dolibarr 21.0.0-beta
website2.lib.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2017 Laurent Destailleur <eldy@users.sourceforge.net>
3 * Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 3 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <https://www.gnu.org/licenses/>.
17 */
18
32function dolSaveMasterFile($filemaster)
33{
34 // Now generate the master.inc.php page
35 dol_syslog("We regenerate the master.inc.php file");
36
37 dol_delete_file($filemaster);
38
39 $mastercontent = '<?php'."\n";
40 $mastercontent .= '// File generated to link to the master file - DO NOT MODIFY - It is just an include'."\n";
41 $mastercontent .= "if (! defined('USEDOLIBARRSERVER') && ! defined('USEDOLIBARREDITOR')) {\n";
42 $mastercontent .= " if (! defined('USEEXTERNALSERVER')) define('USEEXTERNALSERVER', 1);\n";
43 $mastercontent .= " require_once '".DOL_DOCUMENT_ROOT."/master.inc.php';\n";
44 $mastercontent .= "}\n";
45 $mastercontent .= '?>'."\n";
46 $result = file_put_contents($filemaster, $mastercontent);
47 dolChmod($filemaster);
48
49 return $result;
50}
51
62function dolSavePageAlias($filealias, $object, $objectpage)
63{
64 // Now create the .tpl file
65 dol_syslog("dolSavePageAlias We regenerate the alias page filealias=".$filealias." and a wrapper into all language subdirectories");
66
67 $aliascontent = '<?php'."\n";
68 $aliascontent .= "// File generated to wrap the alias page - DO NOT MODIFY - It is just a wrapper to real page\n";
69 $aliascontent .= 'global $dolibarr_main_data_root;'."\n";
70 $aliascontent .= 'if (empty($dolibarr_main_data_root)) require \'./page'.$objectpage->id.'.tpl.php\'; ';
71 $aliascontent .= 'else require $dolibarr_main_data_root.\'/website/\'.$website->ref.\'/page'.$objectpage->id.'.tpl.php\';'."\n";
72 $aliascontent .= '?>'."\n";
73 $result = file_put_contents($filealias, $aliascontent);
74 if ($result === false) {
75 dol_syslog("Failed to write file ".$filealias, LOG_WARNING);
76 }
77 dolChmod($filealias);
78
79 // Save also alias into language subdirectory if it is not a main language
80 if ($objectpage->lang && in_array($objectpage->lang, explode(',', $object->otherlang))) {
81 $dirname = dirname($filealias);
82 $filename = basename($filealias);
83 $filealiassub = $dirname.'/'.$objectpage->lang.'/'.$filename;
84
85 dol_mkdir($dirname.'/'.$objectpage->lang, DOL_DATA_ROOT);
86
87 $aliascontent = '<?php'."\n";
88 $aliascontent .= "// File generated to wrap the alias page - DO NOT MODIFY - It is just a wrapper to real page\n";
89 $aliascontent .= 'global $dolibarr_main_data_root;'."\n";
90 $aliascontent .= 'if (empty($dolibarr_main_data_root)) require \'../page'.$objectpage->id.'.tpl.php\'; ';
91 $aliascontent .= 'else require $dolibarr_main_data_root.\'/website/\'.$website->ref.\'/page'.$objectpage->id.'.tpl.php\';'."\n";
92 $aliascontent .= '?>'."\n";
93 $result = file_put_contents($filealiassub, $aliascontent);
94 if ($result === false) {
95 dol_syslog("Failed to write file ".$filealiassub, LOG_WARNING);
96 }
97 dolChmod($filealiassub);
98 } elseif (empty($objectpage->lang) || !in_array($objectpage->lang, explode(',', $object->otherlang))) {
99 // Save also alias into all language subdirectories if it is a main language
100 if (!getDolGlobalString('WEBSITE_DISABLE_MAIN_LANGUAGE_INTO_LANGSUBDIR') && !empty($object->otherlang)) {
101 $dirname = dirname($filealias);
102 $filename = basename($filealias);
103 foreach (explode(',', $object->otherlang) as $sublang) {
104 // Avoid to erase main alias file if $sublang is empty string
105 if (empty(trim($sublang))) {
106 continue;
107 }
108 $filealiassub = $dirname.'/'.$sublang.'/'.$filename;
109
110 $aliascontent = '<?php'."\n";
111 $aliascontent .= "// File generated to wrap the alias page - DO NOT MODIFY - It is just a wrapper to real page\n";
112 $aliascontent .= 'global $dolibarr_main_data_root;'."\n";
113 $aliascontent .= 'if (empty($dolibarr_main_data_root)) require \'../page'.$objectpage->id.'.tpl.php\'; ';
114 $aliascontent .= 'else require $dolibarr_main_data_root.\'/website/\'.$website->ref.\'/page'.$objectpage->id.'.tpl.php\';'."\n";
