search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Change support desk contact information (#7561)
[openemr.git] / interface / super / manage_document_templates.php
blob5dcf9dc74d4d2ac6e4e4b9ed6a107dfd5b9a38f6
1 <?php
2
3 /**
4 * Document Template Management Module.
5 *
6 * @package OpenEMR
7 * @link http://www.open-emr.org
8 * @author Rod Roark <rod@sunsetsystems.com>
9 * @author Brady Miller <brady.g.miller@gmail.com>
10 * @author Tyler Wrenn <tyler@tylerwrenn.com>
11 * @copyright Copyright (c) 2013-2014 Rod Roark <rod@sunsetsystems.com>
12 * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
13 * @copyright Copyright (c) 2020 Tyler Wrenn <tyler@tylerwrenn.com>
14 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
15 */
16
17 require_once('../globals.php');
18
19 use OpenEMR\Common\Acl\AclMain;
20 use OpenEMR\Common\Crypto\CryptoGen;
21 use OpenEMR\Common\Csrf\CsrfUtils;
22 use OpenEMR\Common\Twig\TwigContainer;
23 use OpenEMR\Core\Header;
24
25 if (!AclMain::aclCheckCore('admin', 'super')) {
26 echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("Document Template Management")]);
27 exit;
28 }
29
30 // Set up crypto object
31 $cryptoGen = new CryptoGen();
32
33 $form_filename = convert_safe_file_dir_name($_REQUEST['form_filename'] ?? '');
34
35 $templatedir = "$OE_SITE_DIR/documents/doctemplates";
36
37 // If downloading a file, do the download and nothing else.
38 // Thus the current browser page should remain displayed.
39 //
40 if (!empty($_POST['bn_download'])) {
41 //verify csrf
42 if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
43 CsrfUtils::csrfNotVerified();
44 }
45
46 $templatepath = "$templatedir/$form_filename";
47
48 // Place file in variable
49 $fileData = file_get_contents($templatepath);
50
51 // Decrypt file, if applicable
52 if ($cryptoGen->cryptCheckStandard($fileData)) {
53 $fileData = $cryptoGen->decryptStandard($fileData, null, 'database');
54 }
55
56 header('Content-Description: File Transfer');
57 header('Content-Transfer-Encoding: binary');
58 header('Expires: 0');
59 header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
60 header('Pragma: public');
61 // attachment, not inline
62 header("Content-Disposition: attachment; filename=\"$form_filename\"");
63 // Note we avoid providing a mime type that suggests opening the file.
64 header("Content-Type: application/octet-stream");
65 header("Content-Length: " . strlen($fileData));
66 echo $fileData;
67 exit;
68 }
69
70 if (!empty($_POST['bn_delete'])) {
71 //verify csrf
72 if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
73 CsrfUtils::csrfNotVerified();
74 }
75
76 $templatepath = "$templatedir/$form_filename";
77 if (is_file($templatepath)) {
78 unlink($templatepath);
79 }
80 }
81
82 if (!empty($_POST['bn_upload'])) {
83 //verify csrf
84 if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
85 CsrfUtils::csrfNotVerified();
86 }
87
88 // Handle uploads.
89 $tmp_name = $_FILES['form_file']['tmp_name'];
90 if (is_uploaded_file($tmp_name) && $_FILES['form_file']['size']) {
91 // Choose the destination path/filename.
92 $form_dest_filename = $_POST['form_dest_filename'];
93 if ($form_dest_filename == '') {
94 $form_dest_filename = $_FILES['form_file']['name'];
95 }
96
97 $form_dest_filename = convert_safe_file_dir_name(basename($form_dest_filename));
98 if ($form_dest_filename == '') {
99 die(xlt('Cannot determine a destination filename'));
100 }
101 $path_parts = pathinfo($form_dest_filename);
102 $extension = strtolower($path_parts['extension'] ?? '');
103
104 if (!in_array($extension, array('odt', 'txt', 'docx', 'zip'))) {
105 die(text($extension) . ' ' . xlt('filetype is not accepted'));
106 }
107
108 // Check if the uploaded file is a zip file
109 if ($extension === 'zip') {
110 $maxZipSize = 1048576; // 1 MB (adjust the size as needed)
111 if ($_FILES['form_file']['size'] > $maxZipSize) {
112 die(xlt('Zip file size exceeds the maximum allowed size'));
113 }
114
115 // Check for nested zip files
116 $zip = new ZipArchive();
117 if ($zip->open($tmp_name) === true) {
118 for ($i = 0; $i < $zip->numFiles; $i++) {
119 $nestedFile = $zip->getNameIndex($i);
120 if (pathinfo($nestedFile, PATHINFO_EXTENSION) === 'zip') {
121 die(xlt('Nested zip files are not allowed'));
122 }
123 }
124 $zip->close();
125 } else {
126 die(xlt('Failed to open the zip file'));
127 }
128 }
129
130 $templatepath = "$templatedir/$form_dest_filename";
131 // If the site's template directory does not yet exist, create it.
