dolibarr 21.0.0-beta
wrapper.php
1<?php
2/* Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 3 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
18// BEGIN PHP File wrapper.php used to download rss, logo, shared files - DO NOT MODIFY - It is just a copy of file website/samples/wrapper.php
19$websitekey = basename(__DIR__);
20if (strpos($_SERVER["PHP_SELF"], 'website/samples/wrapper.php')) {
21 die("Sample file for website module. Can't be called directly.");
22}
23if (!defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) {
24 require_once './master.inc.php';
25} // Load master if not already loaded
26include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
27
28$encoding = '';
29
30// Parameters to download files
31$hashp = GETPOST('hashp', 'aZ09');
32$extname = GETPOST('extname', 'alpha', 1);
33$modulepart = GETPOST('modulepart', 'aZ09');
34$entity = GETPOSTINT('entity') ? GETPOSTINT('entity') : $conf->entity;
35$original_file = GETPOST("file", "alpha");
36$l = GETPOST('l', 'aZ09');
37$limit = GETPOSTINT('limit');
38
39// Parameters for RSS
40$rss = GETPOST('rss', 'aZ09');
41if ($rss) {
42 $original_file = 'blog.rss';
43}
44
45// If we have a hash public (hashp), we guess the original_file.
46if (!empty($hashp)) {
47 include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
48 include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
49 $ecmfile = new EcmFiles($db);
50 $result = $ecmfile->fetch(0, '', '', '', $hashp);
51 if ($result > 0) {
52 $tmp = explode('/', $ecmfile->filepath, 2); // $ecmfile->filepath is relative to document directory
53 // filepath can be 'users/X' or 'X/propale/PR11111'
54 if (is_numeric($tmp[0])) { // If first tmp is numeric, it is subdir of company for multicompany, we take next part.
55 $tmp = explode('/', $tmp[1], 2);
56 }
57 $moduleparttocheck = $tmp[0]; // moduleparttocheck is first part of path
58
59 if ($modulepart) { // Not required, so often not defined, for link using public hashp parameter.
60 if ($moduleparttocheck == $modulepart) {
61 // We remove first level of directory
62 $original_file = (($tmp[1] ? $tmp[1].'/' : '').$ecmfile->filename); // this is relative to module dir
63 //var_dump($original_file); exit;
64 } else {
65 print 'Bad link. File is from another module part.';
66 }
67 } else {
68 $modulepart = $moduleparttocheck;
69 $original_file = (($tmp[1] ? $tmp[1].'/' : '').$ecmfile->filename); // this is relative to module dir
70 }
71
72 if ($extname) {
73 $original_file = getImageFileNameForSize($original_file, $extname);
74 }
75 } else {
76 print "ErrorFileNotFoundWithSharedLink";
77 exit;
78 }
79}
80
81// Define attachment (attachment=true to force choice popup 'open'/'save as')
82$attachment = true;
83if (preg_match('/\.(html|htm)$/i', $original_file)) {
84 $attachment = false;
85}
86if (GETPOSTISSET("attachment")) {
87 $attachment = (GETPOST("attachment", 'alphanohtml') ? true : false);
88}
89if (getDolGlobalString('MAIN_DISABLE_FORCE_SAVEAS_WEBSITE')) {
90 $attachment = false;
91}
92
93// Define mime type
94$type = 'application/octet-stream';
95if (GETPOSTISSET('type')) {
96 $type = GETPOST('type', 'alpha');
97} else {
98 $type = dol_mimetype($original_file);
99}
100
101// Security: Delete string ../ into $original_file
102$original_file = str_replace("../", "/", $original_file);
103
104// Cache or not
105if (GETPOST("cache", 'aZ09') || image_format_supported($original_file) >= 0) {
106 // Important: Following code is to avoid page request by browser and PHP CPU at
107 // each Dolibarr page access.
