $parameters = array(
1493 'file' => $file,
1494 'disableglob' => $disableglob,
1495 'nophperrors' => $nophperrors
1496 );
1497 $reshook = $hookmanager->executeHooks('deleteFile', $parameters, $object);
1498 }
1499
1500 if (empty($nohook) && $reshook != 0) { // reshook = 0 to do standard actions, 1 = ok and replace, -1 = ko
1501 dol_syslog("reshook=".$reshook);
1502 if ($reshook < 0) {
1503 return false;
1504 }
1505 return true;
1506 } else {
1507 $file_osencoded = dol_osencode($file); // New filename encoded in OS filesystem encoding charset
1508 if (empty($disableglob) && !empty($file_osencoded)) {
1509 $ok = true;
1510 $globencoded = str_replace('[', '\[', $file_osencoded);
1511 $globencoded = str_replace(']', '\]', $globencoded);
1512 $listofdir = glob($globencoded); // This scan dir for files. If file does not exists, return empty.
1513
1514 if (!empty($listofdir) && is_array($listofdir)) {
1515 foreach ($listofdir as $filename) {
1516 if ($nophperrors) {
1517 $ok = @unlink($filename);
1518 } else {
1519 $ok = unlink($filename);
1520 }
1521
1522 // If it fails and it is because of the missing write permission on parent dir
1523 if (!$ok && file_exists(dirname($filename)) && !(fileperms(dirname($filename)) & 0200)) {
1524 dol_syslog("Error in deletion, but parent directory exists with no permission to write, we try to change permission on parent directory and retry...", LOG_DEBUG);
1525 dolChmod(dirname($filename), decoct(fileperms(dirname($filename)) | 0200));
1526 // Now we retry deletion
1527 if ($nophperrors) {
1528 $ok = @unlink($filename);
1529 } else {
1530 $ok = unlink($filename);
1531 }
1532 }
1533
1534 if ($ok) {
1535 if (empty($nolog)) {
1536 dol_syslog("Removed file ".$filename, LOG_DEBUG);
1537 }
1538
1539 // Delete entry into ecm database
1540 $rel_filetodelete = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $filename);
1541 if (!preg_match('/(\/temp\/|\/thumbs\/|\.meta$)/', $rel_filetodelete)) { // If not a tmp file
1542 if (is_object($db) && $indexdatabase) { // $db may not be defined when lib is in a context with define('NOREQUIREDB',1)
1543 $rel_filetodelete = preg_replace('/^[\\/]/', '', $rel_filetodelete);
1544 $rel_filetodelete = preg_replace('/\.noexe$/', '', $rel_filetodelete);
1545
1546 dol_syslog("Try to remove also entries in database for full relative path = ".$rel_filetodelete, LOG_DEBUG);
1547 include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
1548 $ecmfile = new EcmFiles($db);
1549 $result = $ecmfile->fetch(0, '', $rel_filetodelete);
1550 if ($result >= 0 && $ecmfile->id > 0) {
1551 $result = $ecmfile->delete($user);
1552 }
1553 if ($result < 0) {
1554 setEventMessages($ecmfile->error, $ecmfile->errors, 'warnings');
1555 }
1556 }
1557 }
1558 } else {
1559 dol_syslog("Failed to remove file ".$filename, LOG_WARNING);
1560 // TODO Failure to remove can be because file was already removed or because of permission
1561 // If error because it does not exists, we should return true, and we should return false if this is a permission problem
1562 }
1563 }
1564 } else {
1565 dol_syslog("No files to delete found", LOG_DEBUG);
1566 }
1567 } else {
1568 $ok = false;
1569 if ($nophperrors) {
1570 $ok = @unlink($file_osencoded);
1571 } else {
1572 $ok = unlink($file_osencoded);
1573 }
1574 if ($ok) {
1575 if (empty($nolog)) {
1576 dol_syslog("Removed file ".$file_osencoded, LOG_DEBUG);
1577 }
1578 } else {
1579 dol_syslog("Failed to remove file ".$file_osencoded, LOG_WARNING);
1580 }
1581 }
1582
1583 return $ok;
1584 }
1585}
1586
1596function dol_delete_dir($dir, $nophperrors = 0)
1597{
1598 // Security:
1599 // We refuse transversal using .. and pipes into filenames.
1600 if (preg_match('/\.\./', $dir) || preg_match('/[<>|]/', $dir)) {
1601 dol_syslog("Refused to delete dir ".$dir.' (contains invalid char sequence)', LOG_WARNING);
1602 return false;
1603 }
1604
1605 $dir_osencoded = dol_osencode($dir);
1606 return ($nophperrors ? @rmdir($dir_osencoded) : rmdir($dir_osencoded));
1607}
1608
1621function dol_delete_dir_recursive($dir, $count = 0, $nophperrors = 0, $onlysub = 0, &$countdeleted = 0, $indexdatabase = 1, $nolog = 0)
1622{
1623 if (empty($nolog)) {
1624 dol_syslog("functions.lib:dol_delete_dir_recursive ".$dir, LOG_DEBUG);
1625 }
1626 if (dol_is_dir($dir)) {
1627 $dir_osencoded = dol_osencode($dir);
1628 if ($handle = opendir("$dir_osencoded")) {
1629 while (false !== ($item = readdir($handle))) {
1630 if (!utf8_check($item)) {
1631 $item = mb_convert_encoding($item, 'UTF-8', 'ISO-8859-1'); // should be useless
1632 }
1633
1634 if ($item != "." && $item != "..") {
1635 if (is_dir(dol_osencode("$dir/$item")) && !is_link(dol_osencode("$dir/$item"))) {
1636 $count = dol_delete_dir_recursive("$dir/$item", $count, $nophperrors, 0, $countdeleted, $indexdatabase, $nolog);
1637 } else {
1638 $result = dol_delete_file("$dir/$item", 1, $nophperrors, 0, null, false, $indexdatabase, $nolog);
1639 $count++;
1640 if ($result) {
1641 $countdeleted++;
1642 }
1643 //else print 'Error on '.$item."\n";
1644 }
1645 }
1646 }
1647 closedir($handle);
1648
1649 // Delete also the main directory
1650 if (empty($onlysub)) {
1651 $result = dol_delete_dir($dir, $nophperrors);
1652 $count++;
1653 if ($result) {
1654 $countdeleted++;
1655 }
1656 //else print 'Error on '.$dir."\n";
1657 }
1658 }
1659 }
1660
1661 return $count;
1662}
1663
1664
1674{
1675 global $langs, $conf;
1676
1677 // Define parent dir of elements
1678 $element = $object->element;
1679
1680 if ($object->element == 'order_supplier') {
1681 $dir = $conf->fournisseur->commande->dir_output;
1682 } elseif ($object->element == 'invoice_supplier') {
1683 $dir = $conf->fournisseur->facture->dir_output;
1684 } elseif ($object->element == 'project') {
1685 $dir = $conf->project->dir_output;
1686 } elseif ($object->element == 'shipping') {
1687 $dir = $conf->expedition->dir_output.'/sending';
1688 } elseif ($object->element == 'delivery') {
1689 $dir = $conf->expedition->dir_output.'/receipt';
1690 } elseif ($object->element == 'fichinter') {
1691 $dir = $conf->ficheinter->dir_output;
1692 } else {
1693 $dir = empty($conf->$element->dir_output) ? '' : $conf->$element->dir_output;
1694 }
1695
1696 if (empty($dir)) {
1697 $object->error = $langs->trans('ErrorObjectNoSupportedByFunction');
1698 return 0;
1699 }
1700
1701 $refsan = dol_sanitizeFileName($object->ref);
1702 $dir = $dir."/".$refsan;
1703 $filepreviewnew = $dir."/".$refsan.".pdf_preview.png";
1704 $filepreviewnewbis = $dir."/".$refsan.".pdf_preview-0.png";
1705 $filepreviewold = $dir."/".$refsan.".pdf.png";
1706
1707 // For new preview files
1708 if (file_exists($filepreviewnew) && is_writable($filepreviewnew)) {
1709 if (!dol_delete_file($filepreviewnew, 1)) {
1710 $object->error = $langs->trans("ErrorFailedToDeleteFile", $filepreviewnew);
1711 return 0;
1712 }
1713 }
1714 if (file_exists($filepreviewnewbis) && is_writable($filepreviewnewbis)) {
1715 if (!dol_delete_file($filepreviewnewbis, 1)) {
1716 $object->error = $langs->trans("ErrorFailedToDeleteFile", $filepreviewnewbis);
1717 return 0;
1718 }
1719 }
1720 // For old preview files
1721 if (file_exists($filepreviewold) && is_writable($filepreviewold)) {
1722 if (!dol_delete_file($filepreviewold, 1)) {
1723 $object->error = $langs->trans("ErrorFailedToDeleteFile", $filepreviewold);
1724 return 0;
1725 }
1726 } else {
1727 $multiple = $filepreviewold.".";
1728 for ($i = 0; $i < 20; $i++) {
1729 $preview = $multiple.$i;
1730
1731 if (file_exists($preview) && is_writable($preview)) {
1732 if (!dol_delete_file($preview, 1)) {
1733 $object->error = $langs->trans("ErrorFailedToOpenFile", $preview);
1734 return 0;
1735 }
1736 }
1737 }
1738 }
1739
1740 return 1;
1741}
1742
1752{
1753 global $conf;
1754
1755 // Create meta file
1756 if (!getDolGlobalString('MAIN_DOC_CREATE_METAFILE')) {
1757 return 0; // By default, no metafile.
1758 }
1759
1760 // Define parent dir of elements
1761 $element = $object->element;
1762
1763 if ($object->element == 'order_supplier') {
1764 $dir = $conf->fournisseur->dir_output.'/commande';
1765 } elseif ($object->element == 'invoice_supplier') {
1766 $dir = $conf->fournisseur->dir_output.'/facture';
1767 } elseif ($object->element == 'project') {
1768 $dir = $conf->project->dir_output;
1769 } elseif ($object->element == 'shipping') {
1770 $dir = $conf->expedition->dir_output.'/sending';
1771 } elseif ($object->element == 'delivery') {
1772 $dir = $conf->expedition->dir_output.'/receipt';
1773 } elseif ($object->element == 'fichinter') {
1774 $dir = $conf->ficheinter->dir_output;
1775 } else {
1776 $dir = empty($conf->$element->dir_output) ? '' : $conf->$element->dir_output;
1777 }
1778
1779 if ($dir) {
1780 $object->fetch_thirdparty();
1781
1782 $objectref = dol_sanitizeFileName($object->ref);
1783 $dir = $dir."/".$objectref;
1784 $file = $dir."/".$objectref.".meta";
1785
1786 if (!is_dir($dir)) {
1787 dol_mkdir($dir);
1788 }
1789
1790 if (is_dir($dir)) {
1791 if (is_countable($object->lines) && count($object->lines) > 0) {
1792 $nblines = count($object->lines);
1793 }
1794 $client = $object->thirdparty->name." ".$object->thirdparty->address." ".$object->thirdparty->zip." ".$object->thirdparty->town;
1795 $meta = "REFERENCE=\"".$object->ref."\"
1796 DATE=\"" . dol_print_date($object->date, '')."\"
1797 NB_ITEMS=\"" . $nblines."\"
1798 CLIENT=\"" . $client."\"
1799 AMOUNT_EXCL_TAX=\"" . $object->total_ht."\"
1800 AMOUNT=\"" . $object->total_ttc."\"\n";
1801
1802 for ($i = 0; $i < $nblines; $i++) {
1803 //Pour les articles
1804 $meta .= "ITEM_".$i."_QUANTITY=\"".$object->lines[$i]->qty."\"
1805 ITEM_" . $i."_AMOUNT_WO_TAX=\"".$object->lines[$i]->total_ht."\"
1806 ITEM_" . $i."_VAT=\"".$object->lines[$i]->tva_tx."\"
1807 ITEM_" . $i."_DESCRIPTION=\"".str_replace("\r\n", "", nl2br($object->lines[$i]->desc))."\"
1808 ";
1809 }
1810 }
1811
1812 $fp = fopen($file, "w");
1813 fwrite($fp, $meta);
1814 fclose($fp);
1815
1816 dolChmod($file);
1817
1818 return 1;
1819 } else {
1820 dol_syslog('FailedToDetectDirInDolMetaCreateFor'.$object->element, LOG_WARNING);
1821 }
1822
1823 return 0;
1824}
1825
1826
1827
1836function dol_init_file_process($pathtoscan = '', $trackid = '')
1837{
1838 $listofpaths = array();
1839 $listofnames = array();
1840 $listofmimes = array();
1841
1842 if ($pathtoscan) {
1843 $listoffiles = dol_dir_list($pathtoscan, 'files');
1844 foreach ($listoffiles as $key => $val) {
1845 $listofpaths[] = $val['fullname'];
1846 $listofnames[] = $val['name'];
1847 $listofmimes[] = dol_mimetype($val['name']);
1848 }
1849 }
1850 $keytoavoidconflict = empty($trackid) ? '' : '-'.$trackid;
1851 $_SESSION["listofpaths".$keytoavoidconflict] = implode(';', $listofpaths);
1852 $_SESSION["listofnames".$keytoavoidconflict] = implode(';', $listofnames);
1853 $_SESSION["listofmimes".$keytoavoidconflict] = implode(';', $listofmimes);
1854}
1855
1856
1874function dol_add_file_process($upload_dir, $allowoverwrite = 0, $updatesessionordb = 0, $varfiles = 'addedfile', $savingdocmask = '', $link = null, $trackid = '', $generatethumbs = 1, $object = null)
1875{
1876 global $db, $user, $conf, $langs;
1877
1878 $res = 0;
1879
1880 if (!empty($_FILES[$varfiles])) { // For view $_FILES[$varfiles]['error']
1881 dol_syslog('dol_add_file_process upload_dir='.$upload_dir.' allowoverwrite='.$allowoverwrite.' donotupdatesession='.$updatesessionordb.' savingdocmask='.$savingdocmask, LOG_DEBUG);
1882 $maxfilesinform = getDolGlobalInt("MAIN_SECURITY_MAX_ATTACHMENT_ON_FORMS", 10);
1883 if (is_array($_FILES[$varfiles]["name"]) && count($_FILES[$varfiles]["name"]) > $maxfilesinform) {
1884 $langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now.
