<?php use mystic\forum\orm\Attachment; use mystic\forum\utils\FileUtils; if (!$currentUser) { http_response_code(403); msg_error(__("You must be logged in to view attachments")); exit; } $attId = $_GET["attachment"] ?? call_user_func(function() { http_response_code(400); msg_error(__("Missing attachment id")); exit; }); $attachment = new Attachment(); $attachment->id = $attId; if (!$db->fetch($attachment)) { http_response_code(404); msg_error(__("No attachment exists with this id")); exit; } $name = preg_replace('/[\r\n\t\/]/', '_', $attachment->name); $extension = pathinfo($attachment->name, PATHINFO_EXTENSION); $mime = FileUtils::getMimeTypeForExtension($extension); switch ($mime) { case "text/html": case "text/css": case "text/javascript": case "text/xml": case "application/css": case "application/javascript": case "application/xml": $mime = "text/plain"; break; } header("Content-Type: " . $mime); header("Content-Length: " . strlen($attachment->contents)); header("Cache-Control: no-cache"); header("Content-Disposition: inline; filename=\"" . $name . "\""); echo $attachment->contents;