Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

54 lines
1.3 KiB

11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
  1. <?php
  2. /**
  3. * @file mod/attach.php
  4. */
  5. use Friendica\App;
  6. use Friendica\Core\L10n;
  7. use Friendica\Database\DBA;
  8. use Friendica\Util\Security;
  9. function attach_init(App $a)
  10. {
  11. if ($a->argc != 2) {
  12. notice(L10n::t('Item not available.') . EOL);
  13. return;
  14. }
  15. $item_id = intval($a->argv[1]);
  16. // Check for existence, which will also provide us the owner uid
  17. $r = DBA::selectFirst('attach', [], ['id' => $item_id]);
  18. if (!DBA::isResult($r)) {
  19. notice(L10n::t('Item was not found.'). EOL);
  20. return;
  21. }
  22. $sql_extra = Security::getPermissionsSQLByUserId($r['uid']);
  23. // Now we'll see if we can access the attachment
  24. $r = q("SELECT * FROM `attach` WHERE `id` = '%d' $sql_extra LIMIT 1",
  25. DBA::escape($item_id)
  26. );
  27. if (!DBA::isResult($r)) {
  28. notice(L10n::t('Permission denied.') . EOL);
  29. return;
  30. }
  31. // Use quotes around the filename to prevent a "multiple Content-Disposition"
  32. // error in Chrome for filenames with commas in them
  33. header('Content-type: ' . $r[0]['filetype']);
  34. header('Content-length: ' . $r[0]['filesize']);
  35. if (isset($_GET['attachment']) && $_GET['attachment'] === '0') {
  36. header('Content-disposition: filename="' . $r[0]['filename'] . '"');
  37. } else {
  38. header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"');
  39. }
  40. echo $r[0]['data'];
  41. exit();
  42. // NOTREACHED
  43. }