function attachfile_display_list($mydirname, $module_dirname, $target_id, $mode) { global $xoopsUser, $xoopsConfig, $xoopsModule, $xoopsModuleConfig, $xoopsDB; $mod_url = XOOPS_URL . '/modules/' . $mydirname; $sql = "SELECT * FROM " . $xoopsDB->prefix($mydirname . "_attach") . " WHERE module_dirname='{$module_dirname}' AND target_id={$target_id} ORDER BY attach_id"; $attached_files =& attachfile_query($sql); $attached_files_count = count($attached_files); $attached_files4assign = attachfile_htmlspecialchars_to_2array($attached_files); // TODO:template cache include_once XOOPS_ROOT_PATH . '/class/template.php'; $xoopsTpl = new XoopsTpl(); if ($xoopsConfig['debug_mode'] == 3) { $xoopsTpl->xoops_setDebugging(true); } $xoopsTpl->assign(array('module_title' => _MD_ATTACHFILE_TITLE, 'xoops_css' => XOOPS_URL . "/themes/" . $xoopsConfig['theme_set'] . "/style.css", 'mod_url' => $mod_url, 'mydirname' => $mydirname, 'module_dirname' => $module_dirname, 'target_id' => $target_id, 'attached_files_count' => $attached_files_count, 'attached_files' => $attached_files4assign, 'unique_id' => $mydirname . '_COUNT_' . $module_dirname . '_' . $target_id)); $xoopsTpl->display('db:' . $mydirname . '_' . $mode . '.html'); }
$title = mb_convert_encoding($title, $xoopsModuleConfig['ttl_enc_oth']); } } $saved_name = $attached_files[0]['saved_name']; // view attachfile_download_attach($mydirname, $title, $saved_name); } else { if ($mode == 'delete') { // params $attach_id = attachfile_reqint('attach_id'); // pre transaction (for permission check) // ** DON'T GET "module_dirname" AND "target_id" FROM REQUEST. // ** THEY MIGHT BE CHEAT. // ** YOU SHOULD GET THEM ONLY BY "attach_id" IN DELETE PROCESS. $sql = "SELECT * FROM " . $xoopsDB->prefix($mydirname . "_attach") . " WHERE attach_id={$attach_id}"; $attached_files =& attachfile_query($sql); $attached_files_count = count($attached_files[0]); if ($attached_files_count == 0) { die(_MD_ATTACHFILE_ERR_READATTACH); } $module_dirname = $attached_files[0]['module_dirname']; $target_id = $attached_files[0]['target_id']; // permission check // check download permission $error_msg = attachfile_check_upload_permission($mydirname, $module_dirname, $target_id); if (isset($error_msg)) { echo $error_msg; return; } // transaction attachfile_delete_file($mydirname, $attach_id);