115 $aliascontent .= '?>'."\n";
116
117 dol_mkdir($dirname.'/'.$sublang);
118 $result = file_put_contents($filealiassub, $aliascontent);
119 if ($result === false) {
120 dol_syslog("Failed to write file ".$filealiassub, LOG_WARNING);
121 }
122 dolChmod($filealiassub);
123 }
124 }
125 }
126
127 return ($result ? true : false);
128}
129
130
142function dolSavePageContent($filetpl, Website $object, WebsitePage $objectpage, $backupold = 0)
143{
144 global $db;
145
146 // Now create the .tpl file (duplicate code with actions updatesource or updatecontent but we need this to save new header)
147 dol_syslog("dolSavePageContent We regenerate the tpl page filetpl=".$filetpl);
148
149 include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
150
151 if (dol_is_file($filetpl)) {
152 if ($backupold) {
153 $result = archiveOrBackupFile($filetpl);
154 if (! $result) {
155 return false;
156 }
157 } else {
158 dol_delete_file($filetpl);
159 }
160 }
161
162 $shortlangcode = '';
163 if ($objectpage->lang) {
164 $shortlangcode = substr($objectpage->lang, 0, 2); // en_US or en-US -> en
165 }
166 if (empty($shortlangcode)) {
167 $shortlangcode = substr($object->lang, 0, 2); // en_US or en-US -> en
168 }
169
170 if (!empty($objectpage->type_container) && in_array($objectpage->type_container, array('library', 'service'))) {
171 $originalcontentonly = 1;
172 }
173
174 $tplcontent = '';
175 if (!isset($originalcontentonly)) {
176 $tplcontent .= "<?php // BEGIN PHP\n";
177 $tplcontent .= '$websitekey=basename(__DIR__); if (empty($websitepagefile)) $websitepagefile=__FILE__;'."\n";
178 $tplcontent .= "if (! defined('USEDOLIBARRSERVER') && ! defined('USEDOLIBARREDITOR')) {\n";
179 $tplcontent .= ' $pathdepth = count(explode(\'/\', $_SERVER[\'SCRIPT_NAME\'])) - 2;'."\n";
180 $tplcontent .= ' require_once ($pathdepth ? str_repeat(\'../\', $pathdepth) : \'./\').\'master.inc.php\';'."\n";
181 $tplcontent .= "} // Not already loaded\n";
182 $tplcontent .= "require_once DOL_DOCUMENT_ROOT.'/core/lib/website.lib.php';\n";
183 $tplcontent .= "require_once DOL_DOCUMENT_ROOT.'/core/website.inc.php';\n";
184 $tplcontent .= "ob_start();\n";
185 $tplcontent .= "// END PHP ?>\n";
186 if (getDolGlobalString('WEBSITE_FORCE_DOCTYPE_HTML5')) {
187 $tplcontent .= "<!DOCTYPE html>\n";
188 }
189 $tplcontent .= '<html'.($shortlangcode ? ' lang="'.$shortlangcode.'"' : '').'>'."\n";
190 $tplcontent .= '<head>'."\n";
191 $tplcontent .= '<title>'.dol_string_nohtmltag($objectpage->title, 0, 'UTF-8').'</title>'."\n";
192 $tplcontent .= '<meta charset="utf-8">'."\n";
193 $tplcontent .= '<meta http-equiv="content-type" content="text/html; charset=utf-8" />'."\n";
194 $tplcontent .= '<meta name="robots" content="index, follow" />'."\n";
195 $tplcontent .= '<meta name="viewport" content="width=device-width, initial-scale=1.0">'."\n";
196 $tplcontent .= '<meta name="keywords" content="'.dol_string_nohtmltag($objectpage->keywords).'" />'."\n";
197 $tplcontent .= '<meta name="title" content="'.dol_string_nohtmltag($objectpage->title, 0, 'UTF-8').'" />'."\n";
198 $tplcontent .= '<meta name="description" content="'.dol_string_nohtmltag($objectpage->description, 0, 'UTF-8').'" />'."\n";
199 $tplcontent .= '<meta name="generator" content="'.DOL_APPLICATION_TITLE.' '.DOL_VERSION.' (https://www.dolibarr.org)" />'."\n";
200 $tplcontent .= '<meta name="dolibarr:pageid" content="'.dol_string_nohtmltag((string) $objectpage->id).'" />'."\n";
201
202 // Add favicon
203 if ($objectpage->id == $object->fk_default_home) {
204 $tplcontent .= '<link rel="icon" type="image/png" href="/favicon.png" />'."\n";
205 }
206
207 // Add canonical reference
208 if ($object->virtualhost) {
209 $tplcontent .= '<link rel="canonical" href="'.(($objectpage->id == $object->fk_default_home) ? '/' : (($shortlangcode != substr($object->lang, 0, 2) ? '/'.$shortlangcode : '').'/'.$objectpage->pageurl.'.php')).'" />'."\n";
210 }
211 // Add translation reference (main language)
212 if ($object->isMultiLang()) {
213 // Add page "translation of"
