blob: 17e8a01887ff8f0dabf21ce165a891d9f41e2615 [file] [log] [blame]
Copybara botbe50d492023-11-30 00:16:42 +01001<?php
Adrià Vilanova Martínez5af86512023-12-02 20:44:16 +01002/*
3 * hores
4 * Copyright (c) 2023 Adrià Vilanova Martínez
5 *
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Affero General Public License as
8 * published by the Free Software Foundation, either version 3 of the
9 * License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Affero General Public License for more details.
15 *
16 * You should have received a copy of the GNU Affero General Public
17 * License along with this program.
18 * If not, see http://www.gnu.org/licenses/.
19 */
20
Copybara botbe50d492023-11-30 00:16:42 +010021require_once("core.php");
22security::checkType(security::WORKER, security::METHOD_NOTFOUND);
23security::checkWorkerUIEnabled();
24
25$returnURL = (security::isAdminView() ? "incidents.php?" : "userincidents.php?id=".$_SESSION["id"]."&");
26
27if (!security::checkParams("GET", [
28 ["id", security::PARAM_ISINT],
29 ["name", security::PARAM_NEMPTY]
30])) {
31 security::go($returnURL."msg=unexpected");
32}
33
34$id = (int)$_GET["id"];
35$name = $_GET["name"];
36
37$incident = incidents::get($id, true);
38if ($incident === false) security::go($returnURL."msg=unexpected");
39
40if (!security::isAllowed(security::ADMIN)) incidents::checkIncidentIsFromPerson($incident["id"]);
41
42$attachments = incidents::getAttachmentsFromIncident($incident);
43
44if ($attachments === false || !count($attachments)) security::go($returnURL."msg=unexpected");
45
46$flag = false;
47
48foreach ($attachments as $attachment) {
49 if ($attachment == $name) {
50 $flag = true;
51
52 $fullpath = $conf["attachmentsFolder"].$attachment;
53 $extension = files::getFileExtension($attachment);
54
55 if (!isset(files::$mimeTypes[$extension])) {
56 exit();
57 }
58
59 header("Content-type: ".(files::$mimeTypes[$extension] ?? "application/octet-stream"));
60 header("Content-Disposition: filename=\"".$attachment."\"");
61 header("Content-Length: ".filesize($fullpath));
62 header("Cache-control: private");
63 readfile($fullpath);
64
65 break;
66 }
67}
68
69if ($flag === false) security::go($returnURL."msg=unexpected");