108 header('Cache-Control: max-age=3600, public, must-revalidate');
109 header('Pragma: cache'); // This is to avoid having Pragma: no-cache
110}
111
112$refname = basename(dirname($original_file)."/");
113
114// Get RSS news
115if ($rss) {
116 $format = 'rss';
117 $type = '';
118 $cachedelay = 0;
119 $filename = $original_file;
120 $dir_temp = $conf->website->dir_temp;
121
122 include_once DOL_DOCUMENT_ROOT.'/website/class/website.class.php';
123 include_once DOL_DOCUMENT_ROOT.'/website/class/websitepage.class.php';
124 $website = new Website($db);
125 $websitepage = new WebsitePage($db);
126
127 $website->fetch('', $websitekey);
128
129 $filters = array('type_container'=>'blogpost', 'status'=>1);
130 if ($l) {
131 $filters['lang'] = $l;
132 }
133
134 $MAXNEWS = ($limit ? $limit : 20);
135 $arrayofblogs = $websitepage->fetchAll($website->id, 'DESC', 'date_creation', $MAXNEWS, 0, $filters);
136 $eventarray = array();
137 if (is_array($arrayofblogs)) {
138 foreach ($arrayofblogs as $blog) {
139 $blog->fullpageurl = $website->virtualhost.'/'.$blog->pageurl.'.php';
140 $blog->image = preg_replace('/__WEBSITE_KEY__/', $websitekey, $blog->image);
141
142 $eventarray[] = $blog;
143 }
144 }
145
146 require_once DOL_DOCUMENT_ROOT."/core/lib/xcal.lib.php";
147 require_once DOL_DOCUMENT_ROOT."/core/lib/date.lib.php";
148 require_once DOL_DOCUMENT_ROOT."/core/lib/files.lib.php";
149
150 dol_syslog("build_exportfile Build export file format=".$format.", type=".$type.", cachedelay=".$cachedelay.", filename=".$filename.", filters size=".count($filters), LOG_DEBUG);
151
152 // Clean parameters
153 if (!$filename) {
154 $extension = 'rss';
155 $filename = $format.'.'.$extension;
156 }
157
158 // Create dir and define output file (definitive and temporary)
159 $result = dol_mkdir($dir_temp);
160 $outputfile = $dir_temp.'/'.$filename;
161
162 $result = 0;
163
164 $buildfile = true;
165
166 if ($cachedelay) {
167 $nowgmt = dol_now();
168 include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
169 if (dol_filemtime($outputfile) > ($nowgmt - $cachedelay)) {
170 dol_syslog("build_exportfile file ".$outputfile." is not older than now - cachedelay (".$nowgmt." - ".$cachedelay."). Build is canceled");
171 $buildfile = false;
172 }
173 }
174
175 if ($buildfile) {
176 $outputlangs = new Translate('', $conf);
177 $outputlangs->setDefaultLang($l);
178 $outputlangs->loadLangs(array("main", "other"));
179 $title = $outputlangs->transnoentities('LatestBlogPosts').' - '.$website->virtualhost;
180 $desc = $title.($l ? ' ('.$l.')' : '');
181
182 // Create temp file
183 $outputfiletmp = tempnam($dir_temp, 'tmp'); // Temporary file (allow call of function by different threads
184 dolChmod($outputfiletmp);
185
186 // Write file
187 $result = build_rssfile($format, $title, $desc, $eventarray, $outputfiletmp, '', $website->virtualhost.'/wrapper.php?rss=1'.($l ? '&l='.$l : ''), $l);
188
189 if ($result >= 0) {
190 if (dol_move($outputfiletmp, $outputfile, '0', 1, 0, 0)) {
191 $result = 1;
192 } else {
193 $error = 'Failed to rename '.$outputfiletmp.' into '.$outputfile;
194 dol_syslog("build_exportfile ".$error, LOG_ERR);
195 dol_delete_file($outputfiletmp, 0, 1);
196 print $error;
197 exit(-1);
198 }
199 } else {
200 dol_syslog("build_exportfile build_xxxfile function fails to for format=".$format." outputfiletmp=".$outputfile, LOG_ERR);
201 dol_delete_file($outputfiletmp, 0, 1);
202 $langs->load("errors");
203 print $langs->trans("ErrorFailToCreateFile", $outputfile);
204 exit(-1);
205 }
206 }
207
208 if ($result >= 0) {
209 $attachment = false;
210 if (GETPOSTISSET("attachment")) {
211 $attachment = GETPOST("attachment");
212 }
213 //$attachment = false;
214 $contenttype = 'application/rss+xml';
215 if (GETPOSTISSET("contenttype")) {
216 $contenttype = GETPOST("contenttype");
217 }
218 //$contenttype='text/plain';
219 $outputencoding = 'UTF-8';
220
221 if ($contenttype) {
222 header('Content-Type: '.$contenttype.($outputencoding ? '; charset='.$outputencoding : ''));
223 }
224 if ($attachment) {
225 header('Content-Disposition: attachment; filename="'.$filename.'"');
226 }
227
228 // Ajout directives pour resoudre bug IE
229 //header('Cache-Control: Public, must-revalidate');
