friendica/mod/attach.php

<?php

use Friendica\App;

require_once('include/security.php');

function attach_init(App $a) {

	if($a->argc != 2) {
		notice( t('Item not available.') . EOL);
		return;
	}

	$item_id = intval($a->argv[1]);

	// Check for existence, which will also provide us the owner uid

	$r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1",
		intval($item_id)
	);
	if (! dbm::is_result($r)) {
		notice( t('Item was not found.'). EOL);
		return;
	}

	$sql_extra = permissions_sql($r[0]['uid']);

	// Now we'll see if we can access the attachment

	$r = q("SELECT * FROM `attach` WHERE `id` = '%d' $sql_extra LIMIT 1",
		dbesc($item_id)
	);

	if (! dbm::is_result($r)) {
		notice( t('Permission denied.') . EOL);
		return;
	}

	// Use quotes around the filename to prevent a "multiple Content-Disposition"
	// error in Chrome for filenames with commas in them
	header('Content-type: ' . $r[0]['filetype']);
	header('Content-length: ' . $r[0]['filesize']);
	if(isset($_GET['attachment']) && $_GET['attachment'] === '0')
		header('Content-disposition: filename="' . $r[0]['filename'] . '"');
	else
		header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"');

	echo $r[0]['data'];
	killme();
	// NOTREACHED
}
file attachments 2011-05-25 11:08:15 +02:00			`<?php`
Revert "Updated modules to allow for partial overrides without errors" This reverts commit db949bb802448184bfe5164d8d3dd86ddf51b187. 2016-02-07 15:11:34 +01:00
Move App to src - Add `use Friendica\App;` wherever needed 2017-04-30 06:07:00 +02:00			`use Friendica\App;`

consolidate perrmisions sql, minor duepuntozero validation fixes 2011-07-01 02:35:35 +02:00			`require_once('include/security.php');`

Normalize App parameter declaration (mod folder, 1 out of 3) 2017-01-09 13:12:54 +01:00			`function attach_init(App $a) {`
file attachments 2011-05-25 11:08:15 +02:00
Revert "Coding convention applied - part 1" 2017-03-21 17:02:59 +01:00			`if($a->argc != 2) {`
file attachments 2011-05-25 11:08:15 +02:00			`notice( t('Item not available.') . EOL);`
			`return;`
			`}`

			`$item_id = intval($a->argv[1]);`

consolidate perrmisions sql, minor duepuntozero validation fixes 2011-07-01 02:35:35 +02:00			`// Check for existence, which will also provide us the owner uid`

file attachments 2011-05-25 11:08:15 +02:00			$r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1",
			`intval($item_id)`
			`);`
Coding convention applied: - space between "if" and brace - curly braces on conditional blocks Signed-off-by: Roland Häder <roland@mxchange.org> 2016-12-20 10:10:33 +01:00			`if (! dbm::is_result($r)) {`
file attachments 2011-05-25 11:08:15 +02:00			`notice( t('Item was not found.'). EOL);`
			`return;`
			`}`

consolidate perrmisions sql, minor duepuntozero validation fixes 2011-07-01 02:35:35 +02:00			`$sql_extra = permissions_sql($r[0]['uid']);`
file attachments 2011-05-25 11:08:15 +02:00
			`// Now we'll see if we can access the attachment`

			$r = q("SELECT * FROM `attach` WHERE `id` = '%d' $sql_extra LIMIT 1",
			`dbesc($item_id)`
			`);`

Coding convention applied: - space between "if" and brace - curly braces on conditional blocks Signed-off-by: Roland Häder <roland@mxchange.org> 2016-12-20 10:10:33 +01:00			`if (! dbm::is_result($r)) {`
file attachments 2011-05-25 11:08:15 +02:00			`notice( t('Permission denied.') . EOL);`
			`return;`
			`}`

* Add MIME types for file attachments * Restore translatability to mood phrases * Prevent casting of "false" in html2plain * Allow attachments with a comma in the filename * Fix/optimize ACL img data-src jQuery search * Fix bug when uploading files with a comma in the name using Chrome/Chromium * Babel nicer output formatting * Remove obsolete "plaintext" check in mod/parse_url * Restore TinyMCE live insertion of images * Smarty conversion script: add --no-header option to suppress warning headers in Smarty template files 2013-01-12 14:31:32 +01:00			`// Use quotes around the filename to prevent a "multiple Content-Disposition"`
			`// error in Chrome for filenames with commas in them`
file attachments 2011-05-25 11:08:15 +02:00			`header('Content-type: ' . $r[0]['filetype']);`
basic video playback support using VideoJS 2013-05-04 02:17:56 +02:00			`header('Content-length: ' . $r[0]['filesize']);`
Revert "Coding convention applied - part 1" 2017-03-21 17:02:59 +01:00			`if(isset($_GET['attachment']) && $_GET['attachment'] === '0')`
basic video playback support using VideoJS 2013-05-04 02:17:56 +02:00			`header('Content-disposition: filename="' . $r[0]['filename'] . '"');`
			`else`
			`header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"');`

consolidate perrmisions sql, minor duepuntozero validation fixes 2011-07-01 02:35:35 +02:00			`echo $r[0]['data'];`
file attachments 2011-05-25 11:08:15 +02:00			`killme();`
			`// NOTREACHED`
* Add MIME types for file attachments * Restore translatability to mood phrases * Prevent casting of "false" in html2plain * Allow attachments with a comma in the filename * Fix/optimize ACL img data-src jQuery search * Fix bug when uploading files with a comma in the name using Chrome/Chromium * Babel nicer output formatting * Remove obsolete "plaintext" check in mod/parse_url * Restore TinyMCE live insertion of images * Smarty conversion script: add --no-header option to suppress warning headers in Smarty template files 2013-01-12 14:31:32 +01:00			`}`