FIX DetecHTML on upload file from filemanager fails due to need to lock

(no reason to need to lock file to read it).
2025-12-05 09:08:09 +01:00 · 2025-04-25 19:54:53 +02:00
parent 9b3f315c14
commit f1e8191e7b
3 changed files with 11 additions and 8 deletions
--- a/htdocs/core/filemanagerdol/browser/default/frmupload.php
+++ b/htdocs/core/filemanagerdol/browser/default/frmupload.php
@@ -134,7 +134,10 @@ function OnUploadCompleted( errorNumber, data )
 			alert( 'A file with the same name is already available. The uploaded file has been renamed to "' + data + '"' );
 			break;
 		case 202:
-			alert( 'Invalid file (Bad extension)' );
+			alert( 'Invalid file (Bad extension reported by image_format_supported or other)' );
+			break;
+		case 205:
+			alert( 'Invalid file (Bad file reported by DetectHtml)' );
 			break;
 		default:
 			alert( 'Error on file upload. Error number: ' + errorNumber );
--- a/htdocs/core/filemanagerdol/connectors/php/connector.lib.php
+++ b/htdocs/core/filemanagerdol/connectors/php/connector.lib.php
@@ -323,6 +323,8 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
 		//$sFileName = SanitizeFileName($sFileName);
 		$sFileName = dol_sanitizeFileName($sFileName);

+		dol_syslog("FileUpload sFileName=".$sFileName);
+
 		$sOriginalFileName = $sFileName;

 		// Get the extension.
@@ -339,7 +341,7 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
 		}*/
 		if (!$permissiontouploadmediaisok) {
 			dol_syslog("connector.lib.php Try to upload a file with no permission");
-			$sErrorNumber = '202';
+			$sErrorNumber = '204';
 		}

 		include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
@@ -397,9 +399,9 @@ function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
 						$detectHtml = DetectHtml($sFilePath);
 						if ($detectHtml === true || $detectHtml == -1) {
 							// Note that is is a simple test and not reliable. Security does not rely on this.
-							dol_syslog("connector.lib.php DetectHtml is ko");
+							dol_syslog("connector.lib.php DetectHtml is ko detectHtml=".$detectHtml.", we delete the file.");
 							@unlink($sFilePath);
-							$sErrorNumber = '202';
+							$sErrorNumber = '205';
 						}
 					}
 				}
@@ -964,13 +966,11 @@ function DetectHtml($filePath)
 {
 	$fp = @fopen($filePath, 'rb');

-	//open_basedir restriction, see #1906
-	if ($fp === false || !flock($fp, LOCK_SH)) {
+	if ($fp === false) {
 		return -1;
 	}

 	$chunk = fread($fp, 1024);
-	flock($fp, LOCK_UN);
 	fclose($fp);

 	$chunk = strtolower($chunk);
--- a/htdocs/core/lib/images.lib.php
+++ b/htdocs/core/lib/images.lib.php
@@ -80,7 +80,7 @@ function getListOfPossibleImageExt($acceptsvg = 0)
 *
 *      @param	string	$file       Filename
 *      @param	int		$acceptsvg	0=Default (depends on setup), 1=Always accept SVG as image files
- *      @return int         		-1=Not image filename, 0=Image filename but format not supported for conversion by PHP, 1=Image filename with format supported by this PHP
+ *      @return int         		-1=Not image filename, 0=Image filename but format not supported for conversion by PHP, 1=Image filename with format supported in conversion by this PHP
 */
 function image_format_supported($file, $acceptsvg = 0)
 {