inovice upload + related product in stock

leedavi · leedavi · commit ce09324695cc · 2021-04-20T17:17:58.000+02:00
diff --git a/Components/Orders/OrderFunctions.cs b/Components/Orders/OrderFunctions.cs
@@ -214,6 +214,14 @@ private static String OrderAdminSave(HttpContext context)
                             {
                                 var fname = Path.GetFileName(ajaxInfo.GetXmlProperty("genxml/hidden/optionfilelist"));
 
+                                var ext = Path.GetExtension(fname);
+                                fname = DnnUtils.Encrypt(fname, StoreSettings.Current.Get("adminpin"));
+                                foreach (char c in System.IO.Path.GetInvalidFileNameChars())
+                                {
+                                    fname = fname.Replace(c, '_');
+                                }
+                                fname = ext + "-" + fname; // add extension to front, so it cannot be servered but we can add to order data.
+
                                 if (File.Exists(StoreSettings.Current.FolderTempMapPath.TrimEnd('\\') + "\\" + fname))
                                 {
                                     var newfname = "secure" + Utils.GetUniqueKey();
@@ -229,9 +237,14 @@ private static String OrderAdminSave(HttpContext context)
                                     ordData.PurchaseInfo.SetXmlProperty("genxml/hidden/invoicefilepath", StoreSettings.Current.FolderUploadsMapPath.TrimEnd('\\') + "\\" + newfname);
                                     ordData.PurchaseInfo.SetXmlProperty("genxml/hidden/invoicefilename", newfname);
                                     ordData.PurchaseInfo.SetXmlProperty("genxml/hidden/invoiceuploadname", fname);
-                                    ordData.PurchaseInfo.SetXmlProperty("genxml/hidden/invoicefileext", Path.GetExtension(fname));
+
+                                    var ext2 = "";
+                                    var extSplit = fname.Split('-');
+                                    if (extSplit.Count() > 0) ext2 = extSplit[0]; // we add the extension to the front of upload for IIS default security in serving file.
+
+                                    ordData.PurchaseInfo.SetXmlProperty("genxml/hidden/invoicefileext", ext2);
                                     ordData.PurchaseInfo.SetXmlProperty("genxml/hidden/invoicefilerelpath", StoreSettings.Current.FolderUploads + "/" + newfname);
-                                    ordData.PurchaseInfo.SetXmlProperty("genxml/hidden/invoicedownloadname", "NBS" + ordData.OrderNumber + Path.GetExtension(fname));
+                                    ordData.PurchaseInfo.SetXmlProperty("genxml/hidden/invoicedownloadname", "OS" + ordData.OrderNumber + ext2);
                                 }
                             }
 
diff --git a/Properties/AssemblyInfo.cs b/Properties/AssemblyInfo.cs
@@ -32,5 +32,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("4.1.5.1")]
-[assembly: AssemblyFileVersion("4.1.5.1")]
+[assembly: AssemblyVersion("4.1.5.2")]
+[assembly: AssemblyFileVersion("4.1.5.2")]
diff --git a/Themes/ClassicAjax/Default/ProductDisplayDetail.cshtml b/Themes/ClassicAjax/Default/ProductDisplayDetail.cshtml
@@ -300,12 +300,12 @@ else
 
                                 <div class="price">
 
-                                    @if (product.Models.Count > 1)
+                                    @if (rproduct.Models.Count > 1)
                                     {
                                         <span class="from">@ResourceKey("ProductView.from")</span>
                                     }
 
-                                    @if (product.IsOnSale)
+                                    @if (rproduct.IsOnSale)
                                     {
                                         <span class="old">@(NBrightBuyUtils.FormatToStoreCurrency(rproduct.FromPrice()))</span>
                                         <span class="sale">@(NBrightBuyUtils.FormatToStoreCurrency(rproduct.BestPrice()))</span>
@@ -317,11 +317,11 @@ else
                                 </div>
 
