Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 01:28:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX Yogosha report 4425

Browse Source
This commit is contained in:
Laurent Destailleur
2020-09-16 14:37:05 +02:00
parent 382a4552eb
commit d7aa376c3c
3 changed files with 38 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
htdocs/core/lib/functions.lib.php
View File

@@ -7880,19 +7880,16 @@ function getAdvancedPreviewUrl($modulepart, $relativepath, $alldata = 0, $param
if (empty($conf->use_javascript_ajax)) return '';
$mime_preview = array('bmp', 'jpeg', 'png', 'gif', 'tiff', 'pdf', 'plain', 'css', 'svg+xml', 'webp');
//$mime_preview[]='vnd.oasis.opendocument.presentation';
//$mime_preview[]='archive';
$num_mime = array_search(dol_mimetype($relativepath, '', 1), $mime_preview);
$isAllowedForPreview = dolIsAllowedForPreview($relativepath);
if ($alldata == 1)
{
if ($num_mime !== false) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : ''), 'mime'=>dol_mimetype($relativepath),);
if ($isAllowedForPreview) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : ''), 'mime'=>dol_mimetype($relativepath),);
else return array();
}
// old behavior
if ($num_mime !== false) return 'javascript:document_preview(\''.dol_escape_js(DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : '')).'\', \''.dol_mimetype($relativepath).'\', \''.dol_escape_js($langs->trans('Preview')).'\')';
// old behavior, return a string
if ($isAllowedForPreview) return 'javascript:document_preview(\''.dol_escape_js(DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param ? '&'.$param : '')).'\', \''.dol_mimetype($relativepath).'\', \''.dol_escape_js($langs->trans('Preview')).'\')';
else return '';
}
@@ -7917,6 +7914,32 @@ function ajax_autoselect($htmlname, $addlink = '')
}
/**
* Return if a file is qualified for preview
*
* @param string $file Filename we looking for information
* @return int 1 If allowed, 0 otherwise
* @see dol_mimetype(), image_format_supported() from images.lib.php
*/
function dolIsAllowedForPreview($file) {
global $conf;
// Check .noexe extension in filename
if (preg_match('/\.noexe$/i', $file)) return 0;
// Check mime types
$mime_preview = array('bmp', 'jpeg', 'png', 'gif', 'tiff', 'pdf', 'plain', 'css', 'webp');
if (!empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)) $mime_preview[] = 'svg+xml';
//$mime_preview[]='vnd.oasis.opendocument.presentation';
//$mime_preview[]='archive';
$num_mime = array_search(dol_mimetype($file, '', 1), $mime_preview);
if ($num_mime !== false) return 1;
// By default, not allowed for preview
return 0;
}
/**
* Return mime type of a file
*
@@ -7924,7 +7947,7 @@ function ajax_autoselect($htmlname, $addlink = '')
* @param string $default Default mime type if extension not found in known list
* @param int $mode 0=Return full mime, 1=otherwise short mime string, 2=image for mime type, 3=source language, 4=css of font fa
* @return string Return a mime type family (text/xxx, application/xxx, image/xxx, audio, video, archive)
* @see image_format_supported() from images.lib.php
* @see dolIsAllowedForPreview(), image_format_supported() from images.lib.php
*/
function dol_mimetype($file, $default = 'application/octet-stream', $mode = 0)
{