* Copyright (C) 2024 MDW * Copyright (C) 2024 Frédéric France * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * Note about $_SERVER: * REQUEST_URI: /test/before_rewrite/script.php/path/info?q=helloword * PHP_SELF: /test/after_rewrite/script.php/path/info * QUERY_STRING: q=helloword * SCRIPT_NAME: /test/after_rewrite/script.php * PATH_INFO: /path/info * SCRIPT_FILENAME: /var/www/test/php/script.php * __FILE__ : /var/www/test/php/script_included.php */ /** * \file htdocs/public/website/index.php * \ingroup website * \brief Wrapper to output pages when website is powered by Dolibarr instead of a native web server */ if (!defined('NOTOKENRENEWAL')) { define('NOTOKENRENEWAL', 1); // Disables token renewal } if (!defined('NOLOGIN')) { define("NOLOGIN", 1); } if (!defined('NOCSRFCHECK')) { define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. } if (!defined('NOREQUIREMENU')) { define('NOREQUIREMENU', '1'); } if (!defined('NOREQUIREHTML')) { define('NOREQUIREHTML', '1'); } if (!defined('NOREQUIREAJAX')) { define('NOREQUIREAJAX', '1'); } if (!defined('NOIPCHECK')) { define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip } if (!defined('NOBROWSERNOTIF')) { define('NOBROWSERNOTIF', '1'); } /** * Header empty * * @param string $head Optional head lines * @param string $title HTML title * @param string $help_url Url links to help page * Syntax is: For a wiki page: EN:EnglishPage|FR:FrenchPage|ES:SpanishPage|DE:GermanPage * For other external page: http://server/url * @param string $target Target to use on links * @param int $disablejs More content into html header * @param int $disablehead More content into html header * @param array|string $arrayofjs Array of complementary js files * @param array|string $arrayofcss Array of complementary css files * @param string $morequerystring Query string to add to the link "print" to get same parameters (use only if autodetect fails) * @param string $morecssonbody More CSS on body tag. For example 'classforhorizontalscrolloftabs'. * @param string $replacemainareaby Replace call to main_area() by a print of this string * @param int $disablenofollow Disable the "nofollow" on meta robot header * @param int $disablenoindex Disable the "noindex" on meta robot header * @return void */ function llxHeader($head = '', $title = '', $help_url = '', $target = '', $disablejs = 0, $disablehead = 0, $arrayofjs = '', $arrayofcss = '', $morequerystring = '', $morecssonbody = '', $replacemainareaby = '', $disablenofollow = 0, $disablenoindex = 0) { } /** * Footer empty * * @param string $comment A text to add as HTML comment into HTML generated page * @param string $zone 'private' (for private pages) or 'public' (for public pages) * @param int $disabledoutputofmessages Clear all messages stored into session without displaying them * @return void */ function llxFooter($comment = '', $zone = 'private', $disabledoutputofmessages = 0) { } require '../../master.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $error = 0; $websitekey = GETPOST('website', 'alpha'); $pageid = GETPOST('page', 'alpha') ? GETPOST('page', 'alpha') : GETPOST('pageid', 'alpha'); $pageref = GETPOST('pageref', 'alphanohtml') ? GETPOST('pageref', 'alphanohtml') : ''; // If page is xx/pagename, xx is a language, we set $pageref to pagename $reg = array(); if (preg_match('/^(\w\w)\/(.*)$/', $pageref, $reg)) { $pageref = $reg[2]; } $accessallowed = 1; $type = ''; if (empty($pageid)) { require_once DOL_DOCUMENT_ROOT.'/website/class/website.class.php'; require_once DOL_DOCUMENT_ROOT.'/website/class/websitepage.class.php'; $object = new Website($db); $object->fetch(0, $websitekey); if (empty($object->id)) { if (empty($pageid)) { // Return header 404 header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404); include DOL_DOCUMENT_ROOT.'