diff --git a/apps/maarch_entreprise/indexing_searching/choose_file.php b/apps/maarch_entreprise/indexing_searching/choose_file.php
index f4855c03249fc561eccc75be96925176ea7fb648..050629396c50d37a2bcaa4d3de4cd3b3526610f8 100755
--- a/apps/maarch_entreprise/indexing_searching/choose_file.php
+++ b/apps/maarch_entreprise/indexing_searching/choose_file.php
@@ -178,7 +178,7 @@ $_SESSION['upfile']['fileNamePdfOnTmp'] = '';
<?php
} ?>
- <input type="file" name="file" id="file" onchange="$j('#with_file')[0].value='false';this.form.method = 'post';this.form.submit();"
+ <input type="file" name="file" id="file" onchange="uploadFiles();"
value="<?php $_REQUEST['with_file'] = 'false';
if (isset($_SESSION['file_path'])) {
echo $_SESSION['file_path'];
diff --git a/apps/maarch_entreprise/indexing_searching/file_iframe.php b/apps/maarch_entreprise/indexing_searching/file_iframe.php
index cd1937b8c26f2fceab6a4655f60e1bc6e43cf5ff..ceb9c6608bdb5c85b158014027684695bfd46a8c 100755
--- a/apps/maarch_entreprise/indexing_searching/file_iframe.php
+++ b/apps/maarch_entreprise/indexing_searching/file_iframe.php
@@ -94,7 +94,7 @@ if (isset($_GET['num'])) {
readfile($loc);
exit();
} else {
- echo '<br/><br/><div class="error">'._PROBLEM_LOADING_FILE_TMP_DIR.'.</div>';
+ echo '<br/><br/><div class="error" style="display:block">'._PROBLEM_LOADING_FILE_TMP_DIR.'.</div>';
exit();
}
$extension = explode('.', $_SESSION['upfile'][$num]['name']);
@@ -139,7 +139,7 @@ if (isset($_GET['num'])) {
<?php
$ext = strtolower($_SESSION['upfile'][$num]['format']);
if (file_exists($_SESSION['upfile'][$num]['local_path'])) {
- echo '<br/><br/><div class="error">'
+ echo '<br/><br/><div class="error" style="display:block">'
._FILE_LOADED_BUT_NOT_VISIBLE._ONLY_FILETYPES_AUTHORISED
.' <br/><ul>';
for ($i = 0; $i < count($extList); ++$i) {
@@ -147,7 +147,7 @@ if (isset($_GET['num'])) {
}
echo '</ul></div>';
} else {
- echo '<br/><br/><div class="error">'
+ echo '<br/><br/><div class="error" style="display:block">'
._PROBLEM_LOADING_FILE_TMP_DIR.'.</div>';
} ?>
@@ -280,7 +280,7 @@ if (isset($_GET['num'])) {
.' <br/><ul>';
echo '</ul></div>';
} else {
- echo '<br/><br/><div class="error">'
+ echo '<br/><br/><div class="error" style="display:block">'
._PROBLEM_LOADING_FILE_TMP_DIR.'.</div>';
} ?>
@@ -297,7 +297,7 @@ if (isset($_GET['num'])) {
&& $_SESSION['upfile']['error'] == 1
) {
$filesize = $func->return_bytes(ini_get('upload_max_filesize'));
- echo '<br/><br/><div class="error">'._MAX_SIZE_UPLOAD_REACHED
+ echo '<br/><br/><div class="error" style="display:block">'._MAX_SIZE_UPLOAD_REACHED
.' ('.round($filesize / 1024, 2).'Ko Max)</div>';
} else {
echo '<br/><br/><div class="advertissement">'.$_SESSION['error']
diff --git a/apps/maarch_entreprise/js/functions.js b/apps/maarch_entreprise/js/functions.js
index c3068089d2a384961f864207e3c6a3aa05b07d72..87b6815f4d4bad93d2850f85cbeb4b9f0d2315d1 100755
--- a/apps/maarch_entreprise/js/functions.js
+++ b/apps/maarch_entreprise/js/functions.js
@@ -3977,4 +3977,35 @@ function setSendAttachment(id, isVersion) {
alert("Une erreur s'est produite : " + err.responseJSON.exception[0].message);
}
});
+}
+
+function uploadFiles () {
+
+ var fileInfo = $j("#file")[0]["files"][0];
+
+ var extension = "";
+
+ // set extension according to filename