1885 setEventMessages($langs->trans("ErrorTooMuchFileInForm", $maxfilesinform), null, "errors");
1886 return -1;
1887 }
1888 $result = dol_mkdir($upload_dir);
1889 // var_dump($result);exit;
1890 if ($result >= 0) {
1891 $TFile = $_FILES[$varfiles];
1892 // Convert value of $TFile
1893 if (!is_array($TFile['name'])) {
1894 foreach ($TFile as $key => &$val) {
1895 $val = array($val);
1896 }
1897 }
1898
1899 $nbfile = count($TFile['name']);
1900 $nbok = 0;
1901 for ($i = 0; $i < $nbfile; $i++) {
1902 if (empty($TFile['name'][$i])) {
1903 continue; // For example, when submitting a form with no file name
1904 }
1905
1906 // Define $destfull (path to file including filename) and $destfile (only filename)
1907 $destfile = trim($TFile['name'][$i]);
1908 $destfull = $upload_dir."/".$destfile;
1909 $destfilewithoutext = preg_replace('/\.[^\.]+$/', '', $destfile);
1910
1911 if ($savingdocmask && strpos($savingdocmask, $destfilewithoutext) !== 0) {
1912 $destfile = trim(preg_replace('/__file__/', $TFile['name'][$i], $savingdocmask));
1913 $destfull = $upload_dir."/".$destfile;
1914 }
1915
1916 $filenameto = basename($destfile);
1917 if (preg_match('/^\./', $filenameto)) {
1918 $langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now.
1919 setEventMessages($langs->trans("ErrorFilenameCantStartWithDot", $filenameto), null, 'errors');
1920 break;
1921 }
1922 // dol_sanitizeFileName the file name and lowercase extension
1923 $info = pathinfo($destfull);
1924 $destfull = $info['dirname'].'/'.dol_sanitizeFileName($info['filename'].($info['extension'] != '' ? ('.'.strtolower($info['extension'])) : ''));
1925 $info = pathinfo($destfile);
1926 $destfile = dol_sanitizeFileName($info['filename'].($info['extension'] != '' ? ('.'.strtolower($info['extension'])) : ''));
1927
1928 // We apply dol_string_nohtmltag also to clean file names (this remove duplicate spaces) because
1929 // this function is also applied when we rename and when we make try to download file (by the GETPOST(filename, 'alphanohtml') call).
1930 $destfile = dol_string_nohtmltag($destfile);
1931 $destfull = dol_string_nohtmltag($destfull);
1932
1933 // Check that filename is not the one of a reserved allowed CLI command
1934 global $dolibarr_main_restrict_os_commands;
1935 if (!empty($dolibarr_main_restrict_os_commands)) {
1936 $arrayofallowedcommand = explode(',', $dolibarr_main_restrict_os_commands);
1937 $arrayofallowedcommand = array_map('trim', $arrayofallowedcommand);
1938 if (in_array($destfile, $arrayofallowedcommand)) {
1939 $langs->load("errors"); // key must be loaded because we can't rely on loading during output, we need var substitution to be done now.
1940 setEventMessages($langs->trans("ErrorFilenameReserved", $destfile), null, 'errors');
1941 return -1;
1942 }
1943 }
1944
1945 // Move file from temp directory to final directory. A .noexe may also be appended on file name.
1946 $resupload = dol_move_uploaded_file($TFile['tmp_name'][$i], $destfull, $allowoverwrite, 0, $TFile['error'][$i], 0, $varfiles, $upload_dir);
1947
1948 if (is_numeric($resupload) && $resupload > 0) { // $resupload can be 'ErrorFileAlreadyExists'
1949 include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
1950
1951 $tmparraysize = getDefaultImageSizes();
1952 $maxwidthsmall = $tmparraysize['maxwidthsmall'];
1953 $maxheightsmall = $tmparraysize['maxheightsmall'];
1954 $maxwidthmini = $tmparraysize['maxwidthmini'];
1955 $maxheightmini = $tmparraysize['maxheightmini'];
1956 //$quality = $tmparraysize['quality'];
1957 $quality = 50; // For thumbs, we force quality to 50
1958
1959 // Generate thumbs.
1960 if ($generatethumbs) {
1961 if (image_format_supported($destfull) == 1) {
1962 // Create thumbs
1963 // We can't use $object->addThumbs here because there is no $object known
1964
1965 // Used on logon for example
1966 $imgThumbSmall = vignette($destfull, $maxwidthsmall, $maxheightsmall, '_small', $quality, "thumbs");
1967 // Create mini thumbs for image (Ratio is near 16/9)
1968 // Used on menu or for setup page for example
1969 $imgThumbMini = vignette($destfull, $maxwidthmini, $maxheightmini, '_mini', $quality, "thumbs");
1970 }
1971 }
1972
1973 // Update session
1974 if (empty($updatesessionordb)) {
1975 include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
1976 $formmail = new FormMail($db);
1977 $formmail->trackid = $trackid;
1978 $formmail->add_attached_files($destfull, $destfile, $TFile['type'][$i]);
1979 }
1980
1981 // Update index table of files (llx_ecm_files)
1982 if ($updatesessionordb == 1) {
1983 $sharefile = 0;
1984 if ($TFile['type'][$i] == 'application/pdf' && strpos($_SERVER["REQUEST_URI"], 'product') !== false && getDolGlobalString('PRODUCT_ALLOW_EXTERNAL_DOWNLOAD')) {
1985 $sharefile = 1;
1986 }
1987 $result = addFileIntoDatabaseIndex($upload_dir, basename($destfile).($resupload == 2 ? '.noexe' : ''), $TFile['name'][$i], 'uploaded', $sharefile, $object);
1988 if ($result < 0) {
1989 if ($allowoverwrite) {
1990 // Do not show error message. We can have an error due to DB_ERROR_RECORD_ALREADY_EXISTS
1991 } else {
1992 setEventMessages('WarningFailedToAddFileIntoDatabaseIndex', null, 'warnings');
1993 }
1994 }
1995 }
1996
1997 $nbok++;
1998 } else {
1999 $langs->load("errors");
2000 if (is_numeric($resupload) && $resupload < 0) { // Unknown error
2001 setEventMessages($langs->trans("ErrorFileNotUploaded"), null, 'errors');
2002 } elseif (preg_match('/ErrorFileIsInfectedWithAVirus/', $resupload)) { // Files infected by a virus
2003 if (preg_match('/File is a PDF with javascript inside/', $resupload)) {
2004 setEventMessages($langs->trans("ErrorFileIsAnInfectedPDFWithJSInside"), null, 'errors');
2005 } else {
2006 setEventMessages($langs->trans("ErrorFileIsInfectedWithAVirus"), null, 'errors');
2007 }
2008 } else { // Known error
2009 setEventMessages($langs->trans($resupload), null, 'errors');
2010 }
2011 }
2012 }
2013 if ($nbok > 0) {
2014 $res = 1;
2015 setEventMessages($langs->trans("FileTransferComplete"), null, 'mesgs');
2016 }
2017 } else {
2018 setEventMessages($langs->trans("ErrorFailedToCreateDir", $upload_dir), null, 'errors');
2019 }
2020 } elseif ($link) {
2021 require_once DOL_DOCUMENT_ROOT.'/core/class/link.class.php';
2022 $linkObject = new Link($db);
2023 $linkObject->entity = $conf->entity;
2024 $linkObject->url = $link;
2025 $linkObject->objecttype = GETPOST('objecttype', 'alpha');
2026 $linkObject->objectid = GETPOSTINT('objectid');
2027 $linkObject->label = GETPOST('label', 'alpha');
2028 $res = $linkObject->create($user);
2029
2030 if ($res > 0) {
2031 setEventMessages($langs->trans("LinkComplete"), null, 'mesgs');
2032 } else {
2033 setEventMessages($langs->trans("ErrorFileNotLinked"), null, 'errors');
2034 }
2035 } else {
2036 $langs->load("errors");
2037 setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("File")), null, 'errors');
2038 }
2039
2040 return $res;
2041}
2042
2043
2055function dol_remove_file_process($filenb, $donotupdatesession = 0, $donotdeletefile = 1, $trackid = '')
2056{
2057 global $db, $user, $conf, $langs, $_FILES;
2058
2059 $keytodelete = $filenb;
2060 $keytodelete--;
2061
2062 $listofpaths = array();
2063 $listofnames = array();
2064 $listofmimes = array();
2065 $keytoavoidconflict = empty($trackid) ? '' : '-'.$trackid;
2066 if (!empty($_SESSION["listofpaths".$keytoavoidconflict])) {
2067 $listofpaths = explode(';', $_SESSION["listofpaths".$keytoavoidconflict]);
2068 }
2069 if (!empty($_SESSION["listofnames".$keytoavoidconflict])) {
2070 $listofnames = explode(';', $_SESSION["listofnames".$keytoavoidconflict]);
2071 }
2072 if (!empty($_SESSION["listofmimes".$keytoavoidconflict])) {
2073 $listofmimes = explode(';', $_SESSION["listofmimes".$keytoavoidconflict]);
2074 }
2075
2076 if ($keytodelete >= 0) {
2077 $pathtodelete = $listofpaths[$keytodelete];
2078 $filetodelete = $listofnames[$keytodelete];
2079 if (empty($donotdeletefile)) {
2080 $result = dol_delete_file($pathtodelete, 1); // The delete of ecm database is inside the function dol_delete_file
2081 } else {
2082 $result = 0;
2083 }
2084 if ($result >= 0) {
2085 if (empty($donotdeletefile)) {
2086 $langs->load("other");
2087 setEventMessages($langs->trans("FileWasRemoved", $filetodelete), null, 'mesgs');
2088 }
2089 if (empty($donotupdatesession)) {
2090 include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
2091 $formmail = new FormMail($db);
2092 $formmail->trackid = $trackid;
2093 $formmail->remove_attached_files($keytodelete);
2094 }
2095 }
2096 }
2097}
2098
2099
2113function addFileIntoDatabaseIndex($dir, $file, $fullpathorig = '', $mode = 'uploaded', $setsharekey = 0, $object = null)
2114{
2115 global $db, $user, $conf;
2116
2117 $result = 0;
2118
2119 $rel_dir = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $dir);
2120
2121 if (!preg_match('/[\\/]temp[\\/]|[\\/]thumbs|\.meta$/', $rel_dir)) { // If not a tmp dir
2122 $filename = basename(preg_replace('/\.noexe$/', '', $file));
2123 $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir);
2124 $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir);
2125
2126 include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
2127 $ecmfile = new EcmFiles($db);
2128 $ecmfile->filepath = $rel_dir;
2129 $ecmfile->filename = $filename;
2130 $ecmfile->label = md5_file(dol_osencode($dir.'/'.$file)); // MD5 of file content
2131 $ecmfile->fullpath_orig = $fullpathorig;
2132 $ecmfile->gen_or_uploaded = $mode;
2133 $ecmfile->description = ''; // indexed content
2134 $ecmfile->keywords = ''; // keyword content
2135
2136 if (is_object($object) && $object->id > 0) {
2137 $ecmfile->src_object_id = $object->id;
2138 if (isset($object->table_element)) {
2139 $ecmfile->src_object_type = $object->table_element;
2140 } else {
2141 dol_syslog('Error: object ' . get_class($object) . ' has no table_element attribute.');
2142 return -1;
2143 }
2144 if (isset($object->src_object_description)) {
2145 $ecmfile->description = $object->src_object_description;
2146 }
2147 if (isset($object->src_object_keywords)) {
2148 $ecmfile->keywords = $object->src_object_keywords;
2149 }
2150 }
2151
2152 if (getDolGlobalString('MAIN_FORCE_SHARING_ON_ANY_UPLOADED_FILE')) {
2153 $setsharekey = 1;
2154 }
2155
2156 if ($setsharekey) {
2157 require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
2158 $ecmfile->share = getRandomPassword(true);
2159 }
2160
2161 // Use a convertisser Doc to Text
2162 $useFullTextIndexation = getDolGlobalString('MAIN_USE_FULL_TEXT_INDEXATION');
2163 //$useFullTextIndexation = 1;
2164 if ($useFullTextIndexation) {
2165 $ecmfile->filepath = $rel_dir;
2166 $ecmfile->filename = $filename;
2167
2168 $filetoprocess = $dir.'/'.$ecmfile->filename;
2169
2170 $textforfulltextindex = '';
2171 $keywords = '';
2172 if (preg_match('/\.pdf/i', $filename)) {
2173 // TODO Move this into external submodule files
2174
2175 // TODO Develop a native PHP parser using sample code in https://github.com/adeel/php-pdf-parser
2176
2177 include_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php';
2178 $utils = new Utils($db);
2179 $outputfile = $conf->admin->dir_temp.'/tmppdttotext.'.$user->id.'.out'; // File used with popen method
2180
2181 // We also exclude '/temp/' dir and 'documents/admin/documents'
2182 // We make escapement here and call executeCLI without escapement because we don't want to have the '*.log' escaped.
