| 831 |
florian |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
////////////////////////////////////////////////////////////////////////////////
|
|
|
4 |
// //
|
|
|
5 |
// Copyright (C) 2006 Phorum Development Team //
|
|
|
6 |
// http://www.phorum.org //
|
|
|
7 |
// //
|
|
|
8 |
// This program is free software. You can redistribute it and/or modify //
|
|
|
9 |
// it under the terms of either the current Phorum License (viewable at //
|
|
|
10 |
// phorum.org) or the Phorum License that was distributed with this file //
|
|
|
11 |
// //
|
|
|
12 |
// This program is distributed in the hope that it will be useful, //
|
|
|
13 |
// but WITHOUT ANY WARRANTY, without even the implied warranty of //
|
|
|
14 |
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
|
|
|
15 |
// //
|
|
|
16 |
// You should have received a copy of the Phorum License //
|
|
|
17 |
// along with this program. //
|
|
|
18 |
////////////////////////////////////////////////////////////////////////////////
|
|
|
19 |
define('phorum_page','file');
|
|
|
20 |
|
|
|
21 |
ob_start();
|
|
|
22 |
|
|
|
23 |
ini_set ( "zlib.output_compression", "0");
|
|
|
24 |
ini_set ( "output_handler", "");
|
|
|
25 |
|
|
|
26 |
include_once("./common.php");
|
|
|
27 |
|
|
|
28 |
// set all our URL's
|
|
|
29 |
phorum_build_common_urls();
|
|
|
30 |
|
|
|
31 |
// checking read-permissions
|
|
|
32 |
if(!phorum_check_read_common()) {
|
|
|
33 |
return;
|
|
|
34 |
}
|
|
|
35 |
|
|
|
36 |
if(empty($PHORUM["args"]["file"])){
|
|
|
37 |
phorum_redirect_by_url(phorum_get_url(PHORUM_LIST_URL));
|
|
|
38 |
exit();
|
|
|
39 |
}
|
|
|
40 |
|
|
|
41 |
$filearg=(int)$PHORUM["args"]["file"];
|
|
|
42 |
$file=phorum_db_file_get($filearg);
|
|
|
43 |
|
|
|
44 |
|
|
|
45 |
if(empty($file)){
|
|
|
46 |
phorum_redirect_by_url(phorum_get_url(PHORUM_LIST_URL));
|
|
|
47 |
exit();
|
|
|
48 |
}
|
|
|
49 |
|
|
|
50 |
$send_file=true;
|
|
|
51 |
|
|
|
52 |
// check if this phorum allows off site links and if not, check the referrer
|
|
|
53 |
if(isset($_SERVER["HTTP_REFERER"]) && !$PHORUM["file_offsite"] && preg_match('!^https?://!', $_SERVER["HTTP_REFERER"])){
|
|
|
54 |
|
|
|
55 |
$base = strtolower(phorum_get_url(PHORUM_BASE_URL));
|
|
|
56 |
$len = strlen($base);
|
|
|
57 |
if (strtolower(substr($_SERVER["HTTP_REFERER"], 0, $len)) != $base) {
|
|
|
58 |
|
|
|
59 |
ob_end_flush();
|
|
|
60 |
|
|
|
61 |
$PHORUM["DATA"]["MESSAGE"]=$PHORUM["DATA"]["LANG"]["FileForbidden"];
|
|
|
62 |
include phorum_get_template("header");
|
|
|
63 |
include phorum_get_template("message");
|
|
|
64 |
include phorum_get_template("footer");
|
|
|
65 |
|
|
|
66 |
$send_file=false;
|
|
|
67 |
}
|
|
|
68 |
}
|
|
|
69 |
|
|
|
70 |
if($send_file){
|
|
|
71 |
|
|
|
72 |
// Mime Types for Attachments
|
|
|
73 |
$mime_types["default"]="text/plain";
|
|
|
74 |
$mime_types["pdf"]="application/pdf";
|
|
|
75 |
$mime_types["doc"]="application/msword";
|
|
|
76 |
$mime_types["xls"]="application/vnd.ms-excel";
|
|
|
77 |
$mime_types["gif"]="image/gif";
|
|
|
78 |
$mime_types["png"]="image/png";
|
|
|
79 |
$mime_types["jpg"]="image/jpeg";
|
|
|
80 |
$mime_types["jpeg"]="image/jpeg";
|
|
|
81 |
$mime_types["jpe"]="image/jpeg";
|
|
|
82 |
$mime_types["tiff"]="image/tiff";
|
|
|
83 |
$mime_types["tif"]="image/tiff";
|
|
|
84 |
$mime_types["xml"]="text/xml";
|
|
|
85 |
$mime_types["mpeg"]="video/mpeg";
|
|
|
86 |
$mime_types["mpg"]="video/mpeg";
|
|
|
87 |
$mime_types["mpe"]="video/mpeg";
|
|
|
88 |
$mime_types["qt"]="video/quicktime";
|
|
|
89 |
$mime_types["mov"]="video/quicktime";
|
|
|
90 |
$mime_types["avi"]="video/x-msvideo";
|
|
|
91 |
$mime_types["gz"]="application/x-gzip";
|
|
|
92 |
$mime_types["tgz"]="application/x-gzip";
|
|
|
93 |
$mime_types["zip"]="application/zip";
|
|
|
94 |
$mime_types["tar"]="application/x-tar";
|
|
|
95 |
$mime_types["exe"]="application/octet-stream";
|
|
|
96 |
$mime_types["rar"]="application/octet-stream";
|
|
|
97 |
$mime_types["wma"]="application/octet-stream";
|
|
|
98 |
$mime_types["wmv"]="application/octet-stream";
|
|
|
99 |
$mime_types["mp3"]="audio/mpeg";
|
|
|
100 |
|
|
|
101 |
$type=strtolower(substr($file["filename"], strrpos($file["filename"], ".")+1));
|
|
|
102 |
|
|
|
103 |
if(isset($mime_types[$type])){
|
|
|
104 |
$mime=$mime_types[$type];
|
|
|
105 |
}
|
|
|
106 |
else{
|
|
|
107 |
$mime=$mime_types["default"];
|
|
|
108 |
}
|
|
|
109 |
|
|
|
110 |
list($mime, $file) = phorum_hook("file", array($mime, $file));
|
|
|
111 |
|
|
|
112 |
ob_end_clean();
|
|
|
113 |
|
|
|
114 |
header("Content-Type: $mime");
|
|
|
115 |
header("Content-Disposition: filename=\"{$file['filename']}\"");
|
|
|
116 |
|
|
|
117 |
echo base64_decode($file["file_data"]);
|
|
|
118 |
|
|
|
119 |
exit();
|
|
|
120 |
}
|
|
|
121 |
|
|
|
122 |
?>
|