Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-03-15 23:06:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '23.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur
2026-03-02 05:54:03 +01:00
parent bcedf595f3 57a1f05d49
commit 82d3d3ba92
20 changed files with 84 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
htdocs/api/class/api_documents.class.php
View File

@@ -111,6 +111,23 @@ class Documents extends DolibarrApi
throw new RestException(403);
}
if (DolibarrApiAccess::$user->socid > 0) {
if ($sqlprotectagainstexternals) {
$resql = $this->db->query($sqlprotectagainstexternals);
if ($resql) {
$num = $this->db->num_rows($resql);
$i = 0;
while ($i < $num) {
$obj = $this->db->fetch_object($resql);
if (DolibarrApiAccess::$user->socid != $obj->fk_soc) {
throw new RestException(403, 'Not allowed to download documents with such a ref');
}
$i++;
}
}
}
}
$filename = basename($original_file);
$original_file_osencoded = dol_osencode($original_file); // New file name encoded in OS encoding charset
@@ -197,6 +214,23 @@ class Documents extends DolibarrApi
throw new RestException(403);
}
if (DolibarrApiAccess::$user->socid > 0) {
if ($sqlprotectagainstexternals) {
$resql = $this->db->query($sqlprotectagainstexternals);
if ($resql) {
$num = $this->db->num_rows($resql);
$i = 0;
while ($i < $num) {
$obj = $this->db->fetch_object($resql);
if (DolibarrApiAccess::$user->socid != $obj->fk_soc) {
throw new RestException(403, 'Not allowed to download documents with such a ref');
}
$i++;
}
}
}
}
// --- Generates the document
$hidedetails = !getDolGlobalString('MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS') ? 0 : 1;
$hidedesc = !getDolGlobalString('MAIN_GENERATE_DOCUMENTS_HIDE_DESC') ? 0 : 1;
@@ -1283,6 +1317,23 @@ class Documents extends DolibarrApi
throw new RestException(403);
}
if (DolibarrApiAccess::$user->socid > 0) {
if ($sqlprotectagainstexternals) {
$resql = $this->db->query($sqlprotectagainstexternals);
if ($resql) {
$num = $this->db->num_rows($resql);
$i = 0;
while ($i < $num) {
$obj = $this->db->fetch_object($resql);
if (DolibarrApiAccess::$user->socid != $obj->fk_soc) {
throw new RestException(403, 'Not allowed to download documents with such a ref');
}
$i++;
}
}
}
}
$filename = basename($original_file);
$original_file_osencoded = dol_osencode($original_file); // New file name encoded in OS encoding charset