function display_attachments($forum_id, $attachment_data, &$update_count, $force_physical = false, $parse = false) { global $config, $_CLASS; $datas = array(); $extensions = obtain_attach_extensions(); if (!is_array($update_count)) { $update_count = array(); } foreach ($attachment_data as $attachment) { $attachment['extension'] = strtolower(trim($attachment['extension'])); if (!extension_allowed($forum_id, $attachment['extension'], $extensions)) { $data['category'] = 'DENIED'; $data['lang'] = sprintf($_CLASS['core_user']->get_lang('EXTENSION_DISABLED_AFTER_POSTING'), $attachment['extension']); } else { $filename = $config['upload_path'] . '/' . basename($attachment['physical_filename']); // to easy isn't it ? $thumbnail_filename = $config['upload_path'] . '/thumb_' . basename($attachment['physical_filename']); $display_cat = $extensions[$attachment['extension']]['display_cat']; if ($display_cat == ATTACHMENT_CATEGORY_IMAGE) { if ($attachment['thumbnail']) { $display_cat = ATTACHMENT_CATEGORY_THUMB; } else { if ($config['img_display_inlined']) { if ($config['img_link_width'] || $config['img_link_height']) { list($width, $height) = getimagesize($filename); $display_cat = !$width && !$height ? ATTACHMENT_CATEGORY_IMAGE : ($width <= $config['img_link_width'] && $height <= $config['img_link_height'] ? ATTACHMENT_CATEGORY_IMAGE : ATTACHMENT_CATEGORY_NONE); } } else { $display_cat = ATTACHMENT_CATEGORY_NONE; } } } switch ($display_cat) { // Images case ATTACHMENT_CATEGORY_IMAGE: $data['category'] = 'IMAGE'; $data['image_src'] = $filename; //$attachment['download_count']++; $update_count[] = $attachment['attach_id']; break; // Images, but display Thumbnail // Images, but display Thumbnail case ATTACHMENT_CATEGORY_THUMB: $data['category'] = 'THUMBNAIL'; $data['image_src'] = $thumbnail_filename; $data['link'] = !$force_physical ? generate_link('Forums&file=download&id=' . $attachment['attach_id']) : $filename; break; // Windows Media Streams // Windows Media Streams case ATTACHMENT_CATEGORY_WM: $data['category'] = 'WM_STREAM'; $data['link'] = $filename; // Viewed/Heared File ... update the download count (download.php is not called here) //$attachment['download_count']++; $update_count[] = $attachment['attach_id']; break; // Real Media Streams // Real Media Streams case ATTACHMENT_CATEGORY_RM: $data['category'] = 'RM_STREAM'; $data['link'] = $filename; // Viewed/Heared File ... update the download count (download.php is not called here) //$attachment['download_count']++; $update_count[] = $attachment['attach_id']; break; default: $data['category'] = 'FILE'; $data['link'] = !$force_physical ? generate_link('Forums&file=download&id=' . $attachment['attach_id']) : $filename; break; } $data['lang_size'] = $attachment['filesize'] >= 1048576 ? round(round($attachment['filesize'] / 1048576 * 100) / 100, 2) . $_CLASS['core_user']->lang['MB'] : ($attachment['filesize'] >= 1024 ? round(round($attachment['filesize'] / 1024 * 100) / 100, 2) . $_CLASS['core_user']->lang['KB'] : $attachment['filesize'] . $_CLASS['core_user']->lang['BYTES']); $data['lang_views'] = !$attachment['download_count'] ? $_CLASS['core_user']->lang['DOWNLOAD_NONE'] : ($attachment['download_count'] == 1 ? sprintf($_CLASS['core_user']->lang['DOWNLOAD_COUNT'], $attachment['download_count']) : sprintf($_CLASS['core_user']->lang['DOWNLOAD_COUNTS'], $attachment['download_count'])); $data['icon'] = isset($extensions[$attachment['extension']]['upload_icon']) && $extensions[$attachment['extension']]['upload_icon'] ? $config['upload_icons_path'] . '/' . trim($extensions[$attachment['extension']]['upload_icon']) : false; $data['name'] = basename($attachment['real_filename']); $data['comment'] = str_replace("\n", '<br />', censor_text($attachment['comment'])); } if ($parse) { $_CLASS['core_template']->assign_vars_array('attachments', $data); $datas[] = $_CLASS['core_template']->display('modules/Forums/attachments.html', true); } else { $datas[] = $data; } } return $datas; }
function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false) { global $_CLASS, $config; $filedata = array(); $filedata['error'] = array(); include_once SITE_FILE_ROOT . 'includes/forums/functions_upload.php'; $upload = new fileupload(); if (!$local) { $filedata['post_attach'] = $upload->is_valid($form_name) ? true : false; } else { $filedata['post_attach'] = true; } if (!$filedata['post_attach']) { $filedata['error'][] = 'No filedata found'; return $filedata; } $extensions = obtain_attach_extensions($forum_id); if (!empty($extensions['_allowed_'])) { $upload->set_allowed_extensions(array_keys($extensions['_allowed_'])); } if ($local) { $file = $upload->local_upload($local_storage); } else { $file = $upload->form_upload($form_name); } if ($file->init_error) { $filedata['post_attach'] = false; return $filedata; } $cat_id = isset($extensions[$file->get('extension')]['display_cat']) ? $extensions[$file->get('extension')]['display_cat'] : ATTACHMENT_CATEGORY_NONE; // Do we have to create a thumbnail? $filedata['thumbnail'] = $cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail'] ? 