From a00ff66f45bd718350ab43ec43ca23b456230a49 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@inodbox.com>
Date: Tue, 11 Nov 2025 08:56:33 +0100
Subject: [PATCH] FIX member photo and thirdparty logo not deleted in documents
 directory (#36197)

* FIX member photo with web portal don't need login

* FIX member photo not deleted

* FIX pre-commit

* FIX phan error and uniformize code

* FIX pfffffff pre-commit

* FIX uniformize code

* FIX remove TODO

* FIX change const name

* FIX missing add in ECM during creation

* FIX add user photo in ecm

* FIX phan error
---
 htdocs/adherents/card.php           | 40 +++++++++++++++++++++--------
 htdocs/core/lib/files.lib.php       | 23 +++++++++--------
 htdocs/ecm/class/ecmfiles.class.php | 28 ++++++++++----------
 htdocs/societe/card.php             | 15 ++++++++---
 htdocs/user/card.php                |  9 +++++++
 5 files changed, 76 insertions(+), 39 deletions(-)

diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php
index 1fd5d623e0b..afe34edbf78 100644
--- a/htdocs/adherents/card.php
+++ b/htdocs/adherents/card.php
@@ -371,11 +371,15 @@ if (empty($reshook)) {
 			//$object->note = trim(GETPOST("comment", "restricthtml"));
 			$object->morphy = GETPOST("morphy", 'alpha');
 
-			if (GETPOST('deletephoto', 'alpha')) {
-				$object->photo = '';
-			} elseif (!empty($_FILES['photo']['name'])) {
+			$current_photo = '';
+			if (!empty($_FILES['photo']['name'])) {
+				$current_photo = $object->photo;
 				$object->photo = dol_sanitizeFileName($_FILES['photo']['name']);
 			}
+			if (GETPOST('deletephoto')) {
+				$current_photo = $object->photo;
+				$object->photo = '';
+			}
 
 			// Get status and public property
 			$object->statut = GETPOSTINT("statut");
@@ -425,16 +429,21 @@ if (empty($reshook)) {
 					// Logo/Photo save
 					$dir = $conf->member->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos';
 					$file_OK = is_uploaded_file($_FILES['photo']['tmp_name']);
+					if (GETPOST('deletephoto') && $current_photo) {
+						$fileimg = $dir.'/'.$current_photo;
+						$dirthumbs = $dir.'/thumbs';
+						dol_delete_file($fileimg);
+						dol_delete_dir_recursive($dirthumbs);
+					}
 					if ($file_OK) {
-						if (GETPOST('deletephoto')) {
-							require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
-							$fileimg = $conf->member->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/'.$object->photo;
-							$dirthumbs = $conf->member->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, 'member').'/photos/thumbs';
-							dol_delete_file($fileimg);
-							dol_delete_dir_recursive($dirthumbs);
-						}
-
 						if (image_format_supported($_FILES['photo']['name']) > 0) {
+							if ($current_photo != $object->photo) {
+								$fileimg = $dir.'/'.$current_photo;
+								$dirthumbs = $dir.'/thumbs';
+								dol_delete_file($fileimg);
+								dol_delete_dir_recursive($dirthumbs);
+							}
+
 							dol_mkdir($dir);
 
