Exemple #1
0
    function mime_content_type($f)
    {
        return trim(exec('file -bi ' . escapeshellarg($f)));
    }
}
$msgid = isset($_GET['id']) ? intval($_GET['id']) : 0;
$file = basename($_GET['file']);
if ($msgid) {
    $res = $xoopsDB->query("SELECT msgid,uid,touid,onepass FROM " . CCMES . " WHERE msgid={$msgid}");
    if (!$res || $xoopsDB->getRowsNum($res) == 0) {
        die("No File");
    }
    $data = $xoopsDB->fetchArray($res);
    if (!cc_check_perm($data)) {
        redirect_header(XOOPS_URL . '/user.php', 3, _NOPERM);
        exit;
    }
}
$path = XOOPS_UPLOAD_PATH . cc_attach_path($msgid, $file);
$type = cc_mime_content_type($path);
$stat = stat($path);
if (!$stat) {
    die('No File');
}
//header("Last-Modified: ".formatTimestamp($stat['mtime'], "r"));
header("Content-Type: {$type}");
//header("Content-Length: ".$stat['size']);
if ($stat && $_SERVER["REQUEST_METHOD"] == "GET") {
    header('Content-Disposition: inline;filename="' . $file . '"');
    print file_get_contents($path);
}
function assign_post_values(&$items)
{
    global $myts;
    $errors = array();
    foreach ($items as $key => $item) {
        if (empty($item['field'])) {
            continue;
        }
        $name = $item['field'];
        $type = $item['type'];
        $lab = $item['label'];
        $attr =& $item['attr'];
        $check = !empty($attr['check']) ? $attr['check'] : "";
        $val = '';
        if (isset($_POST[$name])) {
            $val = $_POST[$name];
            if (is_array($val)) {
                foreach ($val as $n => $v) {
                    $val[$n] = $myts->stripSlashesGPC($v);
                }
            } else {
                $val = $myts->stripSlashesGPC($val);
            }
        }
        switch ($type) {
            case 'checkbox':
                if (empty($val)) {
                    $val = array();
                }
                $idx = array_search(LABEL_ETC, $val);
                // etc
                if (is_int($idx)) {
                    $val[$idx] = strip_tags($item['options'][LABEL_ETC]) . " " . $myts->stripSlashesGPC($_POST[$name . "_etc"]);
                }
                break;
            case 'radio':
                if ($val == LABEL_ETC) {
                    // etc
                    $val = strip_tags($item['options'][LABEL_ETC]) . " " . $myts->stripSlashesGPC($_POST[$name . "_etc"]);
                }
                break;
            case 'hidden':
            case 'const':
                $val = eval_user_value(join(',', $item['options']));
                break;
            case 'file':
                $upfile = isset($_FILES[$name]) ? $_FILES[$name] : array('name' => '');
                $fname = $upfile['name'];
                $exts = preg_wildcard(get_attr_value($attr, 'accept_ext'));
                $types = preg_wildcard(get_attr_value($attr, 'accept_type'));
                if ($exts && $fname) {
                    if (!preg_match("/\\.({$exts})\$/", $fname, $d)) {
                        $errors[] = $lab . ": " . _MD_UPLOADFILE_ERR;
                    } elseif ($types) {
                        $aexts = explode('|', $exts);
                        $nth = array_search($d[1], $exts, $ext);
                        $atypes = explode('|', $types);
                        // same count accept to check strict
                        if (count($aexts) == count($atypes)) {
                            $types = $atypes[$nth];
                        }
                    }
                }
                $tmpfile = isset($upfile['tmp_name']) ? $upfile['tmp_name'] : null;
                if ($types && $tmpfile) {
                    $ftype = cc_mime_content_type($tmpfile);
                    if (!preg_match('/^(' . $types . ')$/', $ftype)) {
                        $errors[] = $lab . ": " . _MD_UPLOADFILE_ERR;
                    }
                }
                $val = '';
                // filename
                $prename = $name . "_prev";
                if (isset($_POST[$prename])) {
                    $val = $myts->stripSlashesGPC($_POST[$prename]);
                    if (!empty($fname)) {
                        unlink(XOOPS_UPLOAD_PATH . cc_attach_path(0, $val));
                        $val = '';
                    }
                }
                if (empty($val)) {
                    $val = $fname;
                    if ($val) {
                        move_attach_file($tmpfile, $val);
                    } elseif (isset($_POST[$name])) {
                        // confirm
                        $val = $myts->stripSlashesGPC($_POST[$name]);
                    }
                }
                break;
            case 'mail':
                if (is_object($GLOBALS['xoopsUser']) && get_attr_value(null, 'input_mail_login', '') == 'no') {
                    continue 2;
                }
                $name .= '_conf';
                if (!checkEmail($val)) {
                    $errors[] = $lab . ": " . _MD_ADDRESS_ERR;
                }
                if (get_attr_value(null, 'input_mail_confirm', '') != 'no' && isset($_POST[$name])) {
                    if ($val != $myts->stripSlashesGPC($_POST[$name])) {
                        $errors[] = sprintf(_MD_CONF_LABEL, $lab) . ": " . _MD_CONFIRM_ERR;
                    }
                }
                break;
        }
        switch ($check) {
            case '':
                break;
            case 'require':
                if ($val === '') {
                    $errors[] = $lab . ": " . _MD_REQUIRE_ERR;
                }
                break;
            case 'mail':
                if (!checkEmail($val)) {
                    $errors[] = $lab . ": " . _MD_ADDRESS_ERR;
                }
                break;
            case 'num':
                $check = 'numeric';
            default:
                $v = get_attr_value(null, $check);
                if (!empty($v)) {
                    $check = $v;
                }
                if (!preg_match('/^' . $check . '$/', $val)) {
                    $errors[] = $lab . ": " . ($val ? _MD_REGEXP_ERR : _MD_REQUIRE_ERR);
                }
                break;
        }
        $items[$key]['value'] = $val;
    }
    return $errors;
}