<?php
/*=====================================================================*\
|| ###################################################################
|| # Bugdar
|| # Copyright (c)2004-2009 Blue Static
|| #
|| # This program is free software; you can redistribute it and/or modify
|| # it under the terms of the GNU General Public License as published by
|| # the Free Software Foundation; version 2 of the License.
|| #
|| # This program is distributed in the hope that it will be useful, but
|| # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|| # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|| # more details.
|| #
|| # You should have received a copy of the GNU General Public License along
|| # with this program; if not, write to the Free Software Foundation, Inc.,
|| # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|| ###################################################################
\*=====================================================================*/

ob_start();


$focus['showreport'] = 'focus';

require_once('./global.php');

$attachment = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . $input->inputClean('attachmentid', TYPE_UINT));
if (!$attachment)
{
	$message->error(L_INVALID_ID);
}

$bug = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $attachment[bugid]");
if (!check_bug_permissions($bug))
{
	$message->errorPermission();
}

if (!can_perform('cangetattach', $bug['product']))
{
	$message->errorPermission();
}

ob_clean();
ob_end_clean();

// only allow certain images to be displayed inline because all other types are a potential XSS issue waiting to happen
if (in_array(strtolower(BSFunctions::fetch_extension($attachment['filename'])), array('jpg', 'jpeg', 'png', 'gif')))
{
	header("Content-Disposition: inline; filename=$attachment[filename]");
	header("Content-transfer-encoding: binary");
}
else
{
	header("Content-Disposition: attachment; filename=$attachment[filename]");
}
header("Content-Length: " . strlen($attachment['attachment']));
header("Content-Type: $attachment[mimetype]");

print($attachment['attachment']);

?>