2183 $cmd = getDolGlobalString('MAIN_USE_FULL_TEXT_INDEXATION_PDFTOTEXT', 'pdftotext')." -htmlmeta '".escapeshellcmd($filetoprocess)."' - ";
2184 $result = $utils->executeCLI($cmd, $outputfile, 0, null, 1);
2185
2186 if (!$result['error']) {
2187 $txt = $result['output'];
2188 $matches = array();
2189 if (preg_match('/<meta name="Keywords" content="([^\/]+)"\s*\/>/i', $txt, $matches)) {
2190 $keywords = $matches[1];
2191 }
2192 if (preg_match('/<pre>(.*)<\/pre>/si', $txt, $matches)) {
2193 $textforfulltextindex = dol_string_nospecial($matches[1]);
2194 }
2195 }
2196 }
2197
2198 $ecmfile->description = $textforfulltextindex;
2199 $ecmfile->keywords = $keywords;
2200 }
2201
2202 $result = $ecmfile->create($user);
2203 if ($result < 0) {
2204 dol_syslog($ecmfile->error);
2205 }
2206 }
2207
2208 return $result;
2209}
2210
2219function deleteFilesIntoDatabaseIndex($dir, $file, $mode = 'uploaded')
2220{
2221 global $conf, $db, $user;
2222
2223 $error = 0;
2224
2225 if (empty($dir)) {
2226 dol_syslog("deleteFilesIntoDatabaseIndex: dir parameter can't be empty", LOG_ERR);
2227 return -1;
2228 }
2229
2230 $db->begin();
2231
2232 $rel_dir = preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'/', '', $dir);
2233
2234 $filename = basename($file);
2235 $rel_dir = preg_replace('/[\\/]$/', '', $rel_dir);
2236 $rel_dir = preg_replace('/^[\\/]/', '', $rel_dir);
2237
2238 if (!$error) {
2239 $sql = 'DELETE FROM '.MAIN_DB_PREFIX.'ecm_files';
2240 $sql .= ' WHERE entity = '.$conf->entity;
2241 $sql .= " AND filepath = '".$db->escape($rel_dir)."'";
2242 if ($file) {
2243 $sql .= " AND filename = '".$db->escape($file)."'";
2244 }
2245 if ($mode) {
2246 $sql .= " AND gen_or_uploaded = '".$db->escape($mode)."'";
2247 }
2248
2249 $resql = $db->query($sql);
2250 if (!$resql) {
2251 $error++;
2252 dol_syslog(__FUNCTION__.' '.$db->lasterror(), LOG_ERR);
2253 }
2254 }
2255
2256 // Commit or rollback
2257 if ($error) {
2258 $db->rollback();
2259 return -1 * $error;
2260 } else {
2261 $db->commit();
2262 return 1;
2263 }
2264}
2265
2266
2278function dol_convert_file($fileinput, $ext = 'png', $fileoutput = '', $page = '')
2279{
2280 if (class_exists('Imagick')) {
2281 $image = new Imagick();
2282 try {
2283 $filetoconvert = $fileinput.(($page != '') ? '['.$page.']' : '');
2284 //var_dump($filetoconvert);
2285 $ret = $image->readImage($filetoconvert);
2286 } catch (Exception $e) {
2287 $ext = pathinfo($fileinput, PATHINFO_EXTENSION);
2288 dol_syslog("Failed to read image using Imagick (Try to install package 'apt-get install php-imagick ghostscript' and check there is no policy to disable ".$ext." conversion in /etc/ImageMagick*/policy.xml): ".$e->getMessage(), LOG_WARNING);
2289 return 0;
2290 }
2291 if ($ret) {
2292 $ret = $image->setImageFormat($ext);
2293 if ($ret) {
2294 if (empty($fileoutput)) {
2295 $fileoutput = $fileinput.".".$ext;
2296 }
2297
2298 $count = $image->getNumberImages();
2299
2300 if (!dol_is_file($fileoutput) || is_writable($fileoutput)) {
2301 try {
2302 $ret = $image->writeImages($fileoutput, true);
2303 } catch (Exception $e) {
2304 dol_syslog($e->getMessage(), LOG_WARNING);
2305 }
2306 } else {
2307 dol_syslog("Warning: Failed to write cache preview file '.$fileoutput.'. Check permission on file/dir", LOG_ERR);
2308 }
2309 if ($ret) {
2310 return $count;
2311 } else {
2312 return -3;
2313 }
2314 } else {
2315 return -2;
2316 }
2317 } else {
2318 return -1;
2319 }
2320 } else {
2321 return 0;
2322 }
2323}
2324
2325
2337function dol_compress_file($inputfile, $outputfile, $mode = "gz", &$errorstring = null)
2338{
2339 $foundhandler = 0;
2340 //var_dump(basename($inputfile)); exit;
2341
2342 try {
2343 dol_syslog("dol_compress_file mode=".$mode." inputfile=".$inputfile." outputfile=".$outputfile);
2344
2345 $data = implode("", file(dol_osencode($inputfile)));
2346 if ($mode == 'gz' && function_exists('gzencode')) {
2347 $foundhandler = 1;
2348 $compressdata = gzencode($data, 9);
2349 } elseif ($mode == 'bz' && function_exists('bzcompress')) {
2350 $foundhandler = 1;
2351 $compressdata = bzcompress($data, 9);
2352 } elseif ($mode == 'zstd' && function_exists('zstd_compress')) {
2353 $foundhandler = 1;
2354 $compressdata = zstd_compress($data, 9);
2355 } elseif ($mode == 'zip') {
2356 if (class_exists('ZipArchive') && getDolGlobalString('MAIN_USE_ZIPARCHIVE_FOR_ZIP_COMPRESS')) {
2357 $foundhandler = 1;
2358
2359 $rootPath = realpath($inputfile);
2360
2361 dol_syslog("Class ZipArchive is set so we zip using ZipArchive to zip into ".$outputfile.' rootPath='.$rootPath);
2362 $zip = new ZipArchive();
2363
2364 if ($zip->open($outputfile, ZipArchive::CREATE) !== true) {
2365 $errorstring = "dol_compress_file failure - Failed to open file ".$outputfile."\n";
2366 dol_syslog($errorstring, LOG_ERR);
2367
2368 global $errormsg;
2369 $errormsg = $errorstring;
2370
2371 return -6;
2372 }
2373
2374 // Create recursive directory iterator
2376 $files = new RecursiveIteratorIterator(
2377 new RecursiveDirectoryIterator($rootPath, FilesystemIterator::UNIX_PATHS),
2378 RecursiveIteratorIterator::LEAVES_ONLY
2379 );
2380
2381 foreach ($files as $name => $file) {
2382 // Skip directories (they would be added automatically)
2383 if (!$file->isDir()) {
2384 // Get real and relative path for current file
2385 $filePath = $file->getPath(); // the full path with filename using the $inputdir root.
2386 $fileName = $file->getFilename();
2387 $fileFullRealPath = $file->getRealPath(); // the full path with name and transformed to use real path directory.
2388
2389 //$relativePath = substr($fileFullRealPath, strlen($rootPath) + 1);
2390 $relativePath = substr(($filePath ? $filePath.'/' : '').$fileName, strlen($rootPath) + 1);
2391
2392 // Add current file to archive
2393 $zip->addFile($fileFullRealPath, $relativePath);
2394 }
2395 }
2396
2397 // Zip archive will be created only after closing object
2398 $zip->close();
2399
2400 dol_syslog("dol_compress_file success - ".$zip->numFiles." files");
2401 return 1;
2402 }
2403
2404 if (defined('ODTPHP_PATHTOPCLZIP')) {
2405 $foundhandler = 1;
2406
2407 include_once ODTPHP_PATHTOPCLZIP.'/pclzip.lib.php';
2408 $archive = new PclZip($outputfile);
2409
2410 $result = $archive->add($inputfile, PCLZIP_OPT_REMOVE_PATH, dirname($inputfile));
2411
2412 if ($result === 0) {
2413 global $errormsg;
2414 $errormsg = $archive->errorInfo(true);
2415
2416 if ($archive->errorCode() == PCLZIP_ERR_WRITE_OPEN_FAIL) {
2417 $errorstring = "PCLZIP_ERR_WRITE_OPEN_FAIL";
2418 dol_syslog("dol_compress_file error - archive->errorCode() = PCLZIP_ERR_WRITE_OPEN_FAIL", LOG_ERR);
2419 return -4;
2420 }
2421
2422 $errorstring = "dol_compress_file error archive->errorCode = ".$archive->errorCode()." errormsg=".$errormsg;
2423 dol_syslog("dol_compress_file failure - ".$errormsg, LOG_ERR);
2424 return -3;
2425 } else {
2426 dol_syslog("dol_compress_file success - ".count($result)." files");
2427 return 1;
2428 }
2429 }
2430 }
2431
2432 if ($foundhandler) {
2433 $fp = fopen($outputfile, "w");
2434 fwrite($fp, $compressdata);
2435 fclose($fp);
2436 return 1;
2437 } else {
2438 $errorstring = "Try to zip with format ".$mode." with no handler for this format";
2439 dol_syslog($errorstring, LOG_ERR);
2440
2441 global $errormsg;
2442 $errormsg = $errorstring;
2443 return -2;
2444 }
2445 } catch (Exception $e) {
2446 global $langs, $errormsg;
2447 $langs->load("errors");
2448 $errormsg = $langs->trans("ErrorFailedToWriteInDir");
2449
2450 $errorstring = "Failed to open file ".$outputfile;
2451 dol_syslog($errorstring, LOG_ERR);
2452 return -1;
2453 }
2454}
2455
2464function dol_uncompress($inputfile, $outputdir)
2465{
2466 global $langs, $db;
2467
2468 $fileinfo = pathinfo($inputfile);
2469 $fileinfo["extension"] = strtolower($fileinfo["extension"]);
2470
2471 if ($fileinfo["extension"] == "zip") {
2472 if (defined('ODTPHP_PATHTOPCLZIP') && !getDolGlobalString('MAIN_USE_ZIPARCHIVE_FOR_ZIP_UNCOMPRESS')) {
2473 dol_syslog("Constant ODTPHP_PATHTOPCLZIP for pclzip library is set to ".ODTPHP_PATHTOPCLZIP.", so we use Pclzip to unzip into ".$outputdir);
2474 include_once ODTPHP_PATHTOPCLZIP.'/pclzip.lib.php';
2475 $archive = new PclZip($inputfile);
2476
2477 // We create output dir manually, so it uses the correct permission (When created by the archive->extract, dir is rwx for everybody).
2478 dol_mkdir(dol_sanitizePathName($outputdir));
2479
2480 try {
2481 // Extract into outputdir, but only files that match the regex '/^((?!\.\.).)*$/' that means "does not include .."
2482 $result = $archive->extract(PCLZIP_OPT_PATH, $outputdir, PCLZIP_OPT_BY_PREG, '/^((?!\.\.).)*$/');
2483 } catch (Exception $e) {
2484 return array('error' => $e->getMessage());
2485 }
2486
2487 if (!is_array($result) && $result <= 0) {
2488 return array('error' => $archive->errorInfo(true));
2489 } else {
2490 $ok = 1;
2491 $errmsg = '';
2492 // Loop on each file to check result for unzipping file
2493 foreach ($result as $key => $val) {
2494 if ($val['status'] == 'path_creation_fail') {
2495 $langs->load("errors");
2496 $ok = 0;
2497 $errmsg = $langs->trans("ErrorFailToCreateDir", $val['filename']);
2498 break;
2499 }
2500 if ($val['status'] == 'write_protected') {
2501 $langs->load("errors");
2502 $ok = 0;
2503 $errmsg = $langs->trans("ErrorFailToCreateFile", $val['filename']);
2504 break;
2505 }
2506 }
2507
2508 if ($ok) {
2509 return array();
2510 } else {
2511 return array('error' => $errmsg);
2512 }
2513 }
2514 }
2515
2516 if (class_exists('ZipArchive')) { // Must install php-zip to have it
2517 dol_syslog("Class ZipArchive is set so we unzip using ZipArchive to unzip into ".$outputdir);
2518 $zip = new ZipArchive();
2519 $res = $zip->open($inputfile);
2520 if ($res === true) {
2521 //$zip->extractTo($outputdir.'/');
2522 // We must extract one file at time so we can check that file name does not contain '..' to avoid transversal path of zip built for example using
2523 // python3 path_traversal_archiver.py <Created_file_name> test.zip -l 10 -p tmp/
2524 // with -l is the range of dot to go back in path.
2525 // and path_traversal_archiver.py found at https://github.com/Alamot/code-snippets/blob/master/path_traversal/path_traversal_archiver.py
2526 for ($i = 0; $i < $zip->numFiles; $i++) {
2527 if (preg_match('/\.\./', $zip->getNameIndex($i))) {
2528 dol_syslog("Warning: Try to unzip a file with a transversal path ".$zip->getNameIndex($i), LOG_WARNING);
2529 continue; // Discard the file
2530 }
2531 $zip->extractTo($outputdir.'/', array($zip->getNameIndex($i)));
2532 }
2533
2534 $zip->close();
2535 return array();
2536 } else {
2537 return array('error' => 'ErrUnzipFails');
2538 }
2539 }
2540
2541 return array('error' => 'ErrNoZipEngine');
2542 } elseif (in_array($fileinfo["extension"], array('gz', 'bz2', 'zst'))) {
2543 include_once DOL_DOCUMENT_ROOT."/core/class/utils.class.php";
2544 $utils = new Utils($db);
2545
2546 dol_mkdir(dol_sanitizePathName($outputdir));
2547 $outputfilename = escapeshellcmd(dol_sanitizePathName($outputdir).'/'.dol_sanitizeFileName($fileinfo["filename"]));
2548 dol_delete_file($outputfilename.'.tmp');
2549 dol_delete_file($outputfilename.'.err');
2550
2551 $extension = strtolower(pathinfo($fileinfo["filename"], PATHINFO_EXTENSION));
2552 if ($extension == "tar") {
2553 $cmd = 'tar -C '.escapeshellcmd(dol_sanitizePathName($outputdir)).' -xvf '.escapeshellcmd(dol_sanitizePathName($fileinfo["dirname"]).'/'.dol_sanitizeFileName($fileinfo["basename"]));
2554
2555 $resarray = $utils->executeCLI($cmd, $outputfilename.'.tmp', 0, $outputfilename.'.err', 0);
2556 if ($resarray["result"] != 0) {
2557 $resarray["error"] .= file_get_contents($outputfilename.'.err');
2558 }
2559 } else {
2560 $program = "";
2561 if ($fileinfo["extension"] == "gz") {
2562 $program = 'gzip';
2563 } elseif ($fileinfo["extension"] == "bz2") {
2564 $program = 'bzip2';
2565 } elseif ($fileinfo["extension"] == "zst") {
2566 $program = 'zstd';
2567 } else {
2568 return array('error' => 'ErrorBadFileExtension');
2569 }
2570 $cmd = $program.' -dc '.escapeshellcmd(dol_sanitizePathName($fileinfo["dirname"]).'/'.dol_sanitizeFileName($fileinfo["basename"]));
2571 $cmd .= ' > '.$outputfilename;
2572
2573 $resarray = $utils->executeCLI($cmd, $outputfilename.'.tmp', 0, null, 1, $outputfilename.'.err');
2574 if ($resarray["result"] != 0) {
2575 $errfilecontent = @file_get_contents($outputfilename.'.err');
2576 if ($errfilecontent) {
2577 $resarray["error"] .= " - ".$errfilecontent;
2578 }
2579 }
2580 }
2581 return $resarray["result"] != 0 ? array('error' => $resarray["error"]) : array();
2582 }
2583
2584 return array('error' => 'ErrorBadFileExtension');
2585}
2586
2587
2600function dol_compress_dir($inputdir, $outputfile, $mode = "zip", $excludefiles = '', $rootdirinzip = '', $newmask = '0')
2601{
2602 $foundhandler = 0;
2603
2604 dol_syslog("Try to zip dir ".$inputdir." into ".$outputfile." mode=".$mode);
2605
2606 if (!dol_is_dir(dirname($outputfile)) || !is_writable(dirname($outputfile))) {
2607 global $langs, $errormsg;
2608 $langs->load("errors");
2609 $errormsg = $langs->trans("ErrorFailedToWriteInDir", $outputfile);
2610 return -3;
2611 }
2612
2613 try {
2614 if ($mode == 'gz') {
2615 $foundhandler = 0;
2616 } elseif ($mode == 'bz') {
2617 $foundhandler = 0;
2618 } elseif ($mode == 'zip') {
2619 /*if (defined('ODTPHP_PATHTOPCLZIP'))
2620 {
2621 $foundhandler=0; // TODO implement this
2622
2623 include_once ODTPHP_PATHTOPCLZIP.'/pclzip.lib.php';
2624 $archive = new PclZip($outputfile);
2625 $archive->add($inputfile, PCLZIP_OPT_REMOVE_PATH, dirname($inputfile));
2626 //$archive->add($inputfile);
2627 return 1;
2628 }
2629 else*/
2630 //if (class_exists('ZipArchive') && !empty($conf->global->MAIN_USE_ZIPARCHIVE_FOR_ZIP_COMPRESS))
2631
2632 if (class_exists('ZipArchive')) {
2633 $foundhandler = 1;
2634
2635 // Initialize archive object
2636 $zip = new ZipArchive();
2637 $result = $zip->open($outputfile, ZipArchive::CREATE | ZipArchive::OVERWRITE);
2638 if ($result !== true) {
2639 global $langs, $errormsg;
2640 $langs->load("errors");
2641 $errormsg = $langs->trans("ErrorFailedToBuildArchive", $outputfile);
2642 return -4;
2643 }
2644
2645 // Create recursive directory iterator
2646 // This does not return symbolic links
2648 $files = new RecursiveIteratorIterator(
2649 new RecursiveDirectoryIterator($inputdir, FilesystemIterator::UNIX_PATHS),
2650 RecursiveIteratorIterator::LEAVES_ONLY
2651 );
2652
2653 //var_dump($inputdir);
2654 foreach ($files as $name => $file) {
2655 // Skip directories (they would be added automatically)
2656 if (!$file->isDir()) {
2657 // Get real and relative path for current file
2658 $filePath = $file->getPath(); // the full path with filename using the $inputdir root.
2659 $fileName = $file->getFilename();
2660 $fileFullRealPath = $file->getRealPath(); // the full path with name and transformed to use real path directory.
2661
2662 //$relativePath = ($rootdirinzip ? $rootdirinzip.'/' : '').substr($fileFullRealPath, strlen($inputdir) + 1);
2663 $relativePath = ($rootdirinzip ? $rootdirinzip.'/' : '').substr(($filePath ? $filePath.'/' : '').$fileName, strlen($inputdir) + 1);
2664
2665 //var_dump($filePath);var_dump($fileFullRealPath);var_dump($relativePath);
2666 if (empty($excludefiles) || !preg_match($excludefiles, $fileFullRealPath)) {
2667 // Add current file to archive
2668 $zip->addFile($fileFullRealPath, $relativePath);
2669 }
2670 }
2671 }
2672
2673 // Zip archive will be created only after closing object
2674 $zip->close();
2675
2676 if (empty($newmask) && getDolGlobalString('MAIN_UMASK')) {
2677 $newmask = getDolGlobalString('MAIN_UMASK');
2678 }
2679 if (empty($newmask)) { // This should no happen
2680 dol_syslog("Warning: dol_copy called with empty value for newmask and no default value defined", LOG_WARNING);
2681 $newmask = '0664';
2682 }
2683
2684 dolChmod($outputfile, $newmask);
2685
2686 return 1;
2687 }
2688 }
2689
2690 if (!$foundhandler) {
2691 dol_syslog("Try to zip with format ".$mode." with no handler for this format", LOG_ERR);
2692 return -2;
2693 } else {
2694 return 0;
2695 }
2696 } catch (Exception $e) {
2697 global $langs, $errormsg;
2698 $langs->load("errors");
2699 dol_syslog("Failed to open file ".$outputfile, LOG_ERR);
2700 dol_syslog($e->getMessage(), LOG_ERR);
2701 $errormsg = $langs->trans("ErrorFailedToBuildArchive", $outputfile).' - '.$e->getMessage();
2702 return -1;
2703 }
2704}
2705
2706
2707
2718function dol_most_recent_file($dir, $regexfilter = '', $excludefilter = array('(\.meta|_preview.*\.png)$', '^\.'), $nohook = 0, $mode = 0)
2719{
2720 $tmparray = dol_dir_list($dir, 'files', 0, $regexfilter, $excludefilter, 'date', SORT_DESC, $mode, $nohook);
2721 return isset($tmparray[0]) ? $tmparray[0] : null;
2722}
2723
2737function dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser = null, $refname = '', $mode = 'read')
2738{
2739 global $conf, $db, $user, $hookmanager;
2740 global $dolibarr_main_data_root, $dolibarr_main_document_root_alt;
2741 global $object;
2742
2743 if (!is_object($fuser)) {
2744 $fuser = $user;
2745 }
2746
2747 if (empty($modulepart)) {
2748 return 'ErrorBadParameter';
2749 }
2750 if (empty($entity)) {
2751 if (!isModEnabled('multicompany')) {
2752 $entity = 1;
2753 } else {
2754 $entity = 0;
2755 }
2756 }
2757 // Fix modulepart for backward compatibility
2758 if ($modulepart == 'facture') {
2759 $modulepart = 'invoice';
2760 } elseif ($modulepart == 'users') {
2761 $modulepart = 'user';
2762 } elseif ($modulepart == 'tva') {
2763 $modulepart = 'tax-vat';
2764 } elseif ($modulepart == 'expedition' && strpos($original_file, 'receipt/') === 0) {
2765 // Fix modulepart delivery
2766 $modulepart = 'delivery';
2767 }
2768
2769 //print 'dol_check_secure_access_document modulepart='.$modulepart.' original_file='.$original_file.' entity='.$entity;
2770 dol_syslog('dol_check_secure_access_document modulepart='.$modulepart.' original_file='.$original_file.' entity='.$entity);
2771
2772 // We define $accessallowed and $sqlprotectagainstexternals
2773 $accessallowed = 0;
2774 $sqlprotectagainstexternals = '';
2775 $ret = array();
2776
2777 // Find the subdirectory name as the reference. For example original_file='10/myfile.pdf' -> refname='10'
2778 if (empty($refname)) {
2779 $refname = basename(dirname($original_file)."/");
2780 if ($refname == 'thumbs' || $refname == 'temp') {
2781 // If we get the thumbs directory, we must go one step higher. For example original_file='10/thumbs/myfile_small.jpg' -> refname='10'
2782 $refname = basename(dirname(dirname($original_file))."/");
2783 }
2784 }
2785
2786 // Define possible keys to use for permission check
2787 $lire = 'lire';
2788 $read = 'read';
2789 $download = 'download';
2790 if ($mode == 'write') {
2791 $lire = 'creer';
2792 $read = 'write';
2793 $download = 'upload';
2794 }
2795
2796 // Wrapping for miscellaneous medias files
2797 if ($modulepart == 'common') {
2798 // Wrapping for some images
2799 $accessallowed = 1;
2800 $original_file = DOL_DOCUMENT_ROOT.'/public/theme/common/'.$original_file;
2801 } elseif ($modulepart == 'medias' && !empty($dolibarr_main_data_root)) {
2802 if (empty($entity) || empty($conf->medias->multidir_output[$entity])) {
2803 return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
2804 }
2805 $accessallowed = 1;
2806 $original_file = $conf->medias->multidir_output[$entity].'/'.$original_file;
2807 } elseif ($modulepart == 'logs' && !empty($dolibarr_main_data_root)) {
2808 // Wrapping for *.log files, like when used with url http://.../document.php?modulepart=logs&file=dolibarr.log
2809 $accessallowed = ($user->admin && basename($original_file) == $original_file && preg_match('/^dolibarr.*\.(log|json)$/', basename($original_file)));
2810 $original_file = $dolibarr_main_data_root.'/'.$original_file;
2811 } elseif ($modulepart == 'doctemplates' && !empty($dolibarr_main_data_root)) {
2812 // Wrapping for doctemplates
2813 $accessallowed = $user->admin;
2814 $original_file = $dolibarr_main_data_root.'/doctemplates/'.$original_file;
2815 } elseif ($modulepart == 'doctemplateswebsite' && !empty($dolibarr_main_data_root)) {
2816 // Wrapping for doctemplates of websites
2817 $accessallowed = ($fuser->hasRight('website', 'write') && preg_match('/\.jpg$/i', basename($original_file)));
2818 $original_file = $dolibarr_main_data_root.'/doctemplates/websites/'.$original_file;
2819 } elseif ($modulepart == 'packages' && !empty($dolibarr_main_data_root)) { // To download zip of modules
2820 // Wrapping for *.zip package files, like when used with url http://.../document.php?modulepart=packages&file=module_myfile.zip
2821 // Dir for custom dirs
2822 $tmp = explode(',', $dolibarr_main_document_root_alt);
2823 $dirins = $tmp[0];
2824
2825 $accessallowed = ($user->admin && preg_match('/^module_.*\.zip$/', basename($original_file)));
2826 $original_file = $dirins.'/'.$original_file;
2827 } elseif ($modulepart == 'mycompany' && !empty($conf->mycompany->dir_output)) {
2828 // Wrapping for some images
2829 $accessallowed = 1;
2830 $original_file = $conf->mycompany->dir_output.'/'.$original_file;
2831 } elseif ($modulepart == 'userphoto' && !empty($conf->user->dir_output)) {
2832 // Wrapping for users photos (user photos are allowed to any connected users)
2833 $accessallowed = 0;
2834 if (preg_match('/^\d+\/photos\//', $original_file)) {
2835 $accessallowed = 1;
2836 }
2837 $original_file = $conf->user->dir_output.'/'.$original_file;
2838 } elseif ($modulepart == 'userphotopublic' && !empty($conf->user->dir_output)) {
2839 // Wrapping for users photos that were set to public (for virtual credit card) by their owner (public user photos can be read
2840 // with the public link and securekey)
2841 $accessok = false;
2842 $reg = array();
2843 if (preg_match('/^(\d+)\/photos\//', $original_file, $reg)) {
2844 if ($reg[1]) {
2845 $tmpobject = new User($db);
2846 $tmpobject->fetch($reg[1], '', '', 1);
2847 if (getDolUserInt('USER_ENABLE_PUBLIC', 0, $tmpobject)) {
