[ Index ]

PHP Cross Reference of MyBB 1.8.19

title

Body

[close]

/ -> attachment.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'attachment.php');
  13  
  14  require_once  "./global.php";
  15  
  16  if($mybb->settings['enableattachments'] != 1)
  17  {
  18      error($lang->attachments_disabled);
  19  }
  20  
  21  // Find the AID we're looking for
  22  if(isset($mybb->input['thumbnail']))
  23  {
  24      $aid = $mybb->get_input('thumbnail', MyBB::INPUT_INT);
  25  }
  26  else
  27  {
  28      $aid = $mybb->get_input('aid', MyBB::INPUT_INT);
  29  }
  30  
  31  $pid = $mybb->get_input('pid', MyBB::INPUT_INT);
  32  
  33  // Select attachment data from database
  34  if($aid)
  35  {
  36      $query = $db->simple_select("attachments", "*", "aid='{$aid}'");
  37  }
  38  else
  39  {
  40      $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
  41  }
  42  $attachment = $db->fetch_array($query);
  43  
  44  $plugins->run_hooks("attachment_start");
  45  
  46  if(!$attachment)
  47  {
  48      error($lang->error_invalidattachment);
  49  }
  50  
  51  if($attachment['thumbnail'] == '' && isset($mybb->input['thumbnail']))
  52  {
  53      error($lang->error_invalidattachment);
  54  }
  55  
  56  $attachtypes = (array)$cache->read('attachtypes');
  57  $ext = get_extension($attachment['filename']);
  58  
  59  if(empty($attachtypes[$ext]))
  60  {
  61      error($lang->error_invalidattachment);
  62  }
  63  
  64  $attachtype = $attachtypes[$ext];
  65  
  66  $pid = $attachment['pid'];
  67  
  68  // Don't check the permissions on preview
  69  if($pid || $attachment['uid'] != $mybb->user['uid'])
  70  {
  71      $post = get_post($pid);
  72      // Check permissions if the post is not a draft
  73      if($post['visible'] != -2)
  74      {
  75          $thread = get_thread($post['tid']);
  76  
  77          if(!$thread && !isset($mybb->input['thumbnail']))
  78          {
  79              error($lang->error_invalidthread);
  80          }
  81          $fid = $thread['fid'];
  82  
  83          // Get forum info
  84          $forum = get_forum($fid);
  85  
  86          // Permissions
  87          $forumpermissions = forum_permissions($fid);
  88  
  89          if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']))
  90          {
  91              error_no_permission();
  92          }
  93  
  94          // Error if attachment is invalid or not visible
  95          if(!$attachment['attachname'] || (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1)))
  96          {
  97              error($lang->error_invalidattachment);
  98          }
  99  
 100          if($attachtype['forums'] != -1 && strpos(','.$attachtype['forums'].',', ','.$fid.',') === false)
 101          {
 102              error_no_permission();
 103          }
 104      }
 105  }
 106  
 107  if(!isset($mybb->input['thumbnail'])) // Only increment the download count if this is not a thumbnail
 108  {
 109      if(!is_member($attachtype['groups']))
 110      {
 111          error_no_permission();
 112      }
 113  
 114      $attachupdate = array(
 115          "downloads" => $attachment['downloads']+1,
 116      );
 117      $db->update_query("attachments", $attachupdate, "aid='{$attachment['aid']}'");
 118  }
 119  
 120  // basename isn't UTF-8 safe. This is a workaround.
 121  $attachment['filename'] = ltrim(basename(' '.$attachment['filename']));
 122  
 123  $plugins->run_hooks("attachment_end");
 124  
 125  if(isset($mybb->input['thumbnail']))
 126  {
 127      if(!file_exists($mybb->settings['uploadspath']."/".$attachment['thumbnail']))
 128      {
 129          error($lang->error_invalidattachment);
 130      }
 131  
 132      $ext = get_extension($attachment['thumbnail']);
 133      switch($ext)
 134      {
 135          case "gif":
 136              $type = "image/gif";
 137              break;
 138          case "bmp":
 139              $type = "image/bmp";
 140              break;
 141          case "png":
 142              $type = "image/png";
 143              break;
 144          case "jpg":
 145          case "jpeg":
 146          case "jpe":
 147              $type = "image/jpeg";
 148              break;
 149          default:
 150              $type = "image/unknown";
 151              break;
 152      }
 153  
 154      header("Content-disposition: filename=\"{$attachment['filename']}\"");
 155      header("Content-type: ".$type);
 156      $thumb = $mybb->settings['uploadspath']."/".$attachment['thumbnail'];
 157      header("Content-length: ".@filesize($thumb));
 158      $handle = fopen($thumb, 'rb');
 159      while(!feof($handle))
 160      {
 161          echo fread($handle, 8192);
 162      }
 163      fclose($handle);
 164  }
 165  else
 166  {
 167      if(!file_exists($mybb->settings['uploadspath']."/".$attachment['attachname']))
 168      {
 169          error($lang->error_invalidattachment);
 170      }
 171  
 172      $ext = get_extension($attachment['filename']);
 173  
 174      switch($attachment['filetype'])
 175      {
 176          case "application/pdf":
 177          case "image/bmp":
 178          case "image/gif":
 179          case "image/jpeg":
 180          case "image/pjpeg":
 181          case "image/png":
 182          case "text/plain":
 183              header("Content-type: {$attachment['filetype']}");
 184              $disposition = "inline";
 185              break;
 186  
 187          default:
 188              $filetype = $attachment['filetype'];
 189  
 190              if(!$filetype)
 191              {
 192                  $filetype = 'application/force-download';
 193              }
 194  
 195              header("Content-type: {$filetype}");
 196              $disposition = "attachment";
 197      }
 198  
 199      if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie") !== false)
 200      {
 201          header("Content-disposition: attachment; filename=\"{$attachment['filename']}\"");
 202      }
 203      else
 204      {
 205          header("Content-disposition: {$disposition}; filename=\"{$attachment['filename']}\"");
 206      }
 207  
 208      if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie 6.0") !== false)
 209      {
 210          header("Expires: -1");
 211      }
 212  
 213      header("Content-length: {$attachment['filesize']}");
 214      header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);
 215      $handle = fopen($mybb->settings['uploadspath']."/".$attachment['attachname'], 'rb');
 216      while(!feof($handle))
 217      {
 218          echo fread($handle, 8192);
 219      }
 220      fclose($handle);
 221  }


2005 - 2018 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1