|
Server IP : 162.211.86.152 / Your IP : 216.73.216.76 Web Server : Apache System : Linux host.submitandforget.com 3.10.0-1160.80.1.vz7.191.4 #1 SMP Thu Dec 15 20:31:06 MSK 2022 x86_64 User : pribs ( 1005) PHP Version : 8.1.34 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF Directory (0755) : /home/pribs/public_html/../bin/../www/submitandforget.com/requests/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
/*********************************************************************
attachment.php
Attachments interface for clients.
Clients should never see the dir paths.
Peter Rotich <peter@osticket.com>
Copyright (c) 2006-2013 osTicket
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require('secure.inc.php');
require_once(INCLUDE_DIR.'class.attachment.php');
//Basic checks
if(!$thisclient
|| !$_GET['id']
|| !$_GET['h']
|| !($attachment=Attachment::lookup($_GET['id']))
|| !($file=$attachment->getFile()))
Http::response(404, __('Unknown or invalid file'));
//Validate session access hash - we want to make sure the link is FRESH! and the user has access to the parent ticket!!
$vhash=md5($attachment->getFileId().session_id().strtolower($file->getKey()));
if(strcasecmp(trim($_GET['h']),$vhash)
|| !($ticket=$attachment->getTicket())
|| !$ticket->checkUserAccess($thisclient))
Http::response(404, __('Unknown or invalid file'));
//Download the file..
$file->download();
?>