From c2db3265ec8c34937ecdbaf29a3fcf994f674210 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 30 May 2012 12:43:23 +0200 Subject: [PATCH] Fix: Regression with quot management. Try a better fix. --- htdocs/adherents/document.php | 4 ++-- htdocs/admin/security_other.php | 2 +- htdocs/comm/action/document.php | 2 +- htdocs/comm/propal/document.php | 4 ++-- htdocs/commande/document.php | 2 +- htdocs/compta/facture/document.php | 4 ++-- htdocs/compta/prelevement/fiche.php | 4 ++-- htdocs/compta/sociales/document.php | 2 +- htdocs/contrat/document.php | 2 +- htdocs/core/lib/files.lib.php | 17 +++++++++++++++-- htdocs/ecm/docmine.php | 2 +- htdocs/ecm/docother.php | 2 +- htdocs/ecm/index.php | 2 +- htdocs/fichinter/document.php | 2 +- htdocs/fourn/commande/document.php | 2 +- htdocs/fourn/facture/document.php | 2 +- htdocs/ftp/index.php | 2 +- htdocs/product/document.php | 2 +- htdocs/projet/document.php | 2 +- htdocs/projet/tasks/document.php | 2 +- htdocs/societe/document.php | 9 +++++---- htdocs/viewimage.php | 6 ++++++ 22 files changed, 49 insertions(+), 29 deletions(-) diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php index 2a5786f14b2..cc7a4cda3b7 100644 --- a/htdocs/adherents/document.php +++ b/htdocs/adherents/document.php @@ -75,7 +75,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) if (dol_mkdir($upload_dir) >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1) @@ -213,7 +213,7 @@ if ($id > 0) */ if ($action == 'delete') { - $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$member->id.'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1); + $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$member->id.'&urlfile='.urlencode(GETPOST("urlfile")), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1); if ($ret == 'html') print '
'; } diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php index 6596d91844c..ad7e2d79e27 100644 --- a/htdocs/admin/security_other.php +++ b/htdocs/admin/security_other.php @@ -46,7 +46,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) $result=dol_mkdir($upload_dir); // Create dir if not exists if ($result >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),1,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),1,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index a948d91c0e7..60d70ec1027 100755 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -73,7 +73,7 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) if (dol_mkdir($upload_dir) >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1) diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index 5e6b4f9a9b1..0f55592a291 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -75,7 +75,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) if (dol_mkdir($upload_dir) >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1) @@ -192,7 +192,7 @@ if ($id > 0 || ! empty($ref)) */ if ($action == 'delete') { - $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$id.'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1); + $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$id.'&urlfile='.urlencode(GETPOST("urlfile")), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1); if ($ret == 'html') print '
'; } diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php index 3e890ea13f8..f9497759637 100644 --- a/htdocs/commande/document.php +++ b/htdocs/commande/document.php @@ -78,7 +78,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) if (dol_mkdir($upload_dir) >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1) diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php index 7a3bc8b06a4..941f3a8157c 100644 --- a/htdocs/compta/facture/document.php +++ b/htdocs/compta/facture/document.php @@ -80,7 +80,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) if (dol_mkdir($upload_dir) >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1) @@ -206,7 +206,7 @@ if ($id > 0 || ! empty($ref)) */ if ($action == 'delete') { - $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?facid='.$id.'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1); + $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?facid='.$id.'&urlfile='.urlencode(GETPOST("urlfile")), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1); if ($ret == 'html') print '
