21 use Luracast\Restler\RestException;
22 use Luracast\Restler\Format\UploadFormat;
24 require_once DOL_DOCUMENT_ROOT.
'/main.inc.php';
25 require_once DOL_DOCUMENT_ROOT.
'/core/lib/files.lib.php';
39 public static $DOCUMENT_FIELDS = array(
69 public function index($modulepart, $original_file =
'')
73 if (empty($modulepart)) {
74 throw new RestException(400,
'bad value for parameter modulepart');
76 if (empty($original_file)) {
77 throw new RestException(400,
'bad value for parameter original_file');
81 $entity = $conf->entity;
92 $relativefile = $original_file;
95 $accessallowed = $check_access[
'accessallowed'];
96 $sqlprotectagainstexternals = $check_access[
'sqlprotectagainstexternals'];
97 $original_file = $check_access[
'original_file'];
99 if (preg_match(
'/\.\./', $original_file) || preg_match(
'/[<>|]/', $original_file)) {
100 throw new RestException(401);
102 if (!$accessallowed) {
103 throw new RestException(401);
106 $filename = basename($original_file);
107 $original_file_osencoded =
dol_osencode($original_file);
109 if (!file_exists($original_file_osencoded)) {
110 dol_syslog(
"Try to download not found file ".$original_file_osencoded, LOG_WARNING);
111 throw new RestException(404,
'File not found');
114 $file_content = file_get_contents($original_file_osencoded);
115 return array(
'filename'=>$filename,
'content-type' =>
dol_mimetype($filename),
'filesize'=>filesize($original_file),
'content'=>base64_encode($file_content),
'encoding'=>
'base64');
140 public function builddoc($modulepart, $original_file =
'', $doctemplate =
'', $langcode =
'')
142 global $conf, $langs;
144 if (empty($modulepart)) {
145 throw new RestException(400,
'bad value for parameter modulepart');
147 if (empty($original_file)) {
148 throw new RestException(400,
'bad value for parameter original_file');
151 $outputlangs = $langs;
152 if ($langcode && $langs->defaultlang != $langcode) {
154 $outputlangs->setDefaultLang($langcode);
158 $entity = $conf->entity;
169 $relativefile = $original_file;
172 $accessallowed = $check_access[
'accessallowed'];
173 $sqlprotectagainstexternals = $check_access[
'sqlprotectagainstexternals'];
174 $original_file = $check_access[
'original_file'];
176 if (preg_match(
'/\.\./', $original_file) || preg_match(
'/[<>|]/', $original_file)) {
177 throw new RestException(401);
179 if (!$accessallowed) {
180 throw new RestException(401);
184 $hidedetails = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 0 : 1;
185 $hidedesc = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 0 : 1;
186 $hideref = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 0 : 1;
190 if ($modulepart ==
'facture' || $modulepart ==
'invoice') {
191 require_once DOL_DOCUMENT_ROOT.
'/compta/facture/class/facture.class.php';
192 $this->invoice =
new Facture($this->db);
193 $result = $this->invoice->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
195 throw new RestException(404,
'Invoice not found');
198 $templateused = $doctemplate ? $doctemplate : $this->invoice->model_pdf;
199 $result = $this->invoice->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
201 throw new RestException(500,
'Error generating document');
203 } elseif ($modulepart ==
'facture_fournisseur' || $modulepart ==
'invoice_supplier') {
204 require_once DOL_DOCUMENT_ROOT .
'/fourn/class/fournisseur.facture.class.php';
206 $result = $this->supplier_invoice->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
208 throw new RestException(404,
'Supplier invoice not found');
211 $templateused = $doctemplate ? $doctemplate : $this->supplier_invoice->model_pdf;
212 $result = $this->supplier_invoice->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
214 throw new RestException(500,
'Error generating document');
216 } elseif ($modulepart ==
'commande' || $modulepart ==
'order') {
217 require_once DOL_DOCUMENT_ROOT.
'/commande/class/commande.class.php';
218 $this->order =
new Commande($this->db);
219 $result = $this->order->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
221 throw new RestException(404,
'Order not found');
223 $templateused = $doctemplate ? $doctemplate : $this->order->model_pdf;
224 $result = $this->order->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
226 throw new RestException(500,
'Error generating document');
228 } elseif ($modulepart ==
'propal' || $modulepart ==
'proposal') {
229 require_once DOL_DOCUMENT_ROOT.
