42@phan-var-force string $upload_dir
43@phan-var-force string $forceFullTextIndexation
47if (
GETPOSTINT(
'uploadform') && empty($_POST) && empty($_FILES)) {
48 dol_syslog(
"The PHP parameter 'post_max_size' is too low. All POST parameters and FILES were set to empty.");
49 $langs->loadLangs(array(
"errors",
"install"));
50 print $langs->trans(
"ErrorFileSizeTooLarge").
' ';
51 print $langs->trans(
"ErrorGoBackAndCorrectParameters");
56 ||
GETPOST(
'linkit',
'restricthtml')
57 || ($action ==
'confirm_deletefile' && $confirm ==
'yes')
58 || ($action ==
'confirm_updateline' &&
GETPOST(
'save',
'alpha') &&
GETPOST(
'link',
'alpha'))
59 || ($action ==
'renamefile' &&
GETPOST(
'renamefilesave',
'alpha'))) && empty($permissiontoadd)) {
60 dol_syslog(
'The file actions_linkedfiles.inc.php was included but parameter $permissiontoadd was not set before.');
61 print
'The file actions_linkedfiles.inc.php was included but parameter $permissiontoadd was not set before.';
69 if (!empty($_FILES) && is_array($_FILES[
'userfile'])) {
70 include_once DOL_DOCUMENT_ROOT.
'/core/lib/files.lib.php';
72 if (is_array($_FILES[
'userfile'][
'tmp_name'])) {
73 $userfiles = $_FILES[
'userfile'][
'tmp_name'];
75 $userfiles = array($_FILES[
'userfile'][
'tmp_name']);
78 foreach ($userfiles as $key => $userfile) {
79 if (empty($_FILES[
'userfile'][
'tmp_name'][$key])) {
81 if ($_FILES[
'userfile'][
'error'][$key] == 1 || $_FILES[
'userfile'][
'error'][$key] == 2) {
84 setEventMessages($langs->trans(
"ErrorFieldRequired", $langs->transnoentitiesnoconv(
"File")),
null,
'errors');
87 if (preg_match(
'/__.*__/', $_FILES[
'userfile'][
'name'][$key])) {
96 if (
GETPOST(
'section_dir',
'alpha')) {
99 $allowoverwrite = (
GETPOSTINT(
'overwritefile') ? 1 : 0);
101 if (!empty($upload_dirold) &&
getDolGlobalInt(
'PRODUCT_USE_OLD_PATH_FOR_PHOTO')) {
102 $result =
dol_add_file_process($upload_dirold, $allowoverwrite, 1,
'userfile',
GETPOST(
'savingdocmask',
'alpha'),
null,
'', $generatethumbs,
$object, $forceFullTextIndexation);
103 } elseif (!empty($upload_dir)) {
104 $result =
dol_add_file_process($upload_dir, $allowoverwrite, 1,
'userfile',
GETPOST(
'savingdocmask',
'alpha'),
null,
'', $generatethumbs,
$object, $forceFullTextIndexation);
109 $link =
GETPOST(
'link',
'alpha');
111 if (substr($link, 0, 7) !=
'http://' && substr($link, 0, 8) !=
'https://' && substr($link, 0, 7) !=
'file://' && substr($link, 0, 7) !=
'davs://') {
112 $link =
'http://'.$link;
116 $newUrlArray = parse_url($link);
120 if (!empty($newUrlArray[
'path']) && preg_match(
'/\.svg$/i', $newUrlArray[
'path'])) {
122 $langs->load(
"errors");
123 setEventMessages($langs->trans(
'ErrorSVGFilesNotAllowedAsLinksWithout',
'MAIN_ALLOW_SVG_FILES_AS_EXTERNAL_LINKS'),
null,
'errors');
139if ($action ==
'confirm_deletefile' && $confirm ==
'yes' && !empty($permissiontoadd)) {
140 $urlfile =
GETPOST(
'urlfile',
'alpha', 0,
null,
null, 1);
141 if (
GETPOST(
'section',
'alpha')) {
143 $file = $upload_dir.(preg_match(
'/\/$/', $upload_dir) ?
'' :
'/').$urlfile;
145 $urlfile = basename($urlfile);
146 $file = $upload_dir.(preg_match(
'/\/$/', $upload_dir) ?
'' :
'/').$urlfile;
147 if (!empty($upload_dirold)) {
148 $fileold = $upload_dirold.
"/".$urlfile;
155 $dir = dirname($file).
'/';
156 $dirthumb = $dir.
'/thumbs/';
159 if (!empty($fileold)) {
166 if (preg_match(
'/(\.jpg|\.jpeg|\.bmp|\.gif|\.png|\.tiff)$/i', $file, $regs)) {
167 $photo_vignette = basename(preg_replace(
'/'.$regs[0].
'/i',
'', $file).
'_small'.$regs[0]);
168 if (file_exists(
dol_osencode($dirthumb.$photo_vignette))) {
172 $photo_vignette = basename(preg_replace(
'/'.$regs[0].
'/i',
'', $file).
'_mini'.$regs[0]);
173 if (file_exists(
dol_osencode($dirthumb.$photo_vignette))) {
179 setEventMessages($langs->trans(
"ErrorFailToDeleteFile", $urlfile),
null,
'errors');
182 require_once DOL_DOCUMENT_ROOT.
