Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-10 11:31:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
1036eabd42c020ea43ea5c79f3d957b2d93b855d
dolibarr/htdocs/viewimage.php
Laurent Destailleur 1249eac510 Add supplier orders statistics report
2008-09-08 19:04:19 +00:00

384 lines
10 KiB
PHP
Raw Blame History

<?php
/* Copyright (C) 2004-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2005-2008 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2008 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* or see http://www.gnu.org/
*/
/**
\file htdocs/viewimage.php
\brief Wrapper permettant l'affichage de fichiers images Dolibarr
\remarks L'appel est viewimage.php?file=pathrelatifdufichier&modulepart=repfichierconcerne
\version $Id$
*/
$original_file = isset($_GET["file"])?urldecode($_GET["file"]):'';
$modulepart = urldecode($_GET["modulepart"]);
$type = isset($_GET["type"]) ? urldecode($_GET["type"]) : '';
// Define if we need master or master+main
$needmasteronly=false;
if ($modulepart == 'companylogo') $needmasteronly=true;
// This is to make Dolibarr working with Plesk
set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');
// Load master or main
if ($needmasteronly)
{
// Pour companylogo, on charge juste environnement sans logon qui charge le user
require("./master.inc.php");
}
else
{
if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1');
if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1');
if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1');
// Pour autre que companylogo, on charge environnement + info issus de logon comme le user
require("./main.inc.php");
// master.inc.php is included in main.inc.php
}
// C'est un wrapper, donc header vierge
function llxHeader() { }
// Protection, on interdit les .. dans les chemins
$original_file = eregi_replace('\.\.','',$original_file);
$accessallowed=0;
if ($modulepart)
{
// Check permissions and define directory
// Wrapping pour les photo utilisateurs
if ($modulepart == 'companylogo')
{
$accessallowed=1;
$original_file=$conf->societe->dir_logos.'/'.$original_file;
}
// Wrapping pour les photos utilisateurs
elseif ($modulepart == 'userphoto')
{
$accessallowed=1;
$original_file=$conf->users->dir_output.'/'.$original_file;
}
// Wrapping pour les photos adherents
elseif ($modulepart == 'memberphoto')
{
$accessallowed=1;
$original_file=$conf->adherent->dir_output.'/'.$original_file;
}
// Wrapping pour les apercu factures
elseif ($modulepart == 'apercufacture')
{
$user->getrights('facture');
if ($user->rights->facture->lire)
{
$accessallowed=1;
}
$original_file=$conf->facture->dir_output.'/'.$original_file;
}
// Wrapping pour les apercu propal
elseif ($modulepart == 'apercupropal')
{
$user->getrights('propale');
if ($user->rights->propale->lire)
{
$accessallowed=1;
}
$original_file=$conf->propal->dir_output.'/'.$original_file;
}
// Wrapping pour les apercu commande
elseif ($modulepart == 'apercucommande')
{
$user->getrights('commande');
if ($user->rights->commande->lire)
{
$accessallowed=1;
}
$original_file=$conf->commande->dir_output.'/'.$original_file;
}
// Wrapping pour les apercu intervention
elseif ($modulepart == 'apercufichinter')
{
$user->getrights('ficheinter');
if ($user->rights->ficheinter->lire)
{
$accessallowed=1;
}
$original_file=$conf->fichinter->dir_output.'/'.$original_file;
}
// Wrapping pour les images des stats propales
elseif ($modulepart == 'propalstats')
{
$user->getrights('propale');
if ($user->rights->propale->lire)
{
$accessallowed=1;
}
$original_file=$conf->propal->dir_temp.'/'.$original_file;
}
// Wrapping pour les images des stats commandes
elseif ($modulepart == 'orderstats')
{
$user->getrights('commande');
if ($user->rights->commande->lire)
{
$accessallowed=1;
}
$original_file=$conf->commande->dir_temp.'/'.$original_file;
}
elseif ($modulepart == 'orderstatssupplier')
{
$user->getrights('fournisseur');
if ($user->rights->fournisseur->commande->lire)
{
$accessallowed=1;
}
$original_file=$conf->fournisseur->commande->dir_temp.'/'.$original_file;
}
// Wrapping pour les images des stats factures
elseif ($modulepart == 'billstats')
{
$user->getrights('facture');
if ($user->rights->facture->lire)
{
$accessallowed=1;
}
$original_file=$conf->facture->dir_temp.'/'.$original_file;
}
elseif ($modulepart == 'billstatssupplier')
{
$user->getrights('fourn');
if ($user->rights->fournisseur->facture->lire)
{
$accessallowed=1;
}
$original_file=$conf->fournisseur->facture->dir_temp.'/'.$original_file;
