de/db1/fileupload_8php_source.html

<?php

/* Copyright (C) 2011-2012  Regis Houssin   <regis.houssin@inodbox.com>

 * Copyright (C) 2011   Laurent Destailleur <eldy@users.sourceforge.net>

 * Copyright (C) 2024       Frédéric France         <frederic.france@free.fr>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 3 of the License, or

 * (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program. If not, see <https://www.gnu.org/licenses/>.

 */


if (!defined('NOREQUIREMENU')) {

  define('NOREQUIREMENU', '1'); // If there is no menu to show

}

if (!defined('NOREQUIREHTML')) {

  define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php

}

if (!defined('NOREQUIREAJAX')) {

  define('NOREQUIREAJAX', '1');

}

if (!defined('NOREQUIRESOC')) {

  define('NOREQUIRESOC', '1');

}


// Load Dolibarr environment

require '../../main.inc.php';

require_once DOL_DOCUMENT_ROOT.'/core/class/fileupload.class.php';  // Class to upload common files

require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php';

require_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';


$id = GETPOSTINT('fk_element');

$element = GETPOST('element', 'alpha'); // 'myobject' (myobject=mymodule) or 'myobject@mymodule' or 'myobject_mysubobject' (myobject=mymodule)

$elementupload = $element;


// Load object according to $id and $element

$object = fetchObjectByElement($id, $element);


$module = $object->module;

$element = $object->element;


$usesublevelpermission = ($module != $element ? $element : '');

if ($usesublevelpermission && !$user->hasRight($module, $element)) {  // There is no permission on object defined, we will check permission on module directly

  $usesublevelpermission = '';

}


//print 'fileupload.php: '.$object->id.' - '.$object->module.' - '.$object->element.' - '.$object->table_element.' - '.$usesublevelpermission."\n";


// Security check

if (!empty($user->socid)) {

  $socid = $user->socid;

  if (!empty($object->socid) && $socid != $object->socid) {

    httponly_accessforbidden("Access on object not allowed for this external user."); // This includes the exit.

  }

}


$result = restrictedArea($user, $object->module, $object, $object->table_element, $usesublevelpermission, 'fk_soc', 'rowid', 0, 1); // Call with mode return

if (!$result) {

  httponly_accessforbidden('Not allowed by restrictArea (module='.$object->module.' table_element='.$object->table_element.')');

}


/*

 * View

 */


top_httphead();


header('Pragma: no-cache');

header('Cache-Control: no-store, no-cache, must-revalidate');

header('Content-Disposition: inline; filename="files.json"');

header('X-Content-Type-Options: nosniff');

header('Access-Control-Allow-Origin: '.getRootURLFromURL(DOL_MAIN_URL_ROOT));

header('Access-Control-Allow-Methods: OPTIONS, HEAD, GET, POST, PUT, DELETE');

header('Access-Control-Allow-Headers: X-File-Name, X-File-Type, X-File-Size');


switch ($_SERVER['REQUEST_METHOD']) {

  case 'OPTIONS':

    break;

  /*case 'HEAD':

  case 'GET':

    $upload_handler->get();

    break;

  */

  case 'POST':

    $upload_handler = new FileUpload(null, $id, $elementupload);


    /*if (isset($_REQUEST['_method']) && $_REQUEST['_method'] === 'DELETE') {

      $file = GETPOST('file');

      $upload_handler->delete($file);

    } else {*/

    $upload_handler->post();

    // Note: even if this return an error on 1 file in post(), we will return http code 200 because error must be managed by the caller (some files may be ok and some in error)

    //}

    break;

  /*case 'DELETE':

    $file = GETPOST('file');

    $upload_handler->delete($file);

    break;*/

  default:

    header('HTTP/1.0 405 Method Not Allowed');

    exit;

}


$db->close();

$id
$id
Definition account.php:48

$object
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:66

FileUpload
This class is used to manage file upload using ajax.
Definition fileupload.class.php:36

GETPOSTINT
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
Definition functions.lib.php:1120

GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition functions.lib.php:792

fetchObjectByElement
fetchObjectByElement($element_id, $element_type, $element_ref='', $useCache=0, $maxCacheByType=10)
Fetch an object from its id and element_type Inclusion of classes is automatic.
Definition functions.lib.php:13372

getRootURLFromURL
getRootURLFromURL($url)
Function root url from a long url For example: https://www.abc.mydomain.com/dir/page....
Definition geturl.lib.php:414

top_httphead
if(!defined( 'NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
Definition main.inc.php:1725

httponly_accessforbidden
httponly_accessforbidden($message='1', $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
Definition security.lib.php:1206

restrictedArea
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.
Definition security.lib.php:375