Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-05 17:18:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

NEW Option MAIN_SECURITY_MAXFILESIZE_DOWNLOADED become official

Browse Source
This commit is contained in:
ldestailleur
2025-04-01 19:56:50 +02:00
parent 0780695ba4
commit f7d034a71c
6 changed files with 44 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
htdocs/admin/security_file.php
View File

@@ -105,7 +105,10 @@ if ($action == 'updateform') {
$res5 = dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", trim($antivircommand), 'chaine', 0, '', $conf->entity); $res5 = dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", trim($antivircommand), 'chaine', 0, '', $conf->entity);
$res6 = dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", trim($antivirparam), 'chaine', 0, '', $conf->entity); $res6 = dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", trim($antivirparam), 'chaine', 0, '', $conf->entity);
$res7 = dolibarr_set_const($db, "MAIN_FILE_EXTENSION_UPLOAD_RESTRICTION", GETPOST('MAIN_FILE_EXTENSION_UPLOAD_RESTRICTION', 'alpha'), 'chaine', 0, '', $conf->entity); $res7 = dolibarr_set_const($db, "MAIN_FILE_EXTENSION_UPLOAD_RESTRICTION", GETPOST('MAIN_FILE_EXTENSION_UPLOAD_RESTRICTION', 'alpha'), 'chaine', 0, '', $conf->entity);
if ($res3 && $res4 && $res5 && $res6 && $res7) {
$res8 = dolibarr_set_const($db, "MAIN_SECURITY_MAXFILESIZE_DOWNLOADED", GETPOST('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED', 'alpha'), 'chaine', 0, '', $conf->entity);
if ($res3 && $res4 && $res5 && $res6 && $res7 && $res8) {
setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs');
} }
} }
@@ -152,7 +155,7 @@ print '<br>';
print '<div class="div-table-responsive-no-min">'; print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent nomarginbottom">'; print '<table class="noborder centpercent nomarginbottom">';
print '<tr class="liste_titre">'; print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Parameters").'</td>'; print '<td>'.$langs->trans("Upload").'</td>';
print '<td></td>'; print '<td></td>';
print '</tr>'; print '</tr>';
@@ -230,6 +233,34 @@ print '</tr>';
print '</table>'; print '</table>';
print '</div>'; print '</div>';
print '<br>';
// Download options
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent nomarginbottom">';
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Download").'</td>';
print '<td></td>';
print '</tr>';
print '<tr class="oddeven">';
print '<td>'.$langs->trans("MAIN_SECURITY_MAXFILESIZE_DOWNLOADED").'<br>';
//print '<span class="opacitymedium">'.$langs->trans("MAIN_SECURITY_MAXFILESIZE_DOWNLOADED").'</span>';
print '</td>';
print '<td>';
print '<input type="text" name="MAIN_SECURITY_MAXFILESIZE_DOWNLOADED" class="width100 right" spellcheck="false" value="'.getDolGlobalString('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED').'"> '.$langs->trans("Kb");
print "</td>";
print '</tr>';
print '</table>';
print '</div>';
print dol_get_fiche_end(); print dol_get_fiche_end();
print $form->buttonsSaveCancel("Modify", ''); print $form->buttonsSaveCancel("Modify", '');

7
htdocs/admin/system/security.php
View File

@@ -544,6 +544,10 @@ print '<br>';
print '<br>'; print '<br>';
print '<strong>'.$langs->trans("MAIN_SECURITY_MAXFILESIZE_DOWNLOADED").'</strong> = '.getDolGlobalString('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': < 100000)</span>')."<br>";
print '<br>';
$securityevent = new Events($db); $securityevent = new Events($db);
$eventstolog = $securityevent->eventstolog; $eventstolog = $securityevent->eventstolog;
@@ -835,9 +839,6 @@ if ($execmethod == 2) {
print '<br>'; print '<br>';
print '<br>'; print '<br>';
print '<strong>MAIN_SECURITY_MAXFILESIZE_DOWNLOADED</strong> = '.getDolGlobalString('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED', '<span class="opacitymedium">'.$langs->trans("Undefined").' &nbsp; ('.$langs->trans("Recommended").': 100000000)</span>')."<br>";
print '<br>';
print '<strong>MAIN_RESTRICTHTML_ONLY_VALID_HTML</strong> = '.(getDolGlobalString('MAIN_RESTRICTHTML_ONLY_VALID_HTML') ? '1' : '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>'); print '<strong>MAIN_RESTRICTHTML_ONLY_VALID_HTML</strong> = '.(getDolGlobalString('MAIN_RESTRICTHTML_ONLY_VALID_HTML') ? '1' : '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>');
print ' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").": 1 - does not work on HTML5 with some old libxml libs)</span>"; print ' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").": 1 - does not work on HTML5 with some old libxml libs)</span>";