 							if (@is_dir($dir)) {
@@ -444,6 +453,15 @@ if (empty($reshook)) {
 								} else {
 									// Create thumbs
 									$object->addThumbs($newfile);
+
+									// Index file in database
+									if (getDolGlobalString('MEMBER_PHOTO_ALLOW_EXTERNAL_DOWNLOAD')) {
+										require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+										// the dir dirname($newfile) is directory of logo, so we should have only one file at once into index, so we delete indexes for the dir
+										deleteFilesIntoDatabaseIndex(dirname($newfile), '', '', $object);
+										// now we index the uploaded logo file
+										addFileIntoDatabaseIndex(dirname($newfile), basename($newfile), '', 'uploaded', 1, $object);
+									}
 								}
 							}
 						} else {
diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php
index 900bf0e3214..067273bbda7 100644
--- a/htdocs/core/lib/files.lib.php
+++ b/htdocs/core/lib/files.lib.php
@@ -1097,18 +1097,18 @@ function dolCopyDir($srcfile, $destfile, $newmask, $overwriteifexists, $arrayrep
  *  - Database indexes for files are updated.
  *  - Test on virus is done only if param testvirus is provided and an antivirus was set.
  *
- * @param	string  	$srcfile            Source file (can't be a directory. use native php @rename() to move a directory)
- * @param   string		$destfile           Destination file (can't be a directory. use native php @rename() to move a directory)
- * @param   string		$newmask            Mask in octal string for new file ('0' by default means $conf->global->MAIN_UMASK)
- * @param   int<0,1>	$overwriteifexists  Overwrite file if exists (1 by default)
- * @param   int<0,1>	$testvirus          Do an antivirus test. Move is canceled if a virus is found.
- * @param	int<0,1>	$indexdatabase		Index new file into database.
- * @param	array<string,mixed>	$moreinfo   Array with more information to set in index table
- * @param	int			$entity				Entity
- * @return  boolean 		            True if OK, false if KO
+ * @param	string				$srcfile			Source file (can't be a directory. use native php @rename() to move a directory)
+ * @param   string				$destfile			Destination file (can't be a directory. use native php @rename() to move a directory)
+ * @param   string				$newmask			Mask in octal string for new file ('0' by default means $conf->global->MAIN_UMASK)
+ * @param   int<0,1>			$overwriteifexists	Overwrite file if exists (1 by default)
+ * @param   int<0,1>			$testvirus			Do an antivirus test. Move is canceled if a virus is found.
+ * @param	int<0,1>			$indexdatabase		Index new file into database.
+ * @param	array<string,mixed>	$moreinfo			Array with more information to set in index table
+ * @param	int|null			$entity				Entity (it's null by default to avoid problem with entity = 0)
+ * @return  boolean									True if OK, false if KO
  * @see dol_move_uploaded_file()
  */
-function dol_move($srcfile, $destfile, $newmask = '0', $overwriteifexists = 1, $testvirus = 0, $indexdatabase = 1, $moreinfo = array(), $entity = 0)
+function dol_move($srcfile, $destfile, $newmask = '0', $overwriteifexists = 1, $testvirus = 0, $indexdatabase = 1, $moreinfo = array(), $entity = null)
 {
 	global $user, $db;
 	$result = false;
@@ -1671,7 +1671,8 @@ function dol_delete_file($file, $disableglob = 0, $nophperrors = 0, $nohook = 0,
 								dol_syslog("Try to remove also entries in database for full relative path = ".$rel_filetodelete, LOG_DEBUG);
 								include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
 								$ecmfile = new EcmFiles($db);
-								$result = $ecmfile->fetch(0, '', $rel_filetodelete, '', '', '', 0, $object->entity ?? 0);
+								$entity = (isset($object->entity) ? $object->entity : null);
+								$result = $ecmfile->fetch(0, '', $rel_filetodelete, '', '', '', 0, $entity);
 								if ($result >= 0 && $ecmfile->id > 0) {
 									$result = $ecmfile->delete($user);
 								}
diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php
index 4d89b7598d8..994614258e6 100644
--- a/htdocs/ecm/class/ecmfiles.class.php
+++ b/htdocs/ecm/class/ecmfiles.class.php
@@ -403,17 +403,17 @@ class EcmFiles extends CommonObject
 	/**
 	 * Load object in memory from the database
 	 *
-	 * @param  int    $id          	   	Id object
-	 * @param  string $ref         	   	Hash of file name (filename+filepath). Not always defined on some version.
-	 * @param  string $relativepath    	Relative path of file from document directory. Example: 'path/path2/file' or 'path/path2/*'
-	 * @param  string $hashoffile      	Hash of file content. Take the first one found if same file is at different places. This hash will also change if file content is changed.
-	 * @param  string $hashforshare    	Hash of file sharing, or 'shared'
-	 * @param  string $src_object_type 	src_object_type to search (value of object->table_element)
-	 * @param  int    $src_object_id 	src_object_id to search
-	 * @param  int    $entity 	        entity
-	 * @return int                 	   	Return integer <0 if KO, 0 if not found, >0 if OK
+	 * @param  int		$id					Id object
+	 * @param  string	$ref				Hash of file name (filename+filepath). Not always defined on some version.
+	 * @param  string	$relativepath		Relative path of file from document directory. Example: 'path/path2/file' or 'path/path2/*'
+	 * @param  string	$hashoffile			Hash of file content. Take the first one found if same file is at different places. This hash will also change if file content is changed.
+	 * @param  string	$hashforshare		Hash of file sharing, or 'shared'
+	 * @param  string	$src_object_type	src_object_type to search (value of object->table_element)
+	 * @param  int		$src_object_id		src_object_id to search
+	 * @param  int|null	$entity 	        entity (it's null by default to avoid problem with entity = 0)
+	 * @return int							Return integer <0 if KO, 0 if not found, >0 if OK
 	 */
-	public function fetch($id, $ref = '', $relativepath = '', $hashoffile = '', $hashforshare = '', $src_object_type = '', $src_object_id = 0, $entity = 0)
+	public function fetch($id, $ref = '', $relativepath = '', $hashoffile = '', $hashforshare = '', $src_object_type = '', $src_object_id = 0, $entity = null)
 	{
 		global $conf;
 
