dolibarr  19.0.0-dev
ajaxdirpreview.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2004-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
3  * Copyright (C) 2004-2012 Laurent Destailleur <eldy@users.sourceforge.net>
4  * Copyright (C) 2005 Simon Tosser <simon@kornog-computing.com>
5  * Copyright (C) 2005-2012 Regis Houssin <regis.houssin@inodbox.com>
6  * Copyright (C) 2010 Pierre Morin <pierre.morin@auguria.net>
7  * Copyright (C) 2013 Marcos GarcĂ­a <marcosgdf@gmail.com>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 3 of the License, or
12  * (at your option) any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program. If not, see <https://www.gnu.org/licenses/>.
21  */
22 
30 if (!defined('NOTOKENRENEWAL')) {
31  define('NOTOKENRENEWAL', 1); // Disables token renewal
32 }
33 if (!defined('NOREQUIREMENU')) {
34  define('NOREQUIREMENU', '1');
35 }
36 if (!defined('NOREQUIREHTML')) {
37  define('NOREQUIREHTML', '1');
38 }
39 if (!defined('NOREQUIREAJAX')) {
40  define('NOREQUIREAJAX', '1');
41 }
42 
43 if (!isset($mode) || $mode != 'noajax') { // For ajax call
44  require_once '../../main.inc.php';
45  require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
46  require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
47  require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
48 
49  $action = GETPOST('action', 'aZ09');
50  $file = urldecode(GETPOST('file', 'alpha'));
51  $section = GETPOST("section", 'alpha');
52  $module = GETPOST("module", 'alpha');
53  $urlsource = GETPOST("urlsource", 'alpha');
54  $search_doc_ref = GETPOST('search_doc_ref', 'alpha');
55 
56  $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
57  $sortfield = GETPOST("sortfield", 'aZ09comma');
58  $sortorder = GETPOST("sortorder", 'aZ09comma');
59  $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
60  if (empty($page) || $page == -1) {
61  $page = 0;
62  } // If $page is not defined, or '' or -1
63  $offset = $limit * $page;
64  $pageprev = $page - 1;
65  $pagenext = $page + 1;
66  if (!$sortorder) {
67  $sortorder = "ASC";
68  }
69  if (!$sortfield) {
70  $sortfield = "name";
71  }
72 
73  $rootdirfordoc = $conf->ecm->dir_output;
74 
75  $upload_dir = dirname(str_replace("../", "/", $rootdirfordoc.'/'.$file));
76 
77  $ecmdir = new EcmDirectory($db);
78  if ($section > 0) {
79  $result = $ecmdir->fetch($section);
80  if (!($result > 0)) {
81  //dol_print_error($db,$ecmdir->error);
82  //exit;
83  }
84  }
85 } else {
86  // For no ajax call
87  $rootdirfordoc = $conf->ecm->dir_output;
88 
89  $ecmdir = new EcmDirectory($db);
90  $relativepath = '';
91  if ($section > 0) {
92  $result = $ecmdir->fetch($section);
93  if (!($result > 0)) {
94  dol_print_error($db, $ecmdir->error);
95  exit;
96  }
97 
98  $relativepath = $ecmdir->getRelativePath(); // Example 'mydir/'
99  } elseif (GETPOST('section_dir')) {
100  $relativepath = GETPOST('section_dir');
101  }
102  //var_dump($section.'-'.GETPOST('section_dir').'-'.$relativepath);
103 
104  $upload_dir = $rootdirfordoc.'/'.$relativepath;
105 }
106 
107 if (empty($url)) { // autoset $url but it is better to have it defined before into filemanager.tpl.php (not possible when in auto tree)
108  if (!empty($module) && $module == 'medias' && !GETPOST('website')) {
109  $url = DOL_URL_ROOT.'/ecm/index_medias.php';
110  } elseif (GETPOSTISSET('website')) {
111  $url = DOL_URL_ROOT.'/website/index.php';
112  } else {
113  $url = DOL_URL_ROOT.'/ecm/index.php';
114  }
115 }
116 
117 // Load translation files required by the page
118 $langs->loadLangs(array("ecm", "companies", "other"));
119 
120 if (empty($modulepart)) {
121  $modulepart = $module;
122 }
123 
124 // Security check
125 if ($user->socid > 0) {
126  $socid = $user->socid;
127 }
128 // On interdit les remontees de repertoire ainsi que les pipe dans les noms de fichiers.
