Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Prepare code to have photo_resize used by other modules

Browse Source
This commit is contained in:
Laurent Destailleur
2010-11-07 12:33:32 +00:00
parent f20a0e895c
commit f8674ae32f
5 changed files with 39 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
htdocs/core/photos_resize.php
View File

@@ -45,10 +45,26 @@ if (isset($_GET["id"]))
} }
$original_file = isset($_REQUEST["file"])?urldecode($_REQUEST["file"]):''; $original_file = isset($_REQUEST["file"])?urldecode($_REQUEST["file"]):'';
// Security check // Security check
if ($modulepart=='produit|service') $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid); if (empty($modulepart)) accessforbidden('Bad value for modulepart');
else accessforbidden('Bad value for modulepart'); $accessallowed=0;
if ($modulepart)
{
if ($modulepart=='produit|service')
{
$result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
if ($modulepart=='produit|service' && (! $user->rights->produit->lire && ! $user->rights->service->lire)) accessforbidden(); if ($modulepart=='produit|service' && (! $user->rights->produit->lire && ! $user->rights->service->lire)) accessforbidden();
$accessallowed=1;
}
}
// Security:
// Limit access if permissions are wrong
if (! $accessallowed)
{
accessforbidden();
}

2
htdocs/document.php
View File

@@ -101,6 +101,8 @@ $original_file = str_replace("../","/", $original_file);
// find the subdirectory name as the reference // find the subdirectory name as the reference
$refname=basename(dirname($original_file)."/"); $refname=basename(dirname($original_file)."/");
// Security check
if (empty($modulepart)) accessforbidden('Bad value for modulepart');
$accessallowed=0; $accessallowed=0;
$sqlprotectagainstexternals=''; $sqlprotectagainstexternals='';
if ($modulepart) if ($modulepart)

10
htdocs/lib/functions.lib.php
View File

@@ -1568,7 +1568,7 @@ function info_admin($texte,$infoonimgalt=0)
* \param feature2 Feature to check (second level of permission) * \param feature2 Feature to check (second level of permission)
* \param dbt_keyfield Field name for socid foreign key if not fk_soc. (optionnal) * \param dbt_keyfield Field name for socid foreign key if not fk_soc. (optionnal)
* \param dbt_select Field name for select if not rowid. (optionnal) * \param dbt_select Field name for select if not rowid. (optionnal)
* \return int 1 * @return int Always 1, die process if not allowed
*/ */
function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid') function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
{ {
@@ -1890,10 +1890,10 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
/** /**
* \brief Affiche message erreur de type acces interdit et arrete le programme * Affiche message erreur de type acces interdit et arrete le programme
* \param message Force error message * L'appel a cette fonction termine le code.
* \param printheader Affiche avant le header * @param message Force error message
* \remarks L'appel a cette fonction termine le code. * @param printheader Affiche avant le header
*/ */
function accessforbidden($message='',$printheader=1,$printfooter=1,$showonlymessage=0) function accessforbidden($message='',$printheader=1,$printfooter=1,$showonlymessage=0)
{ {

