summaryrefslogtreecommitdiff
path: root/src/application/actions/attachment/get.php
diff options
context:
space:
mode:
Diffstat (limited to 'src/application/actions/attachment/get.php')
-rw-r--r--src/application/actions/attachment/get.php41
1 files changed, 41 insertions, 0 deletions
diff --git a/src/application/actions/attachment/get.php b/src/application/actions/attachment/get.php
new file mode 100644
index 0000000..598bdb9
--- /dev/null
+++ b/src/application/actions/attachment/get.php
@@ -0,0 +1,41 @@
+<?php
+
+use mystic\forum\orm\Attachment;
+use mystic\forum\utils\FileUtils;
+
+if (!$currentUser) {
+ http_response_code(403);
+ msg_error(__("You must be logged in to view attachments"));
+ exit;
+}
+
+$attId = $_GET["attachment"] ?? throw new Exception("Missing attachment id");
+$attachment = new Attachment();
+$attachment->id = $attId;
+if (!$db->fetch($attachment)) {
+ http_response_code(404);
+ msg_error(__("No attachment exists with this id"));
+ exit;
+}
+
+$name = preg_replace('/[\r\n\t\/]/', '_', $attachment->name);
+
+$extension = pathinfo($attachment->name, PATHINFO_EXTENSION);
+
+$mime = FileUtils::getMimeTypeForExtension($extension);
+switch ($mime) {
+ case "text/html":
+ case "text/css":
+ case "text/javascript":
+ case "text/xml":
+ case "application/css":
+ case "application/javascript":
+ case "application/xml":
+ $mime = "text/plain";
+ break;
+}
+header("Content-Type: " . $mime);
+header("Content-Length: " . strlen($attachment->contents));
+header("Cache-Control: no-cache");
+header("Content-Disposition: inline; filename=\"" . $name . "\"");
+echo $attachment->contents;