-
Notifications
You must be signed in to change notification settings - Fork 0
/
tiki-download_item_attachment.php
81 lines (71 loc) · 3.18 KB
/
tiki-download_item_attachment.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
// (c) Copyright 2002-2012 by authors of the Tiki Wiki CMS Groupware Project
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: tiki-download_item_attachment.php 40203 2012-03-15 21:16:07Z changi67 $
$force_no_compression = true;
require_once ('tiki-setup.php');
include_once ('lib/trackers/trackerlib.php');
if (empty($_REQUEST['attId']) && !empty($_REQUEST['itemId']) && !empty($_REQUEST['fieldId'])) {
$_REQUEST['attId'] = $trklib->get_item_value(0, $_REQUEST['itemId'], $_REQUEST['fieldId']);
}
if (empty($_REQUEST['attId'])) {
$smarty->assign('msg', tra('Incorrect param'));
$smarty->display('error.tpl');
die;
}
$info = $trklib->get_item_attachment($_REQUEST['attId']);
if (empty($info)) {
$smarty->assign('msg', tra('Incorrect param'));
$smarty->display('error.tpl');
die;
}
$itemInfo = $trklib->get_tracker_item($info["itemId"]);
$itemUser = $trklib->get_item_creator($itemInfo['trackerId'], $itemInfo['itemId']);
if (isset($info['user']) && $info['user'] == $user) {
} elseif (!empty($itemUser) && $user == $itemUser) {
} elseif ((isset($itemInfo['status']) and $itemInfo['status'] == 'p' && !$tikilib->user_has_perm_on_object($user, $itemInfo['trackerId'], 'tracker', 'tiki_p_view_trackers_pending'))
|| (isset($itemInfo['status']) and $itemInfo['status'] == 'c' && !$tikilib->user_has_perm_on_object($user, $itemInfo['trackerId'], 'tracker', 'tiki_p_view_trackers_closed'))
|| ($tiki_p_admin_trackers != 'y' && !$tikilib->user_has_perm_on_object($user, $itemInfo['trackerId'], 'tracker', 'tiki_p_view_trackers'))
|| ($tiki_p_admin_trackers != 'y' && !$tikilib->user_has_perm_on_object($user, $itemInfo['trackerId'], 'tracker', 'tiki_p_tracker_view_attachments'))
) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra('Permission denied'));
$smarty->display('error.tpl');
die;
}
$trklib->add_item_attachment_hit($_REQUEST["attId"]);
if ( empty($info['filetype']) || $info['filetype'] == 'application/x-octetstream' || $info['filetype'] == 'application/octet-stream' ) {
include_once('lib/mime/mimelib.php');
$info['filetype'] = tiki_get_mime($info['filename'], 'application/octet-stream');
}
$type = &$info["filetype"];
$file = &$info["filename"];
$content = &$info["data"];
session_write_close();
//print("File:$file<br />");
//die;
header("Content-type: $type");
if (isset($_REQUEST["display"])) {
//die;
header("Content-Disposition: inline; filename=\"".urlencode($file)."\"");
} else {
header("Content-Disposition: attachment; filename=\"$file\"");
}
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Pragma: public");
if ($info["path"]) {
if (!file_exists($prefs['t_use_dir'].$info["path"])) {
$str = sprintf(tra("Error : The file %s doesn't exist."), $_REQUEST["attId"]). tra("Please contact the website administrator.");
header("Content-Length: ". strlen($str));
echo $str;
} else {
header("Content-Length: ". filesize($prefs['t_use_dir'].$info["path"]));
readfile($prefs['t_use_dir'] . $info["path"]);
}
} else {
header("Content-Length: ". $info[ "filesize" ]);
echo "$content";
}