]>
src.bluestatic.org Git - bugdar.git/blob - viewattachment.php
2 /*=====================================================================*\
3 || ###################################################################
5 || # Copyright ©2002-2007 Blue Static
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version 2 of the License.
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
24 define('SVN', '$Id$');
26 $focus['showreport
'] = 'focus
';
28 require_once('./global.php
');
30 $attachment = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . $bugsys->input_clean('attachmentid
', TYPE_UINT));
33 $message->error(L_INVALID_ID);
36 $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $attachment[bugid]");
37 if (!check_bug_permissions($bug))
39 $message->errorPermission();
42 if (!can_perform('cangetattach
', $bug['product
']))
44 $message->errorPermission();
50 // only allow certain images to be displayed inline because all other types are a potential XSS issue waiting to happen
51 if (in_array(strtolower(BSFunctions::fetch_extension($attachment['filename
'])), array('jpg
', 'jpeg
', 'png
', 'gif
')))
53 header("Content-Disposition: inline; filename=$attachment[filename]");
54 header("Content-transfer-encoding: binary");
58 header("Content-Disposition: attachment; filename=$attachment[filename]");
60 header("Content-Length: " . strlen($attachment['attachment
']));
61 header("Content-Type: $attachment[mimetype]");
63 print($attachment['attachment
']);
65 /*=====================================================================*\
66 || ###################################################################
69 || ###################################################################
70 \*=====================================================================*/