/**
* Display the attachment.
*
* Uses the new rewrite endpoint to get an attachment ID
* and display the attachment if the currently logged in user
* has the authorization to.
*
* @since 3.2.0
* @return void
*/
public function view_attachment()
{
$attachment_id = get_query_var('wpas-attachment');
if (!empty($attachment_id)) {
$attachment = get_post($attachment_id);
/**
* Return a 404 page if the attachment ID
* does not match any attachment in the database.
*/
if (empty($attachment)) {
/**
* @var WP_Query $wp_query WordPress main query
*/
global $wp_query;
$wp_query->set_404();
status_header(404);
include get_query_template('404');
die;
}
if ('attachment' !== $attachment->post_type) {
wp_die(__('The file you requested is not a valid attachment', 'awesome-support'));
}
if (empty($attachment->post_parent)) {
wp_die(__('The attachment you requested is not attached to any ticket', 'awesome-support'));
}
$parent = get_post($attachment->post_parent);
// Get the parent. It can be a ticket or a ticket reply
$parent_id = empty($parent->post_parent) ? $parent->ID : $parent->post_parent;
if (true !== wpas_can_view_ticket($parent_id)) {
wp_die(__('You are not allowed to view this attachment', 'awesome-support'));
}
$filename = basename($attachment->guid);
ini_set('user_agent', 'Awesome Support/' . WPAS_VERSION . '; ' . get_bloginfo('url'));
header("Content-Type: {$attachment->post_mime_type}");
header("Content-Disposition: inline; filename=\"{$filename}\"");
readfile($attachment->guid);
die;
}
}
/**
* Alter page content for single ticket.
*
* In order to ensure maximum compatibility with all themes,
* we hook onto the_content instead of changing the entire template
* for ticket single.
*
* However, if the theme author has customized the single ticket template
* we do not apply those modifications as the custom template will do the job.
*
* @since 3.0.0
* @param string $content Post content
* @return string Ticket single
*/
function wpas_single_ticket($content)
{
global $post;
$slug = 'ticket';
/* Don't touch the admin */
if (is_admin()) {
return $content;
}
/* Only apply this on the ticket single. */
if ($post && $slug !== $post->post_type) {
return $content;
}
/* Only apply this on the main query. */
if (!is_main_query()) {
return $content;
}
/* Only apply this if it's inside of a loop. */
if (!in_the_loop()) {
return $content;
}
/* Remove the filter to avoid infinite loops. */
remove_filter('the_content', 'wpas_single_ticket');
/* Check if the current user can view the ticket */
if (!wpas_can_view_ticket($post->ID)) {
if (is_user_logged_in()) {
return wpas_get_notification_markup('failure', __('You are not allowed to view this ticket.', 'awesome-support'));
} else {
$output = '';
$output .= wpas_get_notification_markup('failure', __('You are not allowed to view this ticket.', 'awesome-support'));
ob_start();
wpas_get_template('registration');
$output .= ob_get_clean();
return $output;
}
}
/* Get template name */
$template_path = get_page_template();
$template = explode('/', $template_path);
$count = count($template);
$template = $template[$count - 1];
/* Don't apply the modifications on a custom template */
if ("single-{$slug}.php" === $template) {
return $content;
}
/* Get the ticket content */
ob_start();
/**
* wpas_frontend_plugin_page_top is executed at the top
* of every plugin page on the front end.
*/
do_action('wpas_frontend_plugin_page_top', $post->ID, $post);
/**
* Get the custom template.
*/
wpas_get_template('details');
/**
* Finally get the buffer content and return.
*
* @var string
*/
$content = ob_get_clean();
return $content;
}
/**
* Display the attachment.
*
* Uses the new rewrite endpoint to get an attachment ID
* and display the attachment if the currently logged in user
* has the authorization to.
*
* @since 3.2.0
* @return void
*/
public function view_attachment()
{
$attachment_id = get_query_var('wpas-attachment');
if (!empty($attachment_id)) {
$attachment = get_post($attachment_id);
/**
* Return a 404 page if the attachment ID
* does not match any attachment in the database.
*/
if (empty($attachment)) {
/**
* @var WP_Query $wp_query WordPress main query
*/
global $wp_query;
$wp_query->set_404();
status_header(404);
include get_query_template('404');
die;
}
if ('attachment' !== $attachment->post_type) {
wp_die(__('The file you requested is not a valid attachment', 'wpas'));
}
if (empty($attachment->post_parent)) {
wp_die(__('The attachment you requested is not attached to any ticket', 'wpas'));
}
$parent = get_post($attachment->post_parent);
// Get the parent. It can be a ticket or a ticket reply
$parent_id = empty($parent->post_parent) ? $parent->ID : $parent->post_parent;
if (true !== wpas_can_view_ticket($parent_id)) {
wp_die(__('You are not allowed to view this attachment', 'wpas'));
}
header("Content-Type: {$attachment->post_mime_type}");
readfile($attachment->guid);
die;
}
}
