From 68cd3d657ffedfc96d9835f9c5242368e45ae2fc Mon Sep 17 00:00:00 2001
From: le-reparateur <162715304+le-reparateur@users.noreply.github.com>
Date: Thu, 21 Mar 2024 17:08:14 +0100
Subject: [PATCH 1/2] Update filefunc.inc.php

Fix #28993
---
 htdocs/filefunc.inc.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php
index 0c6698c736c5f..b6b2e7565e7cb 100644
--- a/htdocs/filefunc.inc.php
+++ b/htdocs/filefunc.inc.php
@@ -143,7 +143,8 @@ function dol_session_rotate($sessionname = '')
 $listofwrappers = stream_get_wrappers();
 // We need '.phar' for geoip2. TODO Replace phar in geoip with exploded files so we can disable phar by default.
 // phar stream does not auto unserialize content (possible code execution) since PHP 8.1
-$arrayofstreamtodisable = array('compress.zlib', 'compress.bzip2', 'ftp', 'ftps', 'glob', 'data', 'expect', 'ogg', 'rar', 'zip', 'zlib');
+// zip stream is necessary in import module
+$arrayofstreamtodisable = array('compress.zlib', 'compress.bzip2', 'ftp', 'ftps', 'glob', 'data', 'expect', 'ogg', 'rar', 'zlib');
 if (!empty($dolibarr_main_stream_to_disable) && is_array($dolibarr_main_stream_to_disable)) {
 	$arrayofstreamtodisable = $dolibarr_main_stream_to_disable;
 }

From 4e483e4010d86b85bcea27aa89ee040bb54c7811 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 23 Mar 2024 19:39:47 +0100
Subject: [PATCH 2/2] Update filefunc.inc.php

---
 htdocs/filefunc.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php
index b6b2e7565e7cb..0eee620839757 100644
--- a/htdocs/filefunc.inc.php
+++ b/htdocs/filefunc.inc.php
@@ -143,7 +143,7 @@ function dol_session_rotate($sessionname = '')
 $listofwrappers = stream_get_wrappers();
 // We need '.phar' for geoip2. TODO Replace phar in geoip with exploded files so we can disable phar by default.
 // phar stream does not auto unserialize content (possible code execution) since PHP 8.1
-// zip stream is necessary in import module
+// zip stream is necessary by excel import module
 $arrayofstreamtodisable = array('compress.zlib', 'compress.bzip2', 'ftp', 'ftps', 'glob', 'data', 'expect', 'ogg', 'rar', 'zlib');
 if (!empty($dolibarr_main_stream_to_disable) && is_array($dolibarr_main_stream_to_disable)) {
 	$arrayofstreamtodisable = $dolibarr_main_stream_to_disable;