129 if (preg_match('/\.\./', $upload_dir) || preg_match('/[<>|]/', $upload_dir)) {
130  dol_syslog("Refused to deliver file ".$upload_dir);
131  // Do no show plain path in shown error message
132  dol_print_error(0, $langs->trans("ErrorFileNameInvalid", $upload_dir));
133  exit;
134 }
135 // Check permissions
136 if ($modulepart == 'ecm') {
137  if (!$user->hasRight('ecm', 'read')) {
138  accessforbidden();
139  }
140 } elseif ($modulepart == 'medias' || $modulepart == 'website') {
141  // Always allowed
142 } else {
143  accessforbidden();
144 }
145 
146 
147 /*
148  * Action
149  */
150 
151 // None
152 
153 
154 
155 /*
156  * View
157  */
158 
159 if (!isset($mode) || $mode != 'noajax') {
160  // Ajout directives pour resoudre bug IE
161  header('Cache-Control: Public, must-revalidate');
162  header('Pragma: public');
163 
164  top_httphead();
165 }
166 
167 $type = 'directory';
168 
169 // This test if file exists should be useless. We keep it to find bug more easily
170 if (!dol_is_dir($upload_dir)) {
171  //dol_mkdir($upload_dir);
172  /*$langs->load("install");
173  dol_print_error(0,$langs->trans("ErrorDirDoesNotExists",$upload_dir));
174  exit;*/
175 }
176 
177 print '<!-- ajaxdirpreview type='.$type.' module='.$module.' modulepart='.$modulepart.'-->'."\n";
178 //print '<!-- Page called with mode='.dol_escape_htmltag(isset($mode)?$mode:'').' type='.dol_escape_htmltag($type).' module='.dol_escape_htmltag($module).' url='.dol_escape_htmltag($url).' '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
179 
180 $param = ($sortfield ? '&sortfield='.urlencode($sortfield) : '').($sortorder ? '&sortorder='.urlencode($sortorder) : '');
181 if (!empty($websitekey)) {
182  $param .= '&website='.urlencode($websitekey);
183 }
184 if (!empty($pageid)) {
185  $param .= '&pageid='.urlencode($pageid);
186 }
187 
188 
189 // Dir scan
190 if ($type == 'directory') {
191  $formfile = new FormFile($db);
192 
193  $maxlengthname = 40;
194  $excludefiles = array('^SPECIMEN\.pdf$', '^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^payments$', '^CVS$', '^thumbs$');
195  $sorting = (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC);
196 
197  // Right area. If module is defined here, we are in automatic ecm.
198  $automodules = array(
199  'company',
200  'invoice',
201  'invoice_supplier',
202  'propal',
203  'supplier_proposal',
204  'order',
205  'order_supplier',
206  'contract',
207  'product',
208  'tax',
209  'tax-vat',
210  'salaries',
211  'project',
212  'project_task',
213  'fichinter',
214  'user',
215  'expensereport',
216  'holiday',
217  'recruitment-recruitmentcandidature',
218  'banque',
219  'chequereceipt',
220  'mrp-mo'
221  );
222 
223  $parameters = array('modulepart'=>$module);
224  $reshook = $hookmanager->executeHooks('addSectionECMAuto', $parameters);
225  if ($reshook > 0 && is_array($hookmanager->resArray) && count($hookmanager->resArray) > 0) {
226  $automodules[] = $hookmanager->resArray['module'];
227  }
228 
229  // TODO change for multicompany sharing
230  if ($module == 'company') {
231  $upload_dir = $conf->societe->dir_output;
232  $excludefiles[] = '^contact$'; // The subdir 'contact' contains files of contacts.
233  } elseif ($module == 'invoice') {
234  $upload_dir = $conf->facture->dir_output;
235  } elseif ($module == 'invoice_supplier') {
236  $upload_dir = $conf->fournisseur->facture->dir_output;
237  } elseif ($module == 'propal') {
238  $upload_dir = $conf->propal->dir_output;
239  } elseif ($module == 'supplier_proposal') {
240  $upload_dir = $conf->supplier_proposal->dir_output;
241  } elseif ($module == 'order') {
242  $upload_dir = $conf->commande->dir_output;
243  } elseif ($module == 'order_supplier') {
244  $upload_dir = $conf->fournisseur->commande->dir_output;
245  } elseif ($module == 'contract') {
246  $upload_dir = $conf->contrat->dir_output;
247  } elseif ($module == 'product') {
248  $upload_dir = $conf->product->dir_output;
249  } elseif ($module == 'tax') {
250  $upload_dir = $conf->tax->dir_output;
251  $excludefiles[] = '^vat$'; // The subdir 'vat' contains files of vats.
252  } elseif ($module == 'tax-vat') {
253  $upload_dir = $conf->tax->dir_output.'/vat';
254  } elseif ($module == 'salaries') {
255  $upload_dir = $conf->salaries->dir_output;
256  } elseif ($module == 'project') {
257  $upload_dir = $conf->project->dir_output;
258  } elseif ($module == 'project_task') {
259  $upload_dir = $conf->project->dir_output;
260  } elseif ($module == 'fichinter') {
261  $upload_dir = $conf->ficheinter->dir_output;
262  } elseif ($module == 'user') {
263  $upload_dir = $conf->user->dir_output;
264  } elseif ($module == 'expensereport') {
265  $upload_dir = $conf->expensereport->dir_output;
266  } elseif ($module == 'holiday') {
267  $upload_dir = $conf->holiday->dir_output;
268  } elseif ($module == 'recruitment-recruitmentcandidature') {
269  $upload_dir = $conf->recruitment->dir_output.'/recruitmentcandidature';
270  } elseif ($module == 'banque') {
271  $upload_dir = $conf->bank->dir_output;
272  } elseif ($module == 'chequereceipt') {
273  $upload_dir = $conf->bank->dir_output.'/checkdeposits';
274  } elseif ($module == 'mrp-mo') {
275  $upload_dir = $conf->mrp->dir_output;
276  } else {
277  $parameters = array('modulepart'=>$module);
278  $reshook = $hookmanager->executeHooks('addSectionECMAuto', $parameters);
279  if ($reshook > 0 && is_array($hookmanager->resArray) && count($hookmanager->resArray) > 0) {
280  $upload_dir = $hookmanager->resArray['directory'];
281  }
282  }
283 
284  // Automatic list
285  if (in_array($module, $automodules)) {
286  $param .= '&module='.$module;
287  if (isset($search_doc_ref) && $search_doc_ref != '') {
288  $param .= '&search_doc_ref='.urlencode($search_doc_ref);
289  }
290 
291  $textifempty = ($section ? $langs->trans("NoFileFound") : ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("NoFileFound")));
292 
293  $filter = preg_quote($search_doc_ref, '/');
294  $filearray = dol_dir_list($upload_dir, "files", 1, $filter, $excludefiles, $sortfield, $sorting, 1);
295 
296  $perm = $user->rights->ecm->upload;
297 
298  $formfile->list_of_autoecmfiles($upload_dir, $filearray, $module, $param, 1, '', $perm, 1, $textifempty, $maxlengthname, $url, 1);
299  } else {
300  // Manual list
301  if ($module == 'medias') {
302  /*
303  $_POST is array like
304  'token' => string '062380e11b7dcd009d07318b57b71750' (length=32)
305  'action' => string 'file_manager' (length=12)
306  'website' => string 'template' (length=8)
307  'pageid' => string '124' (length=3)
308  'section_dir' => string 'mydir/' (length=3)
309  'section_id' => string '0' (length=1)
310  'max_file_size' => string '2097152' (length=7)
311  'sendit' => string 'Envoyer fichier' (length=15)
312  */
313  $relativepath = GETPOST('file', 'alpha') ?GETPOST('file', 'alpha') : GETPOST('section_dir', 'alpha');
314  if ($relativepath && $relativepath != '/') {
315  $relativepath .= '/';
316  }
317  $upload_dir = $dolibarr_main_data_root.'/'.$module.'/'.$relativepath;
318  if (GETPOSTISSET('website') || GETPOSTISSET('file_manager')) {
319  $param .= '&file_manager=1';
320  if (!preg_match('/website=/', $param) && GETPOST('website', 'alpha')) {
321  $param .= '&website='.urlencode(GETPOST('website', 'alpha'));
322  }
323  if (!preg_match('/pageid=/', $param)) {
324  $param .= '&pageid='.urlencode(GETPOST('pageid', 'int'));
325  }
326  //if (!preg_match('/backtopage=/',$param)) $param.='&backtopage='.urlencode($_SERVER["PHP_SELF"].'?file_manager=1&website='.$websitekey.'&pageid='.$pageid);
327  }
328  } else {
329  $relativepath = $ecmdir->getRelativePath();
330  $upload_dir = $conf->ecm->dir_output.'/'.$relativepath;
331  }
332 
333  // If $section defined with value 0
334  if (($section === '0' || empty($section)) && ($module != 'medias')) {
335  $filearray = array();
336  } else {
337  $filearray = dol_dir_list($upload_dir, "files", 0, '', array('^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^CVS$'), $sortfield, $sorting, 1);