230 //header('Pragma: public');
231 if ($cachedelay) {
232 header('Cache-Control: max-age='.$cachedelay.', private, must-revalidate');
233 } else {
234 header('Cache-Control: private, must-revalidate');
235 }
236
237 // Clean parameters
238 $outputfile = $dir_temp.'/'.$filename;
239 $result = readfile($outputfile);
240 if (!$result) {
241 print 'File '.$outputfile.' was empty.';
242 }
243
244 // header("Location: ".DOL_URL_ROOT.'/document.php?modulepart=agenda&file='.urlencode($filename));
245 exit;
246 }
247} elseif ($modulepart == "mycompany" && preg_match('/^\/?logos\//', $original_file)) {
248 // Get logos
249 readfile(dol_osencode($conf->mycompany->dir_output."/".$original_file));
250} else {
251 // Find the subdirectory name as the reference
252 include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
253 $check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, null, $refname);
254 $accessallowed = empty($check_access['accessallowed']) ? '' : $check_access['accessallowed'];
255 $sqlprotectagainstexternals = empty($check_access['sqlprotectagainstexternals']) ? '' : $check_access['sqlprotectagainstexternals'];
256 $fullpath_original_file = empty($check_access['original_file']) ? '' : $check_access['original_file']; // $fullpath_original_file is now a full path name
257 if ($hashp) {
258 $accessallowed = 1; // When using hashp, link is public so we force $accessallowed
259 $sqlprotectagainstexternals = '';
260 }
261
262 // Security:
263 // Limit access if permissions are wrong
264 if (!$accessallowed) {
265 print 'Access forbidden';
266 exit;
267 }
268
269 clearstatcache();
270
271 $filename = basename($fullpath_original_file);
272
273 // Output file on browser
274 dol_syslog("wrapper.php download $fullpath_original_file filename=$filename content-type=$type");
275 $fullpath_original_file_osencoded = dol_osencode($fullpath_original_file); // New file name encoded in OS encoding charset
276
277 // This test if file exists should be useless. We keep it to find bug more easily
278 if (!file_exists($fullpath_original_file_osencoded)) {
279 print "ErrorFileDoesNotExists: ".dol_escape_htmltag($original_file);
280 exit;
281 }
282
283 // Permissions are ok and file found, so we return it
284 //top_httphead($type);
285 header('Content-Type: '.$type);
286 header('Content-Description: File Transfer');
287 if ($encoding) {
288 header('Content-Encoding: '.$encoding);
289 }
290 // Add MIME Content-Disposition from RFC 2183 (inline=automatically displayed, attachment=need user action to open)
291 if ($attachment) {
292 header('Content-Disposition: attachment; filename="'.$filename.'"');
293 } else {
294 header('Content-Disposition: inline; filename="'.$filename.'"');
295 }
296 header('Content-Length: '.dol_filesize($fullpath_original_file));
297
298 readfile($fullpath_original_file_osencoded);
299}
300if (is_object($db)) {
301 $db->close();
302}
303// END PHP
Class to manage ECM files.
Class to manage translations.
Class Website.
Class Websitepage.
dol_filemtime($pathoffile)
Return time of a file.
dol_filesize($pathoffile)
Return size of a file.
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
dol_move($srcfile, $destfile, $newmask='0', $overwriteifexists=1, $testvirus=0, $indexdatabase=1, $moreinfo=array())
Move a file into another name.
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser=null, $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
dolChmod($filepath, $newmask='')
Change mod of a file.
dol_now($mode='auto')
Return date for now.
getImageFileNameForSize($file, $extName, $extImgTarget='')
Return the filename of file to get the thumbs.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_mkdir($dir, $dataroot='', $newmask='')
Creation of a directory (this can create recursive subdir)
image_format_supported($file, $acceptsvg=0)
Return if a filename is file name of a supported image format.
global $conf
The following vars must be defined: $type2label $form $conf, $lang, The following vars may also be de...
Definition member.php:79
build_rssfile($format, $title, $desc, $events_array, $outputfile, $filter='', $url='', $langcode='')
Build a file from an array of events.
Definition xcal.lib.php:326