'/core/class/link.class.php';
183 $link =
new Link($db);
184 $link->fetch($linkid);
185 $res = $link->delete($user);
187 $langs->load(
'link');
189 setEventMessages($langs->trans(
"LinkRemoved", $link->label),
null,
'mesgs');
191 if (count($link->errors)) {
194 setEventMessages($langs->trans(
"ErrorFailedToDeleteLink", $link->label),
null,
'errors');
200 if (!empty($backtopage)) {
201 header(
'Location: '.$backtopage);
204 $tmpurl = $_SERVER[
"PHP_SELF"].
'?id='.
$object->id.(GETPOST(
'section_dir',
'alpha') ?
'§ion_dir='.urlencode(
GETPOST(
'section_dir',
'alpha')) :
'').(!empty($withproject) ?
'&withproject=1' :
'');
205 header(
'Location: '.$tmpurl);
209} elseif ($action ==
'confirm_updateline' &&
GETPOST(
'save',
'alpha') &&
GETPOST(
'link',
'alpha') && !empty($permissiontoadd)) {
210 require_once DOL_DOCUMENT_ROOT.
'/core/class/link.class.php';
212 $link =
new Link($db);
215 $link->url =
GETPOST(
'link',
'alpha');
216 if (substr($link->url, 0, 7) !=
'http://' && substr($link->url, 0, 8) !=
'https://' && substr($link->url, 0, 7) !=
'file://') {
217 $link->url =
'http://'.$link->url;
219 $link->label =
GETPOST(
'label',
'alphanohtml');
220 $res = $link->update($user);
222 setEventMessages($langs->trans(
"ErrorFailedToUpdateLink", $link->label),
null,
'mesgs');
227} elseif ($action ==
'renamefile' &&
GETPOST(
'renamefilesave',
'alpha') && !empty($permissiontoadd)) {
229 if (!empty($upload_dir)) {
236 if (preg_match(
'/__.*__/', $filenameto)) {
243 global $dolibarr_main_restrict_os_commands;
244 if (!empty($dolibarr_main_restrict_os_commands)) {
245 $arrayofallowedcommand = explode(
',', $dolibarr_main_restrict_os_commands);
246 $arrayofallowedcommand = array_map(
'trim', $arrayofallowedcommand);
247 if (in_array(basename($filenameto), $arrayofallowedcommand)) {
249 $langs->load(
"errors");
250 setEventMessages($langs->trans(
"ErrorFilenameReserved", basename($filenameto)),
null,
'errors');
255 if (empty($error) && $filenamefrom != $filenameto) {
261 $publicmediasdirwithslash =
$conf->medias->multidir_output[
$conf->entity];
262 if (!preg_match(
'/\/$/', $publicmediasdirwithslash)) {
263 $publicmediasdirwithslash .=
'/';
266 if (strpos($upload_dir, $publicmediasdirwithslash) !== 0) {
267 $filenameto .=
'.noexe';
271 if ($filenamefrom && $filenameto) {
272 $srcpath = $upload_dir.
'/'.$filenamefrom;
273 $destpath = $upload_dir.
'/'.$filenameto;
283 $reshook = $hookmanager->initHooks(array(
'actionlinkedfiles'));
284 $parameters = array(
'filenamefrom' => $filenamefrom,
'filenameto' => $filenameto,
'upload_dir' => $upload_dir);
285 $reshook = $hookmanager->executeHooks(
'renameUploadedFile', $parameters,
$object);
287 if (empty($reshook)) {
288 if (preg_match(
'/^\./', $filenameto)) {
289 $langs->load(
"errors");
290 setEventMessages($langs->trans(
"ErrorFilenameCantStartWithDot", $filenameto),
null,
'errors');
291 } elseif (!file_exists($destpath)) {
292 $result =
dol_move($srcpath, $destpath);
299 if (
GETPOST(
'modulepart',
'aZ09') ==
'medias') {
303 if ($generatethumbs) {
315 $langs->load(
"errors");
316 setEventMessages($langs->trans(
"ErrorFailToRenameFile", $filenamefrom, $filenameto),
null,
'errors');
319 $langs->load(
"errors");
320 setEventMessages($langs->trans(
"ErrorDestinationAlreadyExists", $filenameto),
null,
'errors');
329 $shareenabled =
GETPOST(
'shareenabled',
'alpha');
331 include_once DOL_DOCUMENT_ROOT.
'/ecm/class/ecmfiles.class.php';
333 $result = $ecmfile->fetch(
GETPOSTINT(
'ecmfileid'));
336 if (empty($ecmfile->share)) {
337 require_once DOL_DOCUMENT_ROOT.
'/core/lib/security2.lib.php';
341 $ecmfile->share =
'';
343 $result = $ecmfile->update($user);
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Class to manage ECM files.
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
dol_move($srcfile, $destfile, $newmask='0', $overwriteifexists=1, $testvirus=0, $indexdatabase=1, $moreinfo=array())
Move a file into another name.
dol_add_file_process($upload_dir, $allowoverwrite=0, $updatesessionordb=0, $varfiles='addedfile', $savingdocmask='', $link=null, $trackid='', $generatethumbs=1, $object=null, $forceFullTestIndexation='')
Get and save an upload file (for example after submitting a new file a mail form).
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='', $noduplicate=0, $attop=0)
Set event messages in dol_events session object.
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
dol_string_nohtmltag($stringtoclean, $removelinefeed=1, $pagecodeto='UTF-8', $strip_tags=0, $removedoublespaces=1)
Clean a string from all HTML tags and entities.
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
dol_sanitizeFileName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a file name.
isAFileWithExecutableContent($filename)
Return if a file can contains executable content.
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
global $conf
The following vars must be defined: $type2label $form $conf, $lang, The following vars may also be de...
getRandomPassword($generic=false, $replaceambiguouschars=null, $length=32)
Return a generated password using default module.