diff --git a/htdocs/core/photos_resize.php b/htdocs/core/photos_resize.php
index f4a0e149898..7cf554b70d7 100644
--- a/htdocs/core/photos_resize.php
+++ b/htdocs/core/photos_resize.php
@@ -45,10 +45,26 @@ if (isset($_GET["id"]))
}
$original_file = isset($_REQUEST["file"])?urldecode($_REQUEST["file"]):'';
+
// Security check
-if ($modulepart=='produit|service') $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
-else accessforbidden('Bad value for modulepart');
-if ($modulepart=='produit|service' && (! $user->rights->produit->lire && ! $user->rights->service->lire)) accessforbidden();
+if (empty($modulepart)) accessforbidden('Bad value for modulepart');
+$accessallowed=0;
+if ($modulepart)
+{
+ if ($modulepart=='produit|service')
+ {
+ $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
+ if ($modulepart=='produit|service' && (! $user->rights->produit->lire && ! $user->rights->service->lire)) accessforbidden();
+ $accessallowed=1;
+ }
+}
+
+// Security:
+// Limit access if permissions are wrong
+if (! $accessallowed)
+{
+ accessforbidden();
+}
diff --git a/htdocs/document.php b/htdocs/document.php
index b699194f1b0..5e7f52f8d5d 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -101,6 +101,8 @@ $original_file = str_replace("../","/", $original_file);
// find the subdirectory name as the reference
$refname=basename(dirname($original_file)."/");
+// Security check
+if (empty($modulepart)) accessforbidden('Bad value for modulepart');
$accessallowed=0;
$sqlprotectagainstexternals='';
if ($modulepart)
diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php
index d44b08aae1e..615ece8493b 100644
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@@ -1568,7 +1568,7 @@ function info_admin($texte,$infoonimgalt=0)
* \param feature2 Feature to check (second level of permission)
* \param dbt_keyfield Field name for socid foreign key if not fk_soc. (optionnal)
* \param dbt_select Field name for select if not rowid. (optionnal)
- * \return int 1
+ * @return int Always 1, die process if not allowed
*/
function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
{
@@ -1890,10 +1890,10 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
/**
- * \brief Affiche message erreur de type acces interdit et arrete le programme
- * \param message Force error message
- * \param printheader Affiche avant le header
- * \remarks L'appel a cette fonction termine le code.
+ * Affiche message erreur de type acces interdit et arrete le programme
+ * L'appel a cette fonction termine le code.
+ * @param message Force error message
+ * @param printheader Affiche avant le header
*/
function accessforbidden($message='',$printheader=1,$printfooter=1,$showonlymessage=0)
{
diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index 418a003869d..f6d4660baa2 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -2473,15 +2473,15 @@ class Product extends CommonObject
/**
- * \brief Show photos of a product (nbmax maximum)
- * \param sdir Directory to scan
- * \param size 0=original size, 1 use thumbnail if possible
- * \param nbmax Nombre maximum de photos (0=pas de max)
- * \param nbbyrow Nombre vignettes par ligne (si mode vignette)
- * \param showfilename 1=Show filename
- * \param showaction 1=Show icon with action links (resize, delete)
- * \param maxheight Max height of image when size=1
- * \return string Html code to show photo. Number of photos shown is saved in this->nbphoto
+ * Show photos of a product (nbmax maximum)
+ * @param sdir Directory to scan
+ * @param size 0=original size, 1 use thumbnail if possible
+ * @param nbmax Nombre maximum de photos (0=pas de max)
+ * @param nbbyrow Nombre vignettes par ligne (si mode vignette)
+ * @param showfilename 1=Show filename
+ * @param showaction 1=Show icon with action links (resize, delete)
+ * @param maxheight Max height of image when size=1
+ * @return string Html code to show photo. Number of photos shown is saved in this->nbphoto
*/
function show_photos($sdir,$size=0,$nbmax=0,$nbbyrow=5,$showfilename=0,$showaction=0,$maxheight=120)
{
@@ -2560,7 +2560,7 @@ class Product extends CommonObject
if ($user->rights->produit->creer || $user->rights->service->creer)
{
// Link to resize
- $return.= ''.img_picto($langs->trans("Resize"),DOL_URL_ROOT.'/theme/common/transform-crop-and-resize','',1).' ';
+ $return.= ''.img_picto($langs->trans("Resize"),DOL_URL_ROOT.'/theme/common/transform-crop-and-resize','',1).' ';
// Link to delete
$return.= '';
@@ -2583,7 +2583,7 @@ class Product extends CommonObject
if ($user->rights->produit->creer || $user->rights->service->creer)
{
// Link to resize
- $return.= ''.img_picto($langs->trans("Resize"),DOL_URL_ROOT.'/theme/common/transform-crop-and-resize','',1).' ';
+ $return.= ''.img_picto($langs->trans("Resize"),DOL_URL_ROOT.'/theme/common/transform-crop-and-resize','',1).' ';
// Link to delete
$return.= '';
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index 6dca3c0f3bf..1da7b5f0638 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -60,6 +60,8 @@ else $type=dol_mimetype($original_file);
// Suppression de la chaine de caractere ../ dans $original_file
$original_file = str_replace("../","/", $original_file);
+// Security check
+if (empty($modulepart)) accessforbidden('Bad value for modulepart');
$accessallowed=0;
if ($modulepart)
{