                                 <div class="flags">
-                                @if (product.IsOnSale)
+                                @if (rproduct.IsOnSale)
                                 {
                                     <span class="onsaleflag">@ResourceKey("ProductView.onsaleflag")</span>
                                 }
-                                @if (!product.IsInStock)
+                                @if (!rproduct.IsInStock)
                                 {
                                     <span class="outofstockflag">@ResourceKey("ProductView.outofstockflag")</span>
                                 }
diff --git a/Themes/Default/Default/OrderAdminDetail.cshtml b/Themes/Default/Default/OrderAdminDetail.cshtml
@@ -26,7 +26,7 @@
 
         @if (nbi.GetXmlProperty("genxml/hidden/invoicefilename") != "")
         {
-            <a class="documentlink btn btn-default primarybutton" href='/DesktopModules/NBright/NBrightBuy/XmlConnector.ashx?cmd=docdownload&downloadname=@nbi.GetXmlProperty("genxml/hidden/invoicedownloadname")&filename=@nbi.GetXmlProperty("genxml/hidden/invoicefilerelpath")'>@ResourceKey("OrderAdmin.downloadinvoice")</a>
+            <a class="documentlink btn btn-default primarybutton" href='/DesktopModules/NBright/NBrightBuy/XmlConnector.ashx?cmd=docdownload&downloadname=@nbi.GetXmlProperty("genxml/hidden/invoicedownloadname")&userid=@nbi.UserId&filename=@nbi.GetXmlProperty("genxml/hidden/invoicefilerelpath")'>@ResourceKey("OrderAdmin.downloadinvoice")</a>
         }
     </div>
 
diff --git a/XmlConnector.ashx.cs b/XmlConnector.ashx.cs
@@ -287,13 +287,14 @@ private string DownloadSystemFile(string paramCmd, HttpContext context)
                 {
                     strOut = fname; // return this is error.
                     var downloadname = Utils.RequestQueryStringParam(context, "downloadname");
+                    var userid = Utils.RequestQueryStringParam(context, "userid");                    
                     var fpath = HttpContext.Current.Server.MapPath(fname);
                     if (downloadname == "") downloadname = Path.GetFileName(fname);
                     try
                     {
                         if (fpath.ToLower().Contains("\\secure"))
                         {
-                            if (NBrightBuyUtils.CheckManagerRights())
+                            if (NBrightBuyUtils.CheckManagerRights() || UserController.Instance.GetCurrentUserInfo().UserID.ToString() == userid)
                             {
                                 Utils.ForceDocDownload(fpath, downloadname, context.Response);
                             }
@@ -487,12 +488,14 @@ private String UploadWholeFile(HttpContext context, List<FilesStatus> statuses,
                 Regex fexpr = new Regex(StoreSettings.Current.Get("fileregexpr"));
                 if (fexpr.Match(file.FileName.ToLower()).Success)
                 {
+                    var ext = Path.GetExtension(file.FileName);
                     var fn = DnnUtils.Encrypt(file.FileName, StoreSettings.Current.Get("adminpin"));
                     foreach (char c in System.IO.Path.GetInvalidFileNameChars())
                     {
                         fn = fn.Replace(c, '_');
                     }
-                    file.SaveAs(StoreSettings.Current.FolderTempMapPath + "\\" + fn);
+                    fn = ext + "-" + fn; // add extension to front, so it cannot be servered but we can add to order data.
+                    file.SaveAs(StoreSettings.Current.FolderTempMapPath + "\\" + fn); 
                     statuses.Add(new FilesStatus(Path.GetFileName(fn), file.ContentLength));
                 }
             }

