* Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2013 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ /** * \file htdocs/admin/security_file.php * \ingroup core * \brief Security options setup */ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; $langs->load("users"); $langs->load("admin"); $langs->load("other"); if (! $user->admin) accessforbidden(); $action=GETPOST('action','alpha'); $upload_dir=$conf->admin->dir_temp; /* * Actions */ if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC)) { require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; dol_add_file_process($upload_dir, 0, 0, 'userfile'); } if (preg_match('/set_(.*)/',$action,$reg)) { $code=$reg[1]; $value=(GETPOST($code) ? GETPOST($code) : 1); if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) { Header("Location: ".$_SERVER["PHP_SELF"]); exit; } else { dol_print_error($db); } } else if (preg_match('/del_(.*)/',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) { Header("Location: ".$_SERVER["PHP_SELF"]); exit; } else { dol_print_error($db); } } else if ($action == 'updateform') { $res3=dolibarr_set_const($db, 'MAIN_UPLOAD_DOC',$_POST["MAIN_UPLOAD_DOC"],'chaine',0,'',$conf->entity); $res4=dolibarr_set_const($db, "MAIN_UMASK", $_POST["MAIN_UMASK"],'chaine',0,'',$conf->entity); $res5=dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", $_POST["MAIN_ANTIVIRUS_COMMAND"],'chaine',0,'',$conf->entity); $res6=dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", $_POST["MAIN_ANTIVIRUS_PARAM"],'chaine',0,'',$conf->entity); if ($res3 && $res4 && $res5 && $res6) setEventMessage($langs->trans("RecordModifiedSuccessfully")); } // Delete file else if ($action == 'delete') { $langs->load("other"); $file = $conf->admin->dir_temp . '/' . GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). $ret=dol_delete_file($file); if ($ret) setEventMessage($langs->trans("FileWasRemoved", GETPOST('urlfile'))); else setEventMessage($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), 'errors'); Header('Location: '.$_SERVER["PHP_SELF"]); exit; } /* * View */ $form = new Form($db); llxHeader('',$langs->trans("Files")); print_fiche_titre($langs->trans("SecuritySetup"),'','title_setup'); //print $langs->trans("FilesDesc")."
\n"; //print "
\n"; print '

'; print ''; print ''; $head=security_prepare_head(); dol_fiche_head($head, 'file', $langs->trans("Security")); // Upload options $var=false; print ''; print ''; print ''; print ''; print ''; print ''; print ''; print ''; print ''; $var=!$var; print ''; print ''; print ''; print ''; // Use anti virus $var=!$var; print ""; print ''; print '"; print ''; // Use anti virus $var=!$var; print ""; print ''; print '"; print ''; print '

'.$langs->trans("Parameters").'		'.$langs->trans("Value").'
'.$langs->trans("MaxSizeForUploadedFiles").'.'; $max=@ini_get('upload_max_filesize'); if ($max) print ' '.$langs->trans("MustBeLowerThanPHPLimit",$max*1024,$langs->trans("Kb")).'.'; else print ' '.$langs->trans("NoMaxSizeByPHPLimit").'.'; print '		'; print ' '.$langs->trans("Kb"); print '
'.$langs->trans("UMask").'	'; print $form->textwithpicto('',$langs->trans("UMaskExplanation")); print '	'; print ''; print '
'.$langs->trans("AntiVirusCommand").' '; print $langs->trans("AntiVirusCommandExample"); // Check command in inside safe_mode print '		'; if (ini_get('safe_mode') && ! empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) { $langs->load("errors"); $basedir=preg_replace('/"/','',dirname($conf->global->MAIN_ANTIVIRUS_COMMAND)); $listdir=explode(';',ini_get('safe_mode_exec_dir')); if (! in_array($basedir,$listdir)) { print img_warning($langs->trans('WarningSafeModeOnCheckExecDir')); dol_syslog("safe_mode is on, basedir is ".$basedir.", safe_mode_exec_dir is ".ini_get('safe_mode_exec_dir'), LOG_WARNING); } } print ''; print "
'.$langs->trans("AntiVirusParam").' '; print $langs->trans("AntiVirusParamExample"); print '		'; print ''; print "

'; dol_fiche_end(); print '

'; print '

'; // Form to test upload print '
'; $formfile=new FormFile($db); $formfile->form_attach_new_file($_SERVER['PHP_SELF'], $langs->trans("FormToTestFileUploadForm"), 0, 0, 1, 50, '', '', 1, '', 0); // List of document $filearray=dol_dir_list($upload_dir, "files", 0, '', '', 'name', SORT_ASC, 1); $formfile->list_of_documents($filearray, null, 'admin_temp', ''); llxFooter(); $db->close();