blob: 9d4394d158e123b7f3dbff70cd7952193db2d85a [file] [log] [blame]
Copybara botbe50d492023-11-30 00:16:42 +01001<?php
2require_once("core.php");
3security::checkType(security::WORKER, security::METHOD_NOTFOUND);
4security::checkWorkerUIEnabled();
5
6$returnURL = (security::isAdminView() ? "incidents.php?" : "userincidents.php?id=".$_SESSION["id"]."&");
7
8if (!security::checkParams("GET", [
9 ["id", security::PARAM_ISINT],
10 ["name", security::PARAM_NEMPTY]
11])) {
12 security::go($returnURL."msg=unexpected");
13}
14
15$id = (int)$_GET["id"];
16$name = $_GET["name"];
17
18$incident = incidents::get($id, true);
19if ($incident === false) security::go($returnURL."msg=unexpected");
20
21if (!security::isAllowed(security::ADMIN)) incidents::checkIncidentIsFromPerson($incident["id"]);
22
23$attachments = incidents::getAttachmentsFromIncident($incident);
24
25if ($attachments === false || !count($attachments)) security::go($returnURL."msg=unexpected");
26
27$flag = false;
28
29foreach ($attachments as $attachment) {
30 if ($attachment == $name) {
31 $flag = true;
32
33 $fullpath = $conf["attachmentsFolder"].$attachment;
34 $extension = files::getFileExtension($attachment);
35
36 if (!isset(files::$mimeTypes[$extension])) {
37 exit();
38 }
39
40 header("Content-type: ".(files::$mimeTypes[$extension] ?? "application/octet-stream"));
41 header("Content-Disposition: filename=\"".$attachment."\"");
42 header("Content-Length: ".filesize($fullpath));
43 header("Cache-control: private");
44 readfile($fullpath);
45
46 break;
47 }
48}
49
50if ($flag === false) security::go($returnURL."msg=unexpected");