1 : 0; // Check Image Size, if it is an image if (!$_CLASS['auth']->acl_gets('m_', 'a_') && $cat_id == ATTACHMENT_CATEGORY_IMAGE) { $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); } if (!$_CLASS['auth']->acl_gets('a_', 'm_')) { $allowed_filesize = $extensions[$file->get('extension')]['max_filesize'] != 0 ? $extensions[$file->get('extension')]['max_filesize'] : ($is_message ? $config['max_filesize_pm'] : $config['max_filesize']); $file->upload->set_max_filesize($allowed_filesize); } $file->clean_filename('unique', $_CLASS['core_user']->data['user_id'] . '_'); $file->move_file($config['upload_path']); if (!empty($file->error)) { $file->remove(); $filedata['error'] = array_merge($filedata['error'], $file->error); $filedata['post_attach'] = false; return $filedata; } $filedata['filesize'] = $file->get('filesize'); $filedata['mimetype'] = $file->get('mimetype'); $filedata['extension'] = $file->get('extension'); $filedata['physical_filename'] = $file->get('realname'); $filedata['real_filename'] = $file->get('uploadname'); $filedata['filetime'] = time(); // Check our complete quota if ($config['attachment_quota']) { if ($config['upload_dir_size'] + $file->get('filesize') > $config['attachment_quota']) { $filedata['error'][] = $_CLASS['core_user']->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Check free disk space if ($free_space = @disk_free_space($config['upload_path'])) { if ($free_space <= $file->get('filesize')) { $filedata['error'][] = $_CLASS['core_user']->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; $file->remove(); return $filedata; } } // Create Thumbnail if ($filedata['thumbnail']) { $source = $file->get('destination_file'); $destination = $file->get('destination_path') . '/thumb_' . $file->get('realname'); if (!create_thumbnail($source, $destination, $file->get('mimetype'))) { $filedata['thumbnail'] = 0; } } return $filedata; }
if ($hilit_words) { foreach (explode(' ', trim($hilit_words)) as $word) { if (trim($word)) { $highlight_match .= ($highlight_match != '' ? '|' : '') . str_replace('\\*', '\\w*?', preg_quote(urlencode($word), '#')); } } $highlight = urlencode($hilit_words); } // General Viewtopic URL for return links $viewtopic_url = "Forums&file=viewtopic&t={$topic_id}&start={$start}&{$u_sort_param}" . ($highlight_match ? "&hilit={$highlight}" : ''); // Grab ranks $ranks = obtain_ranks(); // Grab icons $icons = obtain_icons(); // Grab extensions if needed $extensions = $topic_data['topic_attachment'] ? obtain_attach_extensions() : array(); // Moderators $forum_moderators = get_moderators($forum_id); // Generate Navigation links generate_forum_nav($topic_data); // Generate Forum Rules generate_forum_rules($topic_data); gen_forum_auth_level('topic', $forum_id); // Does this topic contain a poll? if (!empty($poll_start)) { $sql = 'SELECT o.*, p.bbcode_bitfield, p.bbcode_uid FROM ' . FORUMS_POLL_OPTIONS_TABLE . ' o, ' . FORUMS_POSTS_TABLE . " p\n\t\tWHERE o.topic_id = {$topic_id} \n\t\t\tAND p.post_id = {$topic_first_post_id}\n\t\t\tAND p.topic_id = o.topic_id\n\t\tORDER BY o.poll_option_id"; $result = $_CLASS['core_db']->query($sql); $poll_info = array(); while ($row = $_CLASS['core_db']->fetch_row_assoc($result)) { $poll_info[] = $row;
function extension_allowed($forum_id, $extension, &$extensions) { if (empty($extensions) || !is_array($extensions)) { $extensions = obtain_attach_extensions(); } if (!isset($extensions['_allowed_'][$extension])) { return false; } $check = $extensions['_allowed_'][$extension]; if (is_array($check)) { // Check for private messaging if (count($check) == 1 && $check[0] == 0) { return true; } return in_array($forum_id, $check); } else { return true; } return false; }
if ($_CLASS['auth']->acl_get('u_download') && $_CLASS['auth']->acl_get('f_download', $row['forum_id'])) { if ($row['forum_password']) { // Do something else ... ? login_forum_box($row); } } else { trigger_error('SORRY_AUTH_VIEW_ATTACH'); } } else { $row['forum_id'] = 0; if (!$_CLASS['auth']->acl_get('u_pm_download') || !$config['auth_download_pm']) { trigger_error('SORRY_AUTH_VIEW_ATTACH'); } } // disallowed ? $extensions = obtain_attach_extensions(); if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions)) { trigger_error(sprintf($_CLASS['core_user']->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); } } if (!download_allowed()) { trigger_error('LINKAGE_FORBIDDEN'); } $download_mode = (int) $extensions[$attachment['extension']]['download_mode']; // Fetching filename here to prevent sniffing of filename $sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype FROM ' . FORUMS_ATTACHMENTS_TABLE . "\n\tWHERE attach_id = {$download_id}"; $result = $_CLASS['core_db']->query_limit($sql, 1); $attachment = $_CLASS['core_db']->fetch_row_assoc($result); $_CLASS['core_db']->free_result($result); if (!$attachment) {