+ if (fileInfo.name.split('.').length > 1) {
+ extension = fileInfo.name.split('.').pop();
+ }
+
+ $j.ajax({
+ url: '../../rest/resources/checkFileUpload',
+ type: 'POST',
+ dataType: "json",
+ data: {
+ extension : extension,
+ size : fileInfo.size,
+ type : fileInfo.type,
+ },
+ success: function (answer) {
+ $j('#with_file')[0].value='false';
+ $j("#select_file_form").attr('method','post');
+ $j("#select_file_form").submit();
+ },
+ error: function (err) {
+ alert(err.responseJSON.errors);
+ }
+ });
}
\ No newline at end of file
diff --git a/modules/sendmail/batch/process_emails.php b/modules/sendmail/batch/process_emails.php
index b86016ccb0dbc712186d0ccb17af1101590c92b9..05bca7f038160606dd5b0382f79862f6b50e76a5 100755
--- a/modules/sendmail/batch/process_emails.php
+++ b/modules/sendmail/batch/process_emails.php
@@ -75,16 +75,21 @@ while ($state <> 'END') {
if (!empty($mailfrom_generic)) {
$GLOBALS['logger']->write('process e-mail '.($currentEmail+1)."/".$totalEmailsToProcess.' (FROM => '.$userInfo['firstname'].' '.$userInfo['lastname'].' <'.$mailfrom_generic.'>'.', TO => '.$email->to_list.', SUBJECT => '.$email->email_object.', CC =>'.$email->cc_list.', CCI => '.$email->cci_list.') ...', 'INFO');
- $GLOBALS['mailer']->setFrom($userInfo['firstname'].' '
- . $userInfo['lastname'].' <'.$mailfrom_generic.'> ');
+
+ $setFrom = $userInfo['firstname'].' ' . $userInfo['lastname'].' <'.$mailfrom_generic.'> ';
+ $setFrom = functions::normalize($setFrom);
+ $GLOBALS['mailer']->setFrom($setFrom);
+
$emailFrom = $mailfrom_generic;
$email->email_body = 'Courriel envoyé par : ' . $userInfo['firstname'].' '
. $userInfo['lastname'] . ' ' . $email->sender_email . ' ' . '.<br/><br/>' . $email->email_body;
} else {
$GLOBALS['logger']->write('process e-mail '.($currentEmail+1)."/".$totalEmailsToProcess.' (FROM => '.$userInfo['firstname'].' '.$userInfo['lastname'].' <'.$email->sender_email.'>'.', TO => '.$email->to_list.', SUBJECT => '.$email->email_object.', CC =>'.$email->cc_list.', CCI => '.$email->cci_list.') ...', 'INFO');
- $GLOBALS['mailer']->setFrom($userInfo['firstname'].' '
- . $userInfo['lastname'].' <'.$email->sender_email.'> ');
+ $setFrom = $userInfo['firstname'].' ' . $userInfo['lastname'].' <'.$email->sender_email.'> ';
+ $setFrom = functions::normalize($setFrom);
+ $GLOBALS['mailer']->setFrom($setFrom);
+
$emailFrom = $email->sender_email;
}
$GLOBALS['mailer']->setReplyTo($email->sender_email);
@@ -92,15 +97,21 @@ while ($state <> 'END') {
if (!empty($mailfrom_generic)) {
$mailsEntities = $sendmail_tools->getAttachedEntitiesMails();
$entityShortLabel = substr($mailsEntities[$email->sender_email], 0, strrpos($mailsEntities[$email->sender_email], "("));
-
- $GLOBALS['mailer']->setFrom($entityShortLabel . ' <' . $mailfrom_generic. '> ');
+
+ $setFrom = $entityShortLabel . ' <' . $mailfrom_generic. '> ';
+ $setFrom = functions::normalize($setFrom);
+ $GLOBALS['mailer']->setFrom($setFrom);
+
$emailFrom = $mailfrom_generic;
$email->email_body = 'Courriel envoyé par : ' . $entityShortLabel . ' ' . $sendmail_tools->explodeSenderEmail($email->sender_email) . ' ' . '.<br/><br/>' . $email->email_body;
} else {
$mailsEntities = $sendmail_tools->getAttachedEntitiesMails();
$entityShortLabel = substr($mailsEntities[$email->sender_email], 0, strrpos($mailsEntities[$email->sender_email], "("));
- $GLOBALS['mailer']->setFrom($entityShortLabel . ' <' . $sendmail_tools->explodeSenderEmail($email->sender_email) . '> ');
+ $setFrom = $entityShortLabel . ' <' . $sendmail_tools->explodeSenderEmail($email->sender_email) . '> ';
+ $setFrom = functions::normalize($setFrom);
+ $GLOBALS['mailer']->setFrom($setFrom);
+
$emailFrom = $sendmail_tools->explodeSenderEmail($email->sender_email);
}
$GLOBALS['mailer']->setReplyTo($sendmail_tools->explodeSenderEmail($email->sender_email));
diff --git a/rest/index.php b/rest/index.php
index c2c9fb2b581cc1ea2b1dcb89af6739d26cf37ffd..f65169963d316745c82acfc4a90d70c5fe3bc79b 100755
--- a/rest/index.php
+++ b/rest/index.php
@@ -267,6 +267,8 @@ $app->put('/res/externalInfos', \Resource\controllers\ResController::class . ':u
$app->get('/categories', \Resource\controllers\ResController::class . ':getCategories');
$app->get('/natures', \Resource\controllers\ResController::class . ':getNatures');
$app->get('/resources/{resId}/isAllowed', \Resource\controllers\ResController::class . ':isAllowedForCurrentUser');
+$app->post('/resources/checkFileUpload', \Resource\controllers\StoreController::class . ':checkFileUpload');
+
//ResourcesList
$app->get('/resourcesList/users/{userId}/groups/{groupId}/baskets/{basketId}', \Resource\controllers\ResourceListController::class . ':get');
diff --git a/src/app/resource/controllers/StoreController.php b/src/app/resource/controllers/StoreController.php
index feefa8660e931186d2e56810936421a3aff8e323..452553ccd1a727d6bc6c88ecfeff90aad9d96ca0 100755
--- a/src/app/resource/controllers/StoreController.php
+++ b/src/app/resource/controllers/StoreController.php
@@ -15,12 +15,15 @@
namespace Resource\controllers;
+use Slim\Http\Request;
+use Slim\Http\Response;
use Attachment\models\AttachmentModel;
use Contact\models\ContactModel;
use Docserver\controllers\DocserverController;
use Resource\models\ChronoModel;
use SrcCore\models\DatabaseModel;
use SrcCore\models\ValidatorModel;
+use Respect\Validation\Validator;
use Entity\models\EntityModel;
use Resource\models\ResModel;
use SrcCore\models\CoreConfigModel;
@@ -28,6 +31,61 @@ use User\models\UserModel;
class StoreController
{
+ public function checkFileUpload(Request $request, Response $response, array $aArgs)
+ {
+ $body = $request->getParsedBody();
+
+ if (!Validator::notEmpty()->validate($body['size'])) {
+ return $response->withStatus(400)->withJson(['errors' => 'filesize is empty']);
+ } else if (!Validator::notEmpty()->validate($body['type'])) {
+ return $response->withStatus(400)->withJson(['errors' => 'no mime type detected']);
+ } else if (!Validator::notEmpty()->validate($body['extension'])) {
+ return $response->withStatus(400)->withJson(['errors' => 'this filename has no extension']);
+ }
+
+ if (!StoreController::isFileAllowed($body)) {
+ return $response->withStatus(400)->withJson(['errors' => _FILE_NOT_ALLOWED_INFO_1.' "'.$body['extension'].'" '._FILE_NOT_ALLOWED_INFO_2.' "'. $body['type']. '" '._FILE_NOT_ALLOWED_INFO_3]);
+ }
+
+ $maxFilesizeMo = ini_get('upload_max_filesize');
+ $maxFilesizeKo = ini_get('upload_max_filesize')*1024;
+
+ if ($body['size']/1024 > $maxFilesizeKo) {
+ return $response->withStatus(400)->withJson(['errors' => _MAX_SIZE_UPLOAD_REACHED.' ('.round($maxFilesizeMo).'Mo Max.)']);