22
htdocs/product/class/product.class.php
View File

@@ -2473,15 +2473,15 @@ class Product extends CommonObject
/** /**
* \brief Show photos of a product (nbmax maximum) * Show photos of a product (nbmax maximum)
* \param sdir Directory to scan * @param sdir Directory to scan
* \param size 0=original size, 1 use thumbnail if possible * @param size 0=original size, 1 use thumbnail if possible
* \param nbmax Nombre maximum de photos (0=pas de max) * @param nbmax Nombre maximum de photos (0=pas de max)
* \param nbbyrow Nombre vignettes par ligne (si mode vignette) * @param nbbyrow Nombre vignettes par ligne (si mode vignette)
* \param showfilename 1=Show filename * @param showfilename 1=Show filename
* \param showaction 1=Show icon with action links (resize, delete) * @param showaction 1=Show icon with action links (resize, delete)
* \param maxheight Max height of image when size=1 * @param maxheight Max height of image when size=1
* \return string Html code to show photo. Number of photos shown is saved in this->nbphoto * @return string Html code to show photo. Number of photos shown is saved in this->nbphoto
*/ */
function show_photos($sdir,$size=0,$nbmax=0,$nbbyrow=5,$showfilename=0,$showaction=0,$maxheight=120) function show_photos($sdir,$size=0,$nbmax=0,$nbbyrow=5,$showfilename=0,$showaction=0,$maxheight=120)
{ {
@@ -2560,7 +2560,7 @@ class Product extends CommonObject
if ($user->rights->produit->creer || $user->rights->service->creer) if ($user->rights->produit->creer || $user->rights->service->creer)
{ {
// Link to resize // Link to resize
$return.= '<a href="'.DOL_URL_ROOT.'/core/photos_resize.php?id='.$_GET["id"].'&amp;file='.urlencode($pdir.$viewfilename).'" title="'.dol_escape_htmltag($langs->trans("Resize")).'">'.img_picto($langs->trans("Resize"),DOL_URL_ROOT.'/theme/common/transform-crop-and-resize','',1).'</a> &nbsp; '; $return.= '<a href="'.DOL_URL_ROOT.'/core/photos_resize.php?modulepart='.urlencode('produit|service').'&id='.$_GET["id"].'&amp;file='.urlencode($pdir.$viewfilename).'" title="'.dol_escape_htmltag($langs->trans("Resize")).'">'.img_picto($langs->trans("Resize"),DOL_URL_ROOT.'/theme/common/transform-crop-and-resize','',1).'</a> &nbsp; ';
// Link to delete // Link to delete
$return.= '<a href="'.$_SERVER["PHP_SELF"].'?id='.$_GET["id"].'&amp;action=delete&amp;file='.urlencode($pdir.$viewfilename).'">'; $return.= '<a href="'.$_SERVER["PHP_SELF"].'?id='.$_GET["id"].'&amp;action=delete&amp;file='.urlencode($pdir.$viewfilename).'">';
@@ -2583,7 +2583,7 @@ class Product extends CommonObject
if ($user->rights->produit->creer || $user->rights->service->creer) if ($user->rights->produit->creer || $user->rights->service->creer)
{ {
// Link to resize // Link to resize
$return.= '<a href="'.DOL_URL_ROOT.'/core/photos_resize.php?id='.$_GET["id"].'&amp;file='.urlencode($pdir.$viewfilename).'" title="'.dol_escape_htmltag($langs->trans("Resize")).'">'.img_picto($langs->trans("Resize"),DOL_URL_ROOT.'/theme/common/transform-crop-and-resize','',1).'</a> &nbsp; '; $return.= '<a href="'.DOL_URL_ROOT.'/core/photos_resize.php?modulepart='.urlencode('produit|service').'&id='.$_GET["id"].'&amp;file='.urlencode($pdir.$viewfilename).'" title="'.dol_escape_htmltag($langs->trans("Resize")).'">'.img_picto($langs->trans("Resize"),DOL_URL_ROOT.'/theme/common/transform-crop-and-resize','',1).'</a> &nbsp; ';
// Link to delete // Link to delete
$return.= '<a href="'.$_SERVER["PHP_SELF"].'?id='.$_GET["id"].'&amp;action=delete&amp;file='.urlencode($pdir.$viewfilename).'">'; $return.= '<a href="'.$_SERVER["PHP_SELF"].'?id='.$_GET["id"].'&amp;action=delete&amp;file='.urlencode($pdir.$viewfilename).'">';

2
htdocs/viewimage.php
View File

@@ -60,6 +60,8 @@ else $type=dol_mimetype($original_file);
// Suppression de la chaine de caractere ../ dans $original_file // Suppression de la chaine de caractere ../ dans $original_file
$original_file = str_replace("../","/", $original_file); $original_file = str_replace("../","/", $original_file);
// Security check
if (empty($modulepart)) accessforbidden('Bad value for modulepart');
$accessallowed=0; $accessallowed=0;
if ($modulepart) if ($modulepart)
{ {