--- /tmp/dsg/dolibarr/htdocs/core/ajax/github_19.0.3_ajaxdirpreview.php
+++ /tmp/dsg/dolibarr/htdocs/core/ajax/client_ajaxdirpreview.php
@@ -30,42 +30,29 @@
-if (!defined('NOTOKENRENEWAL')) {
- define('NOTOKENRENEWAL', 1); // Disables token renewal
-}
-if (!defined('NOREQUIREMENU')) {
- define('NOREQUIREMENU', '1');
-}
-if (!defined('NOREQUIREHTML')) {
- define('NOREQUIREHTML', '1');
-}
-if (!defined('NOREQUIREAJAX')) {
- define('NOREQUIREAJAX', '1');
-}
-
-if (!isset($mode) || $mode != 'noajax') { // For ajax call
- require_once '../../main.inc.php';
- require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
- require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
- require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
-
- $action = GETPOST('action', 'aZ09');
- $file = urldecode(GETPOST('file', 'alpha'));
- $section = GETPOST("section", 'alpha');
- $module = GETPOST("module", 'alpha');
- $urlsource = GETPOST("urlsource", 'alpha');
- $search_doc_ref = GETPOST('search_doc_ref', 'alpha');
-
- $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
- $sortfield = GETPOST("sortfield", 'aZ09comma');
- $sortorder = GETPOST("sortorder", 'aZ09comma');
- $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
- if (empty($page) || $page == -1) {
- $page = 0;
- } // If $page is not defined, or '' or -1
- $offset = $limit * $page;
- $pageprev = $page - 1;
- $pagenext = $page + 1;
- if (!$sortorder) {
- $sortorder = "ASC";
- }
- if (!$sortfield) {
- $sortfield = "name";
- }
+if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', 1); // Disables token renewal
+if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1');
+if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1');
+if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1');
+
+if (!isset($mode) || $mode != 'noajax') // For ajax call
+{
+ require_once '../../main.inc.php';
+ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
+ require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
+
+ $action = GETPOST('action', 'aZ09');
+ $file = urldecode(GETPOST('file', 'alpha'));
+ $section = GETPOST("section", 'alpha');
+ $module = GETPOST("module", 'alpha');
+ $urlsource = GETPOST("urlsource", 'alpha');
+ $search_doc_ref = GETPOST('search_doc_ref', 'alpha');
+
+ $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
+ $sortfield = GETPOST("sortfield", 'alpha');
+ $sortorder = GETPOST("sortorder", 'alpha');
+ $page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
+ if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1
+ $offset = $limit * $page;
+ $pageprev = $page - 1;
+ $pagenext = $page + 1;
+ if (!$sortorder) $sortorder = "ASC";
+ if (!$sortfield) $sortfield = "name";
@@ -79,5 +66,6 @@
- $result = $ecmdir->fetch($section);
- if (!($result > 0)) {
- //dol_print_error($db,$ecmdir->error);
- //exit;
- }
+ $result = $ecmdir->fetch($section);
+ if (!$result > 0)
+ {
+ //dol_print_error($db,$ecmdir->error);
+ //exit;
+ }
@@ -85,2 +73,2 @@
-} else {
- // For no ajax call
+} else // For no ajax call
+{
@@ -90,10 +78,14 @@
- $relativepath = '';
- if ($section > 0) {
- $result = $ecmdir->fetch($section);
- if (!($result > 0)) {
- dol_print_error($db, $ecmdir->error);
- exit;
- }
-
- $relativepath = $ecmdir->getRelativePath(); // Example 'mydir/'
- } elseif (GETPOST('section_dir')) {
+ $relativepath = '';
+ if ($section > 0)
+ {
+ $result = $ecmdir->fetch($section);
+ if (!$result > 0)
+ {
+ dol_print_error($db, $ecmdir->error);
+ exit;
+ }
+
+ $relativepath = $ecmdir->getRelativePath(); // Example 'mydir/'
+ }
+ elseif (GETPOST('section_dir'))
+ {
@@ -107,8 +99,4 @@
-if (empty($url)) { // autoset $url but it is better to have it defined before into filemanager.tpl.php (not possible when in auto tree)
- if (!empty($module) && $module == 'medias' && !GETPOST('website')) {
- $url = DOL_URL_ROOT.'/ecm/index_medias.php';
- } elseif (GETPOSTISSET('website')) {
- $url = DOL_URL_ROOT.'/website/index.php';
- } else {
- $url = DOL_URL_ROOT.'/ecm/index.php';
- }
+if (empty($url))
+{
+ if (GETPOSTISSET('website')) $url = DOL_URL_ROOT.'/website/index.php';
+ else $url = DOL_URL_ROOT.'/ecm/index.php';
@@ -120,4 +107,0 @@
-if (empty($modulepart)) {
- $modulepart = $module;
-}
-
@@ -125,3 +109,5 @@
-if ($user->socid > 0) {
- $socid = $user->socid;
-}
+if ($user->socid > 0) $socid = $user->socid;
+
+//print 'xxx'.$upload_dir;
+
+// Security:
@@ -129,6 +115,8 @@
-if (preg_match('/\.\./', $upload_dir) || preg_match('/[<>|]/', $upload_dir)) {
- dol_syslog("Refused to deliver file ".$upload_dir);
- // Do no show plain path in shown error message
- dol_print_error(0, $langs->trans("ErrorFileNameInvalid", $upload_dir));
- exit;
-}
+if (preg_match('/\.\./', $upload_dir) || preg_match('/[<>|]/', $upload_dir))
+{
+ dol_syslog("Refused to deliver file ".$upload_dir);
+ // Do no show plain path in shown error message
+ dol_print_error(0, $langs->trans("ErrorFileNameInvalid", $upload_dir));
+ exit;
+}
+
@@ -136,5 +124,6 @@
-if ($modulepart == 'ecm') {
- if (!$user->hasRight('ecm', 'read')) {
- accessforbidden();
- }
-} elseif ($modulepart == 'medias' || $modulepart == 'website') {
+if ($modulepart == 'ecm')
+{
+ if (!$user->rights->ecm->read) accessforbidden();
+}
+if ($modulepart == 'medias')
+{
@@ -142,2 +130,0 @@
-} else {
- accessforbidden();
@@ -159 +146,2 @@
-if (!isset($mode) || $mode != 'noajax') {
+if (!isset($mode) || $mode != 'noajax')
+{
@@ -161,4 +149,4 @@
- header('Cache-Control: Public, must-revalidate');
- header('Pragma: public');
-
- top_httphead();
+ header('Cache-Control: Public, must-revalidate');
+ header('Pragma: public');
+
+ top_httphead();
@@ -170,8 +158,9 @@
-if (!dol_is_dir($upload_dir)) {
- //dol_mkdir($upload_dir);
- /*$langs->load("install");
- dol_print_error(0,$langs->trans("ErrorDirDoesNotExists",$upload_dir));
- exit;*/
-}
-
-print ''."\n";
+if (!dol_is_dir($upload_dir))
+{
+ //dol_mkdir($upload_dir);
+ /*$langs->load("install");
+ dol_print_error(0,$langs->trans("ErrorDirDoesNotExists",$upload_dir));
+ exit;*/
+}
+
+print ''."\n";
@@ -181,6 +170,2 @@
-if (!empty($websitekey)) {
- $param .= '&website='.urlencode($websitekey);
-}
-if (!empty($pageid)) {
- $param .= '&pageid='.urlencode($pageid);
-}
+if (!empty($websitekey)) $param .= '&website='.urlencode($websitekey);
+if (!empty($pageid)) $param .= '&pageid='.urlencode($pageid);
@@ -190,115 +175,70 @@
-if ($type == 'directory') {
- $formfile = new FormFile($db);
-
- $maxlengthname = 40;
- $excludefiles = array('^SPECIMEN\.pdf$', '^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^payments$', '^CVS$', '^thumbs$');
- $sorting = (strtolower($sortorder) == 'desc' ? SORT_DESC : SORT_ASC);
-
- // Right area. If module is defined here, we are in automatic ecm.
- $automodules = array(
- 'company',
- 'invoice',
- 'invoice_supplier',
- 'propal',
- 'supplier_proposal',
- 'order',
- 'order_supplier',
- 'contract',
- 'product',
- 'tax',
- 'tax-vat',
- 'salaries',
- 'project',
- 'project_task',
- 'fichinter',
- 'user',
- 'expensereport',
- 'holiday',
- 'recruitment-recruitmentcandidature',
- 'banque',
- 'chequereceipt',
- 'mrp-mo'
- );
-
- $parameters = array('modulepart'=>$module);
- $reshook = $hookmanager->executeHooks('addSectionECMAuto', $parameters);
- if ($reshook > 0 && is_array($hookmanager->resArray) && count($hookmanager->resArray) > 0) {
- $automodules[] = $hookmanager->resArray['module'];
- }
-
- // TODO change for multicompany sharing
- if ($module == 'company') {
- $upload_dir = $conf->societe->dir_output;
- $excludefiles[] = '^contact$'; // The subdir 'contact' contains files of contacts.
