blob: 8c6996fddec71d9297e88daf68a26ee8ef52c0a5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
<?php
use mystic\forum\orm\Attachment;
use mystic\forum\utils\FileUtils;
if (!$currentUser) {
http_response_code(403);
msg_error(__("You must be logged in to view attachments"));
exit;
}
$attId = $_GET["attachment"] ?? call_user_func(function() {
http_response_code(400);
msg_error(__("Missing attachment id"));
exit;
});
$attachment = new Attachment();
$attachment->id = $attId;
if (!$db->fetch($attachment)) {
http_response_code(404);
msg_error(__("No attachment exists with this id"));
exit;
}
$name = preg_replace('/[\r\n\t\/]/', '_', $attachment->name);
$extension = pathinfo($attachment->name, PATHINFO_EXTENSION);
$mime = FileUtils::getMimeTypeForExtension($extension);
switch ($mime) {
case "text/html":
case "text/css":
case "text/javascript":
case "text/xml":
case "application/css":
case "application/javascript":
case "application/xml":
$mime = "text/plain";
break;
}
header("Content-Type: " . $mime);
header("Content-Length: " . strlen($attachment->contents));
header("Cache-Control: no-cache");
header("Content-Disposition: inline; filename=\"" . $name . "\"");
echo $attachment->contents;
|