214 $translationof = $objectpage->fk_page;
215 if ($translationof) {
216 $tmppage = new WebsitePage($db);
217 $tmppage->fetch($translationof);
218 if ($tmppage->id > 0) {
219 $tmpshortlangcode = '';
220 if ($tmppage->lang) {
221 $tmpshortlangcode = preg_replace('/[_-].*$/', '', $tmppage->lang); // en_US or en-US -> en
222 }
223 if (empty($tmpshortlangcode)) {
224 $tmpshortlangcode = preg_replace('/[_-].*$/', '', $object->lang); // en_US or en-US -> en
225 }
226 if ($tmpshortlangcode != $shortlangcode) {
227 $tplcontent .= '<link rel="alternate" hreflang="'.$tmpshortlangcode.'" href="<?php echo $website->virtualhost; ?>'.($object->fk_default_home == $tmppage->id ? '/' : (($tmpshortlangcode != substr($object->lang, 0, 2)) ? '/'.$tmpshortlangcode : '').'/'.$tmppage->pageurl.'.php').'" />'."\n";
228 }
229 }
230 }
231
232 // Add "has translation pages"
233 $sql = "SELECT rowid as id, lang, pageurl from ".MAIN_DB_PREFIX.'website_page where fk_page IN ('.$db->sanitize($objectpage->id.($translationof ? ", ".$translationof : '')).")";
234 $resql = $db->query($sql);
235 if ($resql) {
236 $num_rows = $db->num_rows($resql);
237 if ($num_rows > 0) {
238 while ($obj = $db->fetch_object($resql)) {
239 $tmpshortlangcode = '';
240 if ($obj->lang) {
241 $tmpshortlangcode = preg_replace('/[_-].*$/', '', $obj->lang); // en_US or en-US -> en
242 }
243 if ($tmpshortlangcode != $shortlangcode) {
244 $tplcontent .= '<link rel="alternate" hreflang="'.$tmpshortlangcode.'" href="<?php echo $website->virtualhost; ?>'.($object->fk_default_home == $obj->id ? '/' : (($tmpshortlangcode != substr($object->lang, 0, 2) ? '/'.$tmpshortlangcode : '')).'/'.$obj->pageurl.'.php').'" />'."\n";
245 }
246 }
247 }
248 } else {
249 dol_print_error($db);
250 }
251
252 // Add myself
253 $tplcontent .= '<?php if ($_SERVER["PHP_SELF"] == "'.(($object->fk_default_home == $objectpage->id) ? '/' : (($shortlangcode != substr($object->lang, 0, 2)) ? '/'.$shortlangcode : '')).'/'.$objectpage->pageurl.'.php") { ?>'."\n";
254 $tplcontent .= '<link rel="alternate" hreflang="'.$shortlangcode.'" href="<?php echo $website->virtualhost; ?>'.(($object->fk_default_home == $objectpage->id) ? '/' : (($shortlangcode != substr($object->lang, 0, 2)) ? '/'.$shortlangcode : '').'/'.$objectpage->pageurl.'.php').'" />'."\n";
255
256 $tplcontent .= '<?php } ?>'."\n";
257 }
258 // Add manifest.json. Do we have to add it only on home page ?
259 $tplcontent .= '<?php if ($website->use_manifest) { print \'<link rel="manifest" href="/manifest.json.php" />\'."\n"; } ?>'."\n";
260 $tplcontent .= '<!-- Include link to CSS file -->'."\n";
261 // Add js
262 $tplcontent .= '<link rel="stylesheet" href="/styles.css.php?website=<?php echo $websitekey; ?>" type="text/css" />'."\n";
263 $tplcontent .= '<!-- Include link to JS file -->'."\n";
264 $tplcontent .= '<script nonce="'.getNonce().'" async src="/javascript.js.php?website=<?php echo $websitekey; ?>"></script>'."\n";
265 // Add headers
266 $tplcontent .= '<!-- Include HTML header from common file -->'."\n";
267 $tplcontent .= '<?php if (file_exists(DOL_DATA_ROOT."/website/".$websitekey."/htmlheader.html")) include DOL_DATA_ROOT."/website/".$websitekey."/htmlheader.html"; ?>'."\n";
268 $tplcontent .= '<!-- Include HTML header from page header block -->'."\n";
269 $tplcontent .= preg_replace('/<\/?html>/ims', '', $objectpage->htmlheader)."\n";
270 $tplcontent .= '</head>'."\n";
271
272 $tplcontent .= '<!-- File generated by Dolibarr website module editor -->'."\n";
273 $tplcontent .= '<body id="bodywebsite" class="bodywebsite bodywebpage-'.$objectpage->ref.'">'."\n";
274 $tplcontent .= $objectpage->content."\n";
275 $tplcontent .= '</body>'."\n";
276 $tplcontent .= '</html>'."\n";
277
278 $tplcontent .= '<?php // BEGIN PHP'."\n";
279 $tplcontent .= '$tmp = ob_get_contents(); ob_end_clean();'."\n";
280 if (strpos($objectpage->content, '$__PAGE__TITLE__') !== false) {
281 $tplcontent .= '$tmp = preg_replace("/<title>.*?<\/title>/s", "<title>" . dol_escape_htmltag($__PAGE__TITLE__) . "</title>", $tmp);'."\n";