- } elseif ($module == 'invoice') {
- $upload_dir = $conf->facture->dir_output;
- } elseif ($module == 'invoice_supplier') {
- $upload_dir = $conf->fournisseur->facture->dir_output;
- } elseif ($module == 'propal') {
- $upload_dir = $conf->propal->dir_output;
- } elseif ($module == 'supplier_proposal') {
- $upload_dir = $conf->supplier_proposal->dir_output;
- } elseif ($module == 'order') {
- $upload_dir = $conf->commande->dir_output;
- } elseif ($module == 'order_supplier') {
- $upload_dir = $conf->fournisseur->commande->dir_output;
- } elseif ($module == 'contract') {
- $upload_dir = $conf->contrat->dir_output;
- } elseif ($module == 'product') {
- $upload_dir = $conf->product->dir_output;
- } elseif ($module == 'tax') {
- $upload_dir = $conf->tax->dir_output;
- $excludefiles[] = '^vat$'; // The subdir 'vat' contains files of vats.
- } elseif ($module == 'tax-vat') {
- $upload_dir = $conf->tax->dir_output.'/vat';
- } elseif ($module == 'salaries') {
- $upload_dir = $conf->salaries->dir_output;
- } elseif ($module == 'project') {
- $upload_dir = $conf->project->dir_output;
- } elseif ($module == 'project_task') {
- $upload_dir = $conf->project->dir_output;
- } elseif ($module == 'fichinter') {
- $upload_dir = $conf->ficheinter->dir_output;
- } elseif ($module == 'user') {
- $upload_dir = $conf->user->dir_output;
- } elseif ($module == 'expensereport') {
- $upload_dir = $conf->expensereport->dir_output;
- } elseif ($module == 'holiday') {
- $upload_dir = $conf->holiday->dir_output;
- } elseif ($module == 'recruitment-recruitmentcandidature') {
- $upload_dir = $conf->recruitment->dir_output.'/recruitmentcandidature';
- } elseif ($module == 'banque') {
- $upload_dir = $conf->bank->dir_output;
- } elseif ($module == 'chequereceipt') {
- $upload_dir = $conf->bank->dir_output.'/checkdeposits';
- } elseif ($module == 'mrp-mo') {
- $upload_dir = $conf->mrp->dir_output;
- } else {
- $parameters = array('modulepart'=>$module);
- $reshook = $hookmanager->executeHooks('addSectionECMAuto', $parameters);
- if ($reshook > 0 && is_array($hookmanager->resArray) && count($hookmanager->resArray) > 0) {
- $upload_dir = $hookmanager->resArray['directory'];
- }
- }
-
- // Automatic list
- if (in_array($module, $automodules)) {
- $param .= '&module='.$module;
- if (isset($search_doc_ref) && $search_doc_ref != '') {
- $param .= '&search_doc_ref='.urlencode($search_doc_ref);
- }
-
- $textifempty = ($section ? $langs->trans("NoFileFound") : ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("NoFileFound")));
-
- $filter = preg_quote($search_doc_ref, '/');
- $filearray = dol_dir_list($upload_dir, "files", 1, $filter, $excludefiles, $sortfield, $sorting, 1);
-
- $perm = $user->rights->ecm->upload;
-
- $formfile->list_of_autoecmfiles($upload_dir, $filearray, $module, $param, 1, '', $perm, 1, $textifempty, $maxlengthname, $url, 1);
- } else {
- // Manual list
- if ($module == 'medias') {
- /*
- $_POST is array like
- 'token' => string '062380e11b7dcd009d07318b57b71750' (length=32)
+if ($type == 'directory')
+{
+ $formfile = new FormFile($db);
+
+ $maxlengthname = 40;
+ $excludefiles = array('^SPECIMEN\.pdf$', '^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^payments$', '^CVS$', '^thumbs$');
+ $sorting = (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC);
+
+ // Right area. If module is defined here, we are in automatic ecm.
