Vergleich attachment.php - 1.8.3 - 1.8.30

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 21Zeile 21
// Find the AID we're looking for
if(isset($mybb->input['thumbnail']))
{

 
// Find the AID we're looking for
if(isset($mybb->input['thumbnail']))
{

	$aid = $mybb->get_input('thumbnail', 1);

	$aid = $mybb->get_input('thumbnail', MyBB::INPUT_INT);

}
else
{

 
}
else
{

	$aid = $mybb->get_input('aid', 1);

	$aid = $mybb->get_input('aid', MyBB::INPUT_INT);

}


 
}


$pid = $mybb->get_input('pid', 1);

$pid = $mybb->get_input('pid', MyBB::INPUT_INT);


// Select attachment data from database
if($aid)


// Select attachment data from database
if($aid)

Zeile 52Zeile 52
{
	error($lang->error_invalidattachment);
}

 
{
	error($lang->error_invalidattachment);
}

 

$attachtypes = (array)$cache->read('attachtypes');
$ext = get_extension($attachment['filename']);

if(empty($attachtypes[$ext]))
{
	error($lang->error_invalidattachment);
}

$attachtype = $attachtypes[$ext];


$pid = $attachment['pid'];



$pid = $attachment['pid'];


Zeile 59Zeile 69
if($pid || $attachment['uid'] != $mybb->user['uid'])
{
	$post = get_post($pid);

 
if($pid || $attachment['uid'] != $mybb->user['uid'])
{
	$post = get_post($pid);

	$thread = get_thread($post['tid']);

	if(!$thread && !isset($mybb->input['thumbnail']))
	{
		error($lang->error_invalidthread);
	}
	$fid = $thread['fid'];

	// Get forum info
	$forum = get_forum($fid);

	// Permissions
	$forumpermissions = forum_permissions($fid);

	if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']))
	{
		error_no_permission();
	}

	// Error if attachment is invalid or not visible
	if(!$attachment['attachname'] || (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1)))
	{
		error($lang->error_invalidattachment);
	}
}











	// Check permissions if the post is not a draft
	if($post['visible'] != -2)
	{
		$thread = get_thread($post['tid']);

		if(!$thread && !isset($mybb->input['thumbnail']))
		{
			error($lang->error_invalidthread);
		}
		$fid = $thread['fid'];

		// Get forum info
		$forum = get_forum($fid);

		// Permissions
		$forumpermissions = forum_permissions($fid);

		if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']))
		{
			error_no_permission();
		}

		// Error if attachment is invalid or not visible
		if(!$attachment['attachname'] || (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1)))
		{
			error($lang->error_invalidattachment);
		}

		if($attachtype['forums'] != -1 && strpos(','.$attachtype['forums'].',', ','.$fid.',') === false)
		{
			error_no_permission();
		}
	}
}


if(!isset($mybb->input['thumbnail'])) // Only increment the download count if this is not a thumbnail
{

 
if(!isset($mybb->input['thumbnail'])) // Only increment the download count if this is not a thumbnail
{

 
	if(!is_member($attachtype['groups']))
	{
		error_no_permission();
	}


	$attachupdate = array(
		"downloads" => $attachment['downloads']+1,
	);

	$attachupdate = array(
		"downloads" => $attachment['downloads']+1,
	);

Zeile 95Zeile 119

// basename isn't UTF-8 safe. This is a workaround.
$attachment['filename'] = ltrim(basename(' '.$attachment['filename']));

 

// basename isn't UTF-8 safe. This is a workaround.
$attachment['filename'] = ltrim(basename(' '.$attachment['filename']));

 

$uploadspath_abs = mk_path_abs($mybb->settings['uploadspath']);


$plugins->run_hooks("attachment_end");

 

$plugins->run_hooks("attachment_end");





if(isset($mybb->input['thumbnail']))
{

 
if(isset($mybb->input['thumbnail']))
{

 
	if(!file_exists($uploadspath_abs."/".$attachment['thumbnail']))
	{
		error($lang->error_invalidattachment);
	}


	$ext = get_extension($attachment['thumbnail']);
	switch($ext)
	{

	$ext = get_extension($attachment['thumbnail']);
	switch($ext)
	{

Zeile 124Zeile 155

	header("Content-disposition: filename=\"{$attachment['filename']}\"");
	header("Content-type: ".$type);

 

	header("Content-disposition: filename=\"{$attachment['filename']}\"");
	header("Content-type: ".$type);

	$thumb = $mybb->settings['uploadspath']."/".$attachment['thumbnail'];

	$thumb = $uploadspath_abs."/".$attachment['thumbnail'];

	header("Content-length: ".@filesize($thumb));
	$handle = fopen($thumb, 'rb');
	while(!feof($handle))

	header("Content-length: ".@filesize($thumb));
	$handle = fopen($thumb, 'rb');
	while(!feof($handle))

Zeile 135Zeile 166
}
else
{

 
}
else
{

 
	if(!file_exists($uploadspath_abs."/".$attachment['attachname']))
	{
		error($lang->error_invalidattachment);
	}


	$ext = get_extension($attachment['filename']);

	switch($attachment['filetype'])

	$ext = get_extension($attachment['filename']);

	switch($attachment['filetype'])

Zeile 147Zeile 183
		case "image/png":
		case "text/plain":
			header("Content-type: {$attachment['filetype']}");

 
		case "image/png":
		case "text/plain":
			header("Content-type: {$attachment['filetype']}");

			$disposition = "inline";








			if(!empty($attachtypes[$ext]['forcedownload']))
			{
				$disposition = "attachment";
			}
			else
			{
				$disposition = "inline";
			}

			break;

		default:

			break;

		default:

Zeile 178Zeile 221

	header("Content-length: {$attachment['filesize']}");
	header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);

 

	header("Content-length: {$attachment['filesize']}");
	header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);

	$handle = fopen($mybb->settings['uploadspath']."/".$attachment['attachname'], 'rb');

	$handle = fopen($uploadspath_abs."/".$attachment['attachname'], 'rb');

	while(!feof($handle))
	{
		echo fread($handle, 8192);

	while(!feof($handle))
	{
		echo fread($handle, 8192);