'/comm/propal/class/propal.class.php';
230 $this->propal =
new Propal($this->db);
231 $result = $this->propal->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
233 throw new RestException(404,
'Proposal not found');
235 $templateused = $doctemplate ? $doctemplate : $this->propal->model_pdf;
236 $result = $this->propal->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
238 throw new RestException(500,
'Error generating document');
240 } elseif ($modulepart ==
'contrat' || $modulepart ==
'contract') {
241 require_once DOL_DOCUMENT_ROOT .
'/contrat/class/contrat.class.php';
243 $this->contract =
new Contrat($this->db);
244 $result = $this->contract->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
247 throw new RestException(404,
'Contract not found');
250 $templateused = $doctemplate ? $doctemplate : $this->contract->model_pdf;
251 $result = $this->contract->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
254 throw new RestException(500,
'Error generating document missing doctemplate parameter');
257 throw new RestException(403,
'Generation not available for this modulepart');
260 $filename = basename($original_file);
261 $original_file_osencoded =
dol_osencode($original_file);
263 if (!file_exists($original_file_osencoded)) {
264 throw new RestException(404,
'File not found');
267 $file_content = file_get_contents($original_file_osencoded);
268 return array(
'filename'=>$filename,
'content-type' =>
dol_mimetype($filename),
'filesize'=>filesize($original_file),
'content'=>base64_encode($file_content),
'langcode'=>$outputlangs->defaultlang,
'template'=>$templateused,
'encoding'=>
'base64');
294 if (empty($modulepart)) {
295 throw new RestException(400,
'bad value for parameter modulepart');
298 if (empty($id) && empty($ref)) {
299 throw new RestException(400,
'bad value for parameter id or ref');
302 $id = (empty($id) ? 0 : $id);
306 if ($modulepart ==
'societe' || $modulepart ==
'thirdparty') {
307 require_once DOL_DOCUMENT_ROOT.
'/societe/class/societe.class.php';
309 if (!DolibarrApiAccess::$user->hasRight(
'societe',
'lire')) {
310 throw new RestException(401);
313 $object =
new Societe($this->db);
314 $result = $object->fetch($id, $ref);
316 throw new RestException(404,
'Thirdparty not found');
319 $upload_dir = $conf->societe->multidir_output[$object->entity].
"/".$object->id;
320 } elseif ($modulepart ==
'user') {
321 require_once DOL_DOCUMENT_ROOT.
'/user/class/user.class.php';
324 if (!DolibarrApiAccess::$user->rights->user->user->lire && DolibarrApiAccess::$user->id != $id) {
325 throw new RestException(401);
328 $object =
new User($this->db);
329 $result = $object->fetch($id, $ref);
331 throw new RestException(404,
'User not found');
334 $upload_dir = $conf->user->dir_output.
'/'.
get_exdir(0, 0, 0, 0, $object,
'user').
'/'.$object->id;
335 } elseif ($modulepart ==
'adherent' || $modulepart ==
'member') {
336 require_once DOL_DOCUMENT_ROOT.
'/adherents/class/adherent.class.php';
338 if (!DolibarrApiAccess::$user->rights->adherent->lire) {
339 throw new RestException(401);
343 $result = $object->fetch($id, $ref);
345 throw new RestException(404,
'Member not found');
348 $upload_dir = $conf->adherent->dir_output.
"/".
get_exdir(0, 0, 0, 1, $object,
'member');
349 } elseif ($modulepart ==
'propal' || $modulepart ==
'proposal') {
350 require_once DOL_DOCUMENT_ROOT.
'/comm/propal/class/propal.class.php';
352 if (!DolibarrApiAccess::$user->hasRight(
'propal',
'lire')) {
353 throw new RestException(401);
356 $object =
new Propal($this->db);
357 $result = $object->fetch($id, $ref);
359 throw new RestException(404,
'Proposal not found');
362 $upload_dir = $conf->propal->multidir_output[$object->entity].
"/".
get_exdir(0, 0, 0, 1, $object,
'propal');
363 } elseif ($modulepart ==
'supplier_proposal') {
364 require_once DOL_DOCUMENT_ROOT.
