diff --git a/htdocs/core/actions_linkedfiles.inc.php b/htdocs/core/actions_linkedfiles.inc.php index ea55052f880..ca39810e3d6 100644 --- a/htdocs/core/actions_linkedfiles.inc.php +++ b/htdocs/core/actions_linkedfiles.inc.php @@ -186,7 +186,13 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') // Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code. if (isAFileWithExecutableContent($filenameto) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED)) { - $filenameto .= '.noexe'; + // $upload_dir ends with a slash, so be must be sure the medias dir to compare to ends with slash too. + $publicmediasdirwithslash = $conf->medias->multidir_output[$conf->entity]; + if (! preg_match('/\/$/', $publicmediasdirwithslash)) $publicmediasdirwithslash.='/'; + + if ($upload_dir != $publicmediasdirwithslash) { // We never add .noexe on files into media directory + $filenameto .= '.noexe'; + } } if ($filenamefrom && $filenameto) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 180dcda0e0c..3e3c9482187 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -984,10 +984,11 @@ function dolCheckVirus($src_file) * @param integer $uploaderrorcode Value of PHP upload error code ($_FILES['field']['error']) * @param int $nohook Disable all hooks * @param string $varfiles _FILES var name + * @param string $upload_dir For information. Already included into $dest_file. * @return int|string 1 if OK, 2 if OK and .noexe appended, <0 or string if KO * @see dol_move() */ -function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disablevirusscan = 0, $uploaderrorcode = 0, $nohook = 0, $varfiles = 'addedfile') +function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disablevirusscan = 0, $uploaderrorcode = 0, $nohook = 0, $varfiles = 'addedfile', $upload_dir = '') { global $conf, $db, $user, $langs; global $object, $hookmanager; @@ -1044,8 +1045,14 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable // Because if we put the documents directory into a directory inside web root (very bad), this allows to execute on demand arbitrary code. if (isAFileWithExecutableContent($dest_file) && empty($conf->global->MAIN_DOCUMENT_IS_OUTSIDE_WEBROOT_SO_NOEXE_NOT_REQUIRED)) { - $file_name .= '.noexe'; - $successcode = 2; + // $upload_dir ends with a slash, so be must be sure the medias dir to compare to ends with slash too. + $publicmediasdirwithslash = $conf->medias->multidir_output[$conf->entity]; + if (! preg_match('/\/$/', $publicmediasdirwithslash)) $publicmediasdirwithslash.='/'; + + if ($upload_dir != $publicmediasdirwithslash) { // We never add .noexe on files into media directory + $file_name .= '.noexe'; + $successcode = 2; + } } // Security: @@ -1545,7 +1552,7 @@ function dol_add_file_process($upload_dir, $allowoverwrite = 0, $donotupdatesess $destfull = dol_string_nohtmltag($destfull); // Move file from temp directory to final directory. A .noexe may also be appended on file name. - $resupload = dol_move_uploaded_file($TFile['tmp_name'][$i], $destfull, $allowoverwrite, 0, $TFile['error'][$i], 0, $varfiles); + $resupload = dol_move_uploaded_file($TFile['tmp_name'][$i], $destfull, $allowoverwrite, 0, $TFile['error'][$i], 0, $varfiles, $upload_dir); if (is_numeric($resupload) && $resupload > 0) // $resupload can be 'ErrorFileAlreadyExists' { diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php index 5021054bcc0..452a024cc9c 100644 --- a/htdocs/ecm/class/ecmfiles.class.php +++ b/htdocs/ecm/class/ecmfiles.class.php @@ -67,7 +67,7 @@ class EcmFiles extends CommonObject */ public $entity; - public $filename; + public $filename; // Note: Into ecm database record, the entry $filename never ends with .noexe public $filepath; public $fullpath_orig; diff --git a/htdocs/public/test/test_forms.php b/htdocs/public/test/test_forms.php index 0a43cfda708..bd74ecb0f13 100644 --- a/htdocs/public/test/test_forms.php +++ b/htdocs/public/test/test_forms.php @@ -19,6 +19,7 @@ This page is a sample of page using Dolibarr HTML widget methods. It is designed - css (add parameter &theme=newtheme to test another theme or edit css of current theme)
- jmobile (add parameter ">dol_use_jmobile=1&dol_optimize_smallscreen=1 and switch to small screen < 570 to enable with emulated jmobile)
- no javascript / usage for bind people (add parameter ">nojs=1 to force disable javascript)
+- use with a text browser (add parameter ">textbrowser=1 to force detection of a text browser)

diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index df3ed9987d8..f74183b633e 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -174,15 +174,15 @@ input { padding-left: 5px; } select { - padding-top: 4px; + padding-top: 5px; padding-right: 4px; - padding-bottom: 3px; + padding-bottom: 5px; padding-left: 2px; } input, select { - margin-left:0px; - margin-bottom:1px; - margin-top:1px; + margin-left: 0px; + margin-bottom: 1px; + margin-top: 1px; } #mainbody input.button:not(.buttongen):not(.bordertransp) { background: var(--butactionbg); diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 048d7f89104..918a9fc8bdf 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -208,7 +208,7 @@ $permtouploadfile = $user->rights->website->write; $diroutput = $conf->medias->multidir_output[$conf->entity]; $relativepath = $section_dir; -$upload_dir = $diroutput.'/'.$relativepath; +$upload_dir = preg_replace('/\/$/', '', $diroutput).'/'.preg_replace('/^\//', '', $relativepath); $htmlheadercontentdefault = ''; $htmlheadercontentdefault .= ''."\n";