/public/error-404.php'; exit; } } $objectpage = new WebsitePage($db); if ($pageref) { // @phan-suppress-next-line PhanPluginSuspiciousParamPosition $result = $objectpage->fetch(0, $object->id, $pageref); if ($result > 0) { $pageid = $objectpage->id; } elseif ($result == 0) { // Page not found from ref=pageurl, we try using alternative alias // @phan-suppress-next-line PhanPluginSuspiciousParamPosition $result = $objectpage->fetch(0, $object->id, null, $pageref); if ($result > 0) { $pageid = $objectpage->id; } } } else { if ($object->fk_default_home > 0) { $result = $objectpage->fetch($object->fk_default_home); if ($result > 0) { $pageid = $objectpage->id; } } if (empty($pageid)) { $array = $objectpage->fetchAll($object->id); // TODO Can filter on container of type pages only ? if (is_array($array) && count($array) > 0) { $firstrep = reset($array); $pageid = $firstrep->id; } } } } if (empty($pageid)) { // Return header 404 header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404); $langs->load("website"); if (!GETPOSTISSET('pageref')) { print $langs->trans("PreviewOfSiteNotYetAvailable", $websitekey); } include DOL_DOCUMENT_ROOT.'/public/error-404.php'; exit; } if (empty($pageref)) { $objectpage = new WebsitePage($db); $result = $objectpage->fetch($pageid); if ($result > 0) { $pageref = $objectpage->ref; } } if (preg_match('/^_(library|service)_page_/', $pageref)) { $originalcontentonly = 1; } $appli = constant('DOL_APPLICATION_TITLE'); if (getDolGlobalString('MAIN_APPLICATION_TITLE')) { $appli = getDolGlobalString('MAIN_APPLICATION_TITLE'); } /* * View */ //print 'Directory with '.$appli.' websites.
'; // Security: Delete string ../ into $original_file global $dolibarr_main_data_root; if ($pageid == 'css') { // No more used ? header('Content-type: text/css'); // Important: Following code is to avoid page request by browser and PHP CPU at each Dolibarr page access. //if (empty($dolibarr_nocache)) header('Cache-Control: max-age=3600, public, must-revalidate'); //else header('Cache-Control: no-cache'); $original_file = $dolibarr_main_data_root.($conf->entity > 1 ? '/'.$conf->entity : '').'/website/'.$websitekey.'/styles.css.php'; } else { $original_file = $dolibarr_main_data_root.($conf->entity > 1 ? '/'.$conf->entity : '').'/website/'.$websitekey.'/page'.$pageid.'.tpl.php'; } // Find the subdirectory name as the reference $refname = basename(dirname($original_file)."/"); // Security: // Limit access if permissions are insufficient if (!$accessallowed) { accessforbidden(); } // Security: // On interdit les remontees de repertoire ainsi que les pipe dans // les noms de fichiers. if (preg_match('/\.\./', $original_file) || preg_match('/[<>|]/', $original_file)) { dol_syslog("Refused to deliver file ".$original_file); $file = basename($original_file); // Do no show plain path of original_file in shown error message dol_print_error(null, $langs->trans("ErrorFileNameInvalid", $file)); exit; } clearstatcache(); $filename = basename($original_file); // Output file on browser dol_syslog("index.php include $original_file $filename content-type=$type"); $original_file_osencoded = dol_osencode($original_file); // New file name encoded in OS encoding charset // This test if file exists should be useless. We keep it to find bug more easily if (!file_exists($original_file_osencoded)) { // Return header 404 header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404); $langs->load("website"); print $langs->trans("RequestedPageHasNoContentYet", $pageid); include DOL_DOCUMENT_ROOT.'/public/error-404.php'; exit; } // Output page content define('USEDOLIBARRSERVER', 1); if (!isset($originalcontentonly)) { print ''."\n"; } include_once $original_file_osencoded; // Note: The pageXXX.tpl.php showed here contains a formatage with dolWebsiteOutput() at end of page. if (is_object($db)) { $db->close(); }