26require_once DOL_DOCUMENT_ROOT .
'/core/lib/files.lib.php';
62 public $fullpath_original_file;
67 public $fullpath_original_file_osencoded;
77 public $original_file;
92 global
$conf, $hookmanager;
94 define(
'MAIN_SECURITY_FORCECSP',
"default-src 'none'");
96 if (!defined(
'NOTOKENRENEWAL')) {
97 define(
'NOTOKENRENEWAL',
'1');
99 if (!defined(
'NOREQUIREMENU')) {
100 define(
'NOREQUIREMENU',
'1');
102 if (!defined(
'NOREQUIREHTML')) {
103 define(
'NOREQUIREHTML',
'1');
105 if (!defined(
'NOREQUIREAJAX')) {
106 define(
'NOREQUIREAJAX',
'1');
112 $action =
GETPOST(
'action',
'aZ09');
113 $original_file =
GETPOST(
'file',
'alphanohtml');
114 $modulepart =
GETPOST(
'modulepart',
'alpha');
119 if (empty($modulepart)) {
122 if (empty($original_file)) {
131 if (preg_match(
'/\.(html|htm)$/i', $original_file)) {
134 if (GETPOSTISSET(
"attachment")) {
135 $attachment =
GETPOST(
"attachment",
'alpha') ? true :
false;
142 if (
GETPOST(
'type',
'alpha')) {
143 $type =
GETPOST(
'type',
'alpha');
151 $type =
'application/octet-stream';
155 $original_file = preg_replace(
'/\.\.+/',
'..', $original_file);
156 $original_file = str_replace(
'../',
'/', $original_file);
157 $original_file = str_replace(
'..\\',
'/', $original_file);
164 $moduleName = $modulepart;
165 $moduleNameEn = $moduleName;
167 if ($moduleName ==
'commande') {
168 $moduleNameEn =
'order';
169 } elseif ($moduleName ==
'facture') {
170 $moduleNameEn =
'invoice';
172 $moduleNameUpperEn = strtoupper($moduleNameEn);
175 $hookmanager->initHooks(array(
'document'));
176 $parameters = array(
'ecmfile' => $ecmfile,
'modulepart' => $modulepart,
'original_file' => &$original_file,
'socId' => $socId,
177 'entity' => $entity,
'accessallowed' => &$accessallowed);
179 $reshook = $hookmanager->executeHooks(
'accessDownloadDocument', $parameters,
$object, $action);
181 $errors = $hookmanager->error . (is_array($hookmanager->errors) ? (!empty($hookmanager->error) ?
', ' :
'') . implode(
', ', $hookmanager->errors) :
'');
182 dol_syslog(
"document.php - Errors when executing the hook 'accessDownloadDocument' : " . $errors);
183 print
"ErrorDownloadDocumentHooks: " . $errors;
186 if (empty($reshook)) {
190 if (
getDolGlobalInt(
'WEBPORTAL_' . $moduleNameUpperEn .
'_LIST_ACCESS')
191 && in_array($type, array(
'application/pdf'))
193 &&
$context->logged_thirdparty->id == $socId
195 if (
isModEnabled($moduleName) && isset(
$conf->{$moduleName}->multidir_output[$entity])) {
197 if (in_array($moduleName, array(
'facture',
'invoice',
'commande',
'order',
'propal',
'ticket'))) {
198 $sql =
"SELECT rowid, src_object_id, src_object_type FROM ".MAIN_DB_PREFIX.
'ecm_files';
199 $sql .=
" WHERE filename = '".$this->db->escape(basename($original_file)).
"'";
200 $sql .=
" AND filepath = '".$this->db->escape(basename($tmparray[
'dir_output']).
'/'.dirname($original_file)).
"'";
201 $resql = $this->db->query($sql);
203 $obj = $this->db->fetch_object($resql);
205 if ($obj->src_object_id && $obj->src_object_type) {
207 $tmpuser =
new User($this->db);
208 $tmpuser->socid = $socId;
210 include_once DOL_DOCUMENT_ROOT.
'/core/lib/security.lib.php';
211 include_once DOL_DOCUMENT_ROOT.
'/core/lib/files.lib.php';
216 $accessallowed = ($ok ? 1 : 0);
217 $pathdir = $tmparray[
'dir_output'];
226 $pathdir = $hookmanager->resArray[
'pathdir'];
231 if (!$accessallowed) {
235 if (empty($pathdir)) {
236 print
"ErrorDownloadDocument: No path defined to find files";
239 $fullpath_original_file = $pathdir .
'/' . $original_file;
243 if (preg_match(
'/\.\./', $fullpath_original_file) || preg_match(
'/[<>|]/', $fullpath_original_file)) {
244 dol_syslog(
"Refused to deliver file " . $fullpath_original_file);
250 $refname = basename(dirname($original_file) .