338  }
339 
340  if ($section) {
341  $param .= '&section='.$section;
342  if (isset($search_doc_ref) && $search_doc_ref != '') {
343  $param .= '&search_doc_ref='.urlencode($search_doc_ref);
344  }
345 
346  $textifempty = $langs->trans('NoFileFound');
347  } elseif ($section === '0') {
348  if ($module == 'ecm') {
349  $textifempty = '<br><div class="center"><span class="warning">'.$langs->trans("DirNotSynchronizedSyncFirst").'</span></div><br>';
350  } else {
351  $textifempty = $langs->trans('NoFileFound');
352  }
353  } else {
354  $textifempty = ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("ECMSelectASection"));
355  }
356 
357  if ($module == 'medias') {
358  $useinecm = 6;
359  $modulepart = 'medias';
360  $perm = ($user->hasRight("website", "write") || $user->hasRight("emailing", "creer"));
361  $title = 'none';
362  } elseif ($module == 'ecm') { // DMS/ECM -> manual structure
363  if ($user->hasRight("ecm", "read")) {
364  // Buttons: Preview
365  $useinecm = 2;
366  }
367 
368  if ($user->hasRight("ecm", "upload")) {
369  // Buttons: Preview + Delete
370  $useinecm = 4;
371  }
372 
373  if ($user->hasRight("ecm", "setup")) {
374  // Buttons: Preview + Delete + Edit
375  $useinecm = 5;
376  }
377 
378  $perm = $user->hasRight("ecm", "upload");
379  $modulepart = 'ecm';
380  $title = ''; // Use default
381  } else {
382  $useinecm = 5;
383  $modulepart = 'ecm';
384  $perm = $user->hasRight("ecm", "upload");
385  $title = ''; // Use default
386  }
387 
388  // When we show list of files for ECM files, $filearray contains file list, and directory is defined with modulepart + section into $param
389  // When we show list of files for a directory, $filearray ciontains file list, and directory is defined with modulepart + $relativepath
390  //var_dump("section=".$section." title=".$title." modulepart=".$modulepart." useinecm=".$useinecm." perm=".$perm." relativepath=".$relativepath." param=".$param." url=".$url);
391  $formfile->list_of_documents($filearray, '', $modulepart, $param, 1, $relativepath, $perm, $useinecm, $textifempty, $maxlengthname, $title, $url, 0, $perm, '', $sortfield, $sortorder);
392  }
393 }
394 
395 
396 
397 // Bottom of page
398 $useajax = 1;
399 if (!empty($conf->dol_use_jmobile)) {
400  $useajax = 0;
401 }
402 if (empty($conf->use_javascript_ajax)) {
403  $useajax = 0;
404 }
405 if (!empty($conf->global->MAIN_ECM_DISABLE_JS)) {
406  $useajax = 0;
407 }
408 
409 //$param.=($param?'?':'').(preg_replace('/^&/','',$param));
410 
411 if ($useajax || $action == 'deletefile') {
412  $urlfile = '';
413  if ($action == 'deletefile') {
414  $urlfile = GETPOST('urlfile', 'alpha');
415  }
416 
417  if (empty($section_dir)) {
418  $section_dir = GETPOST("file", "alpha");
419  }
420  $section_id = $section;
421 
422  require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php';
423 
424  $form = new Form($db);
425  $formquestion['urlfile'] = array('type'=>'hidden', 'value'=>$urlfile, 'name'=>'urlfile'); // We must always put field, even if empty because it is filled by javascript later
426  $formquestion['section'] = array('type'=>'hidden', 'value'=>$section, 'name'=>'section'); // We must always put field, even if empty because it is filled by javascript later
427  $formquestion['section_id'] = array('type'=>'hidden', 'value'=>$section_id, 'name'=>'section_id'); // We must always put field, even if empty because it is filled by javascript later
428  $formquestion['section_dir'] = array('type'=>'hidden', 'value'=>$section_dir, 'name'=>'section_dir'); // We must always put field, even if empty because it is filled by javascript later
429  $formquestion['sortfield'] = array('type'=>'hidden', 'value'=>$sortfield, 'name'=>'sortfield'); // We must always put field, even if empty because it is filled by javascript later