@@ -461,7 +461,7 @@ class EcmFiles extends CommonObject
 			if ($filename != '*') {
 				$sql .= " AND t.filename = '".$this->db->escape($filename)."'";
 			}
-			if (! empty($entity)) {
+			if (isset($entity)) {
 				$sql .= " AND t.entity = " . (int) $entity;
 			} else {
 				$sql .= " AND t.entity = " . $conf->entity; // unique key include the entity so each company has its own index
@@ -470,7 +470,7 @@ class EcmFiles extends CommonObject
 		}
 		if (!empty($ref)) {		// hash of file path
 			$sql .= " AND t.ref = '".$this->db->escape($ref)."'";
-			if (! empty($entity)) {
+			if (isset($entity)) {
 				$sql .= " AND t.entity = " . (int) $entity;
 			} else {
 				$sql .= " AND t.entity = " . $conf->entity; // unique key include the entity so each company has its own index
@@ -479,7 +479,7 @@ class EcmFiles extends CommonObject
 		}
 		if (!empty($hashoffile)) {	// hash of content
 			$sql .= " AND t.label = '".$this->db->escape($hashoffile)."'";
-			if (! empty($entity)) {
+			if (isset($entity)) {
 				$sql .= " AND t.entity = " . (int) $entity;
 			} else {
 				$sql .= " AND t.entity = " . $conf->entity; // unique key include the entity so each company has its own index
@@ -497,7 +497,7 @@ class EcmFiles extends CommonObject
 		}
 		if ($src_object_type && $src_object_id) {
 			$sql .= " AND t.src_object_type = '".$this->db->escape($src_object_type)."' AND t.src_object_id = ".((int) $src_object_id);
-			if (! empty($entity)) {
+			if (isset($entity)) {
 				$sql .= " AND t.entity = " . (int) $entity;
 			} else {
 				$sql .= " AND t.entity = " . $conf->entity; // unique key include the entity so each company has its own index
diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index f067ae27c37..f23db61e554 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -602,6 +602,15 @@ if (empty($reshook)) {
 								} else {
 									// Create thumbs
 									$object->addThumbs($newfile);
+
+									// Index file in database
+									if (getDolGlobalString('THIRDPARTY_LOGO_ALLOW_EXTERNAL_DOWNLOAD')) {
+										require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+										// the dir dirname($newfile) is directory of logo, so we should have only one file at once into index, so we delete indexes for the dir
+										deleteFilesIntoDatabaseIndex(dirname($newfile), '', '', $object);
+										// now we index the uploaded logo file
+										addFileIntoDatabaseIndex(dirname($newfile), basename($newfile), '', 'uploaded', 1, $object);
+									}
 								}
 							}
 						}
@@ -740,8 +749,8 @@ if (empty($reshook)) {
 				// Logo/Photo save
 				$dir     = $conf->societe->multidir_output[$object->entity ?? $conf->entity]."/".$object->id."/logos";
 				$file_OK = is_uploaded_file($_FILES['photo']['tmp_name']);
-				if (GETPOST('deletephoto') && $object->logo) {
-					$fileimg = $dir.'/'.$object->logo;
+				if (GETPOST('deletephoto') && $current_logo) {
+					$fileimg = $dir.'/'.$current_logo;
 					$dirthumbs = $dir.'/thumbs';
 					dol_delete_file($fileimg);
 					dol_delete_dir_recursive($dirthumbs);
@@ -773,7 +782,7 @@ if (empty($reshook)) {
 									// the dir dirname($newfile) is directory of logo, so we should have only one file at once into index, so we delete indexes for the dir
 									deleteFilesIntoDatabaseIndex(dirname($newfile), '', '', $object);
 									// now we index the uploaded logo file
-									addFileIntoDatabaseIndex(dirname($newfile), basename($newfile), '', 'uploaded', 1);
+									addFileIntoDatabaseIndex(dirname($newfile), basename($newfile), '', 'uploaded', 1, $object);
 								}
 							}
 						}
diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index 1dbe3a2fbaa..b9a002fae01 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -645,6 +645,15 @@ if (empty($reshook)) {
 							} else {
 								// Create thumbs
 								$object->addThumbs($newfile);
+
+								// Index file in database
+								if (getDolGlobalString('USER_PHOTO_ALLOW_EXTERNAL_DOWNLOAD')) {
+									require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+									// the dir dirname($newfile) is directory of logo, so we should have only one file at once into index, so we delete indexes for the dir
+									deleteFilesIntoDatabaseIndex(dirname($newfile), '', '', $object);
+									// now we index the uploaded logo file
+									addFileIntoDatabaseIndex(dirname($newfile), basename($newfile), '', 'uploaded', 1, $object);
+								}
 							}
 						} else {
 							$error++;