Esempi in PHP per dol_check_secure_access_document

Linguaggio di programmazione: PHP

Metodo/funzione: dol_check_secure_access_document

Esempi su hotexamples.com: 2

dol_check_secure_access_document in PHP: 2 esempi trovati. Questi sono i migliori esempi reali in PHP per dol_check_secure_access_document, estratti da progetti open source. Li puoi valutare, per aiutarci a migliorare la qualità dei nostri esempi.

Esempio n. 1

Mostra file

File: document.php Progetto: Samara94/dolibarr

}
if (isset($_GET["attachment"])) {
    $attachment = GETPOST("attachment") ? true : false;
}
if (!empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) {
    $attachment = false;
}
// Suppression de la chaine de caractere ../ dans $original_file
$original_file = str_replace("../", "/", $original_file);
// Find the subdirectory name as the reference
$refname = basename(dirname($original_file) . "/");
// Security check
if (empty($modulepart)) {
    accessforbidden('Bad value for parameter modulepart');
}
$check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname);
$accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
$original_file = $check_access['original_file'];
// Basic protection (against external users only)
if ($user->societe_id > 0) {
    if ($sqlprotectagainstexternals) {
        $resql = $db->query($sqlprotectagainstexternals);
        if ($resql) {
            $num = $db->num_rows($resql);
            $i = 0;
            while ($i < $num) {
                $obj = $db->fetch_object($resql);
                if ($user->societe_id != $obj->fk_soc) {
                    $accessallowed = 0;
                    break;

Esempio n. 2

Mostra file

File: server_other.php Progetto: Samara94/dolibarr

/**
 * Method to get a document by webservice
 *
 * @param 	array	$authentication		Array with permissions
 * @param 	string	$modulepart		 	Properties of document
 * @param	string	$file				Relative path
 * @param	string	$refname			Ref of object to check permission for external users (autodetect if not provided)
 * @return	void
 */
function getDocument($authentication, $modulepart, $file, $refname = '')
{
    global $db, $conf, $langs, $mysoc;
    dol_syslog("Function: getDocument login="******"/";
    //$relativepath = $relativefilepath . $ref.'.pdf';
    $accessallowed = 0;
    $fuser = check_authentication($authentication, $error, $errorcode, $errorlabel);
    if ($fuser->societe_id) {
        $socid = $fuser->societe_id;
    }
    // Check parameters
    if (!$error && (!$file || !$modulepart)) {
        $error++;
        $errorcode = 'BAD_PARAMETERS';
        $errorlabel = "Parameter file and modulepart must be both provided.";
    }
    if (!$error) {
        $fuser->getrights();
        // Suppression de la chaine de caractere ../ dans $original_file
        $original_file = str_replace("../", "/", $original_file);
        // find the subdirectory name as the reference
        if (empty($refname)) {
            $refname = basename(dirname($original_file) . "/");
        }
        // Security check
        $check_access = dol_check_secure_access_document($modulepart, $original_file, $conf->entity, $fuser, $refname);
        $accessallowed = $check_access['accessallowed'];
        $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
        $original_file = $check_access['original_file'];
        // Basic protection (against external users only)
        if ($fuser->societe_id > 0) {
            if ($sqlprotectagainstexternals) {
                $resql = $db->query($sqlprotectagainstexternals);
                if ($resql) {
                    $num = $db->num_rows($resql);
                    $i = 0;
                    while ($i < $num) {
                        $obj = $db->fetch_object($resql);
                        if ($fuser->societe_id != $obj->fk_soc) {
                            $accessallowed = 0;
                            break;
                        }
                        $i++;
                    }
                }
            }
        }
        // Security:
        // Limite acces si droits non corrects
        if (!$accessallowed) {
            $errorcode = 'NOT_PERMITTED';
            $errorlabel = 'Access not allowed';
            $error++;
        }
        // Security:
        // On interdit les remontees de repertoire ainsi que les pipe dans
        // les noms de fichiers.
        if (preg_match('/\\.\\./', $original_file) || preg_match('/[<>|]/', $original_file)) {
            dol_syslog("Refused to deliver file " . $original_file);
            $errorcode = 'REFUSED';
            $errorlabel = '';
            $error++;
        }
        clearstatcache();
        if (!$error) {
            if (file_exists($original_file)) {
                dol_syslog("Function: getDocument {$original_file} {$filename} content-type={$type}");
                $file = $fileparams['fullname'];
                $filename = basename($file);
                $f = fopen($original_file, 'r');
                $content_file = fread($f, filesize($original_file));
                $objectret = array('filename' => basename($original_file), 'mimetype' => dol_mimetype($original_file), 'content' => base64_encode($content_file), 'length' => filesize($original_file));
                // Create return object
                $objectresp = array('result' => array('result_code' => 'OK', 'result_label' => ''), 'document' => $objectret);
            } else {
                dol_syslog("File doesn't exist " . $original_file);
                $errorcode = 'NOT_FOUND';
                $errorlabel = '';
                $error++;
            }
        }
    }
    if ($error) {
        $objectresp = array('result' => array('result_code' => $errorcode, 'result_label' => $errorlabel));
    }
    return $objectresp;
}