'; } diff --git a/htdocs/compta/prelevement/fiche.php b/htdocs/compta/prelevement/fiche.php index f7e73d64276..50f24fdca90 100644 --- a/htdocs/compta/prelevement/fiche.php +++ b/htdocs/compta/prelevement/fiche.php @@ -67,7 +67,7 @@ if ($action == 'infotrans' && $user->rights->prelevement->bons->send) { $dir = $conf->prelevement->dir_output.'/receipts'; - if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $dir . "/" . stripslashes($_FILES['userfile']['name']),1) > 0) + if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $dir . "/" . dol_unescapefile($_FILES['userfile']['name']),1) > 0) { $dt = dol_mktime(12,0,0,GETPOST('remonth','int'),GETPOST('reday','int'),GETPOST('reyear','int')); @@ -149,7 +149,7 @@ if ($id) print ''.$langs->trans('Status').''; print ''.$bon->getLibStatut(1).''; print ''; - + if($bon->date_trans <> 0) { $muser = new User($db); diff --git a/htdocs/compta/sociales/document.php b/htdocs/compta/sociales/document.php index 797945d8ee7..4d89e43d459 100644 --- a/htdocs/compta/sociales/document.php +++ b/htdocs/compta/sociales/document.php @@ -75,7 +75,7 @@ if (GETPOST("sendit") && ! empty($conf->global->MAIN_UPLOAD_DOC)) { if (dol_mkdir($upload_dir) >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1) diff --git a/htdocs/contrat/document.php b/htdocs/contrat/document.php index 5180b8a1dd6..5f192106970 100644 --- a/htdocs/contrat/document.php +++ b/htdocs/contrat/document.php @@ -72,7 +72,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { if (dol_mkdir($upload_dir) >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index 08c361ccfea..9a5b9627695 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -487,12 +487,25 @@ function dol_move($srcfile, $destfile, $newmask=0, $overwriteifexists=1) return $result; } +/** + * Unescape a file submitted by upload. PHP escape char " and only char " into $FILES with %22 + * This is a bug because when file contains %22, it is not escape, so there is no way to retrieve original value. + * So best solution is to keep " as %22 into uploaded filename. + * + * @param string $filename Filename + */ +function dol_unescapefile($filename) +{ + //return stripslashes($filename); // FIXME + return $filename; +} + /** * Move an uploaded file after some controls. * If there is errors (virus found, antivir in error, bad filename), file is not moved. * * @param string $src_file Source full path filename ($_FILES['field']['tmp_name']) - * @param string $dest_file Target full path filename + * @param string $dest_file Target full path filename ($_FILES['field']['name']) * @param int $allowoverwrite 1=Overwrite target file if it already exists * @param int $disablevirusscan 1=Disable virus scan * @param string $uploaderrorcode Value of upload error code ($_FILES['field']['error']) @@ -603,7 +616,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disable if (is_object($object)) { $object->src_file=$dest_file; - + // Appel des triggers include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php"); $interface=new Interfaces($db); diff --git a/htdocs/ecm/docmine.php b/htdocs/ecm/docmine.php index 8f253c04e4b..9070a53a1cf 100644 --- a/htdocs/ecm/docmine.php +++ b/htdocs/ecm/docmine.php @@ -75,7 +75,7 @@ if (GETPOST("sendit") && ! empty($conf->global->MAIN_UPLOAD_DOC)) { if (dol_mkdir($upload_dir) >= 0) { - $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { $result=$ecmdir->changeNbOfFiles('+'); diff --git a/htdocs/ecm/docother.php b/htdocs/ecm/docother.php index cfc9e6aee74..634ee0b5605 100644 --- a/htdocs/ecm/docother.php +++ b/htdocs/ecm/docother.php @@ -45,7 +45,7 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { if (dol_mkdir($upload_dir) >= 0) { - $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { $result=$ecmdir->changeNbOfFiles('+'); diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php index 5c0b178c6ed..35a286b965a 100644 --- a/htdocs/ecm/index.php +++ b/htdocs/ecm/index.php @@ -94,7 +94,7 @@ if (GETPOST("sendit") && ! empty($conf->global->MAIN_UPLOAD_DOC)) if (dol_mkdir($upload_dir) >= 0) { - $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0, 0, $_FILES['userfile']['error']); + $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0, 0, $_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { //$mesg = '
'.$langs->trans("FileTransferComplete").'
'; diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php index a4dbe96b516..018998cf47e 100644 --- a/htdocs/fichinter/document.php +++ b/htdocs/fichinter/document.php @@ -76,7 +76,7 @@ if (GETPOST('sendit','alpha') && ! empty($conf->global->MAIN_UPLOAD_DOC)) if (dol_mkdir($upload_dir) >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1) diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php index fb5d9df5d23..d5fe4ac022a 100644 --- a/htdocs/fourn/commande/document.php +++ b/htdocs/fourn/commande/document.php @@ -79,7 +79,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) if (dol_mkdir($upload_dir) >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1) diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php index 51fdf70f4a5..c1adefbf93b 100644 --- a/htdocs/fourn/facture/document.php +++ b/htdocs/fourn/facture/document.php @@ -75,7 +75,7 @@ if ($_POST['sendit'] && ! empty($conf->global->MAIN_UPLOAD_DOC)) if (dol_mkdir($upload_dir) >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1) diff --git a/htdocs/ftp/index.php b/htdocs/ftp/index.php index 9b286641f32..cd356d91b26 100644 --- a/htdocs/ftp/index.php +++ b/htdocs/ftp/index.php @@ -95,7 +95,7 @@ if ( $_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) if (dol_mkdir($upload_dir) >= 0) { - $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0); + $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0); if (is_numeric($resupload) && $resupload > 0) { //$mesg = '
'.$langs->trans("FileTransferComplete").'
'; diff --git a/htdocs/product/document.php b/htdocs/product/document.php index 791fa9e90be..a3547f6bedc 100755 --- a/htdocs/product/document.php +++ b/htdocs/product/document.php @@ -76,7 +76,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { if (dol_mkdir($upload_dir) >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1) diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php index dd9a4fe2c6e..39ae5148024 100644 --- a/htdocs/projet/document.php +++ b/htdocs/projet/document.php @@ -75,7 +75,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) if (dol_mkdir($upload_dir) >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1) diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php index 8095d83c9d6..5c1d3bc0c90 100644 --- a/htdocs/projet/tasks/document.php +++ b/htdocs/projet/tasks/document.php @@ -73,7 +73,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { if (dol_mkdir($upload_dir) >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1) diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php index 6ab8e8b5ee0..d37ced68e01 100644 --- a/htdocs/societe/document.php +++ b/htdocs/societe/document.php @@ -83,7 +83,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { if (dol_mkdir($upload_dir) >= 0) { - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . stripslashes($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . dol_unescapefile($_FILES['userfile']['name']),0,0,$_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { if (image_format_supported($upload_dir . "/" . $_FILES['userfile']['name']) == 1) @@ -123,6 +123,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') if ($object->id) { $file = $upload_dir . "/" . GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). + dol_delete_file($file,0,0,0,$object); $mesg = '
'.$langs->trans("FileWasRemoved",GETPOST('urlfile')).'
'; } @@ -206,10 +207,10 @@ if ($object->id) /* * Confirmation suppression fichier - */ + */ if ($action == 'delete') - { - $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&urlfile='.urldecode($_GET["urlfile"]), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1); + { + $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&urlfile='.urlencode(GETPOST("urlfile")), $langs->trans('DeleteFile'), $langs->trans('ConfirmDeleteFile'), 'confirm_deletefile', '', 0, 1); if ($ret == 'html') print '
'; } diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index 418e496ab7c..92bda6a4b00 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -118,6 +118,12 @@ if ($modulepart) $accessallowed=1; $original_file=$conf->adherent->dir_output.'/'.$original_file; } + // Wrapping for members photos + elseif ($modulepart == 'member') + { + $accessallowed=1; + $original_file=$conf->adherent->dir_output.'/'.$original_file; + } // Wrapping pour les images des societes elseif ($modulepart == 'societe') {