NEW Can download PDF document from the payment page

Dolibarr · Oct 29, 2017 · bbe1c9c · bbe1c9c
1 parent 76b0e7e
commit bbe1c9c
Show file tree

Hide file tree

Showing 10 changed files with 211 additions and 65 deletions.
diff --git a/htdocs/core/ajax/ajaxdirpreview.php b/htdocs/core/ajax/ajaxdirpreview.php
@@ -89,9 +89,7 @@
 if (empty($url)) $url=DOL_URL_ROOT.'/ecm/index.php';
 
 // Load traductions files
-$langs->load("ecm");
-$langs->load("companies");
-$langs->load("other");
+$langs->loadLangs(array("ecm","companies","other"));
 
 // Security check
 if ($user->societe_id > 0) $socid = $user->societe_id;

diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
@@ -553,6 +553,90 @@ function getBannerAddress($htmlkey, $object)
 		return $out;
 	}
 
+	/**
+	 * Return the link of last main doc file for direct public download.
+	 *
+	 * @param	string	$modulepart			Module related to document
+	 * @param	int		$initsharekey		Init the share key if it was not yet defined
+	 * @return	string						Link or empty string if there is no download link
+	 */
+	function getLastMainDocLink($modulepart, $initsharekey=0)
+	{
+		global $user, $dolibarr_main_url_root;
+
+		if (empty($this->last_main_doc))
+		{
+			return '';		// No known last doc
+		}
+
+		include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmfiles.class.php';
+		$ecmfile=new EcmFiles($this->db);
+		$result = $ecmfile->fetch(0, '', $this->last_main_doc);
+		if ($result < 0)
+		{
+			$this->error = $ecmfile->error;
+			$this->errors = $ecmfile->errors;
+			return -1;
+		}
+
+		if (empty($ecmfile->id))
+		{
+			// Add entry into index
+			if ($initsharekey)
+			{
+				require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
+				// TODO We can't, we dont' have full path of file, only last_main_doc adn ->element, so we must rebuild full path first
+				/*
+				$ecmfile->filepath = $rel_dir;
+				$ecmfile->filename = $filename;
+				$ecmfile->label = md5_file(dol_osencode($destfull));	// hash of file content
+				$ecmfile->fullpath_orig = '';
+				$ecmfile->gen_or_uploaded = 'generated';
+				$ecmfile->description = '';    // indexed content
+				$ecmfile->keyword = '';        // keyword content
+				$ecmfile->share = getRandomPassword(true);
+				$result = $ecmfile->create($user);
+				if ($result < 0)
+				{
+					$this->error = $ecmfile->error;
+					$this->errors = $ecmfile->errors;
+				}
+				*/
+			}
+			else return '';
+		}
+		elseif (empty($ecmfile->share))
+		{
+			// Add entry into index
+			if ($initsharekey)
+			{
+				require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
+				$ecmfile->share = getRandomPassword(true);
+				$ecmfile->update($user);
+			}
+			else return '';
+		}
+
+		// Define $urlwithroot
+		$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
+		$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT;		// This is to use external domain name found into config file
+		//$urlwithroot=DOL_MAIN_URL_ROOT;					// This is to use same domain name than current
+
+		$forcedownload=1;
+		$rellink='/document.php?modulepart='.$modulepart;
+		if ($forcedownload) $rellink.='&attachment=1';
+		if (! empty($ecmfile->entity)) $rellink.='&entity='.$ecmfile->entity;
+		//$rellink.='&file='.urlencode($filepath);		// No need of name of file for public link, we will use the hash
+		$fulllink=$urlwithroot.$rellink;
+		//if (! empty($object->ref))       $fulllink.='&hashn='.$object->ref;			// Hash of file path
+		//elseif (! empty($object->label)) $fulllink.='&hashc='.$object->label;		// Hash of file content
+		if (! empty($ecmfile->share))  $fulllink.='&hashp='.$ecmfile->share;			// Hash for public share
+
+		// Here $ecmfile->share is defined
+		return $fulllink;
+	}
+
+
 	/**
 	 *  Add a link between element $this->element and a contact
 	 *
@@ -4120,6 +4204,7 @@ protected function commonGenerateDocument($modelspath, $modele, $outputlangs, $h
 						}
 						else
 						{
+							$ecmfile->entity = $conf->entity;
 							$ecmfile->filepath = $rel_dir;
 							$ecmfile->filename = $filename;
 							$ecmfile->label = md5_file(dol_osencode($destfull));	// hash of file content