282 $tplcontent .= '$tmp = preg_replace("/<meta name=\"title\" content=\".*?\" \/>/s", "<meta name=\"title\" content=\"" . dol_string_nohtmltag($__PAGE__TITLE__) . "\" />", $tmp);';
283 }
284 if (strpos($objectpage->content, '$__PAGE__KEYWORDS__') !== false) {
285 $tplcontent .= '$tmp = preg_replace("/<meta name=\"keywords\" content=\".*?\" \/>/s", "<meta name=\"keywords\" content=\"" . dol_string_nohtmltag($__PAGE__KEYWORDS__) . "\" />", $tmp);';
286 }
287 if (strpos($objectpage->content, '$__PAGE__DESC__') !== false) {
288 $tplcontent .= '$tmp = preg_replace("/<meta name=\"description\" content=\".*?\" \/>/s", "<meta name=\"description\" content=\"" . dol_string_nohtmltag($__PAGE__DESC__) . "\" />", $tmp);';
289 }
290 $tplcontent .= 'dolWebsiteOutput($tmp, "html", '.$objectpage->id.'); dolWebsiteIncrementCounter('.$object->id.', "'.$objectpage->type_container.'", '.$objectpage->id.');'."\n";
291 $tplcontent .= "// END PHP ?>\n";
292 } else {
293 $tplcontent .= "<?php // BEGIN PHP\n";
294 $tplcontent .= '$websitekey=basename(__DIR__); if (empty($websitepagefile)) $websitepagefile=__FILE__;'."\n";
295 $tplcontent .= "if (! defined('USEDOLIBARRSERVER') && ! defined('USEDOLIBARREDITOR')) {\n";
296 $tplcontent .= ' $pathdepth = count(explode(\'/\', $_SERVER[\'SCRIPT_NAME\'])) - 2;'."\n";
297 $tplcontent .= ' require_once ($pathdepth ? str_repeat(\'../\', $pathdepth) : \'./\').\'master.inc.php\';'."\n";
298 $tplcontent .= "} // Not already loaded\n";
299 $tplcontent .= "require_once DOL_DOCUMENT_ROOT.'/core/lib/website.lib.php';\n";
300 $tplcontent .= "require_once DOL_DOCUMENT_ROOT.'/core/website.inc.php';\n";
301 $tplcontent .= "// END PHP ?>\n";
302
303 $tplcontent .= $objectpage->content;
304 }
305
306 //var_dump($filetpl);exit;
307 $result = file_put_contents($filetpl, $tplcontent);
308
309 dolChmod($filetpl);
310
311 return $result;
312}
313
314
325function dolSaveIndexPage($pathofwebsite, $fileindex, $filetpl, $filewrapper, $object = null)
326{
327 global $db;
328
329 $result1 = false;
330 $result2 = false;
331
332 dol_mkdir($pathofwebsite);
333
334 if ($fileindex) {
335 dol_delete_file($fileindex);
336 $indexcontent = '<?php'."\n";
337 $indexcontent .= "// BEGIN PHP File generated to provide an index.php as Home Page or alias redirector - DO NOT MODIFY - It is just a generated wrapper.\n";
338 $indexcontent .= '$websitekey=basename(__DIR__); if (empty($websitepagefile)) $websitepagefile=__FILE__;'."\n";
339 $indexcontent .= "if (! defined('USEDOLIBARRSERVER') && ! defined('USEDOLIBARREDITOR')) { require_once './master.inc.php'; } // Load master if not already loaded\n";
340 $indexcontent .= 'if (!empty($_GET[\'pageref\']) || !empty($_GET[\'pagealiasalt\']) || !empty($_GET[\'pageid\'])) {'."\n";
341 $indexcontent .= " require_once DOL_DOCUMENT_ROOT.'/core/lib/website.lib.php';\n";
342 $indexcontent .= " require_once DOL_DOCUMENT_ROOT.'/core/website.inc.php';\n";
343 $indexcontent .= ' redirectToContainer($_GET[\'pageref\'], $_GET[\'pagealiasalt\'], $_GET[\'pageid\']);'."\n";
344 $indexcontent .= "}\n";
345 $indexcontent .= "include_once './".basename($filetpl)."'\n";
346 $indexcontent .= '// END PHP ?>'."\n";
347
348 $result1 = file_put_contents($fileindex, $indexcontent);
349
350 dolChmod($fileindex);
351
352 if (is_object($object) && $object->fk_default_home > 0) {
353 $objectpage = new WebsitePage($db);
354 $objectpage->fetch($object->fk_default_home);
355
356 // Create a version for sublanguages
357 if (empty($objectpage->lang) || !in_array($objectpage->lang, explode(',', $object->otherlang))) {
358 if (!getDolGlobalString('WEBSITE_DISABLE_MAIN_LANGUAGE_INTO_LANGSUBDIR') && is_object($object) && !empty($object->otherlang)) {
359 $dirname = dirname($fileindex);
360 foreach (explode(',', $object->otherlang) as $sublang) {
361 // Avoid to erase main alias file if $sublang is empty string
362 if (empty(trim($sublang))) {
363 continue;
364 }
365 $fileindexsub = $dirname.'/'.$sublang.'/index.php';
366
367 // Same indexcontent than previously but with ../ instead of ./ for master and tpl file include/require_once.
