1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
//------------------------------------------------------------------------------ |
4
|
|
|
// |
5
|
|
|
// eTraxis - Records tracking web-based system |
6
|
|
|
// Copyright (C) 2006-2010 Artem Rodygin |
7
|
|
|
// |
8
|
|
|
// This program is free software: you can redistribute it and/or modify |
9
|
|
|
// it under the terms of the GNU General Public License as published by |
10
|
|
|
// the Free Software Foundation, either version 3 of the License, or |
11
|
|
|
// (at your option) any later version. |
12
|
|
|
// |
13
|
|
|
// This program is distributed in the hope that it will be useful, |
14
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of |
15
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16
|
|
|
// GNU General Public License for more details. |
17
|
|
|
// |
18
|
|
|
// You should have received a copy of the GNU General Public License |
19
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>. |
20
|
|
|
// |
21
|
|
|
//------------------------------------------------------------------------------ |
22
|
|
|
|
23
|
|
|
/** |
24
|
|
|
* @package eTraxis |
25
|
|
|
* @ignore |
26
|
|
|
*/ |
27
|
|
|
|
28
|
|
|
/**#@+ |
29
|
|
|
* Dependency. |
30
|
|
|
*/ |
31
|
|
|
require_once('../engine/engine.php'); |
32
|
|
|
require_once('../dbo/records.php'); |
33
|
|
|
/**#@-*/ |
34
|
|
|
|
35
|
|
|
init_page(LOAD_CONTAINER, GUEST_IS_ALLOWED); |
|
|
|
|
36
|
|
|
|
37
|
|
|
$id = ustr2int(try_request('id')); |
38
|
|
|
$attachment = attachment_find($id); |
39
|
|
|
|
40
|
|
|
if (!$attachment) |
41
|
|
|
{ |
42
|
|
|
debug_write_log(DEBUG_NOTICE, 'Attachment cannot be found.'); |
43
|
|
|
header('Location: index.php'); |
44
|
|
|
exit; |
45
|
|
|
} |
46
|
|
|
|
47
|
|
|
$permissions = record_get_permissions($attachment['template_id'], $attachment['creator_id'], $attachment['responsible_id']); |
48
|
|
|
|
49
|
|
View Code Duplication |
if (!can_record_be_displayed($permissions)) |
50
|
|
|
{ |
51
|
|
|
if (get_user_level() == USER_LEVEL_GUEST) |
52
|
|
|
{ |
53
|
|
|
debug_write_log(DEBUG_NOTICE, 'Guest must be logged in.'); |
54
|
|
|
save_cookie(COOKIE_URI, $_SERVER['REQUEST_URI']); |
55
|
|
|
header('Location: ../logon/index.php'); |
56
|
|
|
exit; |
57
|
|
|
} |
58
|
|
|
|
59
|
|
|
debug_write_log(DEBUG_NOTICE, 'Attachment cannot be displayed.'); |
60
|
|
|
header('Location: index.php'); |
61
|
|
|
exit; |
62
|
|
|
} |
63
|
|
|
|
64
|
|
|
$filename = stripos($_SERVER['HTTP_USER_AGENT'], 'MSIE') === FALSE |
65
|
|
|
? $attachment['attachment_name'] |
66
|
|
|
: urlencode($attachment['attachment_name']); |
67
|
|
|
|
68
|
|
|
header('Pragma: private'); |
69
|
|
|
header('Cache-Control: private, must-revalidate'); |
70
|
|
|
header('Content-Type: ' . $attachment['attachment_type']); |
71
|
|
|
header('Content-Disposition: attachment; filename="' . $filename . '"'); |
72
|
|
|
|
73
|
|
|
if (extension_loaded('zlib')) |
74
|
|
|
{ |
75
|
|
|
readgzfile(ATTACHMENTS_PATH . $id); |
76
|
|
|
} |
77
|
|
|
else |
78
|
|
|
{ |
79
|
|
|
readfile(ATTACHMENTS_PATH . $id); |
80
|
|
|
} |
81
|
|
|
|
82
|
|
|
?> |
83
|
|
|
|
It seems like the type of the argument is not accepted by the function/method which you are calling.
In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.
We suggest to add an explicit type cast like in the following example: