2 /*=====================================================================*\
3 || ###################################################################
5 || # Copyright (c)2002-2007 Blue Static
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version 2 of the License.
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
25 $focus['showreport'] = 'focus';
27 require_once('./global.php');
29 $attachment = $db->query_first("SELECT * FROM " . TABLE_PREFIX
. "attachment WHERE attachmentid = " . $bugsys->input_clean('attachmentid', TYPE_UINT
));
32 $message->error(L_INVALID_ID
);
35 $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX
. "bug WHERE bugid = $attachment[bugid]");
36 if (!check_bug_permissions($bug))
38 $message->errorPermission();
41 if (!can_perform('cangetattach', $bug['product']))
43 $message->errorPermission();
49 // only allow certain images to be displayed inline because all other types are a potential XSS issue waiting to happen
50 if (in_array(strtolower($funct->fetch_extension($attachment['filename'])), array('jpg', 'jpeg', 'png', 'gif')))
52 header("Content-Disposition: inline; filename=$attachment[filename]");
53 header("Content-transfer-encoding: binary");
57 header("Content-Disposition: attachment; filename=$attachment[filename]");
59 header("Content-Length: " . strlen($attachment['attachment']));
60 header("Content-Type: $attachment[mimetype]");
62 print($attachment['attachment']);