216 { |
216 { |
217 global $db, $session, $paths, $template, $plugins; // Common objects |
217 global $db, $session, $paths, $template, $plugins; // Common objects |
218 global $do_gzip; |
218 global $do_gzip; |
219 $filename = rawurldecode($paths->getParam(0)); |
219 $filename = rawurldecode($paths->getParam(0)); |
220 $timeid = $paths->getParam(1); |
220 $timeid = $paths->getParam(1); |
221 if($timeid && preg_match('#^([0-9]+)$#', (string)$timeid)) $tid = ' AND time_id='.$timeid; |
221 if ( $timeid && preg_match('#^([0-9]+)$#', (string)$timeid) ) |
222 else $tid = ''; |
222 { |
|
223 $tid = ' AND time_id='.$timeid; |
|
224 } |
|
225 else |
|
226 { |
|
227 $tid = ''; |
|
228 } |
223 $filename = $db->escape($filename); |
229 $filename = $db->escape($filename); |
224 $q = $db->sql_query('SELECT page_id,size,mimetype,time_id,file_extension,file_key FROM '.table_prefix.'files WHERE filename=\''.$filename.'\''.$tid.' ORDER BY time_id DESC;'); |
230 $q = $db->sql_query('SELECT page_id,size,mimetype,time_id,file_extension,file_key FROM '.table_prefix.'files WHERE filename=\''.$filename.'\''.$tid.' ORDER BY time_id DESC;'); |
225 if(!$q) $db->_die('The file data could not be selected.'); |
231 if ( !$q ) |
226 if($db->numrows() < 1) { header('HTTP/1.1 404 Not Found'); die_friendly('File not found', '<p>The file "'.$filename.'" cannot be found.</p>'); } |
232 { |
|
233 $db->_die('The file data could not be selected.'); |
|
234 } |
|
235 if ( $db->numrows() < 1 ) |
|
236 { |
|
237 header('HTTP/1.1 404 Not Found'); |
|
238 die_friendly('File not found', '<p>The file "'.$filename.'" cannot be found.</p>'); |
|
239 } |
227 $row = $db->fetchrow(); |
240 $row = $db->fetchrow(); |
228 $db->free_result(); |
241 $db->free_result(); |
229 |
242 |
230 // Check permissions |
243 // Check permissions |
231 $perms = $session->fetch_page_acl($row['page_id'], 'File'); |
244 $perms = $session->fetch_page_acl($row['page_id'], 'File'); |