/**
* Sends attached file to output
*
* @param array $input parameters
* @param array $return metadata parameters
* @param resource $DB database connection to use
* @return string 'OK' or some error text
*/
public static function commentsGetAttached($input, &$return_metadata, $DB)
{
// check ID first
if (($object_id = $input['row_id']) == '') {
$return_metadata = array('status' => 'ERROR');
terminate('', 'Bad row ID', 400);
}
// check if comment exists
if ($DB->querySingle("select count(*) from comments where id = '{$object_id}'") == '0') {
$return_metadata = array('status' => 'ERROR');
terminate('', 'No comment with this ID', 404);
}
// check if file was attached and exists now
$attached_name = trim($DB->querySingle("select attached_name from comments where id = '{$object_id}'"));
if ($attached_name == '') {
terminate('', 'No file attached to this comment', 404);
}
$attached_full_name = self::COMMENTS_ATTACHED_DIR . $object_id;
if (!file_exists($attached_full_name)) {
terminate('', 'File missing', 500);
}
// send file type, according to file internal contents
$output_name = str_replace('+', '%20', urlencode($attached_name));
file_to_output($attached_full_name, array('Content-Disposition: attachment; filename="' . $output_name . '"', 'Content-Transfer-Encoding: binary', 'Expires: 0', 'Cache-Control: must-revalidate'));
exit;
}
<?php
chdir('..');
include 'userfiles/_data_common/conf.php';
include_once 'lib/cms.php';
include_once 'lib/common.php';
$_ = '';
$check_regexp = '~^[a-zA-Z0-9_\\-][a-zA-Z0-9_\\-.]*$~';
// whether we should get something from module's help or from main
$path = isset($_GET['path']) && preg_match($check_regexp, $_GET['path']) ? MODULES_DIR . $_GET['path'] . '/help/' : '';
// proxy mode - just redirect file content to the output (useful for images)
$proxy = isset($_GET['proxy']) && preg_match($check_regexp, $_GET['proxy']) ? $_GET['proxy'] : false;
if ($proxy) {
file_to_output(($path > '' ? $path : 'doc/') . $proxy);
exit;
}
// check for filename to include
$get = isset($_GET['get']) && preg_match($check_regexp, $_GET['get']) ? $_GET['get'] : '';
// if both path and get are empty, display generated content and FAQ, otherwise get content
if ($path . $get == '') {
$_ = file_get_contents('doc/useful.html') . '<h3>Справка по модулям</h3>' . create_module_help_links();
} else {
$full_filename = ($path > '' ? $path : 'doc/') . ($get > '' ? $get : 'help.html');
$_ = '<div class="btn-group top-right">' . '<a href="./help.php" class="btn btn-info btn-sm" data-button-action="help-to-content">Содержание</a>' . '</div>' . (file_exists($full_filename) ? file_get_contents($full_filename) : '<h3>sorry, no file :-(</h3>');
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Справка</title>
