Break up actions into individual files

1 files changed, 41 insertions, 0 deletions

diff --git a/src/application/actions/attachment/get.php b/src/application/actions/attachment/get.php
new file mode 100644
index 0000000..598bdb9
--- /dev/null
+++ b/src/application/actions/attachment/get.php
@@ -0,0 +1,41 @@
+<?php
+
+use mystic\forum\orm\Attachment;
+use mystic\forum\utils\FileUtils;
+
+if (!$currentUser) {
+    http_response_code(403);
+    msg_error(__("You must be logged in to view attachments"));
+    exit;
+}
+
+$attId = $_GET["attachment"] ?? throw new Exception("Missing attachment id");
+$attachment = new Attachment();
+$attachment->id = $attId;
+if (!$db->fetch($attachment)) {
+    http_response_code(404);
+    msg_error(__("No attachment exists with this id"));
+    exit;
+}
+
+$name = preg_replace('/[\r\n\t\/]/', '_', $attachment->name);
+
+$extension = pathinfo($attachment->name, PATHINFO_EXTENSION);
+
+$mime = FileUtils::getMimeTypeForExtension($extension);
+switch ($mime) {
+    case "text/html":
+    case "text/css":
+    case "text/javascript":
+    case "text/xml":
+    case "application/css":
+    case "application/javascript":
+    case "application/xml":
+        $mime = "text/plain";
+        break;
+}
+header("Content-Type: " . $mime);
+header("Content-Length: " . strlen($attachment->contents));
+header("Cache-Control: no-cache");
+header("Content-Disposition: inline; filename=\"" . $name . "\"");
+echo $attachment->contents;