Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-18 15:31:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix bad parameter

Browse Source
This commit is contained in:
Laurent Destailleur
2024-02-08 15:02:54 +01:00
parent 8e0559f9a4
commit 7783575bf7
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/core/lib/files.lib.php
View File

@@ -2560,13 +2560,13 @@ function dol_most_recent_file($dir, $regexfilter = '', $excludefilter = array('(
* Security check when accessing to a document (used by document.php, viewimage.php and webservices to get documents). * Security check when accessing to a document (used by document.php, viewimage.php and webservices to get documents).
* TODO Replace code that set $accessallowed by a call to restrictedArea() * TODO Replace code that set $accessallowed by a call to restrictedArea()
* *
* @param string $modulepart Module of document ('module', 'module_user_temp', 'module_user' or 'module_temp'). Exemple: 'medias', 'invoice', 'logs', 'tax-vat', ... * @param string $modulepart Module of document ('module', 'module_user_temp', 'module_user' or 'module_temp'). Exemple: 'medias', 'invoice', 'logs', 'tax-vat', ...
* @param string $original_file Relative path with filename, relative to modulepart. * @param string $original_file Relative path with filename, relative to modulepart.
* @param string $entity Restrict onto entity (0=no restriction) * @param string $entity Restrict onto entity (0=no restriction)
* @param User $fuser User object (forced) * @param User|null $fuser User object (forced)
* @param string $refname Ref of object to check permission for external users (autodetect if not provided) or for hierarchy * @param string $refname Ref of object to check permission for external users (autodetect if not provided) or for hierarchy
* @param string $mode Check permission for 'read' or 'write' * @param string $mode Check permission for 'read' or 'write'
* @return mixed Array with access information : 'accessallowed' & 'sqlprotectagainstexternals' & 'original_file' (as a full path name) * @return mixed Array with access information : 'accessallowed' & 'sqlprotectagainstexternals' & 'original_file' (as a full path name)
* @see restrictedArea() * @see restrictedArea()
*/ */
function dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser = '', $refname = '', $mode = 'read') function dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser = '', $refname = '', $mode = 'read')

2
htdocs/website/samples/wrapper.php
View File

@@ -226,7 +226,7 @@ if ($rss) {
} else { } else {
// Find the subdirectory name as the reference // Find the subdirectory name as the reference
include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname); $check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, null, $refname);
$accessallowed = empty($check_access['accessallowed']) ? '' : $check_access['accessallowed']; $accessallowed = empty($check_access['accessallowed']) ? '' : $check_access['accessallowed'];
$sqlprotectagainstexternals = empty($check_access['sqlprotectagainstexternals']) ? '' : $check_access['sqlprotectagainstexternals']; $sqlprotectagainstexternals = empty($check_access['sqlprotectagainstexternals']) ? '' : $check_access['sqlprotectagainstexternals'];
$fullpath_original_file = empty($check_access['original_file']) ? '' : $check_access['original_file']; // $fullpath_original_file is now a full path name $fullpath_original_file = empty($check_access['original_file']) ? '' : $check_access['original_file']; // $fullpath_original_file is now a full path name