Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-12 19:02:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX Download of files with hashp when files are into user dir

Browse Source
This commit is contained in:
Laurent Destailleur
2018-12-17 15:35:20 +01:00
parent 17b2fd295f
commit 4e940ebaf1
3 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
htdocs/document.php
View File

@@ -38,7 +38,7 @@ if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1');
if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1');
// For direct external download link, we don't need to load/check we are into a login session
if (isset($_GET["hashp"]))
if (isset($_GET["hashp"]) && ! defined("NOLOGIN"))
{
if (! defined("NOLOGIN")) define("NOLOGIN",1);
if (! defined("NOCSRFCHECK")) define("NOCSRFCHECK",1); // We accept to go on this page from external web site.
@@ -122,8 +122,14 @@ if (! empty($hashp))
if ($result > 0)
{
$tmp = explode('/', $ecmfile->filepath, 2); // $ecmfile->filepath is relative to document directory
$moduleparttocheck = $tmp[0];
if ($modulepart) // Not required for link using public hashp
// filepath can be 'users/X' or 'X/propale/PR11111'
if (is_numeric($tmp[0])) // If first tmp is numeric, it is subdir of company for multicompany, we take next part.
{
$tmp = explode('/', $tmp[1], 2);
}
$moduleparttocheck = $tmp[0]; // moduleparttocheck is first part of path
if ($modulepart) // Not required, so often not defined, for link using public hashp parameter.
{
if ($moduleparttocheck == $modulepart)
{