[ Index ]

PHP Cross Reference of MyBB 1.8.36

title

Body

[close]

/ -> attachment.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'attachment.php');
  13  
  14  require_once  "./global.php";
  15  
  16  if($mybb->settings['enableattachments'] != 1)
  17  {
  18      error($lang->attachments_disabled);
  19  }
  20  
  21  // Find the AID we're looking for
  22  if(isset($mybb->input['thumbnail']))
  23  {
  24      $aid = $mybb->get_input('thumbnail', MyBB::INPUT_INT);
  25  }
  26  else
  27  {
  28      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
  29  }
  30  
  31  $pid = $mybb->get_input('pid', MyBB::INPUT_INT);
  32  
  33  // Select attachment data from database
  34  if($aid)
  35  {
  36      $query = $db->simple_select("attachments", "*", "aid='{$aid}'");
  37  }
  38  else
  39  {
  40      $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
  41  }
  42  $attachment = $db->fetch_array($query);
  43  
  44  $plugins->run_hooks("attachment_start");
  45  
  46  if(!$attachment)
  47  {
  48      error($lang->error_invalidattachment);
  49  }
  50  
  51  if($attachment['thumbnail'] == '' && isset($mybb->input['thumbnail']))
  52  {
  53      error($lang->error_invalidattachment);
  54  }
  55  
  56  $attachtypes = (array)$cache->read('attachtypes');
  57  $ext = get_extension($attachment['filename']);
  58  
  59  if(empty($attachtypes[$ext]))
  60  {
  61      error($lang->error_invalidattachment);
  62  }
  63  
  64  $attachtype = $attachtypes[$ext];
  65  
  66  $pid = $attachment['pid'];
  67  
  68  // Don't check the permissions on preview
  69  if($pid || $attachment['uid'] != $mybb->user['uid'])
  70  {
  71      $post = get_post($pid);
  72      // Check permissions if the post is not a draft
  73      if($post['visible'] != -2)
  74      {
  75          $thread = get_thread($post['tid']);
  76  
  77          if(!$thread && !isset($mybb->input['thumbnail']))
  78          {
  79              error($lang->error_invalidthread);
  80          }
  81          $fid = $thread['fid'];
  82  
  83          // Get forum info
  84          $forum = get_forum($fid);
  85  
  86          // Permissions
  87          $forumpermissions = forum_permissions($fid);
  88  
  89          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']))
  90          {
  91              error_no_permission();
  92          }
  93  
  94          // Error if attachment is invalid or not visible
  95          if(!$attachment['attachname'] || (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1)))
  96          {
  97              error($lang->error_invalidattachment);
  98          }
  99  
 100          if($attachtype['forums'] != -1 && strpos(','.$attachtype['forums'].',', ','.$fid.',') === false)
 101          {
 102              error_no_permission();
 103          }
 104      }
 105  }
 106  
 107  if(!isset($mybb->input['thumbnail'])) // Only increment the download count if this is not a thumbnail
 108  {
 109      if(!is_member($attachtype['groups']))
 110      {
 111          error_no_permission();
 112      }
 113  
 114      $attachupdate = array(
 115          "downloads" => $attachment['downloads']+1,
 116      );
 117      $db->update_query("attachments", $attachupdate, "aid='{$attachment['aid']}'");
 118  }
 119  
 120  // basename isn't UTF-8 safe. This is a workaround.
 121  $attachment['filename'] = ltrim(basename(' '.$attachment['filename']));
 122  
 123  $uploadspath_abs = mk_path_abs($mybb->settings['uploadspath']);
 124  
 125  $plugins->run_hooks("attachment_end");
 126  
 127  if(isset($mybb->input['thumbnail']))
 128  {
 129      if(!file_exists($uploadspath_abs."/".$attachment['thumbnail']))
 130      {
 131          error($lang->error_invalidattachment);
 132      }
 133  
 134      $ext = get_extension($attachment['thumbnail']);
 135      switch($ext)
 136      {
 137          case "gif":
 138              $type = "image/gif";
 139              break;
 140          case "bmp":
 141              $type = "image/bmp";
 142              break;
 143          case "png":
 144              $type = "image/png";
 145              break;
 146          case "jpg":
 147          case "jpeg":
 148          case "jpe":
 149              $type = "image/jpeg";
 150              break;
 151          default:
 152              $type = "image/unknown";
 153              break;
 154      }
 155  
 156      header("Content-disposition: filename=\"{$attachment['filename']}\"");
 157      header("Content-type: ".$type);
 158      $thumb = $uploadspath_abs."/".$attachment['thumbnail'];
 159      header("Content-length: ".@filesize($thumb));
 160      $handle = fopen($thumb, 'rb');
 161      while(!feof($handle))
 162      {
 163          echo fread($handle, 8192);
 164      }
 165      fclose($handle);
 166  }
 167  else
 168  {
 169      if(!file_exists($uploadspath_abs."/".$attachment['attachname']))
 170      {
 171          error($lang->error_invalidattachment);
 172      }
 173  
 174      $ext = get_extension($attachment['filename']);
 175  
 176      switch($attachment['filetype'])
 177      {
 178          case "application/pdf":
 179          case "image/bmp":
 180          case "image/gif":
 181          case "image/jpeg":
 182          case "image/pjpeg":
 183          case "image/png":
 184          case "text/plain":
 185              header("Content-type: {$attachment['filetype']}");
 186              if(!empty($attachtypes[$ext]['forcedownload']))
 187              {
 188                  $disposition = "attachment";
 189              }
 190              else
 191              {
 192                  $disposition = "inline";
 193              }
 194              break;
 195  
 196          default:
 197              $filetype = $attachment['filetype'];
 198  
 199              if(!$filetype)
 200              {
 201                  $filetype = 'application/force-download';
 202              }
 203  
 204              header("Content-type: {$filetype}");
 205              $disposition = "attachment";
 206      }
 207  
 208      if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie") !== false)
 209      {
 210          header("Content-disposition: attachment; filename=\"{$attachment['filename']}\"");
 211      }
 212      else
 213      {
 214          header("Content-disposition: {$disposition}; filename=\"{$attachment['filename']}\"");
 215      }
 216  
 217      if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie 6.0") !== false)
 218      {
 219          header("Expires: -1");
 220      }
 221  
 222      header("Content-length: {$attachment['filesize']}");
 223      header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);
 224      $handle = fopen($uploadspath_abs."/".$attachment['attachname'], 'rb');
 225      while(!feof($handle))
 226      {
 227          echo fread($handle, 8192);
 228      }
 229      fclose($handle);
 230  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref