[ Index ]

PHP Cross Reference of MyBB 1.8.12

title

Body

[close]

/ -> attachment.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'attachment.php');
  13  
  14  require_once  "./global.php";
  15  
  16  if($mybb->settings['enableattachments'] != 1)
  17  {
  18      error($lang->attachments_disabled);
  19  }
  20  
  21  // Find the AID we're looking for
  22  if(isset($mybb->input['thumbnail']))
  23  {
  24      $aid = $mybb->get_input('thumbnail', MyBB::INPUT_INT);
  25  }
  26  else
  27  {
  28      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
  29  }
  30  
  31  $pid = $mybb->get_input('pid', MyBB::INPUT_INT);
  32  
  33  // Select attachment data from database
  34  if($aid)
  35  {
  36      $query = $db->simple_select("attachments", "*", "aid='{$aid}'");
  37  }
  38  else
  39  {
  40      $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
  41  }
  42  $attachment = $db->fetch_array($query);
  43  
  44  $plugins->run_hooks("attachment_start");
  45  
  46  if(!$attachment)
  47  {
  48      error($lang->error_invalidattachment);
  49  }
  50  
  51  if($attachment['thumbnail'] == '' && isset($mybb->input['thumbnail']))
  52  {
  53      error($lang->error_invalidattachment);
  54  }
  55  
  56  $attachtypes = (array)$cache->read('attachtypes');
  57  $ext = get_extension($attachment['filename']);
  58  
  59  if(empty($attachtypes[$ext]))
  60  {
  61      error($lang->error_invalidattachment);
  62  }
  63  
  64  $attachtype = $attachtypes[$ext];
  65  
  66  $pid = $attachment['pid'];
  67  
  68  // Don't check the permissions on preview
  69  if($pid || $attachment['uid'] != $mybb->user['uid'])
  70  {
  71      $post = get_post($pid);
  72      $thread = get_thread($post['tid']);
  73  
  74      if(!$thread && !isset($mybb->input['thumbnail']))
  75      {
  76          error($lang->error_invalidthread);
  77      }
  78      $fid = $thread['fid'];
  79  
  80      // Get forum info
  81      $forum = get_forum($fid);
  82  
  83      // Permissions
  84      $forumpermissions = forum_permissions($fid);
  85  
  86      if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']))
  87      {
  88          error_no_permission();
  89      }
  90  
  91      // Error if attachment is invalid or not visible
  92      if(!$attachment['attachname'] || (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1)))
  93      {
  94          error($lang->error_invalidattachment);
  95      }
  96  
  97      if($attachtype['forums'] != -1 && strpos(','.$attachtype['forums'].',', ','.$fid.',') === false)
  98      {
  99          error_no_permission();
 100      }
 101  }
 102  
 103  if(!isset($mybb->input['thumbnail'])) // Only increment the download count if this is not a thumbnail
 104  {
 105      if(!is_member($attachtype['groups']))
 106      {
 107          error_no_permission();
 108      }
 109  
 110      $attachupdate = array(
 111          "downloads" => $attachment['downloads']+1,
 112      );
 113      $db->update_query("attachments", $attachupdate, "aid='{$attachment['aid']}'");
 114  }
 115  
 116  // basename isn't UTF-8 safe. This is a workaround.
 117  $attachment['filename'] = ltrim(basename(' '.$attachment['filename']));
 118  
 119  $plugins->run_hooks("attachment_end");
 120  
 121  if(isset($mybb->input['thumbnail']))
 122  {
 123      if(!file_exists($mybb->settings['uploadspath']."/".$attachment['thumbnail']))
 124      {
 125          error($lang->error_invalidattachment);
 126      }
 127  
 128      $ext = get_extension($attachment['thumbnail']);
 129      switch($ext)
 130      {
 131          case "gif":
 132              $type = "image/gif";
 133              break;
 134          case "bmp":
 135              $type = "image/bmp";
 136              break;
 137          case "png":
 138              $type = "image/png";
 139              break;
 140          case "jpg":
 141          case "jpeg":
 142          case "jpe":
 143              $type = "image/jpeg";
 144              break;
 145          default:
 146              $type = "image/unknown";
 147              break;
 148      }
 149  
 150      header("Content-disposition: filename=\"{$attachment['filename']}\"");
 151      header("Content-type: ".$type);
 152      $thumb = $mybb->settings['uploadspath']."/".$attachment['thumbnail'];
 153      header("Content-length: ".@filesize($thumb));
 154      $handle = fopen($thumb, 'rb');
 155      while(!feof($handle))
 156      {
 157          echo fread($handle, 8192);
 158      }
 159      fclose($handle);
 160  }
 161  else
 162  {
 163      if(!file_exists($mybb->settings['uploadspath']."/".$attachment['attachname']))
 164      {
 165          error($lang->error_invalidattachment);
 166      }
 167  
 168      $ext = get_extension($attachment['filename']);
 169  
 170      switch($attachment['filetype'])
 171      {
 172          case "application/pdf":
 173          case "image/bmp":
 174          case "image/gif":
 175          case "image/jpeg":
 176          case "image/pjpeg":
 177          case "image/png":
 178          case "text/plain":
 179              header("Content-type: {$attachment['filetype']}");
 180              $disposition = "inline";
 181              break;
 182  
 183          default:
 184              $filetype = $attachment['filetype'];
 185  
 186              if(!$filetype)
 187              {
 188                  $filetype = 'application/force-download';
 189              }
 190  
 191              header("Content-type: {$filetype}");
 192              $disposition = "attachment";
 193      }
 194  
 195      if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie") !== false)
 196      {
 197          header("Content-disposition: attachment; filename=\"{$attachment['filename']}\"");
 198      }
 199      else
 200      {
 201          header("Content-disposition: {$disposition}; filename=\"{$attachment['filename']}\"");
 202      }
 203  
 204      if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie 6.0") !== false)
 205      {
 206          header("Expires: -1");
 207      }
 208  
 209      header("Content-length: {$attachment['filesize']}");
 210      header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);
 211      $handle = fopen($mybb->settings['uploadspath']."/".$attachment['attachname'], 'rb');
 212      while(!feof($handle))
 213      {
 214          echo fread($handle, 8192);
 215      }
 216      fclose($handle);
 217  }


2005 - 2016 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1