Original file line number	Diff line number	Diff line change
`@@ -300,12 +300,12 @@ else`
`300`	`300`
`301`	`301`	`<div class="price">`
`302`	`302`
`303`		`- @if (product.Models.Count > 1)`
	`303`	`+ @if (rproduct.Models.Count > 1)`
`304`	`304`	`{`
`305`	`305`	`<span class="from">@ResourceKey("ProductView.from")</span>`
`306`	`306`	`}`
`307`	`307`
`308`		`- @if (product.IsOnSale)`
	`308`	`+ @if (rproduct.IsOnSale)`
`309`	`309`	`{`
`310`	`310`	`<span class="old">@(NBrightBuyUtils.FormatToStoreCurrency(rproduct.FromPrice()))</span>`
`311`	`311`	`<span class="sale">@(NBrightBuyUtils.FormatToStoreCurrency(rproduct.BestPrice()))</span>`
`@@ -317,11 +317,11 @@ else`
`317`	`317`	`</div>`
`318`	`318`
`319`	`319`	`<div class="flags">`
`320`		`- @if (product.IsOnSale)`
	`320`	`+ @if (rproduct.IsOnSale)`
`321`	`321`	`{`
`322`	`322`	`<span class="onsaleflag">@ResourceKey("ProductView.onsaleflag")</span>`
`323`	`323`	`}`
`324`		`- @if (!product.IsInStock)`
	`324`	`+ @if (!rproduct.IsInStock)`
`325`	`325`	`{`
`326`	`326`	`<span class="outofstockflag">@ResourceKey("ProductView.outofstockflag")</span>`
`327`	`327`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@`
`26`	`26`
`27`	`27`	`@if (nbi.GetXmlProperty("genxml/hidden/invoicefilename") != "")`
`28`	`28`	`{`
`29`		`- <a class="documentlink btn btn-default primarybutton" href='/DesktopModules/NBright/NBrightBuy/XmlConnector.ashx?cmd=docdownload&[email protected]("genxml/hidden/invoicedownloadname")&[email protected]("genxml/hidden/invoicefilerelpath")'>@ResourceKey("OrderAdmin.downloadinvoice")</a>`
	`29`	`+ <a class="documentlink btn btn-default primarybutton" href='/DesktopModules/NBright/NBrightBuy/XmlConnector.ashx?cmd=docdownload&[email protected]("genxml/hidden/invoicedownloadname")&[email protected]&[email protected]("genxml/hidden/invoicefilerelpath")'>@ResourceKey("OrderAdmin.downloadinvoice")</a>`
`30`	`30`	`}`
`31`	`31`	`</div>`
`32`	`32`
Original file line number	Diff line number	Diff line change
`@@ -287,13 +287,14 @@ private string DownloadSystemFile(string paramCmd, HttpContext context)`
`287`	`287`	`{`
`288`	`288`	`strOut = fname; // return this is error.`
`289`	`289`	`var downloadname = Utils.RequestQueryStringParam(context, "downloadname");`
	`290`	`+ var userid = Utils.RequestQueryStringParam(context, "userid");`
`290`	`291`	`var fpath = HttpContext.Current.Server.MapPath(fname);`
`291`	`292`	`if (downloadname == "") downloadname = Path.GetFileName(fname);`
`292`	`293`	`try`
`293`	`294`	`{`
`294`	`295`	`if (fpath.ToLower().Contains("\\secure"))`
`295`	`296`	`{`
`296`		`- if (NBrightBuyUtils.CheckManagerRights())`
	`297`	`+ if (NBrightBuyUtils.CheckManagerRights() \|\| UserController.Instance.GetCurrentUserInfo().UserID.ToString() == userid)`
`297`	`298`	`{`
`298`	`299`	`Utils.ForceDocDownload(fpath, downloadname, context.Response);`
`299`	`300`	`}`
`@@ -487,12 +488,14 @@ private String UploadWholeFile(HttpContext context, List<FilesStatus> statuses,`
`487`	`488`	`Regex fexpr = new Regex(StoreSettings.Current.Get("fileregexpr"));`
`488`	`489`	`if (fexpr.Match(file.FileName.ToLower()).Success)`
`489`	`490`	`{`
	`491`	`+ var ext = Path.GetExtension(file.FileName);`
`490`	`492`	`var fn = DnnUtils.Encrypt(file.FileName, StoreSettings.Current.Get("adminpin"));`
`491`	`493`	`foreach (char c in System.IO.Path.GetInvalidFileNameChars())`
`492`	`494`	`{`
`493`	`495`	`fn = fn.Replace(c, '_');`
`494`	`496`	`}`
`495`		`- file.SaveAs(StoreSettings.Current.FolderTempMapPath + "\\" + fn);`
	`497`	`+ fn = ext + "-" + fn; // add extension to front, so it cannot be servered but we can add to order data.`
	`498`	`+ file.SaveAs(StoreSettings.Current.FolderTempMapPath + "\\" + fn);`
`496`	`499`	`statuses.Add(new FilesStatus(Path.GetFileName(fn), file.ContentLength));`
`497`	`500`	`}`
`498`	`501`	`}`