| Zeile 52 | Zeile 52 |
|---|
{
error($lang->error_invalidattachment);
}
|
{
error($lang->error_invalidattachment);
}
|
| |
$attachtypes = (array)$cache->read('attachtypes');
$ext = get_extension($attachment['filename']);
if(empty($attachtypes[$ext]))
{
error($lang->error_invalidattachment);
}
$attachtype = $attachtypes[$ext];
|
$pid = $attachment['pid'];
|
$pid = $attachment['pid'];
|
|
|
// Don't check the permissions on preview
if($pid || $attachment['uid'] != $mybb->user['uid'])
{
$post = get_post($pid);
|
// Don't check the permissions on preview
if($pid || $attachment['uid'] != $mybb->user['uid'])
{
$post = get_post($pid);
|
$thread = get_thread($post['tid']);
if(!$thread && !isset($mybb->input['thumbnail']))
{
error($lang->error_invalidthread);
}
$fid = $thread['fid'];
// Get forum info
$forum = get_forum($fid);
// Permissions
$forumpermissions = forum_permissions($fid);
if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']))
| // Check permissions if the post is not a draft
if($post['visible'] != -2)
|
{
|
{
|
error_no_permission();
}
// Error if attachment is invalid or not visible
if(!$attachment['attachname'] || (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1)))
{
error($lang->error_invalidattachment);
| $thread = get_thread($post['tid']);
if(!$thread && !isset($mybb->input['thumbnail']))
{
error($lang->error_invalidthread);
}
$fid = $thread['fid'];
// Get forum info
$forum = get_forum($fid);
// Permissions
$forumpermissions = forum_permissions($fid);
if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']))
{
error_no_permission();
}
// Error if attachment is invalid or not visible
if(!$attachment['attachname'] || (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1)))
{
error($lang->error_invalidattachment);
}
if($attachtype['forums'] != -1 && strpos(','.$attachtype['forums'].',', ','.$fid.',') === false)
{
error_no_permission();
}
|
}
}
if(!isset($mybb->input['thumbnail'])) // Only increment the download count if this is not a thumbnail
|
}
}
if(!isset($mybb->input['thumbnail'])) // Only increment the download count if this is not a thumbnail
|
{
| {
if(!is_member($attachtype['groups']))
{
error_no_permission();
}
|
$attachupdate = array(
"downloads" => $attachment['downloads']+1,
);
$db->update_query("attachments", $attachupdate, "aid='{$attachment['aid']}'");
}
|
$attachupdate = array(
"downloads" => $attachment['downloads']+1,
);
$db->update_query("attachments", $attachupdate, "aid='{$attachment['aid']}'");
}
|
|
|
// basename isn't UTF-8 safe. This is a workaround.
$attachment['filename'] = ltrim(basename(' '.$attachment['filename']));
|
// basename isn't UTF-8 safe. This is a workaround.
$attachment['filename'] = ltrim(basename(' '.$attachment['filename']));
|
| |
$uploadspath_abs = mk_path_abs($mybb->settings['uploadspath']);
|
$plugins->run_hooks("attachment_end");
|
$plugins->run_hooks("attachment_end");
|
|
|
if(isset($mybb->input['thumbnail']))
{
|
if(isset($mybb->input['thumbnail']))
{
|
if(!file_exists($mybb->settings['uploadspath']."/".$attachment['thumbnail']))
| if(!file_exists($uploadspath_abs."/".$attachment['thumbnail']))
|
{
error($lang->error_invalidattachment);
}
| {
error($lang->error_invalidattachment);
}
|
| Zeile 121 | Zeile 147 |
|---|
case "jpeg":
case "jpe":
$type = "image/jpeg";
|
case "jpeg":
case "jpe":
$type = "image/jpeg";
|
break;
| break;
|
default:
$type = "image/unknown";
break;
| default:
$type = "image/unknown";
break;
|
| Zeile 129 | Zeile 155 |
|---|
header("Content-disposition: filename=\"{$attachment['filename']}\"");
header("Content-type: ".$type);
|
header("Content-disposition: filename=\"{$attachment['filename']}\"");
header("Content-type: ".$type);
|
$thumb = $mybb->settings['uploadspath']."/".$attachment['thumbnail'];
| $thumb = $uploadspath_abs."/".$attachment['thumbnail'];
|
header("Content-length: ".@filesize($thumb));
$handle = fopen($thumb, 'rb');
while(!feof($handle))
|
header("Content-length: ".@filesize($thumb));
$handle = fopen($thumb, 'rb');
while(!feof($handle))
|
{
| {
|
echo fread($handle, 8192);
}
fclose($handle);
}
else
{
|
echo fread($handle, 8192);
}
fclose($handle);
}
else
{
|
if(!file_exists($mybb->settings['uploadspath']."/".$attachment['attachname']))
| if(!file_exists($uploadspath_abs."/".$attachment['attachname']))
|
{
error($lang->error_invalidattachment);
}
| {
error($lang->error_invalidattachment);
}
|
| Zeile 157 | Zeile 183 |
|---|
case "image/png":
case "text/plain":
header("Content-type: {$attachment['filetype']}");
|
case "image/png":
case "text/plain":
header("Content-type: {$attachment['filetype']}");
|
$disposition = "inline";
| if(!empty($attachtypes[$ext]['forcedownload']))
{
$disposition = "attachment";
}
else
{
$disposition = "inline";
}
|
break;
default:
| break;
default:
|
| Zeile 188 | Zeile 221 |
|---|
header("Content-length: {$attachment['filesize']}");
header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);
|
header("Content-length: {$attachment['filesize']}");
header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);
|
$handle = fopen($mybb->settings['uploadspath']."/".$attachment['attachname'], 'rb');
| $handle = fopen($uploadspath_abs."/".$attachment['attachname'], 'rb');
|
while(!feof($handle))
{
echo fread($handle, 8192);
| while(!feof($handle))
{
echo fread($handle, 8192);
|