4
htdocs/core/lib/admin.lib.php
View File

@@ -857,7 +857,7 @@ function ihm_prepare_head()
*/ */
function security_prepare_head() function security_prepare_head()
{ {
global $db, $langs, $conf, $user; global $db, $langs, $conf;
$h = 0; $h = 0;
$head = array(); $head = array();
@@ -877,7 +877,7 @@ function security_prepare_head()
$h++; $h++;
$head[$h][0] = DOL_URL_ROOT."/admin/security_file.php"; $head[$h][0] = DOL_URL_ROOT."/admin/security_file.php";
$head[$h][1] = $langs->trans("Files").' ('.$langs->trans("Upload").')'; $head[$h][1] = $langs->trans("Files").' ('.$langs->trans("UploadName").' | '.$langs->trans("Download").')';
$head[$h][2] = 'file'; $head[$h][2] = 'file';
$h++; $h++;

4
htdocs/core/lib/geturl.lib.php
View File

@@ -123,10 +123,10 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation =
// limit size of downloaded files. // limit size of downloaded files.
$maxsize = getDolGlobalInt('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED'); $maxsize = getDolGlobalInt('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED');
if ($maxsize && defined('CURLOPT_MAXFILESIZE_LARGE')) { if ($maxsize && defined('CURLOPT_MAXFILESIZE_LARGE')) {
curl_setopt($ch, CURLOPT_MAXFILESIZE_LARGE, $maxsize); // @phan-suppress-current-line PhanTypeMismatchArgumentNullableInternal curl_setopt($ch, CURLOPT_MAXFILESIZE_LARGE, $maxsize * 1024); // @phan-suppress-current-line PhanTypeMismatchArgumentNullableInternal
} }
if ($maxsize && defined('CURLOPT_MAXFILESIZE')) { if ($maxsize && defined('CURLOPT_MAXFILESIZE')) {
curl_setopt($ch, CURLOPT_MAXFILESIZE, $maxsize); curl_setopt($ch, CURLOPT_MAXFILESIZE, $maxsize * 1024);
} }
//curl_setopt($ch, CURLOPT_SAFE_UPLOAD, true); // PHP 5.5 //curl_setopt($ch, CURLOPT_SAFE_UPLOAD, true); // PHP 5.5

2
htdocs/langs/en_US/admin.lang
View File

@@ -2655,3 +2655,5 @@ Blocking=Blocking
NoBlocking=No blocking NoBlocking=No blocking
MULTICURRENCY_APP_ENDPOINT=API endpoint URL to get live multicurrencies from a source currency MULTICURRENCY_APP_ENDPOINT=API endpoint URL to get live multicurrencies from a source currency
NoWebsite=No website NoWebsite=No website
UploadName=Upload
MAIN_SECURITY_MAXFILESIZE_DOWNLOADED=Max size of downloaded files

2
htdocs/webportal/controllers/document.controller.class.php
View File

@@ -216,7 +216,7 @@ class DocumentController extends Controller
$fileSizeMax = getDolGlobalInt('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED'); $fileSizeMax = getDolGlobalInt('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED');
if ($fileSizeMax && $fileSize > $fileSizeMax) { if ($fileSizeMax && $fileSize > $fileSizeMax) {
dol_syslog('ErrorFileSizeTooLarge: ' . $fileSize); dol_syslog('ErrorFileSizeTooLarge: ' . $fileSize);
print 'ErrorFileSizeTooLarge: ' . $fileSize . ' (max ' . $fileSizeMax . ')'; print 'ErrorFileSizeTooLarge: ' . $fileSize . ' (max ' . $fileSizeMax . ' Kb)';
exit; exit;
} }