+ }
+ return $response->withJson(['success']);
+ }
+
+ private static function isFileAllowed(array $args)
+ {
+ ValidatorModel::notEmpty($args, ['extension', 'type']);
+ ValidatorModel::stringType($args, ['extension', 'type']);
+ $loadedXml = CoreConfigModel::getXmlLoaded(['path' => 'apps/maarch_entreprise/xml/extensions.xml']);
+ if ($loadedXml) {
+ foreach ($loadedXml->FORMAT as $value) {
+ if (strtolower((string)$value->name) == strtolower($args['extension']) && strtolower((string)$value->mime) == strtolower($args['type'])) {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
+
+ private static function getAllowedMime()
+ {
+ $loadedXml = CoreConfigModel::getXmlLoaded(['path' => 'apps/maarch_entreprise/xml/extensions.xml']);
+ $mimeList = [];
+
+ if ($loadedXml) {
+ foreach ($loadedXml->FORMAT as $value) {
+ $mimeList[] = (string)$value->mime;
+ }
+ }
+
+ return array_unique($mimeList);
+ }
+
public static function storeResource(array $aArgs)
{
ValidatorModel::notEmpty($aArgs, ['encodedFile', 'format', 'status', 'type_id', 'category_id']);
diff --git a/src/core/lang/lang-en.php b/src/core/lang/lang-en.php
index dbd1924d983a37c0a1eb2f0ac3adbf63796ca9c5..b8ada9a1c0015661f1c82551825ecd8afea130c5 100755
--- a/src/core/lang/lang-en.php
+++ b/src/core/lang/lang-en.php
@@ -491,3 +491,7 @@ define("_SECONDARY_INFORMATION", "Secondary informations");
define("_DEST_INFORMATION", "Destination informations");
define("_XPARAPH_ACCOUNT_DELETED", "xParaph account deleted");
define("_XPARAPH_ACCOUNT_CREATED", "xParaph account created");
+
+define("_FILE_NOT_ALLOWED_INFO_1", "This extension");
+define("_FILE_NOT_ALLOWED_INFO_2", "with MIME-type");
+define("_FILE_NOT_ALLOWED_INFO_3", "is not allowed");
diff --git a/src/core/lang/lang-fr.php b/src/core/lang/lang-fr.php
index 9f1eb69d1df6349e064200e6b21c128cdbc5dfeb..c541012b1da0182db04659c9b2dda010fb7fed39 100755
--- a/src/core/lang/lang-fr.php
+++ b/src/core/lang/lang-fr.php
@@ -491,3 +491,7 @@ define("_SECONDARY_INFORMATION", "Informations secondaires");
define("_DEST_INFORMATION", "Informations de destination");
define("_XPARAPH_ACCOUNT_DELETED", "Compte xParaph supprimé");
define("_XPARAPH_ACCOUNT_CREATED", "Compte xParaph créé");
+
+define("_FILE_NOT_ALLOWED_INFO_1", "L'extension");
+define("_FILE_NOT_ALLOWED_INFO_2", "avec le type MIME");
+define("_FILE_NOT_ALLOWED_INFO_3", "n'est pas autorisée");
diff --git a/src/core/lang/lang-nl.php b/src/core/lang/lang-nl.php
index 7aa52458b2791a2dfe1b24bd6e819f7dabb60132..a1baa20b791d8be0d8e0341dfb69b2ad1df9e361 100755
--- a/src/core/lang/lang-nl.php
+++ b/src/core/lang/lang-nl.php
@@ -492,4 +492,8 @@ define("_DIFFUSION_LIST", "Diffusion list_TO_TRANSLATE");
define("_SECONDARY_INFORMATION", "Secondary informations_TO_TRANSLATE");
define("_DEST_INFORMATION", "Destination informations_TO_TRANSLATE");
define("_XPARAPH_ACCOUNT_DELETED", "xParaph account deleted_TO_TRANSLATE");
-define("_XPARAPH_ACCOUNT_CREATED", "xParaph account created_TO_TRANSLATE");
\ No newline at end of file
+define("_XPARAPH_ACCOUNT_CREATED", "xParaph account created_TO_TRANSLATE");
+
+define("_FILE_NOT_ALLOWED_INFO_1", "This extension_TO_TRANSLATE");
+define("_FILE_NOT_ALLOWED_INFO_2", "with MIME-type_TO_TRANSLATE");
+define("_FILE_NOT_ALLOWED_INFO_3", "is not allowed_TO_TRANSLATE");