3 require_once('include/security.php');
5 function attach_init(App $a) {
8 notice( t('Item not available.') . EOL);
12 $item_id = intval($a->argv[1]);
14 // Check for existence, which will also provide us the owner uid
16 $r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1",
19 if (! dbm::is_result($r)) {
20 notice( t('Item was not found.'). EOL);
24 $sql_extra = permissions_sql($r[0]['uid']);
26 // Now we'll see if we can access the attachment
28 $r = q("SELECT * FROM `attach` WHERE `id` = '%d' $sql_extra LIMIT 1",
32 if (! dbm::is_result($r)) {
33 notice( t('Permission denied.') . EOL);
37 // Use quotes around the filename to prevent a "multiple Content-Disposition"
38 // error in Chrome for filenames with commas in them
39 header('Content-type: ' . $r[0]['filetype']);
40 header('Content-length: ' . $r[0]['filesize']);
41 if(isset($_GET['attachment']) && $_GET['attachment'] === '0')
42 header('Content-disposition: filename="' . $r[0]['filename'] . '"');
44 header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"');