2848 $securekey = GETPOST('securekey', 'alpha', 1);
2849 // Security check
2850 global $dolibarr_main_cookie_cryptkey, $dolibarr_main_instance_unique_id;
2851 $valuetouse = $dolibarr_main_instance_unique_id ? $dolibarr_main_instance_unique_id : $dolibarr_main_cookie_cryptkey; // Use $dolibarr_main_instance_unique_id first then $dolibarr_main_cookie_cryptkey
2852 $encodedsecurekey = dol_hash($valuetouse.'uservirtualcard'.$tmpobject->id.'-'.$tmpobject->login, 'md5');
2853 if ($encodedsecurekey == $securekey) {
2854 $accessok = true;
2855 }
2856 }
2857 }
2858 }
2859 if ($accessok) {
2860 $accessallowed = 1;
2861 }
2862 $original_file = $conf->user->dir_output.'/'.$original_file;
2863 } elseif (($modulepart == 'companylogo') && !empty($conf->mycompany->dir_output)) {
2864 // Wrapping for company logos (company logos are allowed to anyboby, they are public)
2865 $accessallowed = 1;
2866 $original_file = $conf->mycompany->dir_output.'/logos/'.$original_file;
2867 } elseif ($modulepart == 'memberphoto' && !empty($conf->member->dir_output)) {
2868 // Wrapping for members photos
2869 $accessallowed = 0;
2870 if (preg_match('/^\d+\/photos\//', $original_file)) {
2871 $accessallowed = 1;
2872 }
2873 $original_file = $conf->member->dir_output.'/'.$original_file;
2874 } elseif ($modulepart == 'apercufacture' && !empty($conf->invoice->multidir_output[$entity])) {
2875 // Wrapping for invoices (user need permission to read invoices)
2876 if ($fuser->hasRight('facture', $lire)) {
2877 $accessallowed = 1;
2878 }
2879 $original_file = $conf->invoice->multidir_output[$entity].'/'.$original_file;
2880 } elseif ($modulepart == 'apercupropal' && !empty($conf->propal->multidir_output[$entity])) {
2881 // Wrapping pour les apercu propal
2882 if ($fuser->hasRight('propal', $lire)) {
2883 $accessallowed = 1;
2884 }
2885 $original_file = $conf->propal->multidir_output[$entity].'/'.$original_file;
2886 } elseif ($modulepart == 'apercucommande' && !empty($conf->order->multidir_output[$entity])) {
2887 // Wrapping pour les apercu commande
2888 if ($fuser->hasRight('commande', $lire)) {
2889 $accessallowed = 1;
2890 }
2891 $original_file = $conf->order->multidir_output[$entity].'/'.$original_file;
2892 } elseif (($modulepart == 'apercufichinter' || $modulepart == 'apercuficheinter') && !empty($conf->ficheinter->dir_output)) {
2893 // Wrapping pour les apercu intervention
2894 if ($fuser->hasRight('ficheinter', $lire)) {
2895 $accessallowed = 1;
2896 }
2897 $original_file = $conf->ficheinter->dir_output.'/'.$original_file;
2898 } elseif (($modulepart == 'apercucontract') && !empty($conf->contract->multidir_output[$entity])) {
2899 // Wrapping pour les apercu contrat
2900 if ($fuser->hasRight('contrat', $lire)) {
2901 $accessallowed = 1;
2902 }
2903 $original_file = $conf->contract->multidir_output[$entity].'/'.$original_file;
2904 } elseif (($modulepart == 'apercusupplier_proposal' || $modulepart == 'apercusupplier_proposal') && !empty($conf->supplier_proposal->dir_output)) {
2905 // Wrapping pour les apercu supplier proposal
2906 if ($fuser->hasRight('supplier_proposal', $lire)) {
2907 $accessallowed = 1;
2908 }
2909 $original_file = $conf->supplier_proposal->dir_output.'/'.$original_file;
2910 } elseif (($modulepart == 'apercusupplier_order' || $modulepart == 'apercusupplier_order') && !empty($conf->fournisseur->commande->dir_output)) {
2911 // Wrapping pour les apercu supplier order
2912 if ($fuser->hasRight('fournisseur', 'commande', $lire)) {
2913 $accessallowed = 1;
2914 }
2915 $original_file = $conf->fournisseur->commande->dir_output.'/'.$original_file;
2916 } elseif (($modulepart == 'apercusupplier_invoice' || $modulepart == 'apercusupplier_invoice') && !empty($conf->fournisseur->facture->dir_output)) {
2917 // Wrapping pour les apercu supplier invoice
2918 if ($fuser->hasRight('fournisseur', $lire)) {
2919 $accessallowed = 1;
2920 }
2921 $original_file = $conf->fournisseur->facture->dir_output.'/'.$original_file;
2922 } elseif (($modulepart == 'holiday') && !empty($conf->holiday->dir_output)) {
2923 if ($fuser->hasRight('holiday', $read) || $fuser->hasRight('holiday', 'readall') || preg_match('/^specimen/i', $original_file)) {
2924 $accessallowed = 1;
2925 // If we known $id of holiday, call checkUserAccessToObject to check permission on properties and hierarchy of leave request
2926 if ($refname && !$fuser->hasRight('holiday', 'readall') && !preg_match('/^specimen/i', $original_file)) {
2927 include_once DOL_DOCUMENT_ROOT.'/holiday/class/holiday.class.php';
2928 $tmpholiday = new Holiday($db);
2929 $tmpholiday->fetch('', $refname);
2930 $accessallowed = checkUserAccessToObject($user, array('holiday'), $tmpholiday, 'holiday', '', '', 'rowid', '');
2931 }
2932 }
2933 $original_file = $conf->holiday->dir_output.'/'.$original_file;
2934 } elseif (($modulepart == 'expensereport') && !empty($conf->expensereport->dir_output)) {
2935 if ($fuser->hasRight('expensereport', $lire) || $fuser->hasRight('expensereport', 'readall') || preg_match('/^specimen/i', $original_file)) {
2936 $accessallowed = 1;
2937 // If we known $id of expensereport, call checkUserAccessToObject to check permission on properties and hierarchy of expense report
2938 if ($refname && !$fuser->hasRight('expensereport', 'readall') && !preg_match('/^specimen/i', $original_file)) {
2939 include_once DOL_DOCUMENT_ROOT.'/expensereport/class/expensereport.class.php';
2940 $tmpexpensereport = new ExpenseReport($db);
2941 $tmpexpensereport->fetch('', $refname);
2942 $accessallowed = checkUserAccessToObject($user, array('expensereport'), $tmpexpensereport, 'expensereport', '', '', 'rowid', '');
2943 }
2944 }
2945 $original_file = $conf->expensereport->dir_output.'/'.$original_file;
2946 } elseif (($modulepart == 'apercuexpensereport') && !empty($conf->expensereport->dir_output)) {
2947 // Wrapping pour les apercu expense report
2948 if ($fuser->hasRight('expensereport', $lire)) {
2949 $accessallowed = 1;
2950 }
2951 $original_file = $conf->expensereport->dir_output.'/'.$original_file;
2952 } elseif ($modulepart == 'propalstats' && !empty($conf->propal->multidir_temp[$entity])) {
2953 // Wrapping pour les images des stats propales
2954 if ($fuser->hasRight('propal', $lire)) {
2955 $accessallowed = 1;
2956 }
2957 $original_file = $conf->propal->multidir_temp[$entity].'/'.$original_file;
2958 } elseif ($modulepart == 'orderstats' && !empty($conf->order->dir_temp)) {
2959 // Wrapping pour les images des stats commandes
2960 if ($fuser->hasRight('commande', $lire)) {
2961 $accessallowed = 1;
2962 }
2963 $original_file = $conf->order->dir_temp.'/'.$original_file;
2964 } elseif ($modulepart == 'orderstatssupplier' && !empty($conf->fournisseur->dir_output)) {
2965 if ($fuser->hasRight('fournisseur', 'commande', $lire)) {
2966 $accessallowed = 1;
2967 }
2968 $original_file = $conf->fournisseur->commande->dir_temp.'/'.$original_file;
2969 } elseif ($modulepart == 'billstats' && !empty($conf->invoice->dir_temp)) {
2970 // Wrapping pour les images des stats factures
2971 if ($fuser->hasRight('facture', $lire)) {
2972 $accessallowed = 1;
2973 }
2974 $original_file = $conf->invoice->dir_temp.'/'.$original_file;
2975 } elseif ($modulepart == 'billstatssupplier' && !empty($conf->fournisseur->dir_output)) {
2976 if ($fuser->hasRight('fournisseur', 'facture', $lire)) {
2977 $accessallowed = 1;
2978 }
2979 $original_file = $conf->fournisseur->facture->dir_temp.'/'.$original_file;
2980 } elseif ($modulepart == 'expeditionstats' && !empty($conf->expedition->dir_temp)) {
2981 // Wrapping pour les images des stats expeditions
2982 if ($fuser->hasRight('expedition', $lire)) {
2983 $accessallowed = 1;
2984 }
2985 $original_file = $conf->expedition->dir_temp.'/'.$original_file;
2986 } elseif ($modulepart == 'tripsexpensesstats' && !empty($conf->deplacement->dir_temp)) {
2987 // Wrapping pour les images des stats expeditions
2988 if ($fuser->hasRight('deplacement', $lire)) {
2989 $accessallowed = 1;
2990 }
2991 $original_file = $conf->deplacement->dir_temp.'/'.$original_file;
2992 } elseif ($modulepart == 'memberstats' && !empty($conf->member->dir_temp)) {
2993 // Wrapping pour les images des stats expeditions
2994 if ($fuser->hasRight('adherent', $lire)) {
2995 $accessallowed = 1;
2996 }
2997 $original_file = $conf->member->dir_temp.'/'.$original_file;
2998 } elseif (preg_match('/^productstats_/i', $modulepart) && !empty($conf->product->dir_temp)) {
2999 // Wrapping pour les images des stats produits
3000 if ($fuser->hasRight('produit', $lire) || $fuser->hasRight('service', $lire)) {
3001 $accessallowed = 1;
3002 }
3003 $original_file = (!empty($conf->product->multidir_temp[$entity]) ? $conf->product->multidir_temp[$entity] : $conf->service->multidir_temp[$entity]).'/'.$original_file;
3004 } elseif (in_array($modulepart, array('tax', 'tax-vat', 'tva')) && !empty($conf->tax->dir_output)) {
3005 // Wrapping for taxes
3006 if ($fuser->hasRight('tax', 'charges', $lire)) {
3007 $accessallowed = 1;
3008 }
3009 $modulepartsuffix = str_replace('tax-', '', $modulepart);
3010 $original_file = $conf->tax->dir_output.'/'.($modulepartsuffix != 'tax' ? $modulepartsuffix.'/' : '').$original_file;
3011 } elseif ($modulepart == 'actions' && !empty($conf->agenda->dir_output)) {
3012 // Wrapping for events
3013 if ($fuser->hasRight('agenda', 'myactions', $read)) {
3014 $accessallowed = 1;
3015 // If we known $id of project, call checkUserAccessToObject to check permission on the given agenda event on properties and assigned users
3016 if ($refname && !preg_match('/^specimen/i', $original_file)) {
3017 include_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
3018 $tmpobject = new ActionComm($db);
3019 $tmpobject->fetch((int) $refname);
3020 $accessallowed = checkUserAccessToObject($user, array('agenda'), $tmpobject->id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id', '');
3021 if ($user->socid && $tmpobject->socid) {
3022 $accessallowed = checkUserAccessToObject($user, array('societe'), $tmpobject->socid);
3023 }
3024 }
3025 }
3026 $original_file = $conf->agenda->dir_output.'/'.$original_file;
3027 } elseif ($modulepart == 'category' && !empty($conf->categorie->multidir_output[$entity])) {
3028 // Wrapping for categories (categories are allowed if user has permission to read categories or to work on TakePos)
3029 if (empty($entity) || empty($conf->categorie->multidir_output[$entity])) {
3030 return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
3031 }
3032 if ($fuser->hasRight("categorie", $lire) || $fuser->hasRight("takepos", "run")) {
3033 $accessallowed = 1;
3034 }
3035 $original_file = $conf->categorie->multidir_output[$entity].'/'.$original_file;
3036 } elseif ($modulepart == 'prelevement' && !empty($conf->prelevement->dir_output)) {
3037 // Wrapping pour les prelevements
3038 if ($fuser->hasRight('prelevement', 'bons', $lire) || preg_match('/^specimen/i', $original_file)) {
3039 $accessallowed = 1;
3040 }
3041 $original_file = $conf->prelevement->dir_output.'/'.$original_file;
3042 } elseif ($modulepart == 'graph_stock' && !empty($conf->stock->dir_temp)) {
3043 // Wrapping pour les graph energie
3044 $accessallowed = 1;
3045 $original_file = $conf->stock->dir_temp.'/'.$original_file;
3046 } elseif ($modulepart == 'graph_fourn' && !empty($conf->fournisseur->dir_temp)) {
3047 // Wrapping pour les graph fournisseurs
3048 $accessallowed = 1;
3049 $original_file = $conf->fournisseur->dir_temp.'/'.$original_file;
3050 } elseif ($modulepart == 'graph_product' && !empty($conf->product->dir_temp)) {
3051 // Wrapping pour les graph des produits
3052 $accessallowed = 1;
3053 $original_file = $conf->product->multidir_temp[$entity].'/'.$original_file;
3054 } elseif ($modulepart == 'barcode') {
3055 // Wrapping pour les code barre
3056 $accessallowed = 1;
3057 // If viewimage is called for barcode, we try to output an image on the fly, with no build of file on disk.
