viewattachment.php

   1 <?php
   2 /*=====================================================================*\
   3 || ###################################################################
   4 || # Bugdar
   5 || # Copyright ©2002-2007 Blue Static
   6 || #
   7 || # This program is free software; you can redistribute it and/or modify
   8 || # it under the terms of the GNU General Public License as published by
   9 || # the Free Software Foundation; version 2 of the License.
  10 || #
  11 || # This program is distributed in the hope that it will be useful, but
  12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
  14 || # more details.
  15 || #
  16 || # You should have received a copy of the GNU General Public License along
  17 || # with this program; if not, write to the Free Software Foundation, Inc.,
  18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  19 || ###################################################################
  20 \*=====================================================================*/
  21
  22 ob_start();
  23
  24 define('SVN', '$Id$');
  25
  26 $focus['showreport'] = 'focus';
  27
  28 require_once('./global.php');
  29
  30 $attachment = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . $input->inputClean('attachmentid', TYPE_UINT));
  31 if (!$attachment)
  32 {
  33         $message->error(L_INVALID_ID);
  34 }
  35
  36 $bug = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $attachment[bugid]");
  37 if (!check_bug_permissions($bug))
  38 {
  39         $message->errorPermission();
  40 }
  41
  42 if (!can_perform('cangetattach', $bug['product']))
  43 {
  44         $message->errorPermission();
  45 }
  46
  47 ob_clean();
  48 ob_end_clean();
  49
  50 // only allow certain images to be displayed inline because all other types are a potential XSS issue waiting to happen
  51 if (in_array(strtolower(BSFunctions::fetch_extension($attachment['filename'])), array('jpg', 'jpeg', 'png', 'gif')))
  52 {
  53         header("Content-Disposition: inline; filename=$attachment[filename]");
  54         header("Content-transfer-encoding: binary");
  55 }
  56 else
  57 {
  58         header("Content-Disposition: attachment; filename=$attachment[filename]");
  59 }
  60 header("Content-Length: " . strlen($attachment['attachment']));
  61 header("Content-Type: $attachment[mimetype]");
  62
  63 print($attachment['attachment']);
  64
  65 /*=====================================================================*\
  66 || ###################################################################
  67 || # $HeadURL$
  68 || # $Id$
  69 || ###################################################################
  70 \*=====================================================================*/
  71 ?>