$file = kboard_xssfilter($file);
$file = addslashes($file);
} else {
$file = '';
}
if (!$uid || !$file) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
if (!strstr($referer, basename(__FILE__))) {
$_SESSION['redirect_uri'] = $referer;
}
$content = new KBContent();
$content->initWithUID($uid);
if ($content->parent_uid) {
$parent = new KBContent();
$parent->initWithUID($content->getTopContentUID());
$board = new KBoard($parent->board_id);
} else {
$board = new KBoard($content->board_id);
}
if (!$board->isEditor($content->member_uid)) {
if ($board->permission_write == 'all') {
if (!$board->isConfirm($content->password, $content->uid)) {
$url = new KBUrl();
$skin_path = KBOARD_URL_PATH . "/skin/{$board->skin}";
include KBOARD_DIR_PATH . "/skin/{$board->skin}/confirm.php";
exit;
}
} else {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
/**
* 첨부파일 다운로드
*/
public function fileDownload()
{
global $wpdb;
header('X-Robots-Tag: noindex', true);
// 검색엔진 수집 금지
header('Content-Type: text/html; charset=UTF-8');
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
if ($referer) {
$url = parse_url($referer);
$referer_host = $url['host'] . (isset($url['port']) && $url['port'] ? ':' . $url['port'] : '');
} else {
wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard'));
}
if (!in_array($referer_host, array($host))) {
wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard'));
}
$uid = isset($_GET['uid']) ? intval($_GET['uid']) : '';
if (isset($_GET['file'])) {
$file = trim($_GET['file']);
$file = kboard_htmlclear($file);
$file = kboard_xssfilter($file);
$file = esc_sql($file);
} else {
$file = '';
}
if (!$uid || !$file) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
$content = new KBContent();
$content->initWithUID($uid);
if ($content->parent_uid) {
$parent = new KBContent();
$parent->initWithUID($content->getTopContentUID());
$board = new KBoard($parent->board_id);
} else {
$board = new KBoard($content->board_id);
}
if (!$board->isReader($content->member_uid, $content->secret)) {
if (!$user_ID && $board->permission_read == 'author') {
die('<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url($referer) . '";</script>');
} else {
if ($content->secret && in_array($board->permission_write, array('all', 'author')) && in_array($board->permission_read, array('all', 'author'))) {
if (!$board->isConfirm($content->password, $content->uid)) {
if ($content->parent_uid) {
$parent = new KBContent();
$parent->initWithUID($content->getTopContentUID());
if (!$board->isReader($parent->member_uid, $content->secret)) {
if (!$board->isConfirm($parent->password, $parent->uid)) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
} else {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
} else {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
}
}
$file_info = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}kboard_board_attached` WHERE `content_uid`='{$uid}' AND `file_key`='{$file}'");
list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR);
$path = $path . str_replace('/', DIRECTORY_SEPARATOR, $file_info->file_path);
$filename = str_replace(' ', '-', $file_info->file_name);
if (!$file_info->file_path || !file_exists($path)) {
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
if (get_option('kboard_attached_copy_download')) {
$unique_dir = uniqid();
$upload_dir = wp_upload_dir();
$temp_path = $upload_dir['basedir'] . '/kboard_temp';
$kboard_file_handler = new KBFileHandler();
$kboard_file_handler->deleteWithOvertime($temp_path, 60);
$kboard_file_handler->mkPath("{$temp_path}/{$unique_dir}");
copy($path, "{$temp_path}/{$unique_dir}/{$filename}");
header('Location:' . $upload_dir['baseurl'] . "/kboard_temp/{$unique_dir}/{$filename}");
} else {
$ie = isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'Trident') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false);
if ($ie) {
$filename = iconv('UTF-8', 'EUC-KR//IGNORE', $filename);
}
header('Content-type: ' . kboard_mime_type($path));
header('Content-Disposition: attachment; filename="' . $filename . '"');
header('Content-Transfer-Encoding: binary');
header('Content-length: ' . sprintf('%d', filesize($path)));
header('Expires: 0');
if ($ie) {
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
} else {
header('Pragma: no-cache');
}
$fp = fopen($path, 'rb');
fpassthru($fp);
fclose($fp);
}
exit;
}
/**
* 최상위 부모 UID를 반환한다.
* @return int
*/
public function getTopContentUID()
{
if ($this->parent_uid) {
$content = new KBContent();
$content->initWithUID($this->parent_uid);
return $content->getTopContentUID();
}
return $this->uid;
}
/**
* 게시판 본문 페이지를 생성한다.
*/
public function builderDocument()
{
global $user_ID;
$url = new KBUrl();
$content = new KBContent($this->board_id);
$content->initWithUID($this->uid);
$skin_path = KBOARD_URL_PATH . "/skin/{$this->skin}";
$board = $this->board;
$boardBuilder = $this;
$allow_document = false;
if (!$this->board->isReader($content->member_uid, $content->secret)) {
if (!$user_ID && $this->board->permission_read != 'all') {
echo '<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url($_SERVER['REQUEST_URI']) . '";</script>';
} else {
if ($content->secret) {
if (!$this->board->isConfirm($content->password, $content->uid)) {
if ($content->parent_uid) {
$parent = new KBContent();
$parent->initWithUID($content->getTopContentUID());
if ($this->board->isReader($parent->member_uid, $content->secret)) {
$allow_document = true;
} else {
if (!$this->board->isConfirm($parent->password, $parent->uid)) {
include KBOARD_DIR_PATH . "/skin/{$this->skin}/confirm.php";
} else {
$allow_document = true;
}
}
} else {
include KBOARD_DIR_PATH . "/skin/{$this->skin}/confirm.php";
}
} else {
$allow_document = true;
}
} else {
echo '<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>';
}
}
} else {
$allow_document = true;
}
if ($allow_document == true) {
$content->increaseView();
$content->initWithUID($this->uid);
// 에디터를 사용하지 않고, autolink가 활성화면 자동으로 link를 생성한다.
if (!$board->use_editor && $this->meta->autolink) {
include_once KBOARD_DIR_PATH . '/helper/Autolink.helper.php';
$content->content = nl2br(Kboard_autolink($content->content));
$content->content = preg_replace("/(<(|\\/)(table|th|tr|td).*>)(<br \\/>)/", "\$1", $content->content);
} else {
$content->content = nl2br($content->content);
$content->content = preg_replace("/(<(|\\/)(table|th|tr|td).*>)(<br \\/>)/", "\$1", $content->content);
}
// 게시글 숏코드(Shortcode) 실행
if ($this->meta->shortcode_execute == 1) {
$content->content = do_shortcode($content->content);
}
// kboard_content 필터 실행
$content->content = apply_filters('kboard_content', $content->content, $content->uid, $this->board_id);
include KBOARD_DIR_PATH . "/skin/{$this->skin}/document.php";
}
}
