diff options
Diffstat (limited to 'mod/attach.php')
-rw-r--r-- | mod/attach.php | 35 |
1 files changed, 9 insertions, 26 deletions
diff --git a/mod/attach.php b/mod/attach.php index f300ec6fb..b94c02c19 100644 --- a/mod/attach.php +++ b/mod/attach.php @@ -1,42 +1,25 @@ <?php require_once('include/security.php'); +require_once('include/attach.php'); function attach_init(&$a) { - if(argc() != 2) { + if(argc() < 2) { notice( t('Item not available.') . EOL); return; } - $hash = argv(1); + $r = attach_by_hash(argv(1),((argc() > 2) ? intval(argv(2)) : 0)); - // Check for existence, which will also provide us the owner uid - - $r = q("SELECT * FROM `attach` WHERE `hash` = '%s' LIMIT 1", - dbesc($hash) - ); - if(! count($r)) { - notice( t('Item was not found.'). EOL); - return; - } - - $sql_extra = permissions_sql($r[0]['uid']); - - // Now we'll see if we can access the attachment - - $r = q("SELECT * FROM `attach` WHERE hash = '%s' $sql_extra LIMIT 1", - dbesc($hash) - ); - - if(! count($r)) { - notice( t('Permission denied.') . EOL); + if(! $r['success']) { + notice( $r['message'] . EOL); return; } - header('Content-type: ' . $r[0]['filetype']); - header('Content-disposition: attachment; filename=' . $r[0]['filename']); - echo $r[0]['data']; + header('Content-type: ' . $r['data']['filetype']); + header('Content-disposition: attachment; filename=' . $r['data']['filename']); + echo $r['data']['data']; killme(); - // NOTREACHED + }
\ No newline at end of file |