From d7f58d0087b2b556466340c9c69852a9bf98cd51 Mon Sep 17 00:00:00 2001 From: Philippe Date: Tue, 24 Jul 2018 20:28:49 +0200 Subject: [PATCH 1/2] FIX search on ref project on propal list --- htdocs/comm/propal/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index f7fd5d9b2bb..a8e51d32173 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -283,7 +283,7 @@ if ($search_country) $sql .= " AND s.fk_pays IN (".$db->escape($search_country). if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$db->escape($search_type_thirdparty).')'; if ($search_ref) $sql .= natural_search('p.ref', $search_ref); if ($search_refcustomer) $sql .= natural_search('p.ref_client', $search_refcustomer); -if ($search_refproject) $sql .= natural_search('pr.ref', $search_refprojet); +if ($search_refproject) $sql .= natural_search('pr.ref', $search_refproject); if ($search_societe) $sql .= natural_search('s.nom', $search_societe); if ($search_login) $sql .= natural_search("u.login", $search_login); From 83ae27d1222e65e3607a15ac074ee110ea138c8c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 27 Jul 2018 12:33:36 +0200 Subject: [PATCH 2/2] FIX Deletion of files in migration --- htdocs/core/lib/files.lib.php | 5 +++-- htdocs/install/upgrade2.php | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 6516eeefe19..fa1a5e50a50 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1118,10 +1118,11 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable * @param int $nophperrors Disable all PHP output errors * @param int $nohook Disable all hooks * @param object $object Current object in use + * @param boolean $allowdotdot Allow to delete file path with .. inside. Never use this, it is reserved for migration purpose. * @return boolean True if no error (file is deleted or if glob is used and there's nothing to delete), False if error * @see dol_delete_dir */ -function dol_delete_file($file,$disableglob=0,$nophperrors=0,$nohook=0,$object=null) +function dol_delete_file($file,$disableglob=0,$nophperrors=0,$nohook=0,$object=null,$allowdotdot=false) { global $db, $conf, $user, $langs; global $hookmanager; @@ -1133,7 +1134,7 @@ function dol_delete_file($file,$disableglob=0,$nophperrors=0,$nohook=0,$object=n // Security: // We refuse transversal using .. and pipes into filenames. - if (preg_match('/\.\./',$file) || preg_match('/[<>|]/',$file)) + if ((! $allowdotdot && preg_match('/\.\./',$file)) || preg_match('/[<>|]/',$file)) { dol_syslog("Refused to delete file ".$file, LOG_WARNING); return false; diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index c52fb45a106..be31b1f6452 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -4442,7 +4442,7 @@ function migrate_delete_old_files($db,$langs,$conf) $result=1; if (file_exists($filetodelete)) { - $result=dol_delete_file($filetodelete); + $result=dol_delete_file($filetodelete,0,0,0,null,true); if (! $result) { $langs->load("errors");