function mime_content_type($f) { return trim(exec('file -bi ' . escapeshellarg($f))); } } $msgid = isset($_GET['id']) ? intval($_GET['id']) : 0; $file = basename($_GET['file']); if ($msgid) { $res = $xoopsDB->query("SELECT msgid,uid,touid,onepass FROM " . CCMES . " WHERE msgid={$msgid}"); if (!$res || $xoopsDB->getRowsNum($res) == 0) { die("No File"); } $data = $xoopsDB->fetchArray($res); if (!cc_check_perm($data)) { redirect_header(XOOPS_URL . '/user.php', 3, _NOPERM); exit; } } $path = XOOPS_UPLOAD_PATH . cc_attach_path($msgid, $file); $type = cc_mime_content_type($path); $stat = stat($path); if (!$stat) { die('No File'); } //header("Last-Modified: ".formatTimestamp($stat['mtime'], "r")); header("Content-Type: {$type}"); //header("Content-Length: ".$stat['size']); if ($stat && $_SERVER["REQUEST_METHOD"] == "GET") { header('Content-Disposition: inline;filename="' . $file . '"'); print file_get_contents($path); }
function assign_post_values(&$items) { global $myts; $errors = array(); foreach ($items as $key => $item) { if (empty($item['field'])) { continue; } $name = $item['field']; $type = $item['type']; $lab = $item['label']; $attr =& $item['attr']; $check = !empty($attr['check']) ? $attr['check'] : ""; $val = ''; if (isset($_POST[$name])) { $val = $_POST[$name]; if (is_array($val)) { foreach ($val as $n => $v) { $val[$n] = $myts->stripSlashesGPC($v); } } else { $val = $myts->stripSlashesGPC($val); } } switch ($type) { case 'checkbox': if (empty($val)) { $val = array(); } $idx = array_search(LABEL_ETC, $val); // etc if (is_int($idx)) { $val[$idx] = strip_tags($item['options'][LABEL_ETC]) . " " . $myts->stripSlashesGPC($_POST[$name . "_etc"]); } break; case 'radio': if ($val == LABEL_ETC) { // etc $val = strip_tags($item['options'][LABEL_ETC]) . " " . $myts->stripSlashesGPC($_POST[$name . "_etc"]); } break; case 'hidden': case 'const': $val = eval_user_value(join(',', $item['options'])); break; case 'file': $upfile = isset($_FILES[$name]) ? $_FILES[$name] : array('name' => ''); $fname = $upfile['name']; $exts = preg_wildcard(get_attr_value($attr, 'accept_ext')); $types = preg_wildcard(get_attr_value($attr, 'accept_type')); if ($exts && $fname) { if (!preg_match("/\\.({$exts})\$/", $fname, $d)) { $errors[] = $lab . ": " . _MD_UPLOADFILE_ERR; } elseif ($types) { $aexts = explode('|', $exts); $nth = array_search($d[1], $exts, $ext); $atypes = explode('|', $types); // same count accept to check strict if (count($aexts) == count($atypes)) { $types = $atypes[$nth]; } } } $tmpfile = isset($upfile['tmp_name']) ? $upfile['tmp_name'] : null; if ($types && $tmpfile) { $ftype = cc_mime_content_type($tmpfile); if (!preg_match('/^(' . $types . ')$/', $ftype)) { $errors[] = $lab . ": " . _MD_UPLOADFILE_ERR; } } $val = ''; // filename $prename = $name . "_prev"; if (isset($_POST[$prename])) { $val = $myts->stripSlashesGPC($_POST[$prename]); if (!empty($fname)) { unlink(XOOPS_UPLOAD_PATH . cc_attach_path(0, $val)); $val = ''; } } if (empty($val)) { $val = $fname; if ($val) { move_attach_file($tmpfile, $val); } elseif (isset($_POST[$name])) { // confirm $val = $myts->stripSlashesGPC($_POST[$name]); } } break; case 'mail': if (is_object($GLOBALS['xoopsUser']) && get_attr_value(null, 'input_mail_login', '') == 'no') { continue 2; } $name .= '_conf'; if (!checkEmail($val)) { $errors[] = $lab . ": " . _MD_ADDRESS_ERR; } if (get_attr_value(null, 'input_mail_confirm', '') != 'no' && isset($_POST[$name])) { if ($val != $myts->stripSlashesGPC($_POST[$name])) { $errors[] = sprintf(_MD_CONF_LABEL, $lab) . ": " . _MD_CONFIRM_ERR; } } break; } switch ($check) { case '': break; case 'require': if ($val === '') { $errors[] = $lab . ": " . _MD_REQUIRE_ERR; } break; case 'mail': if (!checkEmail($val)) { $errors[] = $lab . ": " . _MD_ADDRESS_ERR; } break; case 'num': $check = 'numeric'; default: $v = get_attr_value(null, $check); if (!empty($v)) { $check = $v; } if (!preg_match('/^' . $check . '$/', $val)) { $errors[] = $lab . ": " . ($val ? _MD_REGEXP_ERR : _MD_REQUIRE_ERR); } break; } $items[$key]['value'] = $val; } return $errors; }