[ Index ] |
PHP Cross Reference of MyBB 1.8.36 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'attachment.php'); 13 14 require_once "./global.php"; 15 16 if($mybb->settings['enableattachments'] != 1) 17 { 18 error($lang->attachments_disabled); 19 } 20 21 // Find the AID we're looking for 22 if(isset($mybb->input['thumbnail'])) 23 { 24 $aid = $mybb->get_input('thumbnail', MyBB::INPUT_INT); 25 } 26 else 27 { 28 $aid = $mybb->get_input('aid', MyBB::INPUT_INT); 29 } 30 31 $pid = $mybb->get_input('pid', MyBB::INPUT_INT); 32 33 // Select attachment data from database 34 if($aid) 35 { 36 $query = $db->simple_select("attachments", "*", "aid='{$aid}'"); 37 } 38 else 39 { 40 $query = $db->simple_select("attachments", "*", "pid='{$pid}'"); 41 } 42 $attachment = $db->fetch_array($query); 43 44 $plugins->run_hooks("attachment_start"); 45 46 if(!$attachment) 47 { 48 error($lang->error_invalidattachment); 49 } 50 51 if($attachment['thumbnail'] == '' && isset($mybb->input['thumbnail'])) 52 { 53 error($lang->error_invalidattachment); 54 } 55 56 $attachtypes = (array)$cache->read('attachtypes'); 57 $ext = get_extension($attachment['filename']); 58 59 if(empty($attachtypes[$ext])) 60 { 61 error($lang->error_invalidattachment); 62 } 63 64 $attachtype = $attachtypes[$ext]; 65 66 $pid = $attachment['pid']; 67 68 // Don't check the permissions on preview 69 if($pid || $attachment['uid'] != $mybb->user['uid']) 70 { 71 $post = get_post($pid); 72 // Check permissions if the post is not a draft 73 if($post['visible'] != -2) 74 { 75 $thread = get_thread($post['tid']); 76 77 if(!$thread && !isset($mybb->input['thumbnail'])) 78 { 79 error($lang->error_invalidthread); 80 } 81 $fid = $thread['fid']; 82 83 // Get forum info 84 $forum = get_forum($fid); 85 86 // Permissions 87 $forumpermissions = forum_permissions($fid); 88 89 if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail'])) 90 { 91 error_no_permission(); 92 } 93 94 // Error if attachment is invalid or not visible 95 if(!$attachment['attachname'] || (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1))) 96 { 97 error($lang->error_invalidattachment); 98 } 99 100 if($attachtype['forums'] != -1 && strpos(','.$attachtype['forums'].',', ','.$fid.',') === false) 101 { 102 error_no_permission(); 103 } 104 } 105 } 106 107 if(!isset($mybb->input['thumbnail'])) // Only increment the download count if this is not a thumbnail 108 { 109 if(!is_member($attachtype['groups'])) 110 { 111 error_no_permission(); 112 } 113 114 $attachupdate = array( 115 "downloads" => $attachment['downloads']+1, 116 ); 117 $db->update_query("attachments", $attachupdate, "aid='{$attachment['aid']}'"); 118 } 119 120 // basename isn't UTF-8 safe. This is a workaround. 121 $attachment['filename'] = ltrim(basename(' '.$attachment['filename'])); 122 123 $uploadspath_abs = mk_path_abs($mybb->settings['uploadspath']); 124 125 $plugins->run_hooks("attachment_end"); 126 127 if(isset($mybb->input['thumbnail'])) 128 { 129 if(!file_exists($uploadspath_abs."/".$attachment['thumbnail'])) 130 { 131 error($lang->error_invalidattachment); 132 } 133 134 $ext = get_extension($attachment['thumbnail']); 135 switch($ext) 136 { 137 case "gif": 138 $type = "image/gif"; 139 break; 140 case "bmp": 141 $type = "image/bmp"; 142 break; 143 case "png": 144 $type = "image/png"; 145 break; 146 case "jpg": 147 case "jpeg": 148 case "jpe": 149 $type = "image/jpeg"; 150 break; 151 default: 152 $type = "image/unknown"; 153 break; 154 } 155 156 header("Content-disposition: filename=\"{$attachment['filename']}\""); 157 header("Content-type: ".$type); 158 $thumb = $uploadspath_abs."/".$attachment['thumbnail']; 159 header("Content-length: ".@filesize($thumb)); 160 $handle = fopen($thumb, 'rb'); 161 while(!feof($handle)) 162 { 163 echo fread($handle, 8192); 164 } 165 fclose($handle); 166 } 167 else 168 { 169 if(!file_exists($uploadspath_abs."/".$attachment['attachname'])) 170 { 171 error($lang->error_invalidattachment); 172 } 173 174 $ext = get_extension($attachment['filename']); 175 176 switch($attachment['filetype']) 177 { 178 case "application/pdf": 179 case "image/bmp": 180 case "image/gif": 181 case "image/jpeg": 182 case "image/pjpeg": 183 case "image/png": 184 case "text/plain": 185 header("Content-type: {$attachment['filetype']}"); 186 if(!empty($attachtypes[$ext]['forcedownload'])) 187 { 188 $disposition = "attachment"; 189 } 190 else 191 { 192 $disposition = "inline"; 193 } 194 break; 195 196 default: 197 $filetype = $attachment['filetype']; 198 199 if(!$filetype) 200 { 201 $filetype = 'application/force-download'; 202 } 203 204 header("Content-type: {$filetype}"); 205 $disposition = "attachment"; 206 } 207 208 if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie") !== false) 209 { 210 header("Content-disposition: attachment; filename=\"{$attachment['filename']}\""); 211 } 212 else 213 { 214 header("Content-disposition: {$disposition}; filename=\"{$attachment['filename']}\""); 215 } 216 217 if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie 6.0") !== false) 218 { 219 header("Expires: -1"); 220 } 221 222 header("Content-length: {$attachment['filesize']}"); 223 header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']); 224 $handle = fopen($uploadspath_abs."/".$attachment['attachname'], 'rb'); 225 while(!feof($handle)) 226 { 227 echo fread($handle, 8192); 228 } 229 fclose($handle); 230 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |