diff options
Diffstat (limited to 'mod/attach.php')
| -rw-r--r-- | mod/attach.php | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/mod/attach.php b/mod/attach.php new file mode 100644 index 000000000..ae6540201 --- /dev/null +++ b/mod/attach.php @@ -0,0 +1,42 @@ +<?php + +require_once('include/security.php'); + +function attach_init(&$a) { + + if($a->argc != 2) { + notice( t('Item not available.') . EOL); + return; + } + + $item_id = intval($a->argv[1]); + + // Check for existence, which will also provide us the owner uid + + $r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1", + intval($item_id) + ); + if(! count($r)) { + notice( t('Item was not found.'). EOL); + return; + } + + $sql_extra = permissions_sql($r[0]['uid']); + + // Now we'll see if we can access the attachment + + $r = q("SELECT * FROM `attach` WHERE `id` = '%d' $sql_extra LIMIT 1", + dbesc($item_id) + ); + + if(! count($r)) { + notice( t('Permission denied.') . EOL); + return; + } + + header('Content-type: ' . $r[0]['filetype']); + header('Content-disposition: attachment; filename=' . $r[0]['filename']); + echo $r[0]['data']; + killme(); + // NOTREACHED +}
\ No newline at end of file |