'/supplier_proposal/class/supplier_proposal.class.php';
366 if (!DolibarrApiAccess::$user->rights->supplier_proposal->read) {
367 throw new RestException(401);
370 $object =
new Propal($this->db);
371 $result = $object->fetch($id, $ref);
373 throw new RestException(404,
'Supplier proposal not found');
376 $upload_dir = $conf->propal->multidir_output[$object->entity].
"/".
get_exdir(0, 0, 0, 1, $object,
'propal');
377 } elseif ($modulepart ==
'commande' || $modulepart ==
'order') {
378 require_once DOL_DOCUMENT_ROOT.
'/commande/class/commande.class.php';
380 if (!DolibarrApiAccess::$user->hasRight(
'commande',
'lire')) {
381 throw new RestException(401);
385 $result = $object->fetch($id, $ref);
387 throw new RestException(404,
'Order not found');
390 $upload_dir = $conf->commande->dir_output.
"/".
get_exdir(0, 0, 0, 1, $object,
'commande');
391 } elseif ($modulepart ==
'commande_fournisseur' || $modulepart ==
'supplier_order') {
392 $modulepart =
'supplier_order';
394 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.commande.class.php';
396 if (empty(DolibarrApiAccess::$user->rights->fournisseur->commande->lire) && empty(DolibarrApiAccess::$user->rights->supplier_order->lire)) {
397 throw new RestException(401);
401 $result = $object->fetch($id, $ref);
403 throw new RestException(404,
'Purchase order not found');
407 } elseif ($modulepart ==
'shipment' || $modulepart ==
'expedition') {
408 require_once DOL_DOCUMENT_ROOT.
'/expedition/class/expedition.class.php';
410 if (!DolibarrApiAccess::$user->rights->expedition->lire) {
411 throw new RestException(401);
415 $result = $object->fetch($id, $ref);
417 throw new RestException(404,
'Shipment not found');
420 $upload_dir = $conf->expedition->dir_output.
"/sending/".
get_exdir(0, 0, 0, 1, $object,
'shipment');
421 } elseif ($modulepart ==
'facture' || $modulepart ==
'invoice') {
422 require_once DOL_DOCUMENT_ROOT.
'/compta/facture/class/facture.class.php';
424 if (!DolibarrApiAccess::$user->hasRight(
'facture',
'lire')) {
425 throw new RestException(401);
428 $object =
new Facture($this->db);
429 $result = $object->fetch($id, $ref);
431 throw new RestException(404,
'Invoice not found');
434 $upload_dir = $conf->facture->dir_output.
"/".
get_exdir(0, 0, 0, 1, $object,
'invoice');
435 } elseif ($modulepart ==
'facture_fournisseur' || $modulepart ==
'supplier_invoice') {
436 $modulepart =
'supplier_invoice';
438 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.facture.class.php';
440 if (empty(DolibarrApiAccess::$user->rights->fournisseur->facture->lire) && empty(DolibarrApiAccess::$user->rights->supplier_invoice->lire)) {
441 throw new RestException(401);
445 $result = $object->fetch($id, $ref);
447 throw new RestException(404,
'Invoice not found');
450 $upload_dir = $conf->fournisseur->dir_output.
"/facture/".
get_exdir($object->id, 2, 0, 0, $object,
'invoice_supplier').dol_sanitizeFileName($object->ref);
451 } elseif ($modulepart ==
'produit' || $modulepart ==
'product') {
452 require_once DOL_DOCUMENT_ROOT.
'/product/class/product.class.php';
454 if (!DolibarrApiAccess::$user->rights->produit->lire) {
455 throw new RestException(401);
458 $object =
new Product($this->db);
459 $result = $object->fetch($id, $ref);
461 throw new RestException(404,
'Product not found');
462 } elseif ($result < 0) {
463 throw new RestException(500,
'Error while fetching object: '.$object->error);
466 $upload_dir = $conf->product->multidir_output[$object->entity].
'/'.
get_exdir(0, 0, 0, 1, $object,
'product');
467 } elseif ($modulepart ==
'agenda' || $modulepart ==
'action' || $modulepart ==
'event') {
468 require_once DOL_DOCUMENT_ROOT.
