diff --git a/htdocs/core/filemanagerdol/connectors/php/commands.php b/htdocs/core/filemanagerdol/connectors/php/commands.php index 6db2c3c1b25..0bad6a0eb03 100644 --- a/htdocs/core/filemanagerdol/connectors/php/commands.php +++ b/htdocs/core/filemanagerdol/connectors/php/commands.php @@ -237,63 +237,69 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '') } */ + include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; - $isImageValid = image_format_supported($sFileName) > 0 ? true : false; + //var_dump($sFileName); var_dump(image_format_supported($sFileName));exit; + $isImageValid = (image_format_supported($sFileName) >= 0 ? true : false); if (!$isImageValid) { $sErrorNumber = '202'; } // Check if it is an allowed extension. - if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { - $iCounter = 0; + if (!$sErrorNumber) { + if (IsAllowedExt($sExtension, $resourceType)) { + $iCounter = 0; - while (true) { - $sFilePath = $sServerDir.$sFileName; - - if (is_file($sFilePath)) { - $iCounter++; - $sFileName = RemoveExtension($sOriginalFileName).'('.$iCounter.').'.$sExtension; - $sErrorNumber = '201'; - } else { - include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; - dol_move_uploaded_file($oFile['tmp_name'], $sFilePath, 0, 0); + while (true) { + $sFilePath = $sServerDir.$sFileName; if (is_file($sFilePath)) { - if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { - break; + $iCounter++; + $sFileName = RemoveExtension($sOriginalFileName).'('.$iCounter.').'.$sExtension; + $sErrorNumber = '201'; + } else { + include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + dol_move_uploaded_file($oFile['tmp_name'], $sFilePath, 0, 0); + + if (is_file($sFilePath)) { + if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { + break; + } + + $permissions = '0777'; + if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) { + $permissions = (string) $Config['ChmodOnUpload']; + } + $permissionsdec = octdec($permissions); + dol_syslog("commands.php permission = ".$permissions." ".$permissionsdec." ".decoct($permissionsdec)); + $oldumask = umask(0); + chmod($sFilePath, $permissionsdec); + umask($oldumask); } - $permissions = '0777'; - if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) { - $permissions = (string) $Config['ChmodOnUpload']; - } - $permissionsdec = octdec($permissions); - dol_syslog("commands.php permission = ".$permissions." ".$permissionsdec." ".decoct($permissionsdec)); - $oldumask = umask(0); - chmod($sFilePath, $permissionsdec); - umask($oldumask); + break; } - - break; } - } - if (file_exists($sFilePath)) { - //previous checks failed, try once again - if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) { - @unlink($sFilePath); - $sErrorNumber = '202'; - } elseif (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) { - @unlink($sFilePath); - $sErrorNumber = '202'; + if (file_exists($sFilePath)) { + //previous checks failed, try once again + if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) { + dol_syslog("commands.php IsImageValid is ko"); + @unlink($sFilePath); + $sErrorNumber = '202'; + } elseif (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) { + dol_syslog("commands.php DetectHtml is ko"); + @unlink($sFilePath); + $sErrorNumber = '202'; + } } + } else { + $sErrorNumber = '202'; } - } else { - $sErrorNumber = '202'; } } else { - $sErrorNumber = '202'; + $sErrorNumber = '203'; } diff --git a/htdocs/core/filemanagerdol/connectors/php/config.php b/htdocs/core/filemanagerdol/connectors/php/config.php index c2d7478e36e..848153d84fc 100644 --- a/htdocs/core/filemanagerdol/connectors/php/config.php +++ b/htdocs/core/filemanagerdol/connectors/php/config.php @@ -159,7 +159,10 @@ $Config['FileTypesAbsolutePath']['File'] = ($Config['UserFilesAbsolutePath'] == $Config['QuickUploadPath']['File'] = $Config['UserFilesPath']; $Config['QuickUploadAbsolutePath']['File'] = $Config['UserFilesAbsolutePath']; -$Config['AllowedExtensions']['Image'] = array('bmp', 'gif', 'jpeg', 'jpg', 'png'); +$Config['AllowedExtensions']['Image'] = array('bmp', 'gif', 'jpeg', 'jpg', 'png', 'ai'); +if (!empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)) { + $Config['AllowedExtensions']['Image'][] = 'svg'; +} $Config['DeniedExtensions']['Image'] = array(); $Config['FileTypesPath']['Image'] = $Config['UserFilesPath'].'image/'; $Config['FileTypesAbsolutePath']['Image'] = ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'image/'; diff --git a/htdocs/core/filemanagerdol/connectors/php/upload.php b/htdocs/core/filemanagerdol/connectors/php/upload.php index b9296d68bcf..b28627631f2 100644 --- a/htdocs/core/filemanagerdol/connectors/php/upload.php +++ b/htdocs/core/filemanagerdol/connectors/php/upload.php @@ -42,14 +42,14 @@ function SendError($number, $text) // Check if this uploader has been enabled. -if (!$Config['Enabled']) { +if (empty($Config['Enabled'])) { SendUploadResults('1', '', '', 'This file uploader is disabled. Please check the "filemanagerdol/connectors/php/config.php" file'); } $sCommand = 'QuickUpload'; -// The file type (from the QueryString, by default 'File'). -$sType = isset($_GET['Type']) ? $_GET['Type'] : 'File'; +// The file type (from the QueryString, by default 'File', can be 'Image' or 'Media'). +$sType = GETPOSTISSET('Type') ? GETPOST('Type') : 'File'; $sCurrentFolder = "/"; @@ -71,5 +71,5 @@ if (!IsAllowedType($sType)) { // Get the CKEditor Callback $CKEcallback = $_GET['CKEditorFuncNum']; -//modify the next line adding in the new param +// Get uploaded filr and move it at correct place. Note: Some tests on file name are also included into this function FileUpload($sType, $sCurrentFolder, $sCommand, $CKEcallback);