368 $relpath = '..';
369 $indexcontent = '<?php'."\n";
370 $indexcontent .= "// BEGIN PHP File generated to provide an index.php as Home Page or alias redirector - DO NOT MODIFY - It is just a generated wrapper.\n";
371 $indexcontent .= '$websitekey=basename(__DIR__); if (empty($websitepagefile)) $websitepagefile=__FILE__;'."\n";
372 $indexcontent .= "if (! defined('USEDOLIBARRSERVER') && ! defined('USEDOLIBARREDITOR')) { require_once '".$relpath."/master.inc.php'; } // Load master if not already loaded\n";
373 $indexcontent .= 'if (!empty($_GET[\'pageref\']) || !empty($_GET[\'pagealiasalt\']) || !empty($_GET[\'pageid\'])) {'."\n";
374 $indexcontent .= " require_once DOL_DOCUMENT_ROOT.'/core/lib/website.lib.php';\n";
375 $indexcontent .= " require_once DOL_DOCUMENT_ROOT.'/core/website.inc.php';\n";
376 $indexcontent .= ' redirectToContainer($_GET[\'pageref\'], $_GET[\'pagealiasalt\'], $_GET[\'pageid\']);'."\n";
377 $indexcontent .= "}\n";
378 $indexcontent .= "include_once '".$relpath."/".basename($filetpl)."'\n"; // use .. instead of .
379 $indexcontent .= '// END PHP ?>'."\n";
380 $result = file_put_contents($fileindexsub, $indexcontent);
381 if ($result === false) {
382 dol_syslog("Failed to write file ".$fileindexsub, LOG_WARNING);
383 }
384 dolChmod($fileindexsub);
385 }
386 }
387 }
388 }
389 } else {
390 $result1 = true;
391 }
392
393 if ($filewrapper) {
394 dol_delete_file($filewrapper);
395 $wrappercontent = file_get_contents(DOL_DOCUMENT_ROOT.'/website/samples/wrapper.php');
396
397 $result2 = file_put_contents($filewrapper, $wrappercontent);
398 dolChmod($filewrapper);
399 } else {
400 $result2 = true;
401 }
402
403 return ($result1 && $result2);
404}
405
406
414function dolSaveHtmlHeader($filehtmlheader, $htmlheadercontent)
415{
416 global $pathofwebsite;
417
418 dol_syslog("Save html header into ".$filehtmlheader);
419
420 dol_mkdir($pathofwebsite);
421 $result = file_put_contents($filehtmlheader, $htmlheadercontent);
422 dolChmod($filehtmlheader);
423
424 return $result;
425}
426
434function dolSaveCssFile($filecss, $csscontent)
435{
436 global $pathofwebsite;
437
438 dol_syslog("Save css file into ".$filecss);
439
440 dol_mkdir($pathofwebsite);
441 $result = file_put_contents($filecss, $csscontent);
442 dolChmod($filecss);
443
444 return $result;
445}
446
454function dolSaveJsFile($filejs, $jscontent)
455{
456 global $pathofwebsite;
457
458 dol_syslog("Save js file into ".$filejs);
459
460 dol_mkdir($pathofwebsite);
461 $result = file_put_contents($filejs, $jscontent);
462 dolChmod($filejs);
463
464 return $result;
465}
466
474function dolSaveRobotFile($filerobot, $robotcontent)
475{
476 global $pathofwebsite;
477
478 dol_syslog("Save robot file into ".$filerobot);
479
480 dol_mkdir($pathofwebsite);
481 $result = file_put_contents($filerobot, $robotcontent);
482 dolChmod($filerobot);
483
484 return $result;
485}
486
494function dolSaveHtaccessFile($filehtaccess, $htaccess)
495{
496 global $pathofwebsite;
497
498 dol_syslog("Save htaccess file into ".$filehtaccess);
499
500 dol_mkdir($pathofwebsite);
501 $result = file_put_contents($filehtaccess, $htaccess);
502 dolChmod($filehtaccess);
503
504 return $result;
505}
506
514function dolSaveManifestJson($file, $content)
515{
516 global $pathofwebsite;
517
518 dol_syslog("Save manifest.js.php file into ".$file);
519
520 dol_mkdir($pathofwebsite);
521 $result = file_put_contents($file, $content);
522 dolChmod($file);
523
524 return $result;
525}
526
534function dolSaveReadme($file, $content)
535{
536 global $pathofwebsite;
537
538 dol_syslog("Save README.md file into ".$file);
539
540 dol_mkdir($pathofwebsite);
541 $result = file_put_contents($file, $content);
542 dolChmod($file);
543
544 return $result;
545}
546
554function dolSaveLicense($file, $content)
555{
556 global $pathofwebsite;
557
558 dol_syslog("Save LICENSE file into ".$file);
559
560 dol_mkdir($pathofwebsite);
561 $result = file_put_contents($file, $content);
562 dolChmod($file);
563
564 return $result;
565}
566
574{
575 global $conf, $langs, $form, $user;
576
577 $dirthemes = array('/doctemplates/websites');
578 /*
579 if (!empty($conf->modules_parts['websitetemplates'])) {
580 foreach ($conf->modules_parts['websitetemplates'] as $reldir) {
581 $dirthemes = array_merge($dirthemes, (array) ($reldir.'doctemplates/websites'));
582 }
583 }
584 */
585 $dirthemes = array_unique($dirthemes);
586 // Now dir_themes=array('/themes') or dir_themes=array('/theme','/mymodule/theme')
587
588 $colspan = 2;
589
590 print '<!-- For website template import -->'."\n";
591 print '<table class="noborder centpercent">';
592
593 // Title
594 print '<tr class="liste_titre"><th class="titlefield">';