'/comm/action/class/actioncomm.class.php';
470 if (!DolibarrApiAccess::$user->rights->agenda->myactions->read && !DolibarrApiAccess::$user->rights->agenda->allactions->read) {
471 throw new RestException(401);
475 $result = $object->fetch($id, $ref);
477 throw new RestException(404,
'Event not found');
481 } elseif ($modulepart ==
'expensereport') {
482 require_once DOL_DOCUMENT_ROOT.
'/expensereport/class/expensereport.class.php';
484 if (!DolibarrApiAccess::$user->rights->expensereport->read && !DolibarrApiAccess::$user->rights->expensereport->read) {
485 throw new RestException(401);
489 $result = $object->fetch($id, $ref);
491 throw new RestException(404,
'Expense report not found');
495 } elseif ($modulepart ==
'knowledgemanagement') {
496 require_once DOL_DOCUMENT_ROOT.
'/knowledgemanagement/class/knowledgerecord.class.php';
498 if (!DolibarrApiAccess::$user->hasRight(
'knowledgemanagement',
'knowledgerecord',
'read') && !DolibarrApiAccess::$user->hasRight(
'knowledgemanagement',
'knowledgerecord',
'read')) {
499 throw new RestException(401);
503 $result = $object->fetch($id, $ref);
505 throw new RestException(404,
'KM article not found');
508 $upload_dir = $conf->knowledgemanagement->dir_output.
'/knowledgerecord/'.
dol_sanitizeFileName($object->ref);
509 } elseif ($modulepart ==
'categorie' || $modulepart ==
'category') {
510 require_once DOL_DOCUMENT_ROOT.
'/categories/class/categorie.class.php';
512 if (!DolibarrApiAccess::$user->rights->categorie->lire) {
513 throw new RestException(401);
517 $result = $object->fetch($id, $ref);
519 throw new RestException(404,
'Category not found');
522 $upload_dir = $conf->categorie->multidir_output[$object->entity].
'/'.
get_exdir($object->id, 2, 0, 0, $object,
'category').$object->id.
"/photos/".
dol_sanitizeFileName($object->ref);
523 } elseif ($modulepart ==
'ecm') {
524 throw new RestException(500,
'Modulepart Ecm not implemented yet.');
539 } elseif ($modulepart ==
'contrat' || $modulepart ==
'contract') {
540 $modulepart =
'contrat';
541 require_once DOL_DOCUMENT_ROOT .
'/contrat/class/contrat.class.php';
543 $object =
new Contrat($this->db);
544 $result = $object->fetch($id, $ref);
546 throw new RestException(404,
'Contract not found');
549 $upload_dir = $conf->contrat->dir_output .
"/" .
get_exdir(0, 0, 0, 1, $object,
'contract');
550 } elseif ($modulepart ==
'projet' || $modulepart ==
'project') {
551 $modulepart =
'project';
552 require_once DOL_DOCUMENT_ROOT .
'/projet/class/project.class.php';
554 $object =
new Project($this->db);
555 $result = $object->fetch($id, $ref);
557 throw new RestException(404,
'Project not found');
560 $upload_dir = $conf->projet->dir_output .
"/" .
get_exdir(0, 0, 0, 1, $object,
'project');
562 throw new RestException(500,
'Modulepart '.$modulepart.
' not implemented yet.');
565 $objectType = $modulepart;
566 if (! empty($object->id) && ! empty($object->table_element)) {
567 $objectType = $object->table_element;
570 $filearray =
dol_dir_list($upload_dir, $type, $recursive,
'',
'(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) ==
'desc' ?SORT_DESC:SORT_ASC), 1);
571 if (empty($filearray)) {
572 throw new RestException(404,
'Search for modulepart '.$modulepart.
' with Id '.$object->id.(!empty($object->ref) ?
' or Ref '.$object->ref :
'').
' does not return any document.');
574 if (($object->id) > 0 && !empty($modulepart)) {
575 require_once DOL_DOCUMENT_ROOT.