3058 //$original_file=$conf->barcode->dir_temp.'/'.$original_file;
3059 $original_file = '';
3060 } elseif ($modulepart == 'iconmailing' && !empty($conf->mailing->dir_temp)) {
3061 // Wrapping for icon of background of mailings
3062 $accessallowed = 1;
3063 $original_file = $conf->mailing->dir_temp.'/'.$original_file;
3064 } elseif ($modulepart == 'scanner_user_temp' && !empty($conf->scanner->dir_temp)) {
3065 // Wrapping pour le scanner
3066 $accessallowed = 1;
3067 $original_file = $conf->scanner->dir_temp.'/'.$fuser->id.'/'.$original_file;
3068 } elseif ($modulepart == 'fckeditor' && !empty($conf->fckeditor->dir_output)) {
3069 // Wrapping pour les images fckeditor
3070 $accessallowed = 1;
3071 $original_file = $conf->fckeditor->dir_output.'/'.$original_file;
3072 } elseif ($modulepart == 'user' && !empty($conf->user->dir_output)) {
3073 // Wrapping for users
3074 $canreaduser = (!empty($fuser->admin) || $fuser->rights->user->user->{$lire});
3075 if ($fuser->id == (int) $refname) {
3076 $canreaduser = 1;
3077 } // A user can always read its own card
3078 if ($canreaduser || preg_match('/^specimen/i', $original_file)) {
3079 $accessallowed = 1;
3080 }
3081 $original_file = $conf->user->dir_output.'/'.$original_file;
3082 } elseif (($modulepart == 'company' || $modulepart == 'societe' || $modulepart == 'thirdparty') && !empty($conf->societe->multidir_output[$entity])) {
3083 // Wrapping for third parties
3084 if (empty($entity) || empty($conf->societe->multidir_output[$entity])) {
3085 return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
3086 }
3087 if ($fuser->hasRight('societe', $lire) || preg_match('/^specimen/i', $original_file)) {
3088 $accessallowed = 1;
3089 }
3090 $original_file = $conf->societe->multidir_output[$entity].'/'.$original_file;
3091 $sqlprotectagainstexternals = "SELECT rowid as fk_soc FROM ".MAIN_DB_PREFIX."societe WHERE rowid='".$db->escape($refname)."' AND entity IN (".getEntity('societe').")";
3092 } elseif ($modulepart == 'contact' && !empty($conf->societe->multidir_output[$entity])) {
3093 // Wrapping for contact
3094 if (empty($entity) || empty($conf->societe->multidir_output[$entity])) {
3095 return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
3096 }
3097 if ($fuser->hasRight('societe', $lire)) {
3098 $accessallowed = 1;
3099 }
3100 $original_file = $conf->societe->multidir_output[$entity].'/contact/'.$original_file;
3101 } elseif (($modulepart == 'facture' || $modulepart == 'invoice') && !empty($conf->invoice->multidir_output[$entity])) {
3102 // Wrapping for invoices
3103 if ($fuser->hasRight('facture', $lire) || preg_match('/^specimen/i', $original_file)) {
3104 $accessallowed = 1;
3105 }
3106 $original_file = $conf->invoice->multidir_output[$entity].'/'.$original_file;
3107 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('invoice').")";
3108 } elseif ($modulepart == 'massfilesarea_proposals' && !empty($conf->propal->multidir_output[$entity])) {
3109 // Wrapping for mass actions
3110 if ($fuser->hasRight('propal', $lire) || preg_match('/^specimen/i', $original_file)) {
3111 $accessallowed = 1;
3112 }
3113 $original_file = $conf->propal->multidir_output[$entity].'/temp/massgeneration/'.$user->id.'/'.$original_file;
3114 } elseif ($modulepart == 'massfilesarea_orders') {
3115 if ($fuser->hasRight('commande', $lire) || preg_match('/^specimen/i', $original_file)) {
3116 $accessallowed = 1;
3117 }
3118 $original_file = $conf->order->multidir_output[$entity].'/temp/massgeneration/'.$user->id.'/'.$original_file;
3119 } elseif ($modulepart == 'massfilesarea_sendings') {
3120 if ($fuser->hasRight('expedition', $lire) || preg_match('/^specimen/i', $original_file)) {
3121 $accessallowed = 1;
3122 }
3123 $original_file = $conf->expedition->dir_output.'/sending/temp/massgeneration/'.$user->id.'/'.$original_file;
3124 } elseif ($modulepart == 'massfilesarea_receipts') {
3125 if ($fuser->hasRight('reception', $lire) || preg_match('/^specimen/i', $original_file)) {
3126 $accessallowed = 1;
3127 }
3128 $original_file = $conf->reception->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3129 } elseif ($modulepart == 'massfilesarea_invoices') {
3130 if ($fuser->hasRight('facture', $lire) || preg_match('/^specimen/i', $original_file)) {
3131 $accessallowed = 1;
3132 }
3133 $original_file = $conf->invoice->multidir_output[$entity].'/temp/massgeneration/'.$user->id.'/'.$original_file;
3134 } elseif ($modulepart == 'massfilesarea_expensereport') {
3135 if ($fuser->hasRight('facture', $lire) || preg_match('/^specimen/i', $original_file)) {
3136 $accessallowed = 1;
3137 }
3138 $original_file = $conf->expensereport->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3139 } elseif ($modulepart == 'massfilesarea_interventions') {
3140 if ($fuser->hasRight('ficheinter', $lire) || preg_match('/^specimen/i', $original_file)) {
3141 $accessallowed = 1;
3142 }
3143 $original_file = $conf->ficheinter->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3144 } elseif ($modulepart == 'massfilesarea_supplier_proposal' && !empty($conf->supplier_proposal->dir_output)) {
3145 if ($fuser->hasRight('supplier_proposal', $lire) || preg_match('/^specimen/i', $original_file)) {
3146 $accessallowed = 1;
3147 }
3148 $original_file = $conf->supplier_proposal->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3149 } elseif ($modulepart == 'massfilesarea_supplier_order') {
3150 if ($fuser->hasRight('fournisseur', 'commande', $lire) || preg_match('/^specimen/i', $original_file)) {
3151 $accessallowed = 1;
3152 }
3153 $original_file = $conf->fournisseur->commande->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3154 } elseif ($modulepart == 'massfilesarea_supplier_invoice') {
3155 if ($fuser->hasRight('fournisseur', 'facture', $lire) || preg_match('/^specimen/i', $original_file)) {
3156 $accessallowed = 1;
3157 }
3158 $original_file = $conf->fournisseur->facture->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3159 } elseif ($modulepart == 'massfilesarea_contract' && !empty($conf->contract->dir_output)) {
3160 if ($fuser->hasRight('contrat', $lire) || preg_match('/^specimen/i', $original_file)) {
3161 $accessallowed = 1;
3162 }
3163 $original_file = $conf->contract->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3164 } elseif (($modulepart == 'fichinter' || $modulepart == 'ficheinter') && !empty($conf->ficheinter->dir_output)) {
3165 // Wrapping for interventions
3166 if ($fuser->hasRight('ficheinter', $lire) || preg_match('/^specimen/i', $original_file)) {
3167 $accessallowed = 1;
3168 }
3169 $original_file = $conf->ficheinter->dir_output.'/'.$original_file;
3170 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
3171 } elseif ($modulepart == 'deplacement' && !empty($conf->deplacement->dir_output)) {
3172 // Wrapping pour les deplacements et notes de frais
3173 if ($fuser->hasRight('deplacement', $lire) || preg_match('/^specimen/i', $original_file)) {
3174 $accessallowed = 1;
3175 }
3176 $original_file = $conf->deplacement->dir_output.'/'.$original_file;
3177 //$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
3178 } elseif (($modulepart == 'propal' || $modulepart == 'propale') && isset($conf->propal->multidir_output[$entity])) {
3179 // Wrapping pour les propales
3180 if ($fuser->hasRight('propal', $lire) || preg_match('/^specimen/i', $original_file)) {
3181 $accessallowed = 1;
3182 }
3183 $original_file = $conf->propal->multidir_output[$entity].'/'.$original_file;
3184 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."propal WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('propal').")";
3185 } elseif (($modulepart == 'commande' || $modulepart == 'order') && !empty($conf->order->multidir_output[$entity])) {
3186 // Wrapping pour les commandes
3187 if ($fuser->hasRight('commande', $lire) || preg_match('/^specimen/i', $original_file)) {
3188 $accessallowed = 1;
3189 }
3190 $original_file = $conf->order->multidir_output[$entity].'/'.$original_file;
3191 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."commande WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('order').")";
3192 } elseif ($modulepart == 'project' && !empty($conf->project->multidir_output[$entity])) {
3193 // Wrapping pour les projects
3194 if ($fuser->hasRight('projet', $lire) || preg_match('/^specimen/i', $original_file)) {
3195 $accessallowed = 1;
3196 // If we known $id of project, call checkUserAccessToObject to check permission on properties and contact of project
3197 if ($refname && !preg_match('/^specimen/i', $original_file)) {
3198 include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
3199 $tmpproject = new Project($db);
3200 $tmpproject->fetch('', $refname);
3201 $accessallowed = checkUserAccessToObject($user, array('projet'), $tmpproject->id, 'projet&project', '', '', 'rowid', '');
3202 }
3203 }
3204 $original_file = $conf->project->multidir_output[$entity].'/'.$original_file;
3205 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('project').")";
3206 } elseif ($modulepart == 'project_task' && !empty($conf->project->multidir_output[$entity])) {
3207 if ($fuser->hasRight('projet', $lire) || preg_match('/^specimen/i', $original_file)) {
3208 $accessallowed = 1;
3209 // If we known $id of project, call checkUserAccessToObject to check permission on properties and contact of project
3210 if ($refname && !preg_match('/^specimen/i', $original_file)) {
3211 include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php';
3212 $tmptask = new Task($db);
3213 $tmptask->fetch('', $refname);
3214 $accessallowed = checkUserAccessToObject($user, array('projet_task'), $tmptask->id, 'projet_task&project', '', '', 'rowid', '');
3215 }
3216 }
3217 $original_file = $conf->project->multidir_output[$entity].'/'.$original_file;
3218 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('project').")";
3219 } elseif (($modulepart == 'commande_fournisseur' || $modulepart == 'order_supplier') && !empty($conf->fournisseur->commande->dir_output)) {
3220 // Wrapping pour les commandes fournisseurs
3221 if ($fuser->hasRight('fournisseur', 'commande', $lire) || preg_match('/^specimen/i', $original_file)) {
3222 $accessallowed = 1;
3223 }
3224 $original_file = $conf->fournisseur->commande->dir_output.'/'.$original_file;
3225 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."commande_fournisseur WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
3226 } elseif (($modulepart == 'facture_fournisseur' || $modulepart == 'invoice_supplier') && !empty($conf->fournisseur->facture->dir_output)) {
3227 // Wrapping pour les factures fournisseurs
3228 if ($fuser->hasRight('fournisseur', 'facture', $lire) || preg_match('/^specimen/i', $original_file)) {
3229 $accessallowed = 1;
3230 }
3231 $original_file = $conf->fournisseur->facture->dir_output.'/'.$original_file;
3232 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture_fourn WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
3233 } elseif ($modulepart == 'supplier_payment') {
3234 // Wrapping pour les rapport de paiements
3235 if ($fuser->hasRight('fournisseur', 'facture', $lire) || preg_match('/^specimen/i', $original_file)) {
3236 $accessallowed = 1;
3237 }
3238 $original_file = $conf->fournisseur->payment->dir_output.'/'.$original_file;
3239 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."paiementfournisseur WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
3240 } elseif ($modulepart == 'payment') {
3241 // Wrapping pour les rapport de paiements
3242 if ($fuser->rights->facture->{$lire} || preg_match('/^specimen/i', $original_file)) {
3243 $accessallowed = 1;
3244 }
3245 $original_file = $conf->compta->payment->dir_output.'/'.$original_file;
3246 } elseif ($modulepart == 'facture_paiement' && !empty($conf->invoice->dir_output)) {
3247 // Wrapping pour les rapport de paiements
3248 if ($fuser->hasRight('facture', $lire) || preg_match('/^specimen/i', $original_file)) {
3249 $accessallowed = 1;
3250 }
3251 if ($fuser->socid > 0) {
3252 $original_file = $conf->invoice->dir_output.'/payments/private/'.$fuser->id.'/'.$original_file;
3253 } else {
3254 $original_file = $conf->invoice->dir_output.'/payments/'.$original_file;
3255 }
3256 } elseif ($modulepart == 'export_compta' && !empty($conf->accounting->dir_output)) {
3257 // Wrapping for accounting exports
3258 if ($fuser->hasRight('accounting', 'bind', 'write') || preg_match('/^specimen/i', $original_file)) {
3259 $accessallowed = 1;
3260 }
3261 $original_file = $conf->accounting->dir_output.'/'.$original_file;
3262 } elseif (($modulepart == 'expedition' || $modulepart == 'shipment') && !empty($conf->expedition->dir_output)) {
3263 // Wrapping pour les expedition
3264 if ($fuser->hasRight('expedition', $lire) || preg_match('/^specimen/i', $original_file)) {
3265 $accessallowed = 1;
3266 }
3267 $original_file = $conf->expedition->dir_output."/".(strpos($original_file, 'sending/') === 0 ? '' : 'sending/').$original_file;
3268 //$original_file = $conf->expedition->dir_output."/".$original_file;
3269 } elseif (($modulepart == 'livraison' || $modulepart == 'delivery') && !empty($conf->expedition->dir_output)) {
3270 // Delivery Note Wrapping
3271 if ($fuser->hasRight('expedition', 'delivery', $lire) || preg_match('/^specimen/i', $original_file)) {
3272 $accessallowed = 1;
3273 }
3274 $original_file = $conf->expedition->dir_output."/".(strpos($original_file, 'receipt/') === 0 ? '' : 'receipt/').$original_file;
3275 } elseif ($modulepart == 'actionsreport' && !empty($conf->agenda->dir_temp)) {
3276 // Wrapping pour les actions
3277 if ($fuser->hasRight('agenda', 'allactions', $read) || preg_match('/^specimen/i', $original_file)) {
3278 $accessallowed = 1;
3279 }
3280 $original_file = $conf->agenda->dir_temp."/".$original_file;
3281 } elseif ($modulepart == 'product' || $modulepart == 'produit' || $modulepart == 'service' || $modulepart == 'produit|service') {
3282 // Wrapping pour les produits et services
3283 if (empty($entity) || (empty($conf->product->multidir_output[$entity]) && empty($conf->service->multidir_output[$entity]))) {
3284 return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
3285 }
3286 if (($fuser->hasRight('produit', $lire) || $fuser->hasRight('service', $lire)) || preg_match('/^specimen/i', $original_file)) {
