diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php
index 2a5786f14b2..cc7a4cda3b7 100644
--- a/htdocs/adherents/document.php
+++ b/htdocs/adherents/document.php
@@ -75,7 +75,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
@@ -213,7 +213,7 @@ if ($id > 0)
*/
if ($action == 'delete')
{
- $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$member->id.'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
+ $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$member->id.'&urlfile='.urlencode(GETPOST("urlfile")), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
if ($ret == 'html') print '
';
}
diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php
index 6596d91844c..ad7e2d79e27 100644
--- a/htdocs/admin/security_other.php
+++ b/htdocs/admin/security_other.php
@@ -46,7 +46,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
$result=dol_mkdir($upload_dir); // Create dir if not exists
if ($result >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),1,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),1,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php
index a948d91c0e7..60d70ec1027 100755
--- a/htdocs/comm/action/document.php
+++ b/htdocs/comm/action/document.php
@@ -73,7 +73,7 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php
index 5e6b4f9a9b1..0f55592a291 100644
--- a/htdocs/comm/propal/document.php
+++ b/htdocs/comm/propal/document.php
@@ -75,7 +75,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
@@ -192,7 +192,7 @@ if ($id > 0 || ! empty($ref))
*/
if ($action == 'delete')
{
- $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$id.'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
+ $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$id.'&urlfile='.urlencode(GETPOST("urlfile")), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
if ($ret == 'html') print '
';
}
diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php
index 3e890ea13f8..f9497759637 100644
--- a/htdocs/commande/document.php
+++ b/htdocs/commande/document.php
@@ -78,7 +78,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php
index 7a3bc8b06a4..941f3a8157c 100644
--- a/htdocs/compta/facture/document.php
+++ b/htdocs/compta/facture/document.php
@@ -80,7 +80,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
@@ -206,7 +206,7 @@ if ($id > 0 || ! empty($ref))
*/
if ($action == 'delete')
{
- $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?facid='.$id.'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
+ $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?facid='.$id.'&urlfile='.urlencode(GETPOST("urlfile")), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
if ($ret == 'html') print '
';
}
diff --git a/htdocs/compta/prelevement/fiche.php b/htdocs/compta/prelevement/fiche.php
index f7e73d64276..50f24fdca90 100644
--- a/htdocs/compta/prelevement/fiche.php
+++ b/htdocs/compta/prelevement/fiche.php
@@ -67,7 +67,7 @@ if ($action == 'infotrans' && $user->rights->prelevement->bons->send)
{
$dir = $conf->prelevement->dir_output.'/receipts';
- if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $dir . "/" . stripslashes($_FILES['userfile']['name']),1) > 0)
+ if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $dir . "/" . dol_unescapefile($_FILES['userfile']['name']),1) > 0)
{
$dt = dol_mktime(12,0,0,GETPOST('remonth','int'),GETPOST('reday','int'),GETPOST('reyear','int'));
@@ -149,7 +149,7 @@ if ($id)
print '| '.$langs->trans('Status').' | ';
print ''.$bon->getLibStatut(1).' | ';
print '
';
-
+
if($bon->date_trans <> 0)
{
$muser = new User($db);
diff --git a/htdocs/compta/sociales/document.php b/htdocs/compta/sociales/document.php
index 797945d8ee7..4d89e43d459 100644
--- a/htdocs/compta/sociales/document.php
+++ b/htdocs/compta/sociales/document.php
@@ -75,7 +75,7 @@ if (GETPOST("sendit") && ! empty($conf->global->MAIN_UPLOAD_DOC))
{
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
diff --git a/htdocs/contrat/document.php b/htdocs/contrat/document.php
index 5180b8a1dd6..5f192106970 100644
--- a/htdocs/contrat/document.php
+++ b/htdocs/contrat/document.php
@@ -72,7 +72,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
{
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php
index 08c361ccfea..9a5b9627695 100644
--- a/htdocs/core/lib/files.lib.php
+++ b/htdocs/core/lib/files.lib.php
@@ -487,12 +487,25 @@ function dol_move($srcfile, $destfile, $newmask=0, $overwriteifexists=1)
return $result;
}
+/**
+ * Unescape a file submitted by upload. PHP escape char " and only char " into $FILES with %22
+ * This is a bug because when file contains %22, it is not escape, so there is no way to retrieve original value.
+ * So best solution is to keep " as %22 into uploaded filename.
+ *
+ * @param string $filename Filename
+ */
+function dol_unescapefile($filename)
+{
+ //return stripslashes($filename); // FIXME
+ return $filename;
+}
+
/**
* Move an uploaded file after some controls.
* If there is errors (virus found, antivir in error, bad filename), file is not moved.
