Zeile 69 | Zeile 69 |
---|
if($pid || $attachment['uid'] != $mybb->user['uid']) { $post = get_post($pid);
|
if($pid || $attachment['uid'] != $mybb->user['uid']) { $post = get_post($pid);
|
$thread = get_thread($post['tid']);
| |
|
|
if(!$thread && !isset($mybb->input['thumbnail']))
| if(!$post)
|
{ error($lang->error_invalidthread); }
|
{ error($lang->error_invalidthread); }
|
$fid = $thread['fid'];
| |
|
|
// Get forum info $forum = get_forum($fid);
// Permissions $forumpermissions = forum_permissions($fid);
if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail'])) { error_no_permission(); }
// Error if attachment is invalid or not visible if(!$attachment['attachname'] || (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1))) { error($lang->error_invalidattachment); }
if($attachtype['forums'] != -1 && strpos(','.$attachtype['forums'].',', ','.$fid.',') === false) { error_no_permission();
| // Check permissions if the post is not a draft if($post['visible'] != -2) { $thread = get_thread($post['tid']);
if(!$thread && !isset($mybb->input['thumbnail'])) { error($lang->error_invalidthread); } $fid = $thread['fid'];
// Get forum info $forum = get_forum($fid);
// Permissions $forumpermissions = forum_permissions($fid);
if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && empty($mybb->input['thumbnail']))) { error_no_permission(); }
// Error if attachment is invalid or not visible if(!$attachment['attachname'] || (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1))) { error($lang->error_invalidattachment); }
if($attachtype['forums'] != -1 && strpos(','.$attachtype['forums'].',', ','.$fid.',') === false) { error_no_permission(); }
|
} }
| } }
|
Zeile 115 | Zeile 125 |
---|
// basename isn't UTF-8 safe. This is a workaround. $attachment['filename'] = ltrim(basename(' '.$attachment['filename']));
|
// basename isn't UTF-8 safe. This is a workaround. $attachment['filename'] = ltrim(basename(' '.$attachment['filename']));
|
| $uploadspath_abs = mk_path_abs($mybb->settings['uploadspath']);
|
$plugins->run_hooks("attachment_end");
if(isset($mybb->input['thumbnail'])) {
|
$plugins->run_hooks("attachment_end");
if(isset($mybb->input['thumbnail'])) {
|
if(!file_exists($mybb->settings['uploadspath']."/".$attachment['thumbnail']))
| if(!file_exists($uploadspath_abs."/".$attachment['thumbnail']))
|
{ error($lang->error_invalidattachment); }
| { error($lang->error_invalidattachment); }
|
Zeile 130 | Zeile 142 |
---|
{ case "gif": $type = "image/gif";
|
{ case "gif": $type = "image/gif";
|
break;
| break;
|
case "bmp": $type = "image/bmp";
|
case "bmp": $type = "image/bmp";
|
break;
| break;
|
case "png": $type = "image/png"; break;
| case "png": $type = "image/png"; break;
|
Zeile 141 | Zeile 153 |
---|
case "jpeg": case "jpe": $type = "image/jpeg";
|
case "jpeg": case "jpe": $type = "image/jpeg";
|
break;
| break;
|
default: $type = "image/unknown"; break;
| default: $type = "image/unknown"; break;
|
Zeile 149 | Zeile 161 |
---|
header("Content-disposition: filename=\"{$attachment['filename']}\""); header("Content-type: ".$type);
|
header("Content-disposition: filename=\"{$attachment['filename']}\""); header("Content-type: ".$type);
|
$thumb = $mybb->settings['uploadspath']."/".$attachment['thumbnail'];
| $thumb = $uploadspath_abs."/".$attachment['thumbnail'];
|
header("Content-length: ".@filesize($thumb)); $handle = fopen($thumb, 'rb'); while(!feof($handle))
|
header("Content-length: ".@filesize($thumb)); $handle = fopen($thumb, 'rb'); while(!feof($handle))
|
{
| {
|
echo fread($handle, 8192); } fclose($handle); } else {
|
echo fread($handle, 8192); } fclose($handle); } else {
|
if(!file_exists($mybb->settings['uploadspath']."/".$attachment['attachname']))
| if(!file_exists($uploadspath_abs."/".$attachment['attachname']))
|
{ error($lang->error_invalidattachment); }
| { error($lang->error_invalidattachment); }
|
Zeile 177 | Zeile 189 |
---|
case "image/png": case "text/plain": header("Content-type: {$attachment['filetype']}");
|
case "image/png": case "text/plain": header("Content-type: {$attachment['filetype']}");
|
$disposition = "inline";
| if(!empty($attachtypes[$ext]['forcedownload'])) { $disposition = "attachment"; } else { $disposition = "inline"; }
|
break;
default:
| break;
default:
|
Zeile 208 | Zeile 227 |
---|
header("Content-length: {$attachment['filesize']}"); header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);
|
header("Content-length: {$attachment['filesize']}"); header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);
|
$handle = fopen($mybb->settings['uploadspath']."/".$attachment['attachname'], 'rb');
| $handle = fopen($uploadspath_abs."/".$attachment['attachname'], 'rb');
|
while(!feof($handle)) { echo fread($handle, 8192);
| while(!feof($handle)) { echo fread($handle, 8192);
|