3287 $accessallowed = 1;
3288 }
3289 if (isModEnabled("product")) {
3290 $original_file = $conf->product->multidir_output[$entity].'/'.$original_file;
3291 } elseif (isModEnabled("service")) {
3292 $original_file = $conf->service->multidir_output[$entity].'/'.$original_file;
3293 }
3294 } elseif ($modulepart == 'product_batch' || $modulepart == 'produitlot') {
3295 // Wrapping pour les lots produits
3296 if (empty($entity) || (empty($conf->productbatch->multidir_output[$entity]))) {
3297 return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
3298 }
3299 if (($fuser->hasRight('produit', $lire)) || preg_match('/^specimen/i', $original_file)) {
3300 $accessallowed = 1;
3301 }
3302 if (isModEnabled('productbatch')) {
3303 $original_file = $conf->productbatch->multidir_output[$entity].'/'.$original_file;
3304 }
3305 } elseif ($modulepart == 'movement' || $modulepart == 'mouvement') {
3306 // Wrapping for stock movements
3307 if (empty($entity) || empty($conf->stock->multidir_output[$entity])) {
3308 return array('accessallowed' => 0, 'error' => 'Value entity must be provided');
3309 }
3310 if (($fuser->hasRight('stock', $lire) || $fuser->hasRight('stock', 'movement', $lire) || $fuser->hasRight('stock', 'mouvement', $lire)) || preg_match('/^specimen/i', $original_file)) {
3311 $accessallowed = 1;
3312 }
3313 if (isModEnabled('stock')) {
3314 $original_file = $conf->stock->multidir_output[$entity].'/movement/'.$original_file;
3315 }
3316 } elseif ($modulepart == 'contract' && !empty($conf->contract->multidir_output[$entity])) {
3317 // Wrapping pour les contrats
3318 if ($fuser->hasRight('contrat', $lire) || preg_match('/^specimen/i', $original_file)) {
3319 $accessallowed = 1;
3320 }
3321 $original_file = $conf->contract->multidir_output[$entity].'/'.$original_file;
3322 $sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."contrat WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('contract').")";
3323 } elseif ($modulepart == 'donation' && !empty($conf->don->dir_output)) {
3324 // Wrapping pour les dons
3325 if ($fuser->hasRight('don', $lire) || preg_match('/^specimen/i', $original_file)) {
3326 $accessallowed = 1;
3327 }
3328 $original_file = $conf->don->dir_output.'/'.$original_file;
3329 } elseif ($modulepart == 'dolresource' && !empty($conf->resource->dir_output)) {
3330 // Wrapping pour les dons
3331 if ($fuser->hasRight('resource', $read) || preg_match('/^specimen/i', $original_file)) {
3332 $accessallowed = 1;
3333 }
3334 $original_file = $conf->resource->dir_output.'/'.$original_file;
3335 } elseif (($modulepart == 'remisecheque' || $modulepart == 'chequereceipt') && !empty($conf->bank->dir_output)) {
3336 // Wrapping pour les remises de cheques
3337 if ($fuser->hasRight('banque', $lire) || preg_match('/^specimen/i', $original_file)) {
3338 $accessallowed = 1;
3339 }
3340 $original_file = $conf->bank->dir_output.'/checkdeposits/'.$original_file; // original_file should contains relative path so include the get_exdir result
3341 } elseif (($modulepart == 'banque' || $modulepart == 'bank') && !empty($conf->bank->dir_output)) {
3342 // Wrapping for bank
3343 if ($fuser->hasRight('banque', $lire)) {
3344 $accessallowed = 1;
3345 }
3346 $original_file = $conf->bank->dir_output.'/'.$original_file;
3347 } elseif ($modulepart == 'export' && !empty($conf->export->dir_temp)) {
3348 // Wrapping for export module
3349 // Note that a test may not be required because we force the dir of download on the directory of the user that export
3350 $accessallowed = $user->hasRight('export', 'lire');
3351 $original_file = $conf->export->dir_temp.'/'.$fuser->id.'/'.$original_file;
3352 } elseif ($modulepart == 'import' && !empty($conf->import->dir_temp)) {
3353 // Wrapping for import module
3354 $accessallowed = $user->hasRight('import', 'run');
3355 $original_file = $conf->import->dir_temp.'/'.$original_file;
3356 } elseif ($modulepart == 'recruitment' && !empty($conf->recruitment->dir_output)) {
3357 // Wrapping for recruitment module
3358 $accessallowed = $user->hasRight('recruitment', 'recruitmentjobposition', 'read');
3359 $original_file = $conf->recruitment->dir_output.'/'.$original_file;
3360 } elseif ($modulepart == 'editor' && !empty($conf->fckeditor->dir_output)) {
3361 // Wrapping for wysiwyg editor
3362 $accessallowed = 1;
3363 $original_file = $conf->fckeditor->dir_output.'/'.$original_file;
3364 } elseif ($modulepart == 'systemtools' && !empty($conf->admin->dir_output)) {
3365 // Wrapping for backups
3366 if ($fuser->admin) {
3367 $accessallowed = 1;
3368 }
3369 $original_file = $conf->admin->dir_output.'/'.$original_file;
3370 } elseif ($modulepart == 'admin_temp' && !empty($conf->admin->dir_temp)) {
3371 // Wrapping for upload file test
3372 if ($fuser->admin) {
3373 $accessallowed = 1;
3374 }
3375 $original_file = $conf->admin->dir_temp.'/'.$original_file;
3376 } elseif ($modulepart == 'bittorrent' && !empty($conf->bittorrent->dir_output)) {
3377 // Wrapping pour BitTorrent
3378 $accessallowed = 1;
3379 $dir = 'files';
3380 if (dol_mimetype($original_file) == 'application/x-bittorrent') {
3381 $dir = 'torrents';
3382 }
3383 $original_file = $conf->bittorrent->dir_output.'/'.$dir.'/'.$original_file;
3384 } elseif ($modulepart == 'member' && !empty($conf->member->dir_output)) {
3385 // Wrapping pour Foundation module
3386 if ($fuser->hasRight('adherent', $lire) || preg_match('/^specimen/i', $original_file)) {
3387 $accessallowed = 1;
3388 }
3389 $original_file = $conf->member->dir_output.'/'.$original_file;
3390 // If modulepart=module_user_temp Allows any module to open a file if file is in directory called DOL_DATA_ROOT/modulepart/temp/iduser
3391 // If modulepart=module_temp Allows any module to open a file if file is in directory called DOL_DATA_ROOT/modulepart/temp
3392 // If modulepart=module_user Allows any module to open a file if file is in directory called DOL_DATA_ROOT/modulepart/iduser
3393 // If modulepart=module Allows any module to open a file if file is in directory called DOL_DATA_ROOT/modulepart
3394 // If modulepart=module-abc Allows any module to open a file if file is in directory called DOL_DATA_ROOT/modulepart
3395 } else {
3396 // GENERIC Wrapping
3397 //var_dump($modulepart);
3398 //var_dump($original_file);
3399 if (preg_match('/^specimen/i', $original_file)) {
3400 $accessallowed = 1; // If link to a file called specimen. Test must be done before changing $original_file int full path.
3401 }
3402 if ($fuser->admin) {
3403 $accessallowed = 1; // If user is admin
3404 }
3405
3406 $tmpmodulepart = explode('-', $modulepart);
3407 if (!empty($tmpmodulepart[1])) {
3408 $modulepart = $tmpmodulepart[0];
3409 $original_file = $tmpmodulepart[1].'/'.$original_file;
3410 }
3411
3412 // Define $accessallowed
3413 $reg = array();
3414 if (preg_match('/^([a-z]+)_user_temp$/i', $modulepart, $reg)) {
3415 $tmpmodule = $reg[1];
3416 if (empty($conf->$tmpmodule->dir_temp)) { // modulepart not supported
3417 dol_print_error(null, 'Error call dol_check_secure_access_document with not supported value for modulepart parameter ('.$modulepart.')');
3418 exit;
3419 }
3420 if ($fuser->hasRight($tmpmodule, $lire) || $fuser->hasRight($tmpmodule, $read) || $fuser->hasRight($tmpmodule, $download)) {
3421 $accessallowed = 1;
3422 }
3423 $original_file = $conf->{$reg[1]}->dir_temp.'/'.$fuser->id.'/'.$original_file;
3424 } elseif (preg_match('/^([a-z]+)_temp$/i', $modulepart, $reg)) {
3425 $tmpmodule = $reg[1];
3426 if (empty($conf->$tmpmodule->dir_temp)) { // modulepart not supported
3427 dol_print_error(null, 'Error call dol_check_secure_access_document with not supported value for modulepart parameter ('.$modulepart.')');
3428 exit;
3429 }
3430 if ($fuser->hasRight($tmpmodule, $lire) || $fuser->hasRight($tmpmodule, $read) || $fuser->hasRight($tmpmodule, $download)) {
3431 $accessallowed = 1;
3432 }
3433 $original_file = $conf->$tmpmodule->dir_temp.'/'.$original_file;
3434 } elseif (preg_match('/^([a-z]+)_user$/i', $modulepart, $reg)) {
3435 $tmpmodule = $reg[1];
3436 if (empty($conf->$tmpmodule->dir_output)) { // modulepart not supported
3437 dol_print_error(null, 'Error call dol_check_secure_access_document with not supported value for modulepart parameter ('.$modulepart.')');
3438 exit;
3439 }
3440 if ($fuser->hasRight($tmpmodule, $lire) || $fuser->hasRight($tmpmodule, $read) || $fuser->hasRight($tmpmodule, $download)) {
3441 $accessallowed = 1;
3442 }
3443 $original_file = $conf->$tmpmodule->dir_output.'/'.$fuser->id.'/'.$original_file;
3444 } elseif (preg_match('/^massfilesarea_([a-z]+)$/i', $modulepart, $reg)) {
3445 $tmpmodule = $reg[1];
3446 if (empty($conf->$tmpmodule->dir_output)) { // modulepart not supported
3447 dol_print_error(null, 'Error call dol_check_secure_access_document with not supported value for modulepart parameter ('.$modulepart.')');
3448 exit;
3449 }
3450 if ($fuser->hasRight($tmpmodule, $lire) || preg_match('/^specimen/i', $original_file)) {
3451 $accessallowed = 1;
3452 }
3453 $original_file = $conf->$tmpmodule->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
3454 } else {
3455 if (empty($conf->$modulepart->dir_output)) { // modulepart not supported
3456 dol_print_error(null, 'Error call dol_check_secure_access_document with not supported value for modulepart parameter ('.$modulepart.'). The module for this modulepart value may not be activated.');
3457 exit;
3458 }
3459
3460 // Check fuser->rights->modulepart->myobject->read and fuser->rights->modulepart->read
3461 $partsofdirinoriginalfile = explode('/', $original_file);
3462 if (!empty($partsofdirinoriginalfile[1])) { // If original_file is xxx/filename (xxx is a part we will use)
3463 $partofdirinoriginalfile = $partsofdirinoriginalfile[0];
3464 if ($partofdirinoriginalfile && ($fuser->hasRight($modulepart, $partofdirinoriginalfile, 'lire') || $fuser->hasRight($modulepart, $partofdirinoriginalfile, 'read'))) {
3465 $accessallowed = 1;
3466 }
3467 }
3468 if ($fuser->hasRight($modulepart, $lire) || $fuser->hasRight($modulepart, $read)) {
3469 $accessallowed = 1;
3470 }
3471
3472 if (is_array($conf->$modulepart->multidir_output) && !empty($conf->$modulepart->multidir_output[$entity])) {
3473 $original_file = $conf->$modulepart->multidir_output[$entity].'/'.$original_file;
3474 } else {
3475 $original_file = $conf->$modulepart->dir_output.'/'.$original_file;
3476 }
3477 }
3478
3479 $parameters = array(
3480 'modulepart' => $modulepart,
3481 'original_file' => $original_file,
3482 'entity' => $entity,
3483 'fuser' => $fuser,
3484 'refname' => '',
3485 'mode' => $mode
3486 );
3487 $reshook = $hookmanager->executeHooks('checkSecureAccess', $parameters, $object);
3488 if ($reshook > 0) {
3489 if (!empty($hookmanager->resArray['original_file'])) {
3490 $original_file = $hookmanager->resArray['original_file'];
3491 }
3492 if (!empty($hookmanager->resArray['accessallowed'])) {
3493 $accessallowed = $hookmanager->resArray['accessallowed'];
3494 }
3495 if (!empty($hookmanager->resArray['sqlprotectagainstexternals'])) {
3496 $sqlprotectagainstexternals = $hookmanager->resArray['sqlprotectagainstexternals'];
3497 }
3498 }
3499 }
3500
3501 $ret = array(
3502 'accessallowed' => ($accessallowed ? 1 : 0),
3503 'sqlprotectagainstexternals' => $sqlprotectagainstexternals,
3504 'original_file' => $original_file
3505 );
3506
3507 return $ret;
3508}
3509
3518function dol_filecache($directory, $filename, $object)
3519{
3520 if (!dol_is_dir($directory)) {
3521 $result = dol_mkdir($directory);
3522 if ($result < -1) {
3523 dol_syslog("Failed to create the cache directory ".$directory, LOG_WARNING);
3524 }
3525 }
3526 $cachefile = $directory.$filename;
3527
3528 file_put_contents($cachefile, serialize($object), LOCK_EX);
3529
3530 dolChmod($cachefile, '0644');
3531}
3532
3541function dol_cache_refresh($directory, $filename, $cachetime)
3542{
3543 $now = dol_now();
3544 $cachefile = $directory.$filename;
3545 $refresh = !file_exists($cachefile) || ($now - $cachetime) > dol_filemtime($cachefile);
3546 return $refresh;
3547}
3548
3556function dol_readcachefile($directory, $filename)
3557{
3558 $cachefile = $directory.$filename;
3559 $object = unserialize(file_get_contents($cachefile));
3560 return $object;
3561}
3562
3569function dirbasename($pathfile)
3570{
3571 return preg_replace('/^'.preg_quote(DOL_DATA_ROOT, '/').'\//', '', $pathfile);
3572}
3573
3574
3586function getFilesUpdated(&$file_list, SimpleXMLElement $dir, $path = '', $pathref = '', &$checksumconcat = array())
3587{
3588 global $conffile;
3589
3590 $exclude = 'install';
3591
3592 foreach ($dir->md5file as $file) { // $file is a simpleXMLElement
3593 $filename = $path.$file['name'];
3594 $file_list['insignature'][] = $filename;
3595 $expectedsize = (empty($file['size']) ? '' : $file['size']);
3596 $expectedmd5 = (string) $file;
3597
3598 if (!file_exists($pathref.'/'.$filename)) {
3599 $file_list['missing'][] = array('filename' => $filename, 'expectedmd5' => $expectedmd5, 'expectedsize' => $expectedsize);
3600 } else {
3601 $md5_local = md5_file($pathref.'/'.$filename);
3602
3603 if ($conffile == '/etc/dolibarr/conf.php' && $filename == '/filefunc.inc.php') { // For install with deb or rpm, we ignore test on filefunc.inc.php that was modified by package
3604 $checksumconcat[] = $expectedmd5;
3605 } else {
3606 if ($md5_local != $expectedmd5) {
3607 $file_list['updated'][] = array('filename' => $filename, 'expectedmd5' => $expectedmd5, 'expectedsize' => $expectedsize, 'md5' => (string) $md5_local);
3608 }
3609 $checksumconcat[] = $md5_local;
3610 }
3611 }
3612 }
3613
3614 foreach ($dir->dir as $subdir) { // $subdir['name'] is '' or '/accountancy/admin' for example
3615 getFilesUpdated($file_list, $subdir, $path.$subdir['name'].'/', $pathref, $checksumconcat);
3616 }
3617
3618 return $file_list;
3619}
3620
3628function dragAndDropFileUpload($htmlname)
3629{
3630 global $object, $langs;
3631
3632 $out = "";
3633 $out .= '<div id="'.$htmlname.'Message" class="dragDropAreaMessage hidden"><span>'.img_picto("", 'download').'<br>'.$langs->trans("DropFileToAddItToObject").'</span></div>';
3634 $out .= "\n<!-- JS CODE TO ENABLE DRAG AND DROP OF FILE -->\n";
3635 $out .= "<script>";
3636 $out .= '
3637 jQuery(document).ready(function() {
