diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index fa7fb2649956d..68fe515240709 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -9095,13 +9095,13 @@ public static function showphoto($modulepart, $object, $width = 100, $height = 0
if (!empty($object->photo)) {
if (dolIsAllowedForPreview($object->photo)) {
if ((string) $imagesize == 'mini') {
- $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_mini');
+ $file = get_exdir(0, 0, 0, 0, $object, 'user').'photos/'.getImageFileNameForSize($object->photo, '_mini');
} elseif ((string) $imagesize == 'small') {
- $file = get_exdir(0, 0, 0, 0, $object, 'user').getImageFileNameForSize($object->photo, '_small');
+ $file = get_exdir(0, 0, 0, 0, $object, 'user').'photos/'.getImageFileNameForSize($object->photo, '_small');
} else {
- $file = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo;
+ $file = get_exdir(0, 0, 0, 0, $object, 'user').'photos/'.$object->photo;
}
- $originalfile = get_exdir(0, 0, 0, 0, $object, 'user').$object->photo;
+ $originalfile = get_exdir(0, 0, 0, 0, $object, 'user').'photos/'.$object->photo;
}
}
if (!empty($conf->global->MAIN_OLD_IMAGE_LINKS)) {
diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php
index c70ea041e0a8c..0a4455239bbe1 100644
--- a/htdocs/core/lib/files.lib.php
+++ b/htdocs/core/lib/files.lib.php
@@ -2348,15 +2348,15 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
$accessallowed = ($user->admin && basename($original_file) == $original_file && preg_match('/^dolibarr.*\.log$/', basename($original_file)));
$original_file = $dolibarr_main_data_root.'/'.$original_file;
} elseif ($modulepart == 'doctemplates' && !empty($dolibarr_main_data_root)) {
- // Wrapping for *.log files, like when used with url http://.../document.php?modulepart=logs&file=dolibarr.log
+ // Wrapping for doctemplates
$accessallowed = $user->admin;
$original_file = $dolibarr_main_data_root.'/doctemplates/'.$original_file;
} elseif ($modulepart == 'doctemplateswebsite' && !empty($dolibarr_main_data_root)) {
- // Wrapping for *.zip files, like when used with url http://.../document.php?modulepart=packages&file=module_myfile.zip
+ // Wrapping for doctemplates of websites
$accessallowed = ($fuser->rights->website->write && preg_match('/\.jpg$/i', basename($original_file)));
$original_file = $dolibarr_main_data_root.'/doctemplates/websites/'.$original_file;
} elseif ($modulepart == 'packages' && !empty($dolibarr_main_data_root)) {
- // Wrapping for *.zip files, like when used with url http://.../document.php?modulepart=packages&file=module_myfile.zip
+ // Wrapping for *.zip package files, like when used with url http://.../document.php?modulepart=packages&file=module_myfile.zip
// Dir for custom dirs
$tmp = explode(',', $dolibarr_main_document_root_alt);
$dirins = $tmp[0];
@@ -2369,11 +2369,17 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
$original_file = $conf->mycompany->dir_output.'/'.$original_file;
} elseif ($modulepart == 'userphoto' && !empty($conf->user->dir_output)) {
// Wrapping for users photos
- $accessallowed = 1;
+ $accessallowed = 0;
+ if (preg_match('/^\d+\/photos\//', $original_file)) {
+ $accessallowed = 1;
+ }
$original_file = $conf->user->dir_output.'/'.$original_file;
} elseif ($modulepart == 'memberphoto' && !empty($conf->adherent->dir_output)) {
// Wrapping for members photos
- $accessallowed = 1;
+ $accessallowed = 0;
+ if (preg_match('/^\d+\/photos\//', $original_file)) {
+ $accessallowed = 1;
+ }
$original_file = $conf->adherent->dir_output.'/'.$original_file;
} elseif ($modulepart == 'apercufacture' && !empty($conf->facture->multidir_output[$entity])) {
// Wrapping pour les apercu factures
@@ -2448,7 +2454,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
}
$original_file = $conf->expensereport->dir_output.'/'.$original_file;
} elseif (($modulepart == 'apercuexpensereport') && !empty($conf->expensereport->dir_output)) {
- // Wrapping pour les apercu supplier invoice
+ // Wrapping pour les apercu expense report
if ($fuser->rights->expensereport->{$lire}) {
$accessallowed = 1;
}
diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php
index 9be3cc361a00a..924d251702cc4 100644
--- a/htdocs/install/upgrade2.php
+++ b/htdocs/install/upgrade2.php
@@ -456,6 +456,13 @@
migrate_export_import_profiles('export');
migrate_export_import_profiles('import');
}
+
+ // Scripts for 16.0
+ $afterversionarray = explode('.', '15.0.9');
+ $beforeversionarray = explode('.', '16.0.9');
+ if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) {
+ migrate_user_photospath2();
+ }
}
@@ -4505,8 +4512,7 @@ function migrate_user_photospath()
}
// dol_delete_dir($origin.'/'.$file);
}
- } else // it is a file
- {
+ } else { // it is a file
if (!dol_is_file($destin.'/'.$file)) {
//print $origin.'/'.$file.' -> '.$destin.'/'.$file.'
'."\n";
print '.';
@@ -4524,6 +4530,94 @@ function migrate_user_photospath()
print '';
}
+/**
+ * Migrate file from old path users/99/file.jpg into users/99/photos/file.jpg
+ *
+ * @return void
+ */
+function migrate_user_photospath2()
+{
+ global $conf, $db, $langs, $user;
+
+ print '