function getAttachmentUrl($apli, $post_id, $att_id, $att_path, $att_type, $att_size, $att_inline = 0, $compteur, $visible = 0, $Mmod)
{
    global $icon_dir, $img_dir, $forum;
    global $mimetype_default, $mime_dspfmt, $mime_renderers;
    global $DOCUMENTROOT;
    load_mimetypes();
    $att_name = substr(strstr(basename($att_path), '.'), 1);
    $att_name = substr(strstr(basename($att_name), '.'), 1);
    $att_path = $DOCUMENTROOT . $att_path;
    if (!is_file($att_path)) {
        return '&nbsp;<span class="text-danger" style="font-size: .65rem;">' . upload_translate("Fichier non trouvÈ") . ' : ' . $att_name . '</span>';
    }
    if ($att_inline) {
        if (isset($mime_dspfmt[$att_type])) {
            $display_mode = $mime_dspfmt[$att_type];
        } else {
            $display_mode = $mime_dspfmt[$mimetype_default];
        }
    } else {
        $display_mode = ATT_DSP_LINK;
    }
    if ($Mmod) {
        global $userdata;
        $marqueurM = "&amp;Mmod=" . substr($userdata[2], 8, 6);
    } else {
        $marqueurM = "";
    }
    $att_url = "getfile.php?att_id={$att_id}&amp;apli={$apli}" . $marqueurM . "&amp;att_name=" . rawurlencode($att_name);
    if ($visible != 1) {
        $visible_wrn = '&nbsp;<span class="text-danger" style="font-size: .65rem;">' . upload_translate("Fichier non visible") . '</span>';
    }
    switch ($display_mode) {
        case ATT_DSP_IMG:
            // display as an embedded image
            $size = @getImageSize("{$att_path}");
            //         $img_size = verifsize( $size );
            $img_size = 'style="max-width: 100%; height:auto;"';
            $text = str_replace('"', '\\"', $mime_renderers[ATT_DSP_IMG]);
            eval("\$ret=stripSlashes(\"{$text}\");");
            break;
        case ATT_DSP_PLAINTEXT:
            // display as embedded text, PRE-formatted
            $att_contents = str_replace("\\", "\\\\", htmlSpecialChars(join('', file($att_path)), ENT_COMPAT | ENT_HTML401, cur_charset));
            $att_contents = word_wrap($att_contents);
            $text = str_replace('"', '\\"', $mime_renderers[ATT_DSP_PLAINTEXT]);
            eval("\$ret=\"{$text}\";");
            break;
        case ATT_DSP_HTML:
            // display as embedded HTML text
            //au choix la source ou la page
            $att_contents = word_wrap(nl2br(scr_html(join("", file($att_path)))));
            //$att_contents = removeHack (join ("", file ($att_path)));
            $text = str_replace('"', '\\"', $mime_renderers[ATT_DSP_HTML]);
            eval("\$ret=stripSlashes(\"{$text}\");");
            break;
        case ATT_DSP_SWF:
            // Embedded Macromedia Shockwave Flash
            $size = @getImageSize("{$att_path}");
            $img_size = verifsize($size);
            $text = str_replace('"', '\\"', $mime_renderers[ATT_DSP_SWF]);
            eval("\$ret=stripSlashes(\"{$text}\");");
            break;
        default:
            // display as link
            $Fichier = new FileManagement();
            // essai class PHP7
            //         $Fichier = new File("");
            //         $att_size = $Fichier->Pretty_Size($att_size);
            $att_size = $Fichier->file_size_format($att_size, 1);
            $att_icon = att_icon($att_name);
            $text = str_replace('"', '\\"', $mime_renderers[ATT_DSP_LINK]);
            eval("\$ret=stripSlashes(\"{$text}\");");
            break;
    }
    return $ret;
}
Esempio n. 2
0
 /**
  * Copy one uploaded file to his destination and insert an entry in the database
  * @access    private
  * @return    boolean   TRUE if OK
  */
 function uploadFile($IdPost, $IdTopic, $name, $size, $type, $src_file, $inline = DEFAULT_INLINE)
 {
     global $MAX_FILE_SIZE;
     global $mimetypes, $mimetype_default;
