Skip to content
Snippets Groups Projects
Normal view Permalink
image.php 1013 B
Newer Older
  • Learn to ignore specific revisions
    • Jared Hancock's avatar
    HTML ticket thread, inline images and draft support
    Jared Hancock committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 
    <?php
/*********************************************************************
    image.php

    Simply downloads the file...on hash validation as follows;

    * Hash must be 64 chars long.
    * First 32 chars is the perm. file hash
    * Next 32 chars  is md5(file_id.session_id().file_hash)

    Peter Rotich <peter@osticket.com>
    Copyright (c)  2006-2013 osTicket
    http://www.osticket.com

    Released under the GNU General Public License WITHOUT ANY WARRANTY.
    See LICENSE.TXT for details.

    vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/

require('client.inc.php');
require_once(INCLUDE_DIR.'class.file.php');
$h=trim($_GET['h']);
//basic checks
if(!$h  || strlen($h)!=64  //32*2
        || !($file=AttachmentFile::lookup(substr($h,0,32))) //first 32 is the file hash.
        || strcasecmp($h, $file->getDownloadHash())) //next 32 is file id + session hash.
    Jared Hancock's avatar
    Add translations for new and moved strings  
    Jared Hancock committed
    28 
        Http::response(404, __('Unknown or invalid file'));
    Jared Hancock's avatar
    HTML ticket thread, inline images and draft support
    Jared Hancock committed
    29 30 31 
    
$file->display();
?>