}
// Wrapping pour les images des stats expeditions
elseif ($modulepart == 'expeditionstats')
{
$user->getrights('expedition');
if ($user->rights->expedition->lire)
{
$accessallowed=1;
}
$original_file=$conf->expedition->dir_temp.'/'.$original_file;
}
// Wrapping pour les images des stats produits
elseif (eregi('^productstats_',$modulepart))
{
$user->getrights('produit');
if ($user->rights->produit->lire)
{
$accessallowed=1;
}
$original_file=$conf->produit->dir_temp.'/'.$original_file;
}
// Wrapping pour les produits
elseif ($modulepart == 'product')
{
$user->getrights('produit');
if ($user->rights->produit->lire)
{
$accessallowed=1;
}
$original_file=$conf->produit->dir_output.'/'.$original_file;
}
// Wrapping pour les prelevements
elseif ($modulepart == 'prelevement')
{
$user->getrights('prelevement');
if ($user->rights->prelevement->bons->lire) $accessallowed=1;
$original_file=$conf->prelevement->dir_output.'/bon/'.$original_file;
}
// Wrapping pour les graph telephonie
elseif ($modulepart == 'telephoniegraph')
{
$user->getrights('telephonie');
if ($user->rights->telephonie->lire)
{
$accessallowed=1;
}
$original_file=DOL_DATA_ROOT.'/graph/telephonie/'.$original_file;
}
// Wrapping pour les graph energie
elseif ($modulepart == 'energie')
{
$accessallowed=1;
$original_file=DOL_DATA_ROOT.'/energie/graph/'.$original_file;
}
// Wrapping pour les graph bank
elseif ($modulepart == 'bank')
{
$accessallowed=1;
$original_file=$conf->banque->dir_temp.'/'.$original_file;
}
// Wrapping pour les images wysiwyg
elseif ($modulepart == 'fckeditor')
{
$accessallowed=1;
$original_file=$conf->fckeditor->dir_output.'/'.$original_file;
}
// Wrapping pour les images wysiwyg mailing
elseif ($modulepart == 'mailing')
{
$accessallowed=1;
$original_file=$conf->mailing->dir_output.'/'.$original_file;
}
// Wrapping pour les graph energie
elseif ($modulepart == 'graph_stock')
{
$accessallowed=1;
$original_file=DOL_DATA_ROOT.'/entrepot/temp/'.$original_file;
}
// Wrapping pour les graph fournisseurs
elseif ($modulepart == 'graph_fourn')
{
$accessallowed=1;
$original_file=DOL_DATA_ROOT.'/fournisseur/temp/'.$original_file;
}
// Wrapping pour les graph des produits
elseif ($modulepart == 'graph_product')
{
$accessallowed=1;
$original_file=DOL_DATA_ROOT.'/product/temp/'.$original_file;
}
// Wrapping pour les code barre
elseif ($modulepart == 'barcode')
{
$accessallowed=1;
$original_file=''; // No files are built on disk
}
// images des stats du commercial
elseif ($modulepart == 'graph_comm')
{
$accessallowed=1;
$original_file= $conf->commercial->dir_temp . '/' .$original_file ; // No files are built on disk
}
// Wrapping generique (allows any module to open a file if file is in directory
// called DOL_DATA_ROOT/modulepart.
else
{
$accessallowed=1;
$original_file=DOL_DATA_ROOT.'/'.$modulepart.'/'.$original_file;
}
}
// Security:
// Limit access if permissions are wrong
if (! $accessallowed)
{
accessforbidden();
}
// Security:
// On interdit les remont<6E>es de repertoire ainsi que les pipe dans
// les noms de fichiers.
if (eregi('\.\.',$original_file) || eregi('[<>|]',$original_file))
{
$langs->load("main");
dolibarr_syslog("Refused to deliver file ".$original_file);
// Do no show plain path in shown error message
dolibarr_print_error(0,$langs->trans("ErrorFileNameInvalid",$_GET["file"]));
exit;
}
if ($modulepart == 'barcode')
{
// Output files with barcode generators
$dir = DOL_DOCUMENT_ROOT."/includes/modules/barcode/";
$generator=$_GET["generator"];
$code=$_GET["code"];
$encoding=$_GET["encoding"];
$readable=$_GET["readable"]?$_GET["readable"]:"Y";
// Chargement de la classe de codage
require_once($dir.$generator.".modules.php");
$classname = "mod".ucfirst($generator);
$module = new $classname($db);
if ($module->encodingIsSupported($encoding))
{
$result=$module->buildBarCode($code,$encoding,$readable);
}
}
else
{
// Ouvre et renvoi fichier
clearstatcache();
// Output files on disk
$filename = basename($original_file);
dolibarr_syslog("viewimage.php return file $original_file $filename content-type=$type");
if (! file_exists($original_file))
{
$langs->load("main");
dolibarr_print_error(0,$langs->trans("ErrorFileDoesNotExists",$_GET["file"]));
exit;
}
// Les drois sont ok et fichier trouv<75>
if ($type)
{
header('Content-type: '.$type);
}
else
{
header('Content-type: image/png');
}
readfile($original_file);
}
?>
Reference in New Issue View Git Blame Copy Permalink