protected override void OnLoad(EventArgs e) { base.OnLoad(e); var attachmentId = Utilities.SafeConvertInt(Request.Params["AttachmentID"], -1); // Used for new attachments where the attachment is the actual file link (shouldn't appear in posts) var attachFileId = Utilities.SafeConvertInt(Request.Params["AttachID"], -1); // Used for legacy attachments where the attachid was actually the file id. (appears in posts) var portalId = Utilities.SafeConvertInt(Request.Params["PortalID"], -1); var moduleId = Utilities.SafeConvertInt(Request.Params["ModuleID"], -1); if (Page.IsPostBack || (attachmentId < 0 && attachFileId < 