diff --git a/htdocs/document.php b/htdocs/document.php
@@ -31,12 +31,18 @@
  */
 
 define('NOTOKENRENEWAL',1); // Disables token renewal
-// Pour autre que bittorrent, on charge environnement + info issus de logon (comme le user)
+// For bittorent link, we don't need to load/check we are into a login session
 if (isset($_GET["modulepart"]) && $_GET["modulepart"] == 'bittorrent' && ! defined("NOLOGIN"))
 {
 	define("NOLOGIN",1);
 	define("NOCSRFCHECK",1);	// We accept to go on this page from external web site.
 }
+// For direct external download link, we don't need to load/check we are into a login session
+if (isset($_GET["hashp"]) && ! defined("NOLOGIN"))
+{
+	define("NOLOGIN",1);
+	define("NOCSRFCHECK",1);	// We accept to go on this page from external web site.
+}
 if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1');
 if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1');
 if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1');
@@ -111,21 +117,23 @@ function llxFooter() { }
 	$result = $ecmfile->fetch(0, '', '', '', $hashp);
 	if ($result > 0)
 	{
-		$tmp = explode('/', $ecmfile->filepath, 2);		// $ecmfile->filepatch is relative to document directory
+		$tmp = explode('/', $ecmfile->filepath, 2);		// $ecmfile->filepath is relative to document directory
 		$moduleparttocheck = $tmp[0];
 		if ($moduleparttocheck == $modulepart)
 		{
+			// We remove first level of directory
 			$original_file = (($tmp[1]?$tmp[1].'/':'').$ecmfile->filename);		// this is relative to module dir
 			//var_dump($original_file); exit;
 		}
 		else
 		{
-			accessforbidden('Bad link. File owns to another module part.',0,0,1);
+			accessforbidden('Bad link. File is from another module part.',0,0,1);
 		}
 	}
 	else
 	{
-		accessforbidden('Bad link. File was not found or sharing attribute removed recently.',0,0,1);
+		$langs->load("errors");
+		accessforbidden($langs->trans("ErrorFileNotFoundWithSharedLink"),0,0,1);
 	}
 }
 
@@ -138,30 +146,38 @@ function llxFooter() { }
 
 // Security check
 if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
+
 $check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $refname);
 $accessallowed              = $check_access['accessallowed'];
 $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
 $fullpath_original_file     = $check_access['original_file'];               // $fullpath_original_file is now a full path name
 
-// Basic protection (against external users only)
-if ($user->societe_id > 0)
+if (! empty($hashp))
+{
+	$accessallowed = 1;			// When using hashp, link is public so we force $accessallowed
+}
+else
 {
-	if ($sqlprotectagainstexternals)
+	// Basic protection (against external users only)
+	if ($user->societe_id > 0)
 	{
-		$resql = $db->query($sqlprotectagainstexternals);
-		if ($resql)
+		if ($sqlprotectagainstexternals)
 		{
-			$num=$db->num_rows($resql);
-			$i=0;
-			while ($i < $num)
+			$resql = $db->query($sqlprotectagainstexternals);
+			if ($resql)
 			{
-				$obj = $db->fetch_object($resql);
-				if ($user->societe_id != $obj->fk_soc)
+				$num=$db->num_rows($resql);
+				$i=0;
+				while ($i < $num)
 				{
-					$accessallowed=0;
-					break;
+					$obj = $db->fetch_object($resql);
+					if ($user->societe_id != $obj->fk_soc)
+					{
+						$accessallowed=0;
+						break;
+					}
+					$i++;
 				}
-				$i++;
 			}
 		}
 	}

diff --git a/htdocs/ecm/class/ecmfiles.class.php b/htdocs/ecm/class/ecmfiles.class.php
@@ -112,6 +112,7 @@ public function create(User $user, $notrigger = false)
 		}
 		if (isset($this->filepath)) {
 			 $this->filepath = trim($this->filepath);
+			 $this->filepath = preg_replace('/[\\/]+$/', '', $this->filepath);		// Remove last /
 		}
 		if (isset($this->fullpath_orig)) {
 			 $this->fullpath_orig = trim($this->fullpath_orig);
@@ -164,6 +165,11 @@ public function create(User $user, $notrigger = false)
 		$maxposition=$maxposition+1;
 
 		// Check parameters
+		if (empty($this->filename) || empty($this->filepath))
+		{
+			$this->errors[] = 'Bad property filename or filepath';
+			return -1;
+		}
 		// Put here code to add control on parameters values
 
 		// Insert request
@@ -349,7 +355,7 @@ public function fetch($id, $ref = '', $relativepath = '', $hashoffile='', $hashf
 			$this->errors[] = 'Error ' . $this->db->lasterror();
 			dol_syslog(__METHOD__ . ' ' . implode(',', $this->errors), LOG_ERR);
 
-			return - 1;
+			return -1;
 		}
 	}