-
-
Notifications
You must be signed in to change notification settings - Fork 254
/
attachment.php
77 lines (66 loc) · 2.3 KB
/
attachment.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<?php
/**
* Handle attachment downloads
*
* PHP Version 5.3
*
* This Source Code Form is subject to the terms of the Mozilla Public License,
* v. 2.0. If a copy of the MPL was not distributed with this file, You can
* obtain one at http://mozilla.org/MPL/2.0/.
*
* @category phpMyFAQ
* @package Frontend
* @author Anatoliy Belsky <ab@php.net>
* @copyright 2009-2012 phpMyFAQ Team
* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
* @link http://www.phpmyfaq.de
* @since 2009-06-23
*/
if (!defined('IS_VALID_PHPMYFAQ')) {
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
exit();
}
set_time_limit(0);
if (headers_sent()) {
die();
}
$attachmentErrors = array();
// authenticate with session information
$user = PMF_User_CurrentUser::getFromSession($faqConfig);
if (!$user instanceof PMF_User_CurrentUser) {
$user = new PMF_User_CurrentUser($faqConfig); // user not logged in -> empty user object
}
$id = PMF_Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT);
$attachment = PMF_Attachment_Factory::create($id);
$userPermission = $faq->getPermission('user', $attachment->getRecordId());
$groupPermission = $faq->getPermission('group', $attachment->getRecordId());
// Check on group permissions
if ($user->perm instanceof PMF_Perm_PermMedium) {
if (count($groupPermission) && in_array($groupPermission[0], $user->perm->getUserGroups($user->getUserId()))) {
$groupPermission = true;
} else {
$groupPermission = false;
}
} else {
$groupPermission = true;
}
// Check in user's permissions
if (in_array($user->getUserId(), $userPermission)) {
$userPermission = true;
} else {
$userPermission = false;
}
if ($attachment && ($groupPermission || ($groupPermission && $userPermission))) {
try {
$attachment->rawOut();
exit(0);
} catch (Exception $e) {
$attachmentErrors[] = $PMF_LANG['msgAttachmentInvalid'] . ' (' . $e->getMessage() . ')';
}
} else {
$attachmentErrors[] = $PMF_LANG['err_NotAuth'];
}
// If we're here, there was an error with file download
$tpl->parseBlock('writeContent', 'attachmentErrors', array('item' => implode('<br/>', $attachmentErrors)));
$tpl->parse('writeContent', array());
$tpl->merge('writeContent', 'index');