595 print $form->textwithpicto($langs->trans("Templates"), $langs->trans("ThemeDir").' : '.implode(", ", $dirthemes));
596 print ' ';
597 print '<a href="'.$_SERVER["PHP_SELF"].'?website='.urlencode($website->ref).'&importsite=1" rel="noopener noreferrer external">';
598 print img_picto('', 'refresh');
599 print '</a>';
600 print '</th>';
601 print '<th class="right">';
602 $url = 'https://www.dolistore.com/43-web-site-templates';
603 print '<a href="'.$url.'" target="_blank" rel="noopener noreferrer external">';
604 print img_picto('', 'globe', 'class="pictofixedwidth"').$langs->trans('DownloadMoreSkins');
605 print '</a>';
606 print '</th></tr>';
607
608 print '<tr><td colspan="'.$colspan.'">';
609
610 print '<table class="nobordernopadding centpercent"><tr><td><div class="display-flex">';
611
612 if (count($dirthemes)) {
613 $i = 0;
614 foreach ($dirthemes as $dir) {
615 if (preg_match('/^\/doctemplates\//', $dir)) {
616 $dirtheme = DOL_DATA_ROOT.$dir; // This include loop on $conf->file->dol_document_root
617 } else {
618 $dirtheme = dol_buildpath($dir); // This include loop on $conf->file->dol_document_root
619 }
620 if (is_dir($dirtheme)) {
621 $handle = opendir($dirtheme);
622 if (is_resource($handle)) {
623 while (($subdir = readdir($handle)) !== false) {
624 //var_dump($dirtheme.'/'.$subdir);
625 if (is_file($dirtheme."/".$subdir) && substr($subdir, 0, 1) != '.' && substr($subdir, 0, 3) != 'CVS' && preg_match('/\.zip$/i', $subdir)) {
626 $subdirwithoutzip = preg_replace('/\.zip$/i', '', $subdir);
627
628 // Disable not stable themes (dir ends with _exp or _dev)
629 if (getDolGlobalInt('MAIN_FEATURES_LEVEL') < 2 && preg_match('/_dev$/i', $subdir)) {
630 continue;
631 }
632 if (getDolGlobalInt('MAIN_FEATURES_LEVEL') < 1 && preg_match('/_exp$/i', $subdir)) {
633 continue;
634 }
635
636 print '<div class="inline-block center flex-item" style="min-width: 250px; max-width: 400px; margin-top: 10px; margin-bottom: 10px; margin-right: 20px; margin-left: 20px;">';
637
638 $templatedir = $dirtheme."/".$subdir;
639 $file = $dirtheme."/".$subdirwithoutzip.".jpg";
640 $url = DOL_URL_ROOT.'/viewimage.php?modulepart=doctemplateswebsite&file='.$subdirwithoutzip.".jpg";
641
642 if (!file_exists($file)) {
643 $url = DOL_URL_ROOT.'/public/theme/common/nophoto.png';
644 }
645
646 $originalfile = basename($file);
647 $entity = $conf->entity;
648 $modulepart = 'doctemplateswebsite';
649 $cache = '';
650 $title = $file;
651
652 $ret = '';
653 $urladvanced = getAdvancedPreviewUrl($modulepart, $originalfile, 1, '&entity='.$entity);
654 if (!empty($urladvanced)) {
655 $ret .= '<a class="'.$urladvanced['css'].'" target="'.$urladvanced['target'].'" mime="'.$urladvanced['mime'].'" href="'.$urladvanced['url'].'">';
656 } else {
657 $ret .= '<a href="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.urlencode($modulepart).'&entity='.((int) $entity).'&file='.urlencode($originalfile).'&cache='.((int) $cache).'">';
658 }
659 print $ret;
660 print '<img class="img-skinthumb shadow" src="'.$url.'" border="0" alt="'.$title.'" title="'.$title.'" style="margin-bottom: 5px;">';
661 print '</a>';
662
663 print '<br>';
664 print $subdir;
665 print '<br>';
666 print '<span class="opacitymedium">'.dol_print_size(dol_filesize($dirtheme."/".$subdir), 1, 1).' - '.dol_print_date(dol_filemtime($templatedir), 'dayhour', 'tzuserrel').'</span>';
667 if ($user->hasRight('website', 'delete')) {
668 print ' <a href="'.$_SERVER["PHP_SELF"].'?action=deletetemplate&token='.newToken().'&website='.urlencode($website->ref).'&templateuserfile='.urlencode($subdir).'">'.img_picto('', 'delete').'</a>';
669 }
670 print '<br><a href="'.$_SERVER["PHP_SELF"].'?action=importsiteconfirm&token='.newToken().'&website='.urlencode($website->ref).'&templateuserfile='.urlencode($subdir).'" class="button">'.$langs->trans("Load").'</a>';
671 print '</div>';
672
673 $i++;
674 }
675 }
676 print '<div class="inline-block center flex-item" style="min-width: 250px; max-width: 400px;margin-top: 10px; margin-bottom: 10px; margin-right: 20px; margin-left: 20px;"></div>';
677 print '<div class="inline-block center flex-item" style="min-width: 250px; max-width: 400px;margin-top: 10px; margin-bottom: 10px; margin-right: 20px; margin-left: 20px;"></div>';
678 print '<div class="inline-block center flex-item" style="min-width: 250px; max-width: 400px;margin-top: 10px; margin-bottom: 10px; margin-right: 20px; margin-left: 20px;"></div>';
679 print '<div class="inline-block center flex-item" style="min-width: 250px; max-width: 400px;margin-top: 10px; margin-bottom: 10px; margin-right: 20px; margin-left: 20px;"></div>';