"/");
252 $filename = basename($fullpath_original_file);
253 $filename = preg_replace(
'/\.noexe$/i',
'', $filename);
256 dol_syslog(
"document controller download $fullpath_original_file filename=$filename content-type=$type");
257 $fullpath_original_file_osencoded =
dol_osencode($fullpath_original_file);
260 if (!file_exists($fullpath_original_file_osencoded)) {
261 dol_syslog(
"ErrorFileDoesNotExists: " . $fullpath_original_file);
262 print
"ErrorFileDoesNotExists: " . $original_file;
267 $fileSizeMax =
getDolGlobalInt(
'MAIN_SECURITY_MAXFILESIZE_DOWNLOADED');
268 if ($fileSizeMax && $fileSize > ($fileSizeMax * 1024)) {
270 $fileSizeKb = round($fileSize / 1024, 2);
271 dol_syslog(
'ErrorFileSizeTooLarge: ' . $fileSize .
' bytes (' . $fileSizeKb .
' Kb) - max allowed: ' . $fileSizeMax .
' Kb');
272 print
'ErrorFileSizeTooLarge: ' . $fileSizeKb .
' Kb (max ' . $fileSizeMax .
' Kb)';
277 $hookmanager->initHooks(array(
'document'));
278 $parameters = array(
'ecmfile' => $ecmfile,
'modulepart' => $modulepart,
'original_file' => $original_file,
279 'entity' => $entity,
'refname' => $refname,
'fullpath_original_file' => $fullpath_original_file,
280 'filename' => $filename,
'fullpath_original_file_osencoded' => $fullpath_original_file_osencoded);
282 $reshook = $hookmanager->executeHooks(
'downloadDocument', $parameters,
$object, $action);
284 $errors = $hookmanager->error . (is_array($hookmanager->errors) ? (!empty($hookmanager->error) ?
', ' :
'') . implode(
', ', $hookmanager->errors) :
'');
285 dol_syslog(
"document.php - Errors when executing the hook 'downloadDocument' : " . $errors);
286 print
"ErrorDownloadDocumentHooks: " . $errors;
291 $this->attachment = $attachment;
292 $this->encoding = $encoding;
293 $this->entity = $entity;
294 $this->filename = $filename;
295 $this->fullpath_original_file = $fullpath_original_file;
296 $this->fullpath_original_file_osencoded = $fullpath_original_file_osencoded;
297 $this->modulepart = $modulepart;
298 $this->original_file = $original_file;
309 $this->accessRight =
true;
311 return parent::checkAccess();
323 if (!
$context->controllerInstance->checkAccess()) {
345 if (!
$context->controllerInstance->checkAccess()) {
351 $attachment = $this->attachment;
352 $encoding = $this->encoding;
353 $filename = $this->filename;
354 $fullpath_original_file = $this->fullpath_original_file;
355 $fullpath_original_file_osencoded = $this->fullpath_original_file_osencoded;
362 header(
'Content-Description: File Transfer');
364 header(
'Content-Encoding: ' . $encoding);
368 header(
'Content-Disposition: attachment; filename="' . $filename .
'"');
370 header(
'Content-Disposition: inline; filename="' . $filename .
'"');
372 header(
'Cache-Control: Public, must-revalidate');
373 header(
'Pragma: public');
376 header(
'Content-Length: ' .
dol_filesize($fullpath_original_file));
if(! $sortfield) if(! $sortorder) $object
static getInstance()
Singleton method to create one instance of this object.
Class for DocumentController.
action()
Action method is called before html output can be used to manage security and change context.
checkAccess()
Check current access to controller.
Class to manage Dolibarr users.
dol_filesize($pathoffile)
Return size of a file.
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
GETPOSTINT($paramname, $method=0)
Return the value of a $_GET or $_POST supervariable, converted into integer.
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
getElementProperties($elementType)
Get an array with properties of an element.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
readfileLowMemory($fullpath_original_file_osencoded, $method=-1)
Return a file on output using a low memory.
dolIsAllowedForPreview($file)
Return if a file is qualified for preview.
dol_print_error($db=null, $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
isModEnabled($module)
Is Dolibarr module enabled.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0, $noescapetags='', $escapeonlyhtmltags=0, $cleanalsojavascript=0)
Returns text escaped for inclusion in HTML alt or title or value tags, or into values of HTML input f...
if(!defined( 'NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
$context
@method int call_trigger(string $triggerName, ?User $user)
if(preg_match('/(crypted|dolcrypt):/i', $dolibarr_main_db_pass)||!empty($dolibarr_main_db_encrypted_pass)) $conf db type
'integer', 'integer:ObjectClass:PathToClass[:AddCreateButtonOrNot[:Filter[:Sortfield]]]',...
httponly_accessforbidden($message='1', $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
checkUserAccessToObject($user, array $featuresarray, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid', $parenttableforentity='')
Check that access by a given user to an object is ok.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.