+ $automodules = array('company', 'invoice', 'invoice_supplier', 'propal', 'supplier_proposal', 'order', 'order_supplier', 'contract', 'product', 'tax', 'project', 'fichinter', 'user', 'expensereport', 'holiday', 'banque');
+
+ // TODO change for multicompany sharing
+ // Auto area for suppliers invoices
+ if ($module == 'company') $upload_dir = $conf->societe->dir_output;
+ // Auto area for suppliers invoices
+ elseif ($module == 'invoice') $upload_dir = $conf->facture->dir_output;
+ // Auto area for suppliers invoices
+ elseif ($module == 'invoice_supplier') $upload_dir = $conf->fournisseur->facture->dir_output;
+ // Auto area for customers proposal
+ elseif ($module == 'propal') $upload_dir = $conf->propal->dir_output;
+ // Auto area for suppliers proposal
+ elseif ($module == 'supplier_proposal') $upload_dir = $conf->supplier_proposal->dir_output;
+ // Auto area for customers orders
+ elseif ($module == 'order') $upload_dir = $conf->commande->dir_output;
+ // Auto area for suppliers orders
+ elseif ($module == 'order_supplier') $upload_dir = $conf->fournisseur->commande->dir_output;
+ // Auto area for suppliers invoices
+ elseif ($module == 'contract') $upload_dir = $conf->contrat->dir_output;
+ // Auto area for products
+ elseif ($module == 'product') $upload_dir = $conf->product->dir_output;
+ // Auto area for suppliers invoices
+ elseif ($module == 'tax') $upload_dir = $conf->tax->dir_output;
+ // Auto area for projects
+ elseif ($module == 'project') $upload_dir = $conf->projet->dir_output;
+ // Auto area for interventions
+ elseif ($module == 'fichinter') $upload_dir = $conf->ficheinter->dir_output;
+ // Auto area for users
+ elseif ($module == 'user') $upload_dir = $conf->user->dir_output;
+ // Auto area for expense report
+ elseif ($module == 'expensereport') $upload_dir = $conf->expensereport->dir_output;
+ // Auto area for holiday
+ elseif ($module == 'holiday') $upload_dir = $conf->holiday->dir_output;
+ // Auto area for holiday
+ elseif ($module == 'banque') $upload_dir = $conf->bank->dir_output;
+
+ // Automatic list
+ if (in_array($module, $automodules))
+ {
+ $param .= '&module='.$module;
+ if (isset($search_doc_ref) && $search_doc_ref != '') $param .= '&search_doc_ref='.urlencode($search_doc_ref);
+
+ $textifempty = ($section ? $langs->trans("NoFileFound") : ($showonrightsize == 'featurenotyetavailable' ? $langs->trans("FeatureNotYetAvailable") : $langs->trans("NoFileFound")));
+
+ if ($module == 'company') $excludefiles[] = '^contact$'; // The subdir 'contact' contains files of contacts with no id of thirdparty.
+
+ $filter = preg_quote($search_doc_ref, '/');
+ $filearray = dol_dir_list($upload_dir, "files", 1, $filter, $excludefiles, $sortfield, $sorting, 1);
+
+ $perm = $user->rights->ecm->upload;
+
+ $formfile->list_of_autoecmfiles($upload_dir, $filearray, $module, $param, 1, '', $perm, 1, $textifempty, $maxlengthname, $url, 1);
+ }
+ // Manual list
+ else
+ {
+ if ($module == 'medias')
+ {
+ /*
+ $_POST is array like
+ 'token' => string '062380e11b7dcd009d07318b57b71750' (length=32)
@@ -312,81 +252,86 @@
- */
- $relativepath = GETPOST('file', 'alpha') ? GETPOST('file', 'alpha') : GETPOST('section_dir', 'alpha');
- if ($relativepath && $relativepath != '/') {
- $relativepath .= '/';
- }
- $upload_dir = $dolibarr_main_data_root.'/'.$module.'/'.$relativepath;
- if (GETPOSTISSET('website') || GETPOSTISSET('file_manager')) {
- $param .= '&file_manager=1';
- if (!preg_match('/website=/', $param) && GETPOST('website', 'alpha')) {
- $param .= '&website='.urlencode(GETPOST('website', 'alpha'));
- }
- if (!preg_match('/pageid=/', $param)) {
- $param .= '&pageid='.urlencode(GETPOST('pageid', 'int'));
- }
- //if (!preg_match('/backtopage=/',$param)) $param.='&backtopage='.urlencode($_SERVER["PHP_SELF"].'?file_manager=1&website='.$websitekey.'&pageid='.$pageid);
- }
- } else {
- $relativepath = $ecmdir->getRelativePath();
- $upload_dir = $conf->ecm->dir_output.'/'.$relativepath;
- }
-
- // If $section defined with value 0
- if (($section === '0' || empty($section)) && ($module != 'medias')) {
- $filearray = array();
- } else {
- $filearray = dol_dir_list($upload_dir, "files", 0, '', array('^\.', '(\.meta|_preview.*\.png)$', '^temp$', '^CVS$'), $sortfield, $sorting, 1);
- }
-
- if ($section) {
- $param .= '§ion='.$section;
- if (isset($search_doc_ref) && $search_doc_ref != '') {
- $param .= '&search_doc_ref='.urlencode($search_doc_ref);
- }
-
- $textifempty = $langs->trans('NoFileFound');
- } elseif ($section === '0') {
- if ($module == 'ecm') {
- $textifempty = '