Skip to content

Commit

Permalink
Fix from #27211
Browse files Browse the repository at this point in the history
  • Loading branch information
@eldy
eldy committed Feb 21, 2024
1 parent 5a4c8c6 commit c396dcd
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 7 deletions.
4 changes: 2 additions & 2 deletions htdocs/core/lib/files.lib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2564,7 +2564,7 @@ function dol_most_recent_file($dir, $regexfilter = '', $excludefilter = array('(
* @param string $original_file Relative path with filename, relative to modulepart.
* @param string $entity Restrict onto entity (0=no restriction)
* @param User|null $fuser User object (forced)
* @param string $refname Ref of object to check permission for external users (autodetect if not provided) or for hierarchy
* @param string $refname Ref of object to check permission for external users (autodetect if not provided by taking the dirname of $original_file) or for hierarchy
* @param string $mode Check permission for 'read' or 'write'
* @return mixed Array with access information : 'accessallowed' & 'sqlprotectagainstexternals' & 'original_file' (as a full path name)
* @see restrictedArea()
Expand Down Expand Up @@ -2612,7 +2612,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
// Find the subdirectory name as the reference. For example original_file='10/myfile.pdf' -> refname='10'
if (empty($refname)) {
$refname = basename(dirname($original_file)."/");
if ($refname == 'thumbs') {
if ($refname == 'thumbs' || $refname == 'temp') {
// If we get the thumbs directory, we must go one step higher. For example original_file='10/thumbs/myfile_small.jpg' -> refname='10'
$refname = basename(dirname(dirname($original_file))."/");
}
Expand Down
7 changes: 2 additions & 5 deletions htdocs/document.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,16 +209,13 @@ function llxFooter()
$original_file = str_replace('..\\', '/', $original_file);


// Find the subdirectory name as the reference
$refname = basename(dirname($original_file)."/");

// Security check
if (empty($modulepart)) {
accessforbidden('Bad value for parameter modulepart');
}

// Check security and set return info with full path of file
$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $user, $refname);
$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $user, '');
$accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
$fullpath_original_file = $check_access['original_file']; // $fullpath_original_file is now a full path name
Expand Down Expand Up @@ -282,7 +279,7 @@ function llxFooter()
// Hooks
$hookmanager->initHooks(array('document'));
$parameters = array('ecmfile' => $ecmfile, 'modulepart' => $modulepart, 'original_file' => $original_file,
'entity' => $entity, 'refname' => $refname, 'fullpath_original_file' => $fullpath_original_file,
'entity' => $entity, 'fullpath_original_file' => $fullpath_original_file,
'filename' => $filename, 'fullpath_original_file_osencoded' => $fullpath_original_file_osencoded);
$object = new stdClass();
$reshook = $hookmanager->executeHooks('downloadDocument', $parameters, $object, $action); // Note that $action and $object may have been
Expand Down

0 comments on commit c396dcd

Please sign in to comment.