Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

FIX #yogosha19628

Browse Source
This commit is contained in:
Laurent Destailleur
2023-12-18 19:47:49 +01:00
parent 932f9f28e6
commit 0b0f05523e
2 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
htdocs/core/class/commonobject.class.php
View File

@@ -5628,7 +5628,9 @@ abstract class CommonObject
$file = $prefix."_".$modele.".modules.php"; $file = $prefix."_".$modele.".modules.php";
} }
// On verifie l'emplacement du modele $file = dol_sanitizeFileName($file);
// We chack if file exists
$file = dol_buildpath($reldir.$modelspath.$file, 0); $file = dol_buildpath($reldir.$modelspath.$file, 0);
if (file_exists($file)) { if (file_exists($file)) {
$filefound = $file; $filefound = $file;
@@ -5648,10 +5650,13 @@ abstract class CommonObject
return -1; return -1;
} }
// If generator was found // Sanitize $filefound
global $db; // Required to solve a conception default making an include of code using $db instead of $this->db just after. $filefound = dol_sanitizePathName($filefound);
require_once $file; // If generator was found
global $db; // Required to solve a conception default making an include of some code that uses $db instead of $this->db just after.
require_once $filefound;
$obj = new $classname($this->db); $obj = new $classname($this->db);

2
htdocs/core/lib/functions.lib.php
View File

@@ -1357,7 +1357,7 @@ function dol_sanitizeFileName($str, $newstr = '_', $unaccent = 1)
} }
/** /**
* Clean a string to use it as a path name. * Clean a string to use it as a path name. Similare to dol_sanitizeFileName but accept / and \ chars.
* Replace also '--' and ' -' strings, they are used for parameters separation (Note: ' - ' is allowed). * Replace also '--' and ' -' strings, they are used for parameters separation (Note: ' - ' is allowed).
* *
* @param string $str String to clean * @param string $str String to clean