From f08682bed90ea8230046e0dee16454aa4db61900 Mon Sep 17 00:00:00 2001
From: tofulm <tofulm@gmail.com>
Date: Fri, 20 Mar 2020 22:40:43 +0100
Subject: [PATCH] =?UTF-8?q?On=20ajoute=20un=204=20arg=20=C3=A0=20bigform?=
 =?UTF-8?q?=5Ftraiter=20(false=20par=20defaut),=20qui=20permet=20de=20depl?=
 =?UTF-8?q?acer=20les=20fichiers=20dans=20un=20dossiers=20proteger?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 base/bigform.php              | 12 +++++++++++
 bigform_administrations.php   |  1 +
 inc/bigform_securiser_doc.php | 39 +++++++++++++++++++++++++++++++++++
 inc/bigform_traiter.php       |  9 ++++++--
 paquet.xml                    |  5 +++--
 5 files changed, 62 insertions(+), 4 deletions(-)
 create mode 100644 base/bigform.php
 create mode 100644 inc/bigform_securiser_doc.php

diff --git a/base/bigform.php b/base/bigform.php
new file mode 100644
index 0000000..52c2954
--- /dev/null
+++ b/base/bigform.php
@@ -0,0 +1,12 @@
+<?php
+if (!defined('_ECRIRE_INC_VERSION')){
+	return;
+}
+
+
+function bigform_declarer_tables_principales($tables_principales){
+
+	$tables_principales['spip_documents']['field']['protected'] = 'varchar(5) NOT NULL';
+
+	return $tables_principales;
+}
diff --git a/bigform_administrations.php b/bigform_administrations.php
index f9fd65a..2c54d50 100644
--- a/bigform_administrations.php
+++ b/bigform_administrations.php
@@ -33,6 +33,7 @@ function bigform_upgrade($nom_meta_base_version, $version_cible) {
 
 	$maj['create'] = [['ecrire_meta', 'bigup', serialize($config_defaut)]];
 	$maj['1.0.1']  = [['ecrire_meta', 'bigup', serialize($config_defaut)]];
+	$maj['1.0.3']  = [['maj_tables', ['spip_documents']]];
 
 	include_spip('base/upgrade');
 	maj_plugin($nom_meta_base_version, $version_cible, $maj);
diff --git a/inc/bigform_securiser_doc.php b/inc/bigform_securiser_doc.php
new file mode 100644
index 0000000..fdb4330
--- /dev/null
+++ b/inc/bigform_securiser_doc.php
@@ -0,0 +1,39 @@
+<?php
+if (!defined('_ECRIRE_INC_VERSION')){
+	return;
+}
+
+
+function bigform_securiser_doc($Tid_doc){
+	$rep = sous_repertoire(_DIR_IMG, 'PROTECTED');
+	$content = "# Deny all requests from Apache 2.4+.
+<IfModule mod_authz_core.c>
+  Require all denied
+</IfModule>
+# Deny all requests from Apache 2.0-2.2.
+<IfModule !mod_authz_core.c>
+  Deny from all
+</IfModule>";
+
+	if (!verifier_htaccess($rep . "/.htaccess")) {
+		ecrire_fichier($rep . "/.htaccess", $content);
+	}
+
+	foreach ($Tid_doc as $id) {
+		if (intval($id)) {
+			$r = sql_fetsel('extension, fichier','spip_documents','id_document='.intval($id));
+			$fichier = $r['fichier'];
+			$ext = $r['extension'];
+			sous_repertoire(_DIR_IMG . 'PROTECTED', $ext);
+			if ($fichier) {
+				$source = _DIR_IMG . "/" . $fichier;
+				if (file_exists($source)) {
+					$d = deplacer_fichier_upload($source, _DIR_IMG . 'PROTECTED/' . $fichier, true);
+					if ($d) {
+						sql_updateq('spip_documents',['protected' => 'oui'], 'id_document='.$id);
+					}
+				}
+			}
+		}
+	}
+}
diff --git a/inc/bigform_traiter.php b/inc/bigform_traiter.php
index ff73993..5b85b53 100644
--- a/inc/bigform_traiter.php
+++ b/inc/bigform_traiter.php
@@ -11,7 +11,7 @@ if (!defined('_ECRIRE_INC_VERSION')){
  * @param $mode
  * @return array tableau des id_document $Tid_doc
  */
-function inc_bigform_traiter_dist($id_objet, $objet = 'article', $mode='auto') {
+function inc_bigform_traiter_dist($id_objet, $objet = 'article', $mode='auto', $secu = false) {
 	include_spip('inc/joindre_document');
 	set_request('joindre_upload','ok');
 
@@ -21,7 +21,7 @@ function inc_bigform_traiter_dist($id_objet, $objet = 'article', $mode='auto') {
 
 	// calcul ordre des titres des files uploades
 	$lesTitres = [];
-	if (is_array($files)){
+	if (is_array($files) and is_array($html_ordre)){
 		foreach ($files as $i => $t) {
 			$index       = array_search($t['name'], $html_ordre);
 			$lesTitres[] = $html_titre[$index];
@@ -53,6 +53,11 @@ function inc_bigform_traiter_dist($id_objet, $objet = 'article', $mode='auto') {
 	if (is_array($files) and count($files)) {
 		$ajouter_document = charger_fonction('ajouter_documents', 'action');
 		$Tid_doc = $ajouter_document('new', $files, $objet, $id_objet,$mode);
+
+		if (is_array($Tid_doc) and count($Tid_doc) and $secu) {
+			include_spip('inc/bigform_securiser_doc');
+			bigform_securiser_doc($Tid_doc);
+		}
 	}
 
 	// si tout s'est bien passé, on supprime le/les anciens logos
diff --git a/paquet.xml b/paquet.xml
index fcc5951..b6fab22 100644
--- a/paquet.xml
+++ b/paquet.xml
@@ -1,12 +1,12 @@
 <paquet
 	prefix="bigform"
 	categorie="edition"
-	version="1.0.5"
+	version="1.0.7"
 	etat="dev"
 	compatibilite="[3.2.5;3.3.*]"
 	logo="prive/themes/spip/images/bigform-64.png"
 	documentation=""
-	schema="1.0.1"
+	schema="1.0.3"
 >
 
 	<nom>BigForm</nom>
@@ -19,6 +19,7 @@
 	<necessite nom="bigup" compatibilite="[1.0.0;[" />
 
 	<pipeline nom="autoriser" inclure="bigform_autorisations.php" />
+	<pipeline nom="declarer_tables_principales" inclure="base/bigform.php" />
 
 
 </paquet>