[Sommaire] [Imprimer]

   1  <?php
   2  
   3  ////////////////////////////////////////////////////////////////////////////////
   4  //                                                                            //
   5  //   Copyright (C) 2006  Phorum Development Team                              //
   6  //   http://www.phorum.org                                                    //
   7  //                                                                            //
   8  //   This program is free software. You can redistribute it and/or modify     //
   9  //   it under the terms of either the current Phorum License (viewable at     //
  10  //   phorum.org) or the Phorum License that was distributed with this file    //
  11  //                                                                            //
  12  //   This program is distributed in the hope that it will be useful,          //
  13  //   but WITHOUT ANY WARRANTY, without even the implied warranty of           //
  14  //   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                     //
  15  //                                                                            //
  16  //   You should have received a copy of the Phorum License                    //
  17  //   along with this program.                                                 //
  18  ////////////////////////////////////////////////////////////////////////////////
  19  define('phorum_page','file');
  20  
  21  ob_start();
  22  
  23  ini_set ( "zlib.output_compression", "0");
  24  ini_set ( "output_handler", "");
  25  
  26  include_once ("./common.php");
  27  
  28  // set all our URL's
  29  phorum_build_common_urls();
  30  
  31  // checking read-permissions
  32  if(!phorum_check_read_common()) {
  33    return;
  34  }
  35  
  36  if(empty($PHORUM["args"]["file"])){
  37      phorum_redirect_by_url(phorum_get_url(PHORUM_LIST_URL));
  38      exit();
  39  }
  40  
  41  $filearg=(int)$PHORUM["args"]["file"];
  42  $file=phorum_db_file_get($filearg);
  43  
  44  
  45  if(empty($file)){
  46      phorum_redirect_by_url(phorum_get_url(PHORUM_LIST_URL));
  47      exit();
  48  }
  49  
  50  // Security check: is the file linked to a forum message and 
  51  // does the file belong to the current forum?
  52  if ($file["link"] == PHORUM_LINK_MESSAGE && isset($file["message_id"])) {
  53      $message = phorum_db_get_message($file["message_id"]);
  54      if (! $message || ($message["forum_id"] != 0 && $message["forum_id"] != $PHORUM["forum_id"])) {
  55          phorum_redirect_by_url(phorum_get_url(PHORUM_LIST_URL));
  56          exit();
  57      }
  58  }
  59  
  60  $send_file=true;
  61  
  62  // check if this phorum allows off site links and if not, check the referrer
  63  if(isset($_SERVER["HTTP_REFERER"]) && !$PHORUM["file_offsite"] && preg_match('!^https?://!', $_SERVER["HTTP_REFERER"])){
  64  
  65      $base = strtolower(phorum_get_url(PHORUM_BASE_URL));
  66      $len = strlen($base);
  67      if (strtolower(substr($_SERVER["HTTP_REFERER"], 0, $len)) != $base) {
  68  
  69          ob_end_flush();
  70  
  71          $PHORUM["DATA"]["MESSAGE"]=$PHORUM["DATA"]["LANG"]["FileForbidden"];
  72          include phorum_get_template("header");
  73          include phorum_get_template("message");
  74          include phorum_get_template("footer");
  75  
  76          $send_file=false;
  77      }
  78  }
  79  
  80  if($send_file){
  81  
  82      // Mime Types for Attachments
  83      $mime_types["default"]="text/plain";
  84      $mime_types["pdf"]="application/pdf";
  85      $mime_types["doc"]="application/msword";
  86      $mime_types["xls"]="application/vnd.ms-excel";
  87      $mime_types["gif"]="image/gif";
  88      $mime_types["png"]="image/png";
  89      $mime_types["jpg"]="image/jpeg";
  90      $mime_types["jpeg"]="image/jpeg";
  91      $mime_types["jpe"]="image/jpeg";
  92      $mime_types["tiff"]="image/tiff";
  93      $mime_types["tif"]="image/tiff";
  94      $mime_types["xml"]="text/xml";
  95      $mime_types["mpeg"]="video/mpeg";
  96      $mime_types["mpg"]="video/mpeg";
  97      $mime_types["mpe"]="video/mpeg";
  98      $mime_types["qt"]="video/quicktime";
  99      $mime_types["mov"]="video/quicktime";
 100      $mime_types["avi"]="video/x-msvideo";
 101      $mime_types["gz"]="application/x-gzip";
 102      $mime_types["tgz"]="application/x-gzip";
 103      $mime_types["zip"]="application/zip";
 104      $mime_types["tar"]="application/x-tar";
 105      $mime_types["exe"]="application/octet-stream";
 106      $mime_types["rar"]="application/octet-stream";
 107      $mime_types["wma"]="application/octet-stream";
 108      $mime_types["wmv"]="application/octet-stream";
 109      $mime_types["mp3"]="audio/mpeg";
 110  
 111      $type=strtolower(substr($file["filename"], strrpos($file["filename"], ".")+1));
 112  
 113      if(isset($mime_types[$type])){
 114          $mime=$mime_types[$type];
 115      }
 116      else{
 117          $mime=$mime_types["default"];
 118      }
 119  
 120      list($mime, $file) = phorum_hook("file", array($mime, $file));
 121  
 122      ob_end_clean();
 123  
 124      header("Content-Type: $mime");
 125      header("Content-Disposition: filename=\"{$file['filename']}\"");
 126  
 127      echo base64_decode($file["file_data"]);
 128  
 129      exit();
 130  }
 131  
 132  ?>