Vergleich attachment.php - 1.8.16 - 1.8.37

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 69Zeile 69
if($pid || $attachment['uid'] != $mybb->user['uid'])
{
$post = get_post($pid);

if($pid || $attachment['uid'] != $mybb->user['uid'])
{
$post = get_post($pid);

	$thread = get_thread($post['tid']);

 




	if(!$thread && !isset($mybb->input['thumbnail']))

	if(!$post)

	{
error($lang->error_invalidthread);
}

	{
error($lang->error_invalidthread);
}

	$fid = $thread['fid'];

 




	// Get forum info
$forum = get_forum($fid);

// Permissions
$forumpermissions = forum_permissions($fid);

if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']))
{
error_no_permission();
}

// Error if attachment is invalid or not visible
if(!$attachment['attachname'] || (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1)))
{
error($lang->error_invalidattachment);
}

if($attachtype['forums'] != -1 && strpos(','.$attachtype['forums'].',', ','.$fid.',') === false)
{
error_no_permission();













	// Check permissions if the post is not a draft
if($post['visible'] != -2)
{
$thread = get_thread($post['tid']);

if(!$thread && !isset($mybb->input['thumbnail']))
{
error($lang->error_invalidthread);
}
$fid = $thread['fid'];

// Get forum info
$forum = get_forum($fid);

// Permissions
$forumpermissions = forum_permissions($fid);

if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && empty($mybb->input['thumbnail'])))
{
error_no_permission();
}

// Error if attachment is invalid or not visible
if(!$attachment['attachname'] || (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1)))
{
error($lang->error_invalidattachment);
}

if($attachtype['forums'] != -1 && strpos(','.$attachtype['forums'].',', ','.$fid.',') === false)
{
error_no_permission();
}

	}
}


	}
}


Zeile 115Zeile 125

// basename isn't UTF-8 safe. This is a workaround.
$attachment['filename'] = ltrim(basename(' '.$attachment['filename']));


// basename isn't UTF-8 safe. This is a workaround.
$attachment['filename'] = ltrim(basename(' '.$attachment['filename']));

 

$uploadspath_abs = mk_path_abs($mybb->settings['uploadspath']);


$plugins->run_hooks("attachment_end");

if(isset($mybb->input['thumbnail']))
{


$plugins->run_hooks("attachment_end");

if(isset($mybb->input['thumbnail']))
{

	if(!file_exists($mybb->settings['uploadspath']."/".$attachment['thumbnail']))

	if(!file_exists($uploadspath_abs."/".$attachment['thumbnail']))

	{
error($lang->error_invalidattachment);
}

	{
error($lang->error_invalidattachment);
}

Zeile 130Zeile 142
	{
case "gif":
$type = "image/gif";

	{
case "gif":
$type = "image/gif";

			break;

			break;

		case "bmp":
$type = "image/bmp";

		case "bmp":
$type = "image/bmp";

			break;

			break;

		case "png":
$type = "image/png";
break;

		case "png":
$type = "image/png";
break;

Zeile 141Zeile 153
		case "jpeg":
case "jpe":
$type = "image/jpeg";

		case "jpeg":
case "jpe":
$type = "image/jpeg";

			break;

			break;

		default:
$type = "image/unknown";
break;

		default:
$type = "image/unknown";
break;

Zeile 149Zeile 161

header("Content-disposition: filename=\"{$attachment['filename']}\"");
header("Content-type: ".$type);


header("Content-disposition: filename=\"{$attachment['filename']}\"");
header("Content-type: ".$type);

	$thumb = $mybb->settings['uploadspath']."/".$attachment['thumbnail'];

	$thumb = $uploadspath_abs."/".$attachment['thumbnail'];

	header("Content-length: ".@filesize($thumb));
$handle = fopen($thumb, 'rb');
while(!feof($handle))

	header("Content-length: ".@filesize($thumb));
$handle = fopen($thumb, 'rb');
while(!feof($handle))

	{

	{

		echo fread($handle, 8192);
}
fclose($handle);
}
else
{

		echo fread($handle, 8192);
}
fclose($handle);
}
else
{

	if(!file_exists($mybb->settings['uploadspath']."/".$attachment['attachname']))

	if(!file_exists($uploadspath_abs."/".$attachment['attachname']))

	{
error($lang->error_invalidattachment);
}

	{
error($lang->error_invalidattachment);
}

Zeile 177Zeile 189
		case "image/png":
case "text/plain":
header("Content-type: {$attachment['filetype']}");

		case "image/png":
case "text/plain":
header("Content-type: {$attachment['filetype']}");

			$disposition = "inline";








			if(!empty($attachtypes[$ext]['forcedownload']))
{
$disposition = "attachment";
}
else
{
$disposition = "inline";
}

			break;

default:

			break;

default:

Zeile 208Zeile 227

header("Content-length: {$attachment['filesize']}");
header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);


header("Content-length: {$attachment['filesize']}");
header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);

	$handle = fopen($mybb->settings['uploadspath']."/".$attachment['attachname'], 'rb');

	$handle = fopen($uploadspath_abs."/".$attachment['attachname'], 'rb');

	while(!feof($handle))
{
echo fread($handle, 8192);

	while(!feof($handle))
{
echo fread($handle, 8192);