Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-18 15:31:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '7.0' of git@github.com:Dolibarr/dolibarr.git into 8.0

Browse Source 
Conflicts:
	htdocs/comm/propal/list.php
This commit is contained in:
Laurent Destailleur
2018-07-27 12:54:45 +02:00
parent 7821e21e5b 894f484de8
commit 7af42c66cc
3 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/comm/propal/list.php
View File

@@ -310,7 +310,7 @@ if ($search_country) $sql .= " AND s.fk_pays IN (".$db->escape($search_country).
if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$db->escape($search_type_thirdparty).')'; if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$db->escape($search_type_thirdparty).')';
if ($search_ref) $sql .= natural_search('p.ref', $search_ref); if ($search_ref) $sql .= natural_search('p.ref', $search_ref);
if ($search_refcustomer) $sql .= natural_search('p.ref_client', $search_refcustomer); if ($search_refcustomer) $sql .= natural_search('p.ref_client', $search_refcustomer);
if ($search_refproject) $sql .= natural_search('pr.ref', $search_refprojet); if ($search_refproject) $sql .= natural_search('pr.ref', $search_refproject);
if ($search_availability) $sql .= " AND p.fk_availability IN (".$db->escape($search_availability).')'; if ($search_availability) $sql .= " AND p.fk_availability IN (".$db->escape($search_availability).')';
if ($search_societe) $sql .= natural_search('s.nom', $search_societe); if ($search_societe) $sql .= natural_search('s.nom', $search_societe);
@@ -432,7 +432,7 @@ if ($resql)
if ($search_year) $param.='&search_year='.urlencode($search_year); if ($search_year) $param.='&search_year='.urlencode($search_year);
if ($search_ref) $param.='&search_ref='.urlencode($search_ref); if ($search_ref) $param.='&search_ref='.urlencode($search_ref);
if ($search_refcustomer) $param.='&search_refcustomer='.urlencode($search_refcustomer); if ($search_refcustomer) $param.='&search_refcustomer='.urlencode($search_refcustomer);
if ($search_refprojet) $param.='&search_refprojet='.urlencode($search_refprojet); if ($search_refproject) $param.='&search_refproject='.urlencode($search_refproject);
if ($search_societe) $param.='&search_societe='.urlencode($search_societe); if ($search_societe) $param.='&search_societe='.urlencode($search_societe);
if ($search_user > 0) $param.='&search_user='.urlencode($search_user); if ($search_user > 0) $param.='&search_user='.urlencode($search_user);
if ($search_sale > 0) $param.='&search_sale='.urlencode($search_sale); if ($search_sale > 0) $param.='&search_sale='.urlencode($search_sale);

5
htdocs/core/lib/files.lib.php
View File

@@ -1133,10 +1133,11 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable
* @param int $nophperrors Disable all PHP output errors * @param int $nophperrors Disable all PHP output errors
* @param int $nohook Disable all hooks * @param int $nohook Disable all hooks
* @param object $object Current object in use * @param object $object Current object in use
* @param boolean $allowdotdot Allow to delete file path with .. inside. Never use this, it is reserved for migration purpose.
* @return boolean True if no error (file is deleted or if glob is used and there's nothing to delete), False if error * @return boolean True if no error (file is deleted or if glob is used and there's nothing to delete), False if error
* @see dol_delete_dir * @see dol_delete_dir
*/ */
function dol_delete_file($file,$disableglob=0,$nophperrors=0,$nohook=0,$object=null) function dol_delete_file($file,$disableglob=0,$nophperrors=0,$nohook=0,$object=null,$allowdotdot=false)
{ {
global $db, $conf, $user, $langs; global $db, $conf, $user, $langs;
global $hookmanager; global $hookmanager;
@@ -1148,7 +1149,7 @@ function dol_delete_file($file,$disableglob=0,$nophperrors=0,$nohook=0,$object=n
// Security: // Security:
// We refuse transversal using .. and pipes into filenames. // We refuse transversal using .. and pipes into filenames.
if (preg_match('/\.\./',$file) || preg_match('/[<>|]/',$file)) if ((! $allowdotdot && preg_match('/\.\./',$file)) || preg_match('/[<>|]/',$file))
{ {
dol_syslog("Refused to delete file ".$file, LOG_WARNING); dol_syslog("Refused to delete file ".$file, LOG_WARNING);
return false; return false;

2
htdocs/install/upgrade2.php
View File

@@ -4472,7 +4472,7 @@ function migrate_delete_old_files($db,$langs,$conf)
$result=1; $result=1;
if (file_exists($filetodelete)) if (file_exists($filetodelete))
{ {
$result=dol_delete_file($filetodelete); $result=dol_delete_file($filetodelete,0,0,0,null,true);
if (! $result) if (! $result)
{ {
$langs->load("errors"); $langs->load("errors");