680 print '<div class="inline-block center flex-item" style="min-width: 250px; max-width: 400px;margin-top: 10px; margin-bottom: 10px; margin-right: 20px; margin-left: 20px;"></div>';
681 }
682 }
683 }
684 } else {
685 print '<span class="opacitymedium">'.$langs->trans("None").'</span>';
686 }
687
688 print '</div></td></tr></table>';
689
690 print '</td></tr>';
691 print '</table>';
692}
693
694
705function checkPHPCode(&$phpfullcodestringold, &$phpfullcodestring)
706{
707 global $langs, $user;
708
709 $error = 0;
710
711 if (empty($phpfullcodestringold) && empty($phpfullcodestring)) {
712 return 0;
713 }
714
715 // First check permission
716 if ($phpfullcodestringold != $phpfullcodestring) {
717 if (!$error && !$user->hasRight('website', 'writephp')) {
718 $error++;
719 setEventMessages($langs->trans("NotAllowedToAddDynamicContent"), null, 'errors');
720 }
721 }
722
723 // Then check forbidden commands
724 if (!$error) {
725 $forbiddenphpstrings = array('$$', '}[');
726 $forbiddenphpstrings = array_merge($forbiddenphpstrings, array('ReflectionFunction'));
727
728 $forbiddenphpfunctions = array();
729 $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("override_function", "session_id", "session_create_id", "session_regenerate_id"));
730 $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("get_defined_functions", "get_defined_vars", "get_defined_constants", "get_declared_classes"));
731 $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("call_user_func"));
732 //$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("require", "include", "require_once", "include_once"));
733 if (!getDolGlobalString('WEBSITE_PHP_ALLOW_EXEC')) { // If option is not on, we disallow functions to execute commands
734 $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("exec", "passthru", "shell_exec", "system", "proc_open", "popen"));
735 $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("dol_eval", "executeCLI", "verifCond")); // native dolibarr functions
736 $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("eval", "create_function", "assert", "mb_ereg_replace")); // function with eval capabilities
737 }
738 if (!getDolGlobalString('WEBSITE_PHP_ALLOW_WRITE')) { // If option is not on, we disallow functions to write files
739 $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("fopen", "file_put_contents", "fputs", "fputscsv", "fwrite", "fpassthru", "mkdir", "rmdir", "symlink", "touch", "unlink", "umask"));
740 }
741
742 $forbiddenphpmethods = array('invoke', 'invokeArgs'); // Method of ReflectionFunction to execute a function
743
744 foreach ($forbiddenphpstrings as $forbiddenphpstring) {
745 if (preg_match('/'.preg_quote($forbiddenphpstring, '/').'/ms', $phpfullcodestring)) {
746 $error++;
747 setEventMessages($langs->trans("DynamicPHPCodeContainsAForbiddenInstruction", $forbiddenphpstring), null, 'errors');
748 break;
749 }
750 }
751 foreach ($forbiddenphpfunctions as $forbiddenphpcommand) {
752 if (preg_match('/'.$forbiddenphpcommand.'\s*\‍(/ms', $phpfullcodestring)) {
753 $error++;
754 setEventMessages($langs->trans("DynamicPHPCodeContainsAForbiddenInstruction", $forbiddenphpcommand), null, 'errors');
755 break;
756 }
757 }
758 foreach ($forbiddenphpmethods as $forbiddenphpmethod) {
759 if (preg_match('/->'.$forbiddenphpmethod.'/ms', $phpfullcodestring)) {
760 $error++;
761 setEventMessages($langs->trans("DynamicPHPCodeContainsAForbiddenInstruction", $forbiddenphpmethod), null, 'errors');
762 break;
763 }
764 }
765 }
766
767 // This char can be used to execute RCE for example using with echo `ls`
768 if (!$error) {
769 $forbiddenphpchars = array();
770 if (!getDolGlobalString('WEBSITE_PHP_ALLOW_DANGEROUS_CHARS')) { // If option is not on, we disallow functions to execute commands
771 $forbiddenphpchars = array("`");
772 }
773 foreach ($forbiddenphpchars as $forbiddenphpchar) {
774 if (preg_match('/'.$forbiddenphpchar.'/ms', $phpfullcodestring)) {
775 $error++;
776 setEventMessages($langs->trans("DynamicPHPCodeContainsAForbiddenInstruction", $forbiddenphpchar), null, 'errors');
777 break;
778 }
779 }
780 }
781
782 // Deny dynamic functions '${a}(' or '$a[b](' => So we refuse '}(' and ']('
783 if (!$error) {
784 if (preg_match('/[}\]]\‍(/ims', $phpfullcodestring)) {
785 $error++;
786 setEventMessages($langs->trans("DynamicPHPCodeContainsAForbiddenInstruction", ']('), null, 'errors');
787 }
788 }
789
790 // Deny dynamic functions '$xxx('
791 if (!$error) {
792 if (preg_match('/\$[a-z0-9_\-\/\*]+\‍(/ims', $phpfullcodestring)) {
793 $error++;
794 setEventMessages($langs->trans("DynamicPHPCodeContainsAForbiddenInstruction", '$...('), null, 'errors');
795 }
796 }
797
798 // No need to block $conf->global->aaa() because PHP try to run method aaa an not function into $conf->global->aaa.