*
* @param string $src_file Source full path filename ($_FILES['field']['tmp_name'])
- * @param string $dest_file Target full path filename
+ * @param string $dest_file Target full path filename ($_FILES['field']['name'])
* @param int $allowoverwrite 1=Overwrite target file if it already exists
* @param int $disablevirusscan 1=Disable virus scan
* @param string $uploaderrorcode Value of upload error code ($_FILES['field']['error'])
@@ -603,7 +616,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable
if (is_object($object))
{
$object->src_file=$dest_file;
-
+
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php");
$interface=new Interfaces($db);
diff --git a/htdocs/ecm/docmine.php b/htdocs/ecm/docmine.php
index 8f253c04e4b..9070a53a1cf 100644
--- a/htdocs/ecm/docmine.php
+++ b/htdocs/ecm/docmine.php
@@ -75,7 +75,7 @@ if (GETPOST("sendit") && ! empty($conf->global->MAIN_UPLOAD_DOC))
{
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
$result=$ecmdir->changeNbOfFiles('+');
diff --git a/htdocs/ecm/docother.php b/htdocs/ecm/docother.php
index cfc9e6aee74..634ee0b5605 100644
--- a/htdocs/ecm/docother.php
+++ b/htdocs/ecm/docother.php
@@ -45,7 +45,7 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
{
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
$result=$ecmdir->changeNbOfFiles('+');
diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php
index 5c0b178c6ed..35a286b965a 100644
--- a/htdocs/ecm/index.php
+++ b/htdocs/ecm/index.php
@@ -94,7 +94,7 @@ if (GETPOST("sendit") && ! empty($conf->global->MAIN_UPLOAD_DOC))
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0, 0, $_FILES['userfile']['error']);
+ $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0, 0, $_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
//$mesg = ''.$langs->trans("FileTransferComplete").'
';
diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php
index a4dbe96b516..018998cf47e 100644
--- a/htdocs/fichinter/document.php
+++ b/htdocs/fichinter/document.php
@@ -76,7 +76,7 @@ if (GETPOST('sendit','alpha') && ! empty($conf->global->MAIN_UPLOAD_DOC))
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php
index fb5d9df5d23..d5fe4ac022a 100644
--- a/htdocs/fourn/commande/document.php
+++ b/htdocs/fourn/commande/document.php
@@ -79,7 +79,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php
index 51fdf70f4a5..c1adefbf93b 100644
--- a/htdocs/fourn/facture/document.php
+++ b/htdocs/fourn/facture/document.php
@@ -75,7 +75,7 @@ if ($_POST['sendit'] && ! empty($conf->global->MAIN_UPLOAD_DOC))
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
diff --git a/htdocs/ftp/index.php b/htdocs/ftp/index.php
index 9b286641f32..cd356d91b26 100644
--- a/htdocs/ftp/index.php
+++ b/htdocs/ftp/index.php
@@ -95,7 +95,7 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0);
+ $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0);
if (is_numeric($resupload) && $resupload > 0)
{
//$mesg = ''.$langs->trans("FileTransferComplete").'
';
diff --git a/htdocs/product/document.php b/htdocs/product/document.php
index 791fa9e90be..a3547f6bedc 100755
--- a/htdocs/product/document.php
+++ b/htdocs/product/document.php
@@ -76,7 +76,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
{
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php
index dd9a4fe2c6e..39ae5148024 100644
--- a/htdocs/projet/document.php
+++ b/htdocs/projet/document.php
@@ -75,7 +75,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php
index 8095d83c9d6..5c1d3bc0c90 100644
--- a/htdocs/projet/tasks/document.php
+++ b/htdocs/projet/tasks/document.php
@@ -73,7 +73,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
{
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php
index 6ab8e8b5ee0..d37ced68e01 100644
--- a/htdocs/societe/document.php
+++ b/htdocs/societe/document.php
@@ -83,7 +83,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
{
if (dol_mkdir($upload_dir) >= 0)
{
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']);
if (is_numeric($resupload) && $resupload > 0)
{
if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1)
@@ -123,6 +123,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes')
if ($object->id)
{
$file = $upload_dir . "/" . GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
+
dol_delete_file($file,0,0,0,$object);
$mesg = ''.$langs->trans("FileWasRemoved",GETPOST('urlfile')).'
';
}
@@ -206,10 +207,10 @@ if ($object->id)
/*
* Confirmation suppression fichier
- */
+ */
if ($action == 'delete')
- {
- $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
+ {
+ $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&urlfile='.urlencode(GETPOST("urlfile")), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1);
if ($ret == 'html') print '
';
}
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index 418e496ab7c..92bda6a4b00 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -118,6 +118,12 @@ if ($modulepart)
$accessallowed=1;
$original_file=$conf->adherent->dir_output.'/'.$original_file;
}
+ // Wrapping for members photos
+ elseif ($modulepart == 'member')
+ {
+ $accessallowed=1;
+ $original_file=$conf->adherent->dir_output.'/'.$original_file;
+ }
// Wrapping pour les images des societes
elseif ($modulepart == 'societe')
{