From e3cf12d8b3dc78f70d4274b3e1bdf481cd1ab820 Mon Sep 17 00:00:00 2001
From: Kenzaburo Ito <prescience@users.sourceforge.net>
Date: Sun, 19 May 2002 00:15:48 +0000
Subject: [PATCH] Modified disk uploads to use the file_download.php script. 
 Removed direct links to files.  Files can be stored in non web accessible
 folders.

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@976 f5dc347c-c33d-0410-90a0-b07cc1902cb9
---
 doc/ChangeLog              |  3 ++-
 file_download.php          |  9 +++++++--
 proj_doc_page.php          |  9 ++-------
 view_bug_advanced_page.php | 10 +---------
 view_bug_page.php          | 10 +---------
 5 files changed, 13 insertions(+), 28 deletions(-)

diff --git a/doc/ChangeLog b/doc/ChangeLog
index cd9a9828d7..183251d9ed 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -14,7 +14,8 @@ Mantis
  * Updated PHP and MySQL requirements.
  * Updated Norwegian, Russian, Danish translations.
  * Added russian_koi8 translation.
- * Fixed no colors when using non-English languages.
+ * Fixed no colors when using non-English languages (temporary fix).
+ * Modified disk uploads to use the file_download.php script.
 
 05.12.2002  -   0.17.2
 
diff --git a/file_download.php b/file_download.php
index 88cf6782fd..35d4a32aed 100644
--- a/file_download.php
+++ b/file_download.php
@@ -13,6 +13,8 @@
 	db_connect( $g_hostname, $g_db_username, $g_db_password, $g_database_name );
 	#check_access( DEVELOPER );
 
+	# we handle the case where the file is attached to a bug
+	# or attached to a project as a project doc.
 	switch ( $f_type ) {
 		case "bug":	$query = "SELECT *
 							FROM $g_mantis_bug_file_table
@@ -23,7 +25,6 @@
 							WHERE id='$f_id'";
 					break;
 	}
-
 	$result = db_query( $query );
 	$row = db_fetch_array( $result );
 	extract( $row, EXTR_PREFIX_ALL, "v" );
@@ -34,5 +35,9 @@
 	header( "Content-Description: Download Data" );
 
 	# dump file content to the connection.
-	echo $v_content;
+	if ( DISK == $g_file_upload_method ) {
+		readfile( $v_diskfile );
+	} else {
+		echo $v_content;
+	}
 ?>
\ No newline at end of file
diff --git a/proj_doc_page.php b/proj_doc_page.php
index 9d32b99d53..e6cf19262f 100644
--- a/proj_doc_page.php
+++ b/proj_doc_page.php
@@ -47,13 +47,8 @@
 <tr valign="top">
 	<td bgcolor="<?php echo $status_color ?>">
 <?php
-		switch ( $g_file_upload_method ) {
-			case DISK:	PRINT "<a href=\"$v_diskfile\">$v_title</a> ($v_filesize bytes)";
-						break;
-			case DATABASE:
-						PRINT "<a href=\"$g_file_download?f_id=$v_id&f_type=doc\">$v_title</a> ($v_filesize bytes)";
-						break;
-		}
+		PRINT "<a href=\"$g_file_download?f_id=$v_id&f_type=doc\">$v_title</a> ($v_filesize bytes)";
+
 		if ( access_level_check_greater_or_equal( MANAGER ) ) {
 			print_bracket_link( $g_proj_doc_edit_page."?f_id=".$v_id, "edit" );
 		}
diff --git a/view_bug_advanced_page.php b/view_bug_advanced_page.php
index 35664e74f6..7cedcf1eaf 100644
--- a/view_bug_advanced_page.php
+++ b/view_bug_advanced_page.php
@@ -303,18 +303,10 @@
 			for ($i=0;$i<$num_files;$i++) {
 				$row = db_fetch_array( $result );
 				extract( $row, EXTR_PREFIX_ALL, "v2" );
-				$v2_diskfile = str_replace( $DOCUMENT_ROOT, "", $v2_diskfile );
-				$v2_diskfile = dirname( $v2_diskfile )."/".rawurlencode( $v2_filename );
 				$v2_filesize = number_format( $v2_filesize );
 				$v2_date_added = date( $g_normal_date_format, ( $v2_date_added ) );
 
-				switch ( $g_file_upload_method ) {
-					case DISK:	PRINT "<a href=\"$v2_diskfile\">$v2_filename</a> ($v2_filesize bytes) <span class=\"italic\">$v2_date_added</span>";
-								break;
-					case DATABASE:
-								PRINT "<a href=\"$g_file_download?f_id=$v2_id&f_type=bug\">$v2_filename</a> ($v2_filesize bytes) <span class=\"italic\">$v2_date_added</span>";
-								break;
-				}
+				PRINT "<a href=\"$g_file_download?f_id=$v2_id&f_type=bug\">$v2_filename</a> ($v2_filesize bytes) <span class=\"italic\">$v2_date_added</span>";
 
 				if ( access_level_check_greater_or_equal( DEVELOPER ) ) {
 					PRINT " [<a class=\"small\" href=\"$g_bug_file_delete?f_id=$f_id&f_file_id=$v2_id\">$s_delete_link</a>]";
diff --git a/view_bug_page.php b/view_bug_page.php
index e17c5faee4..d99ea0b2c9 100644
--- a/view_bug_page.php
+++ b/view_bug_page.php
@@ -203,18 +203,10 @@
 		for ($i=0;$i<$num_files;$i++) {
 			$row = db_fetch_array( $result );
 			extract( $row, EXTR_PREFIX_ALL, "v2" );
-			$v2_diskfile = str_replace( $DOCUMENT_ROOT, "", $v2_diskfile );
-			$v2_diskfile = dirname( $v2_diskfile )."/".rawurlencode( $v2_filename );
 			$v2_filesize = number_format( $v2_filesize );
 			$v2_date_added = date( $g_normal_date_format, ( $v2_date_added ) );
 
-			switch ( $g_file_upload_method ) {
-				case DISK:	PRINT "<a href=\"$v2_diskfile\">$v2_filename</a> ($v2_filesize bytes) <span class=\"italic\">$v2_date_added</span>";
-							break;
-				case DATABASE:
-							PRINT "<a href=\"$g_file_download?f_id=$v2_id&f_type=bug\">$v2_filename</a> ($v2_filesize bytes) <span class=\"italic\">$v2_date_added</span>";
-							break;
-			}
+			PRINT "<a href=\"$g_file_download?f_id=$v2_id&f_type=bug\">$v2_filename</a> ($v2_filesize bytes) <span class=\"italic\">$v2_date_added</span>";
 
 			if ( access_level_check_greater_or_equal( DEVELOPER ) ) {
 				PRINT " [<a class=\"small\" href=\"$g_bug_file_delete?f_id=$f_id&f_file_id=$v2_id\">$s_delete_link</a>]";