From 4c246188ea9d413b8b517bd2c2913199f0dfb8a6 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Thu, 2 Oct 2014 20:12:58 +0000
Subject: [PATCH] Fix attachment fetching to be object based
---
attachment.php | 10 ++++++----
include/class.attachment.php | 23 +++++++++++++++++------
scp/attachment.php | 11 +++++++++--
3 files changed, 32 insertions(+), 12 deletions(-)
diff --git a/attachment.php b/attachment.php
index 05e256a42..9a386baae 100644
--- a/attachment.php
+++ b/attachment.php
@@ -17,7 +17,7 @@
require('secure.inc.php');
require_once(INCLUDE_DIR.'class.attachment.php');
//Basic checks
-if(!$thisclient
+if (!$thisclient
|| !$_GET['id']
|| !$_GET['h']
|| !($attachment=Attachment::lookup($_GET['id']))
@@ -26,9 +26,11 @@ if(!$thisclient
//Validate session access hash - we want to make sure the link is FRESH! and the user has access to the parent ticket!!
$vhash=md5($attachment->getFileId().session_id().strtolower($file->getKey()));
-if(strcasecmp(trim($_GET['h']),$vhash)
- || !($ticket=$attachment->getTicket())
- || !$ticket->checkUserAccess($thisclient))
+if (strcasecmp(trim($_GET['h']), $vhash)
+ || !($thread=$attachment->getThread())
+ || !($object=$thread->getObject())
+ || !$object instanceof Ticket
+ || !$object->checkUserAccess($thisclient))
Http::response(404, __('Unknown or invalid file'));
//Download the file..
$file->download();
diff --git a/include/class.attachment.php b/include/class.attachment.php
index 8bd1c8063..fdcbe4ee2 100644
--- a/include/class.attachment.php
+++ b/include/class.attachment.php
@@ -20,13 +20,16 @@ class Attachment {
var $id;
var $file_id;
- var $info;
+ var $ht;
+ var $thread;
function Attachment($id, $tid=0) {
- $sql = ' SELECT * FROM '.THREAD_ENTRY_ATTACHMENT_TABLE.' WHERE id='.db_input($id);
+ $sql = 'SELECT a.*, e.thread_id FROM '.THREAD_ENTRY_ATTACHMENT_TABLE.' a '
+ . 'LEFT JOIN '.THREAD_ENTRY_TABLE.' e ON (e.id = a.thread_entry_id) '
+ . 'WHERE a.id='.db_input($id);
if($tid)
- $sql.=' AND thread_entry_id='.db_input($tid);
+ $sql.=' AND a.thread_entry_id='.db_input($tid);
if(!($res=db_query($sql)) || !db_num_rows($res))
return false;
@@ -36,7 +39,7 @@ class Attachment {
$this->id=$this->ht['id'];
$this->file_id=$this->ht['file_id'];
- $this->file=null;
+ $this->file = $this->thread = null;
return true;
}
@@ -68,8 +71,16 @@ class Attachment {
return $this->getHashtable();
}
+ function getThread() {
+
+ if (!isset($this->thread))
+ $this->thread = Thread::lookup($this->ht['thread_id']);
+
+ return $this->thread;
+ }
+
/* Static functions */
- function getIdByFileHash($hash, $tid=0) {
+ static function getIdByFileHash($hash, $tid=0) {
$sql='SELECT a.id FROM '.THREAD_ENTRY_ATTACHMENT_TABLE.' a '
.' INNER JOIN '.FILE_TABLE.' f ON(f.id=a.file_id) '
.' WHERE f.`key`='.db_input($hash);
@@ -79,7 +90,7 @@ class Attachment {
return db_result(db_query($sql));
}
- function lookup($var, $tid=0) {
+ static function lookup($var, $tid=0) {
$id = is_numeric($var) ? $var : self::getIdByFileHash($var, $tid);
diff --git a/scp/attachment.php b/scp/attachment.php
index 07f20981a..697f9e38a 100644
--- a/scp/attachment.php
+++ b/scp/attachment.php
@@ -17,14 +17,21 @@ require('staff.inc.php');
require_once(INCLUDE_DIR.'class.attachment.php');
//Basic checks
-if(!$thisstaff || !$_GET['id'] || !$_GET['h']
+if (!$thisstaff
+ || !$_GET['id']
+ || !$_GET['h']
|| !($attachment=Attachment::lookup($_GET['id']))
|| !($file=$attachment->getFile()))
Http::response(404, __('Unknown or invalid file'));
//Validate session access hash - we want to make sure the link is FRESH! and the user has access to the parent ticket!!
$vhash=md5($attachment->getFileId().session_id().strtolower($file->getKey()));
-if(strcasecmp(trim($_GET['h']),$vhash) || !($ticket=$attachment->getTicket()) || !$ticket->checkStaffAccess($thisstaff)) die(__('Access Denied'));
+if (strcasecmp(trim($_GET['h']), $vhash)
+ || !($thread=$attachment->getThread())
+ || !($object=$thread->getObject())
+ || !$object instanceof Ticket
+ || !$object->checkStaffAccess($thisstaff))
+ die(__('Access Denied'));
//Download the file..
$file->download();
--
GitLab