3638 var enterTargetDragDrop = null;
3639
3640 $("#'.$htmlname.'").addClass("cssDragDropArea");
3641
3642 $(".cssDragDropArea").on("dragenter", function(ev, ui) {
3643 var dataTransfer = ev.originalEvent.dataTransfer;
3644 var dataTypes = dataTransfer.types;
3645 //console.log(dataTransfer);
3646 //console.log(dataTypes);
3647
3648 if (!dataTypes || ($.inArray(\'Files\', dataTypes) === -1)) {
3649 // The element dragged is not a file, so we avoid the "dragenter"
3650 ev.preventDefault();
3651 return false;
3652 }
3653
3654 // Entering drop area. Highlight area
3655 console.log("dragAndDropFileUpload: We add class highlightDragDropArea")
3656 enterTargetDragDrop = ev.target;
3657 $(this).addClass("highlightDragDropArea");
3658 $("#'.$htmlname.'Message").removeClass("hidden");
3659 ev.preventDefault();
3660 });
3661
3662 $(".cssDragDropArea").on("dragleave", function(ev) {
3663 // Going out of drop area. Remove Highlight
3664 if (enterTargetDragDrop == ev.target){
3665 console.log("dragAndDropFileUpload: We remove class highlightDragDropArea")
3666 $("#'.$htmlname.'Message").addClass("hidden");
3667 $(this).removeClass("highlightDragDropArea");
3668 }
3669 });
3670
3671 $(".cssDragDropArea").on("dragover", function(ev) {
3672 ev.preventDefault();
3673 return false;
3674 });
3675
3676 $(".cssDragDropArea").on("drop", function(e) {
3677 console.log("Trigger event file dropped. fk_element='.dol_escape_js($object->id).' element='.dol_escape_js($object->element).'");
3678 e.preventDefault();
3679 fd = new FormData();
3680 fd.append("fk_element", "'.dol_escape_js($object->id).'");
3681 fd.append("element", "'.dol_escape_js($object->element).'");
3682 fd.append("token", "'.currentToken().'");
3683 fd.append("action", "linkit");
3684
3685 var dataTransfer = e.originalEvent.dataTransfer;
3686
3687 if (dataTransfer.files && dataTransfer.files.length){
3688 var droppedFiles = e.originalEvent.dataTransfer.files;
3689 $.each(droppedFiles, function(index,file){
3690 fd.append("files[]", file,file.name)
3691 });
3692 }
3693 $(".cssDragDropArea").removeClass("highlightDragDropArea");
3694 counterdragdrop = 0;
3695 $.ajax({
3696 url: "'.DOL_URL_ROOT.'/core/ajax/fileupload.php",
3697 type: "POST",
3698 processData: false,
3699 contentType: false,
3700 data: fd,
3701 success:function() {
3702 console.log("Uploaded.", arguments);
3703 /* arguments[0] is the json string of files */
3704 /* arguments[1] is the value for variable "success", can be 0 or 1 */
3705 let listoffiles = JSON.parse(arguments[0]);
3706 console.log(listoffiles);
3707 let nboferror = 0;
3708 for (let i = 0; i < listoffiles.length; i++) {
3709 console.log(listoffiles[i].error);
3710 if (listoffiles[i].error) {
3711 nboferror++;
3712 }
3713 }
3714 console.log(nboferror);
3715 if (nboferror > 0) {
3716 window.location.href = "'.$_SERVER["PHP_SELF"].'?id='.dol_escape_js($object->id).'&seteventmessages=ErrorOnAtLeastOneFileUpload:warnings";
3717 } else {
3718 window.location.href = "'.$_SERVER["PHP_SELF"].'?id='.dol_escape_js($object->id).'&seteventmessages=UploadFileDragDropSuccess:mesgs";
3719 }
3720 },
3721 error:function() {
3722 console.log("Error Uploading.", arguments)
3723 if (arguments[0].status == 403) {
3724 window.location.href = "'.$_SERVER["PHP_SELF"].'?id='.dol_escape_js($object->id).'&seteventmessages=ErrorUploadPermissionDenied:errors";
3725 }
3726 window.location.href = "'.$_SERVER["PHP_SELF"].'?id='.dol_escape_js($object->id).'&seteventmessages=ErrorUploadFileDragDropPermissionDenied:errors";
3727 },
3728 })
3729 });
3730 });
3731 ';
3732 $out .= "</script>\n";
3733 return $out;
3734}
3735
3746function archiveOrBackupFile($filetpl, $max_versions = 5, $archivedir = '', $suffix = "v", $moveorcopy = 'move')
3747{
3748 $base_file_pattern = ($archivedir ? $archivedir : dirname($filetpl)).'/'.basename($filetpl).".".$suffix;
3749 $files_in_directory = glob($base_file_pattern . "*");
3750
3751 // Extract the modification timestamps for each file
3752 $files_with_timestamps = [];
3753 foreach ($files_in_directory as $file) {
3754 $files_with_timestamps[] = [
3755 'file' => $file,
3756 'timestamp' => filemtime($file)
3757 ];
3758 }
3759
3760 // Sort the files by modification date
3761 $sorted_files = [];
3762 while (count($files_with_timestamps) > 0) {
3763 $latest_file = null;
3764 $latest_index = null;
3765
3766 // Find the latest file by timestamp
3767 foreach ($files_with_timestamps as $index => $file_info) {
3768 if ($latest_file === null || (is_array($latest_file) && $file_info['timestamp'] > $latest_file['timestamp'])) {
3769 $latest_file = $file_info;
3770 $latest_index = $index;
3771 }
3772 }
3773
3774 // Add the latest file to the sorted list and remove it from the original list
3775 if ($latest_file !== null) {
3776 $sorted_files[] = $latest_file['file'];
3777 unset($files_with_timestamps[$latest_index]);
3778 }
3779 }
3780
3781 // Delete the oldest files to keep only the allowed number of versions
3782 if (count($sorted_files) >= $max_versions) {
3783 $oldest_files = array_slice($sorted_files, $max_versions - 1);
3784 foreach ($oldest_files as $oldest_file) {
3785 dol_delete_file($oldest_file);
3786 }
3787 }
3788
3789 $timestamp = dol_now('gmt');
3790 $new_backup = $filetpl . ".v" . $timestamp;
3791
3792 // Move or copy the original file to the new backup with the timestamp
3793 if ($moveorcopy == 'move') {
3794 $result = dol_move($filetpl, $new_backup, '0', 1, 0, 0);
3795 } else {
3796 $result = dol_copy($filetpl, $new_backup, '0', 1, 0, 0);
3797 }
3798
3799 if (!$result) {
3800 return false;
3801 }
3802
3803 return true;
3804}
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:58
Class to manage agenda events (actions)
Class to scan for virus.
Class to manage ECM files.
Class to manage Trips and Expenses.
Class permettant la generation du formulaire html d'envoi de mail unitaire Usage: $formail = new Form...
Class of the module paid holiday.
Class to manage hooks.
Class to manage projects.
Class to manage tasks.
Class to manage Dolibarr users.
Class to manage utility methods.
dirbasename($pathfile)
Return the relative dirname (relative to DOL_DATA_ROOT) of a full path string.
dol_is_link($pathoffile)
Return if path is a symbolic link.
dol_compare_file($a, $b)
Fast compare of 2 files identified by their properties ->name, ->date and ->size.
dol_meta_create($object)
Create a meta file with document file into same directory.
dol_is_url($uri)
Return if path is an URI (the name of the method is misleading).
dol_basename($pathfile)
Make a basename working with all page code (default PHP basenamed fails with cyrillic).
Definition files.lib.php:38
getFilesUpdated(&$file_list, SimpleXMLElement $dir, $path='', $pathref='', &$checksumconcat=array())
Function to get list of updated or modified files.
dol_filemtime($pathoffile)
Return time of a file.
dol_filesize($pathoffile)
Return size of a file.
dol_delete_dir_recursive($dir, $count=0, $nophperrors=0, $onlysub=0, &$countdeleted=0, $indexdatabase=1, $nolog=0)
Remove a directory $dir and its subdirectories (or only files and subdirectories)
dol_copy($srcfile, $destfile, $newmask='0', $overwriteifexists=1, $testvirus=0, $indexdatabase=0)
Copy a file to another file.
archiveOrBackupFile($filetpl, $max_versions=5, $archivedir='', $suffix="v", $moveorcopy='move')
Manage backup versions for a given file, ensuring only a maximum number of versions are kept.
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disablevirusscan=0, $uploaderrorcode=0, $nohook=0, $varfiles='addedfile', $upload_dir='')
Check validity of a file upload from an GUI page, and move it to its final destination.
dol_move_dir($srcdir, $destdir, $overwriteifexists=1, $indexdatabase=1, $renamedircontent=1)
Move a directory into another name.
dol_fileperm($pathoffile)
Return permissions of a file.
dol_is_writable($folderorfile)
Test if directory or filename is writable.
dol_delete_dir($dir, $nophperrors=0)
Remove a directory (not recursive, so content must be empty).
dol_add_file_process($upload_dir, $allowoverwrite=0, $updatesessionordb=0, $varfiles='addedfile', $savingdocmask='', $link=null, $trackid='', $generatethumbs=1, $object=null)
Get and save an upload file (for example after submitting a new file a mail form).
dol_uncompress($inputfile, $outputdir)
Uncompress a file.
dol_move($srcfile, $destfile, $newmask='0', $overwriteifexists=1, $testvirus=0, $indexdatabase=1, $moreinfo=array())
Move a file into another name.
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser=null, $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
dol_init_file_process($pathtoscan='', $trackid='')
Scan a directory and init $_SESSION to manage uploaded files with list of all found files.
addFileIntoDatabaseIndex($dir, $file, $fullpathorig='', $mode='uploaded', $setsharekey=0, $object=null)
Add a file into database index.
dol_convert_file($fileinput, $ext='png', $fileoutput='', $page='')
Convert an image file or a PDF into another image format.
dol_filecache($directory, $filename, $object)
Store object in file.
dolCopyDir($srcfile, $destfile, $newmask, $overwriteifexists, $arrayreplacement=null, $excludesubdir=0, $excludefileext=null, $excludearchivefiles=0)
Copy a dir to another dir.
dol_dir_list_in_database($path, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0)
Scan a directory and return a list of files/directories.
dragAndDropFileUpload($htmlname)
Function to manage the drag and drop of a file.
dol_is_file($pathoffile)
Return if path is a file.
dol_count_nb_of_line($file)
Count number of lines in a file.
dolCheckVirus($src_file, $dest_file='')
Check virus into a file.
dol_unescapefile($filename)
Unescape a file submitted by upload.
dol_dir_is_emtpy($folder)
Test if a folder is empty.
dol_remove_file_process($filenb, $donotupdatesession=0, $donotdeletefile=1, $trackid='')
Remove an uploaded file (for example after submitting a new file a mail form).
dolCheckOnFileName($src_file, $dest_file='')
Check virus into a file.
dol_dir_list($utf8_path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="", $donotfollowsymlinks=0, $nbsecondsold=0)
Scan a directory and return a list of files/directories.
Definition files.lib.php:63
deleteFilesIntoDatabaseIndex($dir, $file, $mode='uploaded')
Delete files into database index using search criteria.
dol_readcachefile($directory, $filename)
Read object from cachefile.
dol_most_recent_file($dir, $regexfilter='', $excludefilter=array('(\.meta|_preview.*\.png) $', '^\.'), $nohook=0, $mode=0)
Return file(s) into a directory (by default most recent)
dol_is_dir($folder)
Test if filename is a directory.
completeFileArrayWithDatabaseInfo(&$filearray, $relativedir)
Complete $filearray with data from database.
dol_cache_refresh($directory, $filename, $cachetime)
Test if Refresh needed.
dolReplaceInFile($srcfile, $arrayreplacement, $destfile='', $newmask='0', $indexdatabase=0, $arrayreplacementisregex=0)
Make replacement of strings into a file.
dol_delete_preview($object)
Delete all preview files linked to object instance.
dol_is_dir_empty($dir)
Return if path is empty.
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=0, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
getDolUserInt($key, $default=0, $tmpuser=null)
Return Dolibarr user constant int value.
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
dol_string_nohtmltag($stringtoclean, $removelinefeed=1, $pagecodeto='UTF-8', $strip_tags=0, $removedoublespaces=1)
Clean a string from all HTML tags and entities.
currentToken()
Return the value of token currently saved into session with name 'token'.
dol_string_nospecial($str, $newstr='_', $badcharstoreplace='', $badcharstoremove='', $keepspaces=0)
Clean a string from all punctuation characters to use it as a ref or login.
dolChmod($filepath, $newmask='')
Change mod of a file.
dol_now($mode='auto')
Return date for now.
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
dol_escape_js($stringtoescape, $mode=0, $noescapebackslashn=0)
Returns text escaped for inclusion into javascript code.
dol_print_date($time, $format='', $tzoutput='auto', $outputlangs=null, $encodetooutput=false)
Output date in a string format according to outputlangs (or langs if not defined).
dol_sort_array(&$array, $index, $order='asc', $natsort=0, $case_sensitive=0, $keepindex=0)
Advanced sort array by the value of a given key, which produces ascending (default) or descending out...
make_substitutions($text, $substitutionarray, $outputlangs=null, $converttextinhtmlifnecessary=0)
Make substitution into a text string, replacing keys with vals from $substitutionarray (oldval=>newva...
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='', $noduplicate=0)
Set event messages in dol_events session object.
dol_sanitizeFileName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a file name.
dol_print_error($db=null, $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
isAFileWithExecutableContent($filename)
Return if a file can contains executable content.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
utf8_check($str)
Check if a string is in UTF8.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
getEntity($element, $shared=1, $currentobject=null)
Get list of entity id to use.
dol_sanitizePathName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a path name.
dol_mkdir($dir, $dataroot='', $newmask='')
Creation of a directory (this can create recursive subdir)
vignette($file, $maxWidth=160, $maxHeight=120, $extName='_small', $quality=50, $outdir='thumbs', $targetformat=0)
Create a thumbnail from an image file (Supported extensions are gif, jpg, png and bmp).
if(!defined( 'IMAGETYPE_WEBP')) getDefaultImageSizes()
Return default values for image sizes.
image_format_supported($file, $acceptsvg=0)
Return if a filename is file name of a supported image format.
getRandomPassword($generic=false, $replaceambiguouschars=null, $length=32)
Return a generated password using default module.
checkUserAccessToObject($user, array $featuresarray, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid', $parenttableforentity='')
Check that access by a given user to an object is ok.
dol_hash($chain, $type='0', $nosalt=0)
Returns a hash (non reversible encryption) of a string.