diff options
Diffstat (limited to 'src/application/actions/attachment/get.php')
-rw-r--r-- | src/application/actions/attachment/get.php | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/application/actions/attachment/get.php b/src/application/actions/attachment/get.php new file mode 100644 index 0000000..598bdb9 --- /dev/null +++ b/src/application/actions/attachment/get.php @@ -0,0 +1,41 @@ +<?php + +use mystic\forum\orm\Attachment; +use mystic\forum\utils\FileUtils; + +if (!$currentUser) { + http_response_code(403); + msg_error(__("You must be logged in to view attachments")); + exit; +} + +$attId = $_GET["attachment"] ?? throw new Exception("Missing attachment id"); +$attachment = new Attachment(); +$attachment->id = $attId; +if (!$db->fetch($attachment)) { + http_response_code(404); + msg_error(__("No attachment exists with this id")); + exit; +} + +$name = preg_replace('/[\r\n\t\/]/', '_', $attachment->name); + +$extension = pathinfo($attachment->name, PATHINFO_EXTENSION); + +$mime = FileUtils::getMimeTypeForExtension($extension); +switch ($mime) { + case "text/html": + case "text/css": + case "text/javascript": + case "text/xml": + case "application/css": + case "application/javascript": + case "application/xml": + $mime = "text/plain"; + break; +} +header("Content-Type: " . $mime); +header("Content-Length: " . strlen($attachment->contents)); +header("Cache-Control: no-cache"); +header("Content-Disposition: inline; filename=\"" . $name . "\""); +echo $attachment->contents; |