/**
* Select library
*
* @param vB_Registry Instance of the vBulletin data registry object - expected to have the database object as one of its $this->db member.
* @param integer Unique id of this contenttype (forum post, blog entry, etc)
* @param boolean Display thumbnail
* @param integer Unique id of this item attachment.attachmentid
*
* @return object
*/
public static function &fetch_library(&$registry, $contenttypeid, $thumbnail, $attachmentid)
{
if (self::$instance) {
return self::$instance;
}
$types = vB_Types::instance();
$attachmentinfo = array();
if (!$contenttypeid) {
// Send the contenttypeid into fetch_library to avoid this query!
$contentinfo = $registry->db->query_first_slave("\n\t\t\t\tSELECT a.contenttypeid\n\t\t\t\tFROM " . TABLE_PREFIX . "attachment AS a\n\t\t\t\tWHERE a.attachmentid = {$attachmentid}\n\t\t\t");
$contenttypeid = $contentinfo['contenttypeid'];
}
if (!($contenttypeid = $types->getContentTypeID($contenttypeid))) {
return false;
}
$package = $types->getContentTypePackage($contenttypeid);
$class = $types->getContentTypeClass($contenttypeid);
$selectclass = "vB_Attachment_Display_Single_{$package}_{$class}";
$path = DIR . '/packages/' . strtolower($package) . '/attach/' . strtolower($class) . '.php';
if (file_exists($path)) {
include_once DIR . '/packages/' . strtolower($package) . '/attach/' . strtolower($class) . '.php';
if (class_exists($selectclass)) {
self::$instance = new $selectclass($registry, $attachmentid, $thumbnail);
return self::$instance;
}
}
return false;
}
/**
* Select library
*
* @param vB_Registry Instance of the vBulletin data registry object - expected to have the database object as one of its $this->db member.
* @param integer Unique id of this contenttype (forum post, blog entry, etc)
* @param boolean Display thumbnail
* @param integer Unique id of this item attachment.attachmentid
*
* @return object
*/
public static function &fetch_library(&$registry, $contenttypeid, $thumbnail, $attachmentid)
{
if (self::$instance)
{
return self::$instance;
}
require_once(DIR . '/includes/class_bootstrap_framework.php');
require_once(DIR . '/vb/types.php');
vB_Bootstrap_Framework::init();
$types = vB_Types::instance();
$attachmentinfo = array();
if (!$contenttypeid)
{
// Send the contenttypeid into fetch_library to avoid this query!
$contentinfo = $registry->db->query_first_slave("
SELECT a.contenttypeid
FROM " . TABLE_PREFIX . "attachment AS a
WHERE a.attachmentid = $attachmentid
");
$contenttypeid = $contentinfo['contenttypeid'];
}
if (!($contenttypeid = $types->getContentTypeID($contenttypeid)))
{
return false;
}
$package = $types->getContentTypePackage($contenttypeid);
$class = $types->getContentTypeClass($contenttypeid);
$selectclass = "vB_Attachment_Display_Single_{$package}_{$class}";
include_once(DIR . '/packages/' . strtolower($package) . '/attach/' . strtolower($class) . '.php');
if (class_exists($selectclass))
{
self::$instance = new $selectclass($registry, $attachmentid, $thumbnail);
}
else
{
return false;
}
return self::$instance;
}
// ########################################################################
// ######################### START MAIN SCRIPT ############################
// ########################################################################
$vbulletin->input->clean_array_gpc('r', array(
'attachmentid' => TYPE_UINT,
'thumb' => TYPE_BOOL,
'cid' => TYPE_UINT,
));
$vbulletin->input->clean_array_gpc('p', array(
'ajax' => TYPE_BOOL,
'uniqueid' => TYPE_UINT
));
if (!($attach =& vB_Attachment_Display_Single_Library::fetch_library($vbulletin, $vbulletin->GPC['cid'], $vbulletin->GPC['thumb'], $vbulletin->GPC['attachmentid'])))
{
eval(standard_error(fetch_error('invalidid', $vbphrase['attachment'], $vbulletin->options['contactuslink'])));
}
$result = $attach->verify_attachment();
if ($result === false)
{
eval(standard_error(fetch_error('invalidid', $vbphrase['attachment'], $vbulletin->options['contactuslink'])));
}
else if ($result === 0)
{
header('Content-type: image/gif');