430  $formquestion['sortorder'] = array('type'=>'hidden', 'value'=>$sortorder, 'name'=>'sortorder'); // We must always put field, even if empty because it is filled by javascript later
431  if (!empty($action) && $action == 'file_manager') {
432  $formquestion['file_manager'] = array('type'=>'hidden', 'value'=>1, 'name'=>'file_manager');
433  }
434  if (!empty($websitekey)) {
435  $formquestion['website'] = array('type'=>'hidden', 'value'=>$websitekey, 'name'=>'website');
436  }
437  if (!empty($pageid) && $pageid > 0) {
438  $formquestion['pageid'] = array('type'=>'hidden', 'value'=>$pageid, 'name'=>'pageid');
439  }
440 
441  print $form->formconfirm($url, $langs->trans("DeleteFile"), $langs->trans("ConfirmDeleteFile"), 'confirm_deletefile', $formquestion, "no", ($useajax ? 'deletefile' : 0));
442 }
443 
444 if ($useajax) {
445  print '<!-- ajaxdirpreview.php: js to manage preview of doc -->'."\n";
446  print '<script nonce="'.getNonce().'" type="text/javascript">';
447 
448  // Enable jquery handlers on new generated HTML objects (same code than into lib_footer.js.php)
449  // Because the content is reloaded by ajax call, we must also reenable some jquery hooks
450  // Wrapper to manage document_preview
451  if ($conf->browser->layout != 'phone') {
452  print "\n/* JS CODE TO ENABLE document_preview */\n";
453  print '
454  jQuery(document).ready(function () {
455  jQuery(".documentpreview").click(function () {
456  console.log("We click on preview for element with href="+$(this).attr(\'href\')+" mime="+$(this).attr(\'mime\'));
457  document_preview($(this).attr(\'href\'), $(this).attr(\'mime\'), \''.dol_escape_js($langs->transnoentities("Preview")).'\');
458  return false;
459  });
460  });
461  ' . "\n";
462  }
463 
464  // Enable jquery handlers button to delete files
465  print 'jQuery(document).ready(function() {'."\n";
466  print ' jQuery(".deletefilelink").click(function(e) { '."\n";
467  print ' console.log("We click on button with class deletefilelink, param='.$param.', we set urlfile to "+jQuery(this).attr("rel"));'."\n";
468  print ' jQuery("#urlfile").val(jQuery(this).attr("rel"));'."\n";
469  //print ' jQuery("#section_dir").val(\'aaa\');'."\n";
470  print ' jQuery("#dialog-confirm-deletefile").dialog("open");'."\n";
471  print ' return false;'."\n";
472  print ' });'."\n";
473  print '});'."\n";
474  print '</script>'."\n";
475 }
476 
477 // Close db if mode is not noajax
478 if ((!isset($mode) || $mode != 'noajax') && is_object($db)) {
479  $db->close();
480 }
EcmDirectory
Class to manage ECM directories.
Definition: ecmdirectory.class.php:29
FormFile
Class to offer components to list and upload files.
Definition: html.formfile.class.php:37
Form
Class to manage generation of HTML components Only common components must be here.
Definition: html.form.class.php:54
$form
if($cancel &&! $id) if($action=='add' &&! $cancel) if($action=='delete') if($id) $form
Actions.
Definition: card.php:143
dol_dir_list
dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="", $donotfollowsymlinks=0, $nbsecondsold=0)
Scan a directory and return a list of files/directories.
Definition: files.lib.php:62
dol_is_dir
dol_is_dir($folder)
Test if filename is a directory.
Definition: files.lib.php:453
dol_print_error
dol_print_error($db='', $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
Definition: functions.lib.php:5107
GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition: functions.lib.php:609
GETPOSTISSET
GETPOSTISSET($paramname)
Return true if we are in a context of submitting the parameter $paramname from a POST of a form.
Definition: functions.lib.php:509
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1741
top_httphead
if(!defined('NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
Definition: main.inc.php:1494
accessforbidden
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.
Definition: security.lib.php:1169
Generated on Mon Apr 1 2024 01:00:56 for dolibarr by Doxygen 1.9.1