'/ecm/class/ecmfiles.class.php';
577 $result = $ecmfile->fetchAll(
'',
'', 0, 0, array(
't.src_object_type' => $objectType,
't.src_object_id' => $object->id));
579 throw new RestException(503,
'Error when retrieve ecm list : '.$this->db->lasterror());
580 } elseif (is_array($ecmfile->lines) && count($ecmfile->lines) > 0) {
581 $count = count($filearray);
582 for ($i = 0 ; $i < $count ; $i++) {
583 if ($filearray[$i][
'name'] == $ecmfile->lines[$i]->filename) {
584 $filearray[$i] = array_merge($filearray[$i], (array) $ecmfile->lines[0]);
635 public function post($filename, $modulepart, $ref =
'', $subdir =
'', $filecontent =
'', $fileencoding =
'', $overwriteifexists = 0, $createdirifnotexists = 1)
643 $modulepartorig = $modulepart;
645 if (empty($modulepart)) {
646 throw new RestException(400,
'Modulepart not provided.');
649 if (!DolibarrApiAccess::$user->rights->ecm->upload) {
650 throw new RestException(401);
653 $newfilecontent =
'';
654 if (empty($fileencoding)) {
655 $newfilecontent = $filecontent;
657 if ($fileencoding ==
'base64') {
658 $newfilecontent = base64_decode($filecontent);
665 $entity = DolibarrApiAccess::$user->entity;
666 if (empty($entity)) {
674 if ($modulepart ==
'facture' || $modulepart ==
'invoice') {
675 $modulepart =
'facture';
677 require_once DOL_DOCUMENT_ROOT.
'/compta/facture/class/facture.class.php';
678 $object =
new Facture($this->db);
679 } elseif ($modulepart ==
'facture_fournisseur' || $modulepart ==
'supplier_invoice') {
680 $modulepart =
'supplier_invoice';
682 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.facture.class.php';
684 } elseif ($modulepart ==
'commande' || $modulepart ==
'order') {
685 $modulepart =
'commande';
687 require_once DOL_DOCUMENT_ROOT.
'/commande/class/commande.class.php';
689 } elseif ($modulepart ==
'commande_fournisseur' || $modulepart ==
'supplier_order') {
690 $modulepart =
'supplier_order';
692 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.commande.class.php';
694 } elseif ($modulepart ==
'projet' || $modulepart ==
'project') {
695 require_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
696 $object =
new Project($this->db);
697 } elseif ($modulepart ==
'task' || $modulepart ==
'project_task') {
698 $modulepart =
'project_task';
700 require_once DOL_DOCUMENT_ROOT.
'/projet/class/task.class.php';
701 $object =
new Task($this->db);
703 $task_result = $object->fetch(
'', $ref);
706 if ($task_result > 0) {
707 $project_result = $object->fetch_projet();
709 if ($project_result >= 0) {
713 throw new RestException(500,
'Error while fetching Task '.$ref);
715 } elseif ($modulepart ==
'product' || $modulepart ==
'produit' || $modulepart ==
'service' || $modulepart ==
'produit|service') {
716 require_once DOL_DOCUMENT_ROOT.
'/product/class/product.class.php';
717 $object =
new Product($this->db);
718 } elseif ($modulepart ==
'expensereport') {
719 require_once DOL_DOCUMENT_ROOT.
'/expensereport/class/expensereport.class.php';
721 } elseif ($modulepart ==
'fichinter') {
722 require_once DOL_DOCUMENT_ROOT.
'/fichinter/class/fichinter.class.php';
724 } elseif ($modulepart ==
'adherent' || $modulepart ==
'member') {
725 $modulepart =
'adherent';
726 require_once DOL_DOCUMENT_ROOT.
'/adherents/class/adherent.class.php';
728 } elseif ($modulepart ==
'proposal' || $modulepart ==
'propal' || $modulepart ==
'propale') {
729 $modulepart =
'propale';
730 require_once DOL_DOCUMENT_ROOT.
'/comm/propal/class/propal.class.php';
731 $object =
new Propal($this->db);
732 } elseif ($modulepart ==
'agenda' || $modulepart ==
'action' || $modulepart ==
'event') {
733 $modulepart =
'agenda';
734 require_once DOL_DOCUMENT_ROOT .
'/comm/action/class/actioncomm.class.php';
736 } elseif ($modulepart ==
'contact' || $modulepart ==
'socpeople') {
737 $modulepart =
'contact';
738 require_once DOL_DOCUMENT_ROOT.
'/contact/class/contact.class.php';
739 $object =
new Contact($this->db);
741 } elseif ($modulepart ==
'contrat' || $modulepart ==
'contract') {
742 $modulepart =
'contrat';
743 require_once DOL_DOCUMENT_ROOT .