799
800 // Then check if installmodules does not block dynamic PHP code change.
801 if ($phpfullcodestringold != $phpfullcodestring) {
802 if (!$error) {
803 $dolibarrdataroot = preg_replace('/([\\/]+)$/i', '', DOL_DATA_ROOT);
804 $allowimportsite = true;
805 include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
806 if (dol_is_file($dolibarrdataroot.'/installmodules.lock')) {
807 $allowimportsite = false;
808 }
809
810 if (!$allowimportsite) {
811 $error++;
812 // Blocked by installmodules.lock
813 if (getDolGlobalString('MAIN_MESSAGE_INSTALL_MODULES_DISABLED_CONTACT_US')) {
814 // Show clean corporate message
815 $message = $langs->trans('InstallModuleFromWebHasBeenDisabledContactUs');
816 } else {
817 // Show technical generic message
818 $message = $langs->trans("InstallModuleFromWebHasBeenDisabledByFile", $dolibarrdataroot.'/installmodules.lock');
819 }
820 setEventMessages($message, null, 'errors');
821 }
822 }
823 }
824
825 return $error;
826}
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:66
Class Website.
Class Websitepage.
dol_filemtime($pathoffile)
Return time of a file.
dol_filesize($pathoffile)
Return size of a file.
archiveOrBackupFile($srcfile, $max_versions=5, $archivedir='', $suffix="v", $moveorcopy='move')
Manage backup versions for a given file, ensuring only a maximum number of versions are kept.
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
dol_is_file($pathoffile)
Return if path is a file.
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='', $noduplicate=0, $attop=0)
Set event messages in dol_events session object.
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=0, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
dolChmod($filepath, $newmask='')
Change mod of a file.
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
dol_print_date($time, $format='', $tzoutput='auto', $outputlangs=null, $encodetooutput=false)
Output date in a string format according to outputlangs (or langs if not defined).
newToken()
Return the value of token currently saved into session with name 'newtoken'.
getAdvancedPreviewUrl($modulepart, $relativepath, $alldata=0, $param='')
Return URL we can use for advanced preview links.
dol_buildpath($path, $type=0, $returnemptyifnotfound=0)
Return path of url or filesystem.
dol_print_error($db=null, $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_mkdir($dir, $dataroot='', $newmask='')
Creation of a directory (this can create recursive subdir)
global $conf
The following vars must be defined: $type2label $form $conf, $lang, The following vars may also be de...
Definition member.php:79
dolSaveMasterFile($filemaster)
Save content of a page on disk.
showWebsiteTemplates(Website $website)
Show list of themes.
dolSaveLicense($file, $content)
Save content of a page on disk.
checkPHPCode(&$phpfullcodestringold, &$phpfullcodestring)
Check a new string containing only php code (including <php tag)
dolSaveHtmlHeader($filehtmlheader, $htmlheadercontent)
Save content of a page on disk.
dolSaveReadme($file, $content)
Save content of a page on disk.
dolSaveManifestJson($file, $content)
Save content of a page on disk.
dolSaveIndexPage($pathofwebsite, $fileindex, $filetpl, $filewrapper, $object=null)
Save content of the index.php and/or the wrapper.php page.
dolSavePageAlias($filealias, $object, $objectpage)
Save an alias page on disk (A page that include the reference page).
dolSaveHtaccessFile($filehtaccess, $htaccess)
Save content of a page on disk.
dolSaveJsFile($filejs, $jscontent)
Save content of a page on disk.
dolSavePageContent($filetpl, Website $object, WebsitePage $objectpage, $backupold=0)
Save content of a page on disk (page name is generally ID_of_page.php).
dolSaveCssFile($filecss, $csscontent)
Save content of a page on disk.
dolSaveRobotFile($filerobot, $robotcontent)
Save content of a page on disk.