132 if (!is_dir($templatedir)) {
133 mkdir($templatedir);
134 }
135
136 // If the target file already exists, delete it.
137 if (is_file($templatepath)) {
138 unlink($templatepath);
139 }
140
141 // Place uploaded file in variable.
142 $fileData = file_get_contents($tmp_name);
143
144 // Encrypt uploaded file, if applicable.
145 if ($GLOBALS['drive_encryption']) {
146 $storedData = $cryptoGen->encryptStandard($fileData, null, 'database');
147 } else {
148 $storedData = $fileData;
149 }
150
151 // Store the uploaded file.
152 if (file_put_contents($templatepath, $storedData) === false) {
153 die(xlt('Unable to create') . " '" . text($templatepath) . "'");
154 }
155 }
156 }
157
158 ?>
159 <html>
160 <head>
161 <title><?php echo xlt('Document Template Management'); ?></title>
162 <?php Header::setupHeader(); ?>
163 <style>
164 .dehead {
165 color: var(--black);
166 font-family: sans-serif;
167 font-size: 0.8125rem;
168 font-weight:bold;
169 }
170 .detail {
171 color: var(--black);
172 font-family: sans-serif;
173 font-size: 0.8125rem;
174 font-weight: normal;
175 }
176 </style>
177 </head>
178 <body class="body_top">
179 <div class="container">
180 <form method='post' action='manage_document_templates.php' enctype='multipart/form-data'
181 onsubmit='return top.restoreSession()'>
182 <input type="hidden" name="csrf_token_form" value="<?php echo attr(CsrfUtils::collectCsrfToken()); ?>" />
183 <h2 class="text-center"><?php echo xlt('Document Template Management'); ?></h2>
184 <div class="row">
185 <div class="col-6">
186 <div class="mx-auto mt-3">
187 <div class="card">
188 <h5 class="card-header"><?php echo xlt('Upload a Template'); ?></h5>
189 <div class="card-body">
190 <div class="custom-file">
191 <input type="hidden" name="MAX_FILE_SIZE" value="250000000" />
192 <input type="file" name="form_file" size="40" class="custom-file-input" id="customFile" />
193 <label class="custom-file-label" for="customFile"><?php echo xlt('Choose file'); ?></label>
194 </div>
195 <div class="input-group mt-3">
196 <label for="form_dest_filename"><?php echo xlt('Destination Filename'); ?>:</label>
197 <input type='text' class="form-control" name='form_dest_filename' id='form_dest_filename' size='30' />
198 <div class="input-group-append">
199 <input type='submit' class="btn btn-primary" name='bn_upload' value='<?php echo xla('Upload') ?>' />
200 </div>
201 </div>
202 </div>
203 </div>
204 </div>
205 </div>
206 <div class="col-6">
207 <div class="mx-auto mt-3">
208 <div class="card">
209 <h5 class="card-header"><?php echo xlt('Download or Delete a Template'); ?></h5>
210 <div class="card-body">
211 <select class="form-control" name='form_filename'>
212 <?php
213 // Generate an <option> for each existing file.
214 if (file_exists($templatedir)) {
215 $dh = opendir($templatedir);
216 } else {
217 $dh = false;
218 }
219 if ($dh) {
220 $templateslist = array();
221 while (false !== ($sfname = readdir($dh))) {
222 if (substr($sfname, 0, 1) == '.') {
223 continue;
224 }
225
226 $templateslist[$sfname] = $sfname;
227 }
228
229 closedir($dh);
230 ksort($templateslist);
231 foreach ($templateslist as $sfname) {
232 echo " <option value='" . attr($sfname) . "'";
233 echo ">" . text($sfname) . "</option>\n";
234 }
235 }
236 ?>
237 </select>
238 <div class="mt-3">
239 <input type='submit' class="btn btn-success" name='bn_download' value='<?php echo xla('Download') ?>' />
240 <input type='submit' class="btn btn-danger" name='bn_delete' value='<?php echo xla('Delete') ?>' />
241 </div>
242 </div>
243 </div>
244 </div>
245 </div>
246 </div>
247 </form>
248 </div>
249 <script>
250 //display file name
251 $(".custom-file-input").on("change", function() {
252 var fileName = $(this).val().split("\\").pop();
253 $(this).siblings(".custom-file-label").addClass("selected").html(jsText(fileName));
254 });
255 </script>
256 </body>
257 </html>
Mirror of official OpenEMR Sourceforge repository