'/contrat/class/contrat.class.php';
744 $object =
new Contrat($this->db);
747 throw new RestException(500,
'Modulepart '.$modulepart.
' not implemented yet.');
750 if (is_object($object)) {
752 $result = $object->fetch($ref);
754 $result = $object->fetch(
'', $ref);
758 throw new RestException(404,
"Object with ref '".$ref.
"' was not found.");
759 } elseif ($result < 0) {
760 throw new RestException(500,
'Error while fetching object: '.$object->error);
764 if (!($object->id > 0)) {
765 throw new RestException(404,
'The object '.$modulepart.
" with ref '".$ref.
"' was not found.");
770 if ($modulepart ==
'supplier_invoice') {
771 $tmpreldir =
get_exdir($object->id, 2, 0, 0, $object,
'invoice_supplier');
774 $relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);
777 $upload_dir = $tmp[
'original_file'];
779 if (empty($upload_dir) || $upload_dir ==
'/') {
780 throw new RestException(500,
'This value of modulepart ('.$modulepart.
') does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');
783 if ($modulepart ==
'invoice') {
784 $modulepart =
'facture';
786 if ($modulepart ==
'member') {
787 $modulepart =
'adherent';
790 $relativefile = $subdir;
792 $upload_dir = $tmp[
'original_file'];
794 if (empty($upload_dir) || $upload_dir ==
'/') {
795 if (!empty($tmp[
'error'])) {
796 throw new RestException(401,
'Error returned by dol_check_secure_access_document: '.$tmp[
'error']);
798 throw new RestException(500,
'This value of modulepart ('.$modulepart.
') is not allowed with this value of subdir ('.$relativefile.
')');
806 if (!empty($createdirifnotexists)) {
808 throw new RestException(500,
'Error while trying to create directory '.$upload_dir);
812 $destfile = $upload_dir.
'/'.$original_file;
813 $destfiletmp = DOL_DATA_ROOT.
'/admin/temp/'.$original_file;
818 throw new RestException(401,
'Directory not exists : '.dirname($destfile));
821 if (!$overwriteifexists &&
dol_is_file($destfile)) {
822 throw new RestException(500,
"File with name '".$original_file.
"' already exists.");
830 $fhandle = @fopen($destfiletmp,
'w');
832 $nbofbyteswrote = fwrite($fhandle, $newfilecontent);
836 throw new RestException(500,
"Failed to open file '".$destfiletmp.
"' for write");
839 $disablevirusscan = 0;
840 $src_file = $destfiletmp;
841 $dest_file = $destfile;
845 if (empty($disablevirusscan) && file_exists($src_file)) {
847 if (count($checkvirusarray)) {
848 dol_syslog(
'Files.lib::dol_move_uploaded_file File "'.$src_file.
'" (target name "'.$dest_file.
'") KO with antivirus: errors='.join(
',', $checkvirusarray), LOG_WARNING);
849 throw new RestException(500,
'ErrorFileIsInfectedWithAVirus: '.join(
',', $checkvirusarray));
858 $publicmediasdirwithslash = $conf->medias->multidir_output[$conf->entity];
859 if (!preg_match(
'/\/$/', $publicmediasdirwithslash)) {
860 $publicmediasdirwithslash .=
'/';
863 if (strpos($upload_dir, $publicmediasdirwithslash) !== 0 || !
getDolGlobalInt(
"MAIN_DOCUMENT_DISABLE_NOEXE_IN_MEDIAS_DIR")) {
864 $dest_file .=
'.noexe';
870 if (preg_match(
'/^\./', basename($src_file)) || preg_match(
'/\.\./', $src_file) || preg_match(
'/[<>|]/', $src_file)) {
871 dol_syslog(
"Refused to deliver file ".$src_file, LOG_WARNING);
872 throw new RestException(500,
"Refused to deliver file ".$src_file);
877 if (preg_match(
'/^\./', basename($dest_file)) || preg_match(
'/\.\./', $dest_file) || preg_match(
'/[<>|]/', $dest_file)) {
878 dol_syslog(
"Refused to deliver file ".$dest_file, LOG_WARNING);
879 throw new RestException(500,
"Refused to deliver file ".$dest_file);
882 $moreinfo = array(
'note_private' =>
'File uploaded using API /documents from IP '.
getUserRemoteIP());
883 if (!empty($object) && is_object($object) && $object->id > 0) {
884 $moreinfo[
'src_object_type'] = $object->table_element;
885 $moreinfo[
'src_object_id'] = $object->id;
889 $result =
dol_move($destfiletmp, $dest_file, 0, $overwriteifexists, 1, 1, $moreinfo);
891 throw new RestException(500,
"Failed to move file into '".$destfile.