readfile(DIR . '/' . $vbulletin->options['cleargifurl']);
exit;
}
function handle_attach($action, $attributes, $content, $params, $node_object)
{
global $vbulletin, $fr_platform, $db, $contenttype, $images, $nuke_quotes;
if ($action == 'validate') {
return true;
}
if (!is_numeric($content)) {
return $content;
}
$attachmentid = intval($content);
if ($fr_platform == 'vb40') {
$_REQUEST['attachmentid'] = $attachmentid;
if (!($attach =& vB_Attachment_Display_Single_Library::fetch_library($vbulletin, $contenttype, true, $attachmentid))) {
return '';
}
$result = $attach->verify_attachment();
if ($result !== true) {
return '';
}
$url = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachmentid;
if (!$nuke_quotes) {
$images[] = $url;
}
return "<img src=\"{$url}\"/>";
} else {
if ($fr_platform == 'vb38' || $fr_platform == 'vb37' || $fr_platform == 'vb36') {
if (!($attachmentinfo = $db->query_first_slave("\n\t SELECT filename, attachment.postid, attachment.userid, attachmentid, attachment.extension,\n\t " . (!empty($vbulletin->GPC['thumb']) ? 'thumbnail_dateline AS dateline, thumbnail_filesize AS filesize,' : 'attachment.dateline, filesize,') . "\n\t attachment.visible, attachmenttype.newwindow, mimetype, thread.forumid, thread.threadid, thread.postuserid,\n\t post.visible AS post_visible, thread.visible AS thread_visible\n\t {$hook_query_fields}\n\t FROM " . TABLE_PREFIX . "attachment AS attachment\n\t LEFT JOIN " . TABLE_PREFIX . "attachmenttype AS attachmenttype ON (attachmenttype.extension = attachment.extension)\n\t LEFT JOIN " . TABLE_PREFIX . "post AS post ON (post.postid = attachment.postid)\n\t LEFT JOIN " . TABLE_PREFIX . "thread AS thread ON (post.threadid = thread.threadid)\n\t {$hook_query_joins}\n\t WHERE " . ($vbulletin->GPC['postid'] ? "attachment.postid = " . $vbulletin->GPC['postid'] : "attachmentid = " . $attachmentid) . "\n\t {$hook_query_where}\n\t "))) {
return '';
}
if ($attachmentinfo['postid'] == 0) {
// Attachment that is in progress but hasn't been finalized
if ($vbulletin->userinfo['userid'] != $attachmentinfo['userid'] and !can_moderate($attachmentinfo['forumid'], 'caneditposts')) {
// Person viewing did not upload it
return '';
}
// else allow user to view the attachment (from the attachment manager for example)
} else {
$forumperms = fetch_permissions($attachmentinfo['forumid']);
$threadinfo = array('threadid' => $attachmentinfo['threadid']);
// used for session.inthread
$foruminfo = array('forumid' => $attachmentinfo['forumid']);
// used for session.inforum
# Block attachments belonging to soft deleted posts and threads
if (!can_moderate($attachmentinfo['forumid']) and ($attachmentinfo['post_visible'] == 2 or $attachmentinfo['thread_visible'] == 2)) {
return '';
}
# Block attachments belonging to moderated posts and threads
if (!can_moderate($attachmentinfo['forumid'], 'canmoderateposts') and ($attachmentinfo['post_visible'] == 0 or $attachmentinfo['thread_visible'] == 0)) {
return '';
}
$viewpermission = $forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment'];
$viewthumbpermission = ($forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment'] or $forumperms & $vbulletin->bf_ugp_forumpermissions['canseethumbnails']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($attachmentinfo['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) {
return '';
} else {
if ($vbulletin->GPC['thumb'] and !$viewthumbpermission or !$vbulletin->GPC['thumb'] and !$viewpermission) {
return '';
}
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($attachmentinfo['forumid'], $vbulletin->forumcache["{$attachmentinfo['forumid']}"]['password']);
if (!$attachmentinfo['visible'] and !can_moderate($attachmentinfo['forumid'], 'canmoderateattachments') and $attachmentinfo['userid'] != $vbulletin->userinfo['userid']) {
print_no_permission();
}
}
$url = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachmentid;
if (!$nuke_quotes) {
$images[] = $url;
return "<img src=\"{$url}\"/>";
} else {
return '';
}
} else {
return '';
}
}
}
