|
1
|
|
|
<?php declare(strict_types=1); |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* You may not change or alter any portion of this comment or credits |
|
5
|
|
|
* of supporting developers from this source code or any supporting source code |
|
6
|
|
|
* which is considered copyrighted (c) material of the original comment or credit authors. |
|
7
|
|
|
* |
|
8
|
|
|
* This program is distributed in the hope that it will be useful, |
|
9
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
|
11
|
|
|
*/ |
|
12
|
|
|
|
|
13
|
|
|
/** |
|
14
|
|
|
* @copyright {@link https://xoops.org/ XOOPS Project} |
|
15
|
|
|
* @license {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later} |
|
16
|
|
|
* @author Brian Wahoff <[email protected]> |
|
17
|
|
|
* @author Eric Juden <[email protected]> |
|
18
|
|
|
* @author XOOPS Development Team |
|
19
|
|
|
*/ |
|
20
|
|
|
|
|
21
|
|
|
use Xmf\Request; |
|
22
|
|
|
use XoopsModules\Xhelp; |
|
23
|
|
|
|
|
24
|
|
|
require __DIR__ . '/header.php'; |
|
25
|
|
|
require_once \dirname(__DIR__, 2) . '/mainfile.php'; |
|
26
|
|
|
|
|
27
|
|
|
if (!defined('XHELP_CONSTANTS_INCLUDED')) { |
|
28
|
|
|
require_once XOOPS_ROOT_PATH . '/modules/xhelp/include/constants.php'; |
|
29
|
|
|
} |
|
30
|
|
|
|
|
31
|
|
|
//require_once XHELP_BASE_PATH . '/functions.php'; |
|
32
|
|
|
|
|
33
|
|
|
global $xoopsUser, $xoopsDB, $xoopsConfig, $xoopsModuleConfig, $xoopsModule, $xoopsTpl, $xoopsRequestUri; |
|
34
|
|
|
$helper = Xhelp\Helper::getInstance(); |
|
35
|
|
|
|
|
36
|
|
|
if (!$xoopsUser) { |
|
37
|
|
|
redirect_header(XOOPS_URL . '/user.php?xoops_redirect=' . htmlspecialchars($xoopsRequestUri, ENT_QUOTES | ENT_HTML5), 3); |
|
38
|
|
|
} |
|
39
|
|
|
$xhelp_id = 0; |
|
40
|
|
|
|
|
41
|
|
|
if (Request::hasVar('id', 'GET')) { |
|
42
|
|
|
$xhelp_id = Request::getInt('id', 0, 'GET'); |
|
43
|
|
|
} |
|
44
|
|
|
|
|
45
|
|
|
$viewFile = false; |
|
46
|
|
|
|
|
47
|
|
|
/** @var \XoopsModules\Xhelp\FileHandler $fileHandler */ |
|
48
|
|
|
$fileHandler = $helper->getHandler('File'); |
|
49
|
|
|
/** @var \XoopsModules\Xhelp\TicketHandler $ticketHandler */ |
|
50
|
|
|
$ticketHandler = $helper->getHandler('Ticket'); |
|
51
|
|
|
/** @var \XoopsModules\Xhelp\StaffHandler $staffHandler */ |
|
52
|
|
|
$staffHandler = $helper->getHandler('Staff'); |
|
53
|
|
|
$file = $fileHandler->get($xhelp_id); |
|
54
|
|
|
$mimeType = $file->getVar('mimetype'); |
|
55
|
|
|
$ticket = $ticketHandler->get($file->getVar('ticketid')); |
|
56
|
|
|
|
|
57
|
|
|
$filename_full = $file->getVar('filename'); |
|
58
|
|
|
if ($file->getVar('responseid') > 0) { |
|
59
|
|
|
$removeText = $file->getVar('ticketid') . '_' . $file->getVar('responseid') . '_'; |
|
60
|
|
|
} else { |
|
61
|
|
|
$removeText = $file->getVar('ticketid') . '_'; |
|
62
|
|
|
} |
|
63
|
|
|
$filename = str_replace($removeText, '', $filename_full); |
|
64
|
|
|
|
|
65
|
|
|
//Security: |
|
66
|
|
|
// Only Staff Members, Admins, or ticket Submitter should be able to see file |
|
67
|
|
|
if (userAllowed($ticket, $xoopsUser)) { |
|
|
|
|
|
|
68
|
|
|
$viewFile = true; |
|
69
|
|
|
} elseif ($staffHandler->isStaff($xoopsUser->getVar('uid'))) { |
|
70
|
|
|
$viewFile = true; |
|
71
|
|
|
} elseif ($xoopsUser->isAdmin($xoopsModule->getVar('mid'))) { |
|
72
|
|
|
$viewFile = true; |
|
73
|
|
|
} |
|
74
|
|
|
|
|
75
|
|
|
if (!$viewFile) { |
|
76
|
|
|
$helper->redirect('index.php', 3, _NOPERM); |
|
77
|
|
|
} |
|
78
|
|
|
|
|
79
|
|
|
//Check if the file exists |
|
80
|
|
|
$fileAbsPath = XHELP_UPLOAD_PATH . '/' . $filename_full; |
|
|
|
|
|
|
81
|
|
|
if (!file_exists($fileAbsPath)) { |
|
82
|
|
|
$helper->redirect('index.php', 3, _XHELP_NO_FILES_ERROR); |
|
83
|
|
|
} |
|
84
|
|
|
|
|
85
|
|
|
header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); |
|
86
|
|
|
header('Cache-Control: private', false); |
|
87
|
|
|
header('Content-Transfer-Encoding: binary'); |
|
88
|
|
|
header('Content-Length: ' . filesize($fileAbsPath)); |
|
89
|
|
|
|
|
90
|
|
|
if (isset($mimeType)) { |
|
91
|
|
|
header('Content-Type: ' . $mimeType); |
|
92
|
|
|
} else { |
|
93
|
|
|
header('Content-Type: application/octet-stream'); |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
// Add Header to set filename |
|
97
|
|
|
header('Content-Disposition: attachment; filename=' . $filename); |
|
98
|
|
|
|
|
99
|
|
|
// Open the file |
|
100
|
|
|
if (isset($mimeType) && false !== mb_strpos($mimeType, 'text/')) { |
|
101
|
|
|
$fp = fopen($fileAbsPath, 'rb'); |
|
102
|
|
|
} else { |
|
103
|
|
|
$fp = fopen($fileAbsPath, 'rb'); |
|
104
|
|
|
} |
|
105
|
|
|
|
|
106
|
|
|
// Write file to browser |
|
107
|
|
|
fpassthru($fp); |
|
108
|
|
|
|
|
109
|
|
|
/** |
|
110
|
|
|
* @param Xhelp\Ticket $ticket |
|
111
|
|
|
* @param XoopsUser $user |
|
112
|
|
|
* @return bool |
|
113
|
|
|
*/ |
|
114
|
|
|
function userAllowed(Xhelp\Ticket $ticket, XoopsUser $user): bool |
|
115
|
|
|
{ |
|
116
|
|
|
$emails = $ticket->getEmails(true); |
|
117
|
|
|
foreach ($emails as $email) { |
|
118
|
|
|
if ($email->getVar('email') == $user->getVar('email')) { |
|
119
|
|
|
return true; |
|
120
|
|
|
} |
|
121
|
|
|
} |
|
122
|
|
|
|
|
123
|
|
|
return false; |
|
124
|
|
|
} |
|
125
|
|
|
|
XoopsModules25x /
xhelp
Loading history...