"'");
910 public function delete($modulepart, $original_file)
912 global $conf, $langs;
914 if (empty($modulepart)) {
915 throw new RestException(400,
'bad value for parameter modulepart');
917 if (empty($original_file)) {
918 throw new RestException(400,
'bad value for parameter original_file');
922 $entity = $conf->entity;
933 $relativefile = $original_file;
936 $accessallowed = $check_access[
'accessallowed'];
937 $sqlprotectagainstexternals = $check_access[
'sqlprotectagainstexternals'];
938 $original_file = $check_access[
'original_file'];
940 if (preg_match(
'/\.\./', $original_file) || preg_match(
'/[<>|]/', $original_file)) {
941 throw new RestException(401);
943 if (!$accessallowed) {
944 throw new RestException(401);
947 $filename = basename($original_file);
948 $original_file_osencoded =
dol_osencode($original_file);
950 if (!file_exists($original_file_osencoded)) {
951 dol_syslog(
"Try to download not found file ".$original_file_osencoded, LOG_WARNING);
952 throw new RestException(404,
'File not found');
955 if (@unlink($original_file_osencoded)) {
959 'message' =>
'Document deleted'
964 throw new RestException(401);
979 foreach (Documents::$DOCUMENT_FIELDS as $field) {
980 if (!isset($data[$field])) {
981 throw new RestException(400,
"$field field missing");
983 $result[$field] = $data[$field];
Class to manage agenda events (actions)
Class to manage members of a foundation.
Class to manage categories.
Class to manage predefined suppliers products.
Class to manage customers orders.
Class to manage contracts.
API class for receive files.
post($filename, $modulepart, $ref='', $subdir='', $filecontent='', $fileencoding='', $overwriteifexists=0, $createdirifnotexists=1)
Return a document.
__construct()
Constructor.
index($modulepart, $original_file='')
Download a document.
getDocumentsListByElement($modulepart, $id=0, $ref='', $sortfield='', $sortorder='')
Return the list of documents of a dedicated element (from its ID or Ref)
builddoc($modulepart, $original_file='', $doctemplate='', $langcode='')
Build a document.
_validate_file($data)
Validate fields before create or update object.
Class to manage ECM files.
Class to manage shipments.
Class to manage Trips and Expenses.
Class to manage suppliers invoices.
Class to manage invoices.
Class to manage interventions.
Class for KnowledgeRecord.
Class to manage products or services.
Class to manage projects.
Class to manage proposals.
Class to manage third parties objects (customers, suppliers, prospects...)
Class to manage translations.
Class to manage Dolibarr users.
dolCheckVirus($src_file)
Check virus into a file.
dol_basename($pathfile)
Make a basename working with all page code (default PHP basenamed fails with cyrillic).
dol_move($srcfile, $destfile, $newmask=0, $overwriteifexists=1, $testvirus=0, $indexdatabase=1, $moreinfo=array())
Move a file into another name.
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser='', $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
dol_is_file($pathoffile)
Return if path is a file.
dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="", $donotfollowsymlinks=0, $nbsecondsold=0)
Scan a directory and return a list of files/directories.
dol_is_dir($folder)
Test if filename is a directory.
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
dolChmod($filepath, $newmask='')
Change mod of a file.
getDolGlobalInt($key, $default=0)
Return dolibarr global constant int value.
dol_sanitizeFileName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a file name.
isAFileWithExecutableContent($filename)
Return if a file can contains executable content.
getUserRemoteIP()
Return the IP of remote user.
get_exdir($num, $level, $alpha, $withoutslash, $object, $modulepart='')
Return a path to have a the directory according to object where files are stored.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_sanitizePathName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a path name.
dol_mkdir($dir, $dataroot='', $newmask='')
Creation of a directory (this can create recursive subdir)