diff options
Diffstat (limited to 'src/application/actions/attachment/get.php')
| -rw-r--r-- | src/application/actions/attachment/get.php | 41 | 
1 files changed, 41 insertions, 0 deletions
| diff --git a/src/application/actions/attachment/get.php b/src/application/actions/attachment/get.php new file mode 100644 index 0000000..598bdb9 --- /dev/null +++ b/src/application/actions/attachment/get.php @@ -0,0 +1,41 @@ +<?php + +use mystic\forum\orm\Attachment; +use mystic\forum\utils\FileUtils; + +if (!$currentUser) { +    http_response_code(403); +    msg_error(__("You must be logged in to view attachments")); +    exit; +} + +$attId = $_GET["attachment"] ?? throw new Exception("Missing attachment id"); +$attachment = new Attachment(); +$attachment->id = $attId; +if (!$db->fetch($attachment)) { +    http_response_code(404); +    msg_error(__("No attachment exists with this id")); +    exit; +} + +$name = preg_replace('/[\r\n\t\/]/', '_', $attachment->name); + +$extension = pathinfo($attachment->name, PATHINFO_EXTENSION); + +$mime = FileUtils::getMimeTypeForExtension($extension); +switch ($mime) { +    case "text/html": +    case "text/css": +    case "text/javascript": +    case "text/xml": +    case "application/css": +    case "application/javascript": +    case "application/xml": +        $mime = "text/plain"; +        break; +} +header("Content-Type: " . $mime); +header("Content-Length: " . strlen($attachment->contents)); +header("Cache-Control: no-cache"); +header("Content-Disposition: inline; filename=\"" . $name . "\""); +echo $attachment->contents; |