{ header($_SERVER['SERVER_PROTOCOL'] . ' 304 Not Modified'); } // remove the content-type and X-Powered headers to emulate a 304 Not Mo dified response as close as possible header('Content-Type:'); header('X-Powered-By:'); if (!empty($_REQUEST['fid'])) { header('ETag: "' . intval($_REQUEST['fid'])); } exit; } // #################### PRE-CACHE TEMPLATES AND DATA ###################### // get special phrase groups $phrasegroups = array(); // get special data templates from the datastore $specialtemplates = array(); // pre-cache templates used by all actions $globaltemplates = array(); // pre-cache templates used by specific actions $actiontemplates = array(); /* The following headers are usually handled internally but we do our own thing with filedata, the cache-control is to stop caches keeping private attachments and the Vary header is to deal with the fact the filename encoding changes. */ header('Cache-Control: private'); header('Vary: User-Agent'); // ########################## REQUIRE BACK-END ############################ require_once('./global.php'); // ######################################################################## // ######################### START MAIN SCRIPT ############################ // ######################################################################## $vbulletin->input->clean_array_gpc('r', array( 'fid' => TYPE_UINT, )); if ( !$vbulletin->GPC['fid'] OR !($filedatainfo = $db->query_first_slave(" SELECT fd.filedataid, fd.thumbnail_dateline AS dateline, fd.thu mbnail_filesize AS filesize, fd.extension, fd.userid, fd.thumbnail AS filedata, fd.refcount, at.mimetype FROM " . TABLE_PREFIX . "attachmentcategoryuser AS acu INNER JOIN " . TABLE_PREFIX . "filedata AS fd ON (acu.filedataid = fd.filedataid) LEFT JOIN " . TABLE_PREFIX . "attachmenttype AS at ON (at.extens ion = fd.extension)
WHERE acu.filedataid = {$vbulletin->GPC['fid']} AND acu.userid = {$vbulletin->userinfo['userid']} LIMIT 1 ")) ) { eval(standard_error(fetch_error('invalidid', 'filedata', $vbulletin->opt ions['contactuslink']))); } if ($filedatainfo['extension']) { $extension = strtolower($filedatainfo['extension']); } else { $extension = strtolower(file_extension($filedatainfo['filename'])); } if ($vbulletin->options['attachfile']) { require_once(DIR . '/includes/functions_file.php'); $filepath = fetch_attachment_path($filedatainfo['userid'], $filedatainfo ['filedataid'], true); if (!($fp = @fopen($filepath, 'rb'))) { // replace this with a ? type image echo fetch_blank_image(); exit; } } else if (!$filedatainfo['filedata']) { // replace this with a ? type image echo fetch_blank_image(); exit; } // send jpeg header for PDF, BMP, TIF, TIFF, and PSD thumbnails as they are jpeg s if (in_array($extension, array('bmp', 'tif', 'tiff', 'psd', 'pdf'))) { $filedatainfo['filename'] = preg_replace('#.(bmp|tiff?|psd|pdf)$#i', '.j pg', $filedatainfo['filename']); $mimetype = array('Content-type: image/jpeg'); } else { $mimetype = unserialize($filedatainfo['mimetype']); } header('Pragma:'); // VBIV-8269 header('Cache-control: max-age=31536000, private'); header('Expires: ' . gmdate("D, d M Y H:i:s", TIMENOW + 31536000) . ' GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $filedatainfo['dateline']) . ' GMT'); header('ETag: "' . $filedatainfo['filedataid'] . '-' . $filedatainfo['userid'] .
'"'); // look for entities in the file name, and if found try to convert // the filename to UTF-8 $filename = $filedatainfo['filename']; if (preg_match('~&#([0-9]+);~', $filename)) { if (function_exists('iconv')) { $filename_conv = @iconv(vB_Template_Runtime::fetchStyleVar('char set'), 'UTF-8//IGNORE', $filename); if ($filename_conv !== false) { $filename = $filename_conv; } } $filename = preg_replace( '~&#([0-9]+);~e', "convert_int_to_utf8('\\1')", $filename ); $filename_charset = 'utf-8'; } else {
} $filename = preg_replace('#[\r\n]#', '', $filename); // Opera and IE have not a clue about this, mozilla puts on incorrect extensions . if (is_browser('mozilla')) { $filename = "filename*=" . $filename_charset . "''" . rawurlencode($file name); } else { // other browsers seem to want names in UTF-8 if ($filename_charset != 'utf-8' AND function_exists('iconv')) { $filename_conv = iconv($filename_charset, 'UTF-8//IGNORE', $file name); if ($filename_conv !== false) { $filename = $filename_conv; } } if (is_browser('opera') OR is_browser('konqueror') OR is_browser('safari ')) { // Opera / Konqueror does not support encoded file names $filename = 'filename="' . str_replace('"', '', $filename) . '"' ; } else {
// encode the filename to stay within spec $filename = 'filename="' . rawurlencode($filename) . '"'; } } header("Content-disposition: inline; $filename"); header('Content-transfer-encoding: binary'); header('Content-Length: ' . $filedatainfo['filesize']); if (is_array($mimetype)) { foreach ($mimetype AS $header) { if (!empty($header)) { header($header); } } } else { header('Content-type: unknown/unknown'); } // This is new in IE8 and tells the browser not to try and guess header('X-Content-Type-Options: nosniff'); ($hook = vBulletinHook::fetch_hook('asset_filedata_display')) ? eval($hook) : fa lse; if (defined('NOSHUTDOWNFUNC')) { if ($_GET['stc'] == 1) { $db->close(); } else { exec_shut_down(); } } if ($vbulletin->options['attachfile']) { echo @fread($fp, $filedatainfo['filesize']); @fclose($fp); } else { echo $filedatainfo['filedata']; } flush(); ($hook = vBulletinHook::fetch_hook('asset_filedata_complete')) ? eval($hook) : f alse; function fetch_blank_image() { $filedata = vb_base64_decode('R0lGODlhAQABAIAAAMDAwAAAACH5BAEAAAAALAAAAA ABAAEAAAICRAEAOw==');
$filesize = strlen($filedata); header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); // Date in the past header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); // always modified header('Cache-Control: no-cache, must-revalidate'); // HTTP/1. 1 header('Pragma: no-cache'); // HTTP/1. 0 header("Content-disposition: inline; filename=clear.gif"); header('Content-transfer-encoding: binary'); header("Content-Length: $filesize"); header('Content-type: image/gif'); return $filedata; } /*======================================================================*\ || #################################################################### || # || # CVS: $RCSfile$ - $Revision: 47204 $ || #################################################################### \*======================================================================*/ ?>