blob: 39f14a33c81a28de95f865432289cec0460bf21a (
plain)
| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 | <?php
use mystic\forum\orm\Attachment;
use mystic\forum\utils\FileUtils;
if (!$currentUser) {
    http_response_code(403);
    msg_error(__("You must be logged in to view attachments"));
    exit;
}
$attId = $_GET["attachment"] ?? throw new Exception(__("Missing attachment id"));
$attachment = new Attachment();
$attachment->id = $attId;
if (!$db->fetch($attachment)) {
    http_response_code(404);
    msg_error(__("No attachment exists with this id"));
    exit;
}
$name = preg_replace('/[\r\n\t\/]/', '_', $attachment->name);
$extension = pathinfo($attachment->name, PATHINFO_EXTENSION);
$mime = FileUtils::getMimeTypeForExtension($extension);
switch ($mime) {
    case "text/html":
    case "text/css":
    case "text/javascript":
    case "text/xml":
    case "application/css":
    case "application/javascript":
    case "application/xml":
        $mime = "text/plain";
        break;
}
header("Content-Type: " . $mime);
header("Content-Length: " . strlen($attachment->contents));
header("Cache-Control: no-cache");
header("Content-Disposition: inline; filename=\"" . $name . "\"");
echo $attachment->contents;
 |