     global $insert_base;
     settype($size, 'integer');
     $this->errno = 0;
     # Check temporary file
     # --------------------
     if (empty($src_file) || strcasecmp($src_file, 'none') == 0) {
         $this->errno = NO_FILE;
         return false;
     }
     # Check size
     # ----------
     if ($size == 0) {
         $this->errno = FILE_EMPTY;
         return false;
     } else {
         $fsize = filesize($src_file);
     }
     if ($size != $fsize) {
         $this->errno = ERR_FILE;
         return FALSE;
     }
     if ($size > $MAX_FILE_SIZE) {
         $this->errno = FILE_TOO_BIG;
         return FALSE;
     }
     # Check name
     # ----------
     if (empty($name)) {
         $this->errno = NO_FILE;
         return false;
     }
     $name = preg_replace('#[/\\\\:\\*\\?"<>|]#i', '_', rawurldecode($name));
     # Check type and extension
     # ------------------------
     load_mimetypes();
     $suffix = strtoLower(substr(strrchr($name, '.'), 1));
     if (isset($mimetypes[$suffix])) {
         $type = $mimetypes[$suffix];
     } elseif (empty($type) || $type == 'application/octet-stream') {
         $type = $mimetype_default;
     }
     if (!$this->isAllowedFile($name, $type)) {
         $this->errno = INVALID_FILE_TYPE;
         return FALSE;
     }
     # Find the path to upload directory
     # -------------------------------------------
     global $DOCUMENTROOT;
     $rep = $DOCUMENTROOT;
     settype($log_filename, "string");
     if ($insert_base == true) {
         # insert attachment reference in database
         # ---------------------------------------
         $id = insertAttachment($this->apli, $IdPost, $IdTopic, $this->IdForum, $name, $this->upload_dir, $inline, $size, $type);
         if ($id <= 0) {
             $this->errno = DB_ERROR;
             return FALSE;
         }
         # copy temporary file to the upload directory
         # -------------------------------------------
         $dest_file = $rep . $this->upload_dir . "{$id}." . $this->apli . ".{$name}";
         $copyfunc = function_exists('move_uploaded_file') ? 'move_uploaded_file' : 'copy';
         if (!$copyfunc($src_file, $dest_file)) {
             deleteAttachment($this->apli, $IdPost, $rep . $this->upload_dir, $id, $name);
             $this->errno = COPY_ERROR;
             return FALSE;
         }
         @chmod($dest_file, 0766);
         $log_filename = $dest_file;
     } else {
         if ($this->apli == "minisite") {
             # copy temporary file to the upload directory
             # -------------------------------------------
             global $rep_upload_minisite;
             $copyfunc = function_exists('move_uploaded_file') ? 'move_uploaded_file' : 'copy';
             if (!$copyfunc($src_file, $rep . $rep_upload_minisite . $name)) {
                 $this->errno = COPY_ERROR;
                 return FALSE;
             }
             @chmod($rep . $rep_upload_minisite . $name, 0766);
             $log_filename = $rep . $rep_upload_minisite . $name;
         } elseif ($this->apli == "editeur") {
             # copy temporary file to the upload directory
             # -------------------------------------------
             global $rep_upload_editeur;
             $copyfunc = function_exists('move_uploaded_file') ? 'move_uploaded_file' : 'copy';
             if (!$copyfunc($src_file, $rep . $rep_upload_editeur . $name)) {
                 $this->errno = COPY_ERROR;
                 return FALSE;
             }
             @chmod($rep . $rep_upload_editeur . $name, 0766);
             $log_filename = $rep . $rep_upload_editeur . $name;
         } else {
             return FALSE;
         }
     }
     Ecr_Log("security", "Upload File(s) : " . getip(), $log_filename);
     return TRUE;
 }