diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 6b4b56e1475..d8d49aa2ff2 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2560,13 +2560,13 @@ function dol_most_recent_file($dir, $regexfilter = '', $excludefilter = array('( * Security check when accessing to a document (used by document.php, viewimage.php and webservices to get documents). * TODO Replace code that set $accessallowed by a call to restrictedArea() * - * @param string $modulepart Module of document ('module', 'module_user_temp', 'module_user' or 'module_temp'). Exemple: 'medias', 'invoice', 'logs', 'tax-vat', ... - * @param string $original_file Relative path with filename, relative to modulepart. - * @param string $entity Restrict onto entity (0=no restriction) - * @param User $fuser User object (forced) - * @param string $refname Ref of object to check permission for external users (autodetect if not provided) or for hierarchy - * @param string $mode Check permission for 'read' or 'write' - * @return mixed Array with access information : 'accessallowed' & 'sqlprotectagainstexternals' & 'original_file' (as a full path name) + * @param string $modulepart Module of document ('module', 'module_user_temp', 'module_user' or 'module_temp'). Exemple: 'medias', 'invoice', 'logs', 'tax-vat', ... + * @param string $original_file Relative path with filename, relative to modulepart. + * @param string $entity Restrict onto entity (0=no restriction) + * @param User|null $fuser User object (forced) + * @param string $refname Ref of object to check permission for external users (autodetect if not provided) or for hierarchy + * @param string $mode Check permission for 'read' or 'write' + * @return mixed Array with access information : 'accessallowed' & 'sqlprotectagainstexternals' & 'original_file' (as a full path name) * @see restrictedArea() */ function dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser = '', $refname = '', $mode = 'read') diff --git a/htdocs/website/samples/wrapper.php b/htdocs/website/samples/wrapper.php index 20d216bb948..631f27881aa 100644 --- a/htdocs/website/samples/wrapper.php +++ b/htdocs/website/samples/wrapper.php @@ -226,7 +226,7 @@ if ($rss) { } else { // Find the subdirectory name as the reference include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; - $check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname); + $check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, null, $refname); $accessallowed = empty($check_access['accessallowed']) ? '' : $check_access['accessallowed']; $sqlprotectagainstexternals = empty($check_access['sqlprotectagainstexternals']) ? '' : $check_access['sqlprotectagainstexternals']; $fullpath_original_file = empty($check_access['original_file']) ? '' : $check_access['original_file']; // $fullpath_original_file is now a full path name