Vergleich attachment.php - 1.8.1 - 1.8.38

Keine Änderungen Hinzugefügt Modifiziert Entfernt
Zeile 21	Zeile 21
// Find the AID we're looking for if(isset($mybb->input['thumbnail'])) {	// Find the AID we're looking for if(isset($mybb->input['thumbnail'])) {
$aid = $mybb->get_input('thumbnail', 1);	$aid = $mybb->get_input('thumbnail', MyBB::INPUT_INT);
} else {	} else {
$aid = $mybb->get_input('aid', 1);	$aid = $mybb->get_input('aid', MyBB::INPUT_INT);
}	}
$pid = $mybb->get_input('pid', 1);	$pid = $mybb->get_input('pid', MyBB::INPUT_INT);
// Select attachment data from database if($aid)	// Select attachment data from database if($aid)
Zeile 53	Zeile 53
error($lang->error_invalidattachment); }	error($lang->error_invalidattachment); }
$pid = $attachment['pid'];	$attachtypes = (array)$cache->read('attachtypes'); $ext = get_extension($attachment['filename']); if(empty($attachtypes[$ext])) { error($lang->error_invalidattachment); } $attachtype = $attachtypes[$ext]; $pid = $attachment['pid'];
// Don't check the permissions on preview if($pid \|\| $attachment['uid'] != $mybb->user['uid']) { $post = get_post($pid);	// Don't check the permissions on preview if($pid \|\| $attachment['uid'] != $mybb->user['uid']) { $post = get_post($pid);
$thread = get_thread($post['tid']);

if(!$thread && !isset($mybb->input['thumbnail']))	if(!$post)
{ error($lang->error_invalidthread);	{ error($lang->error_invalidthread);
} $fid = $thread['fid']; // Get forum info $forum = get_forum($fid); // Permissions $forumpermissions = forum_permissions($fid); if($forumpermissions['canview'] == 0 \|\| $forumpermissions['canviewthreads'] == 0 \|\| (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) \|\| ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail'])) { error_no_permission(); } // Error if attachment is invalid or not visible if(!$attachment['attachname'] \|\| (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 \|\| $thread['visible'] != 1 \|\| $post['visible'] != 1))) { error($lang->error_invalidattachment); } }	} // Check permissions if the post is not a draft if($post['visible'] != -2) { $thread = get_thread($post['tid']); if(!$thread && !isset($mybb->input['thumbnail'])) { error($lang->error_invalidthread); } $fid = $thread['fid']; // Get forum info $forum = get_forum($fid); // Permissions $forumpermissions = forum_permissions($fid); if($forumpermissions['canview'] == 0 \|\| $forumpermissions['canviewthreads'] == 0 \|\| (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) \|\| ($forumpermissions['candlattachments'] == 0 && empty($mybb->input['thumbnail']))) { error_no_permission(); } // Error if attachment is invalid or not visible if(!$attachment['attachname'] \|\| (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 \|\| $thread['visible'] != 1 \|\| $post['visible'] != 1))) { error($lang->error_invalidattachment); } if($attachtype['forums'] != -1 && strpos(','.$attachtype['forums'].',', ','.$fid.',') === false) { error_no_permission(); } } }
if(!isset($mybb->input['thumbnail'])) // Only increment the download count if this is not a thumbnail {	if(!isset($mybb->input['thumbnail'])) // Only increment the download count if this is not a thumbnail {
	if(!is_member($attachtype['groups'])) { error_no_permission(); }
$attachupdate = array( "downloads" => $attachment['downloads']+1, );	$attachupdate = array( "downloads" => $attachment['downloads']+1, );
Zeile 95	Zeile 125
// basename isn't UTF-8 safe. This is a workaround. $attachment['filename'] = ltrim(basename(' '.$attachment['filename']));	// basename isn't UTF-8 safe. This is a workaround. $attachment['filename'] = ltrim(basename(' '.$attachment['filename']));
	$uploadspath_abs = mk_path_abs($mybb->settings['uploadspath']);
$plugins->run_hooks("attachment_end");	$plugins->run_hooks("attachment_end");

if(isset($mybb->input['thumbnail'])) {	if(isset($mybb->input['thumbnail'])) {
	if(!file_exists($uploadspath_abs."/".$attachment['thumbnail'])) { error($lang->error_invalidattachment); }
$ext = get_extension($attachment['thumbnail']); switch($ext) {	$ext = get_extension($attachment['thumbnail']); switch($ext) {
Zeile 124	Zeile 161
header("Content-disposition: filename=\"{$attachment['filename']}\""); header("Content-type: ".$type);	header("Content-disposition: filename=\"{$attachment['filename']}\""); header("Content-type: ".$type);
$thumb = $mybb->settings['uploadspath']."/".$attachment['thumbnail'];	$thumb = $uploadspath_abs."/".$attachment['thumbnail'];
header("Content-length: ".@filesize($thumb)); $handle = fopen($thumb, 'rb'); while(!feof($handle))	header("Content-length: ".@filesize($thumb)); $handle = fopen($thumb, 'rb'); while(!feof($handle))
Zeile 135	Zeile 172
} else {	} else {
	if(!file_exists($uploadspath_abs."/".$attachment['attachname'])) { error($lang->error_invalidattachment); }
$ext = get_extension($attachment['filename']); switch($attachment['filetype'])	$ext = get_extension($attachment['filename']); switch($attachment['filetype'])
Zeile 147	Zeile 189
case "image/png": case "text/plain": header("Content-type: {$attachment['filetype']}");	case "image/png": case "text/plain": header("Content-type: {$attachment['filetype']}");
$disposition = "inline";	if(!empty($attachtypes[$ext]['forcedownload'])) { $disposition = "attachment"; } else { $disposition = "inline"; }
break; default:	break; default:
Zeile 178	Zeile 227
header("Content-length: {$attachment['filesize']}"); header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);	header("Content-length: {$attachment['filesize']}"); header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);
$handle = fopen($mybb->settings['uploadspath']."/".$attachment['attachname'], 'rb');	$handle = fopen($uploadspath_abs."/".$attachment['attachname'], 'rb');
while(!feof($handle)) { echo fread($handle, 8192);	while(!feof($handle)) { echo fread($handle, 8192);