// ######################################################################## // ######################### START MAIN SCRIPT ############################ // ######################################################################## $vbulletin->input->clean_array_gpc('r', array( 'attachmentid' => TYPE_UINT, 'thumb' => TYPE_BOOL, 'cid' => TYPE_UINT, )); $vbulletin->input->clean_array_gpc('p', array( 'ajax' => TYPE_BOOL, 'uniqueid' => TYPE_UINT )); if (!($attach =& vB_Attachment_Display_Single_Library::fetch_library($vbulletin, $vbulletin->GPC['cid'], $vbulletin->GPC['thumb'], $vbulletin->GPC['attachmentid']))) { eval(standard_error(fetch_error('invalidid', $vbphrase['attachment'], $vbulletin->options['contactuslink']))); } $result = $attach->verify_attachment(); if ($result === false) { eval(standard_error(fetch_error('invalidid', $vbphrase['attachment'], $vbulletin->options['contactuslink']))); } else if ($result === 0) { header('Content-type: image/gif'); readfile(DIR . '/' . $vbulletin->options['cleargifurl']); exit; }
function handle_attach($action, $attributes, $content, $params, $node_object) { global $vbulletin, $fr_platform, $db, $contenttype, $images, $nuke_quotes; if ($action == 'validate') { return true; } if (!is_numeric($content)) { return $content; } $attachmentid = intval($content); if ($fr_platform == 'vb40') { $_REQUEST['attachmentid'] = $attachmentid; if (!($attach =& vB_Attachment_Display_Single_Library::fetch_library($vbulletin, $contenttype, true, $attachmentid))) { return ''; } $result = $attach->verify_attachment(); if ($result !== true) { return ''; } $url = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachmentid; if (!$nuke_quotes) { $images[] = $url; } return "<img src=\"{$url}\"/>"; } else { if ($fr_platform == 'vb38' || $fr_platform == 'vb37' || $fr_platform == 'vb36') { if (!($attachmentinfo = $db->query_first_slave("\n\t SELECT filename, attachment.postid, attachment.userid, attachmentid, attachment.extension,\n\t " . (!empty($vbulletin->GPC['thumb']) ? 'thumbnail_dateline AS dateline, thumbnail_filesize AS filesize,' : 'attachment.dateline, filesize,') . "\n\t attachment.visible, attachmenttype.newwindow, mimetype, thread.forumid, thread.threadid, thread.postuserid,\n\t post.visible AS post_visible, thread.visible AS thread_visible\n\t {$hook_query_fields}\n\t FROM " . TABLE_PREFIX . "attachment AS attachment\n\t LEFT JOIN " . TABLE_PREFIX . "attachmenttype AS attachmenttype ON (attachmenttype.extension = attachment.extension)\n\t LEFT JOIN " . TABLE_PREFIX . "post AS post ON (post.postid = attachment.postid)\n\t LEFT JOIN " . TABLE_PREFIX . "thread AS thread ON (post.threadid = thread.threadid)\n\t {$hook_query_joins}\n\t WHERE " . ($vbulletin->GPC['postid'] ? "attachment.postid = " . $vbulletin->GPC['postid'] : "attachmentid = " . $attachmentid) . "\n\t {$hook_query_where}\n\t "))) { return ''; } if ($attachmentinfo['postid'] == 0) { // Attachment that is in progress but hasn't been finalized if ($vbulletin->userinfo['userid'] != $attachmentinfo['userid'] and !can_moderate($attachmentinfo['forumid'], 'caneditposts')) { // Person viewing did not upload it return ''; } // else allow user to view the attachment (from the attachment manager for example) } else { $forumperms = fetch_permissions($attachmentinfo['forumid']); $threadinfo = array('threadid' => $attachmentinfo['threadid']); // used for session.inthread $foruminfo = array('forumid' => $attachmentinfo['forumid']); // used for session.inforum # Block attachments belonging to soft deleted posts and threads if (!can_moderate($attachmentinfo['forumid']) and ($attachmentinfo['post_visible'] == 2 or $attachmentinfo['thread_visible'] == 2)) { return ''; } # Block attachments belonging to moderated posts and threads if (!can_moderate($attachmentinfo['forumid'], 'canmoderateposts') and ($attachmentinfo['post_visible'] == 0 or $attachmentinfo['thread_visible'] == 0)) { return ''; } $viewpermission = $forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment']; $viewthumbpermission = ($forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment'] or $forumperms & $vbulletin->bf_ugp_forumpermissions['canseethumbnails']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($attachmentinfo['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) { return ''; } else { if ($vbulletin->GPC['thumb'] and !$viewthumbpermission or !$vbulletin->GPC['thumb'] and !$viewpermission) { return ''; } } // check if there is a forum password and if so, ensure the user has it set verify_forum_password($attachmentinfo['forumid'], $vbulletin->forumcache["{$attachmentinfo['forumid']}"]['password']); if (!$attachmentinfo['visible'] and !can_moderate($attachmentinfo['forumid'], 'canmoderateattachments') and $attachmentinfo['userid'] != $vbulletin->userinfo['userid']) { print_no_permission(); } } $url = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachmentid; if (!$nuke_quotes) { $images[] = $url; return "<img src=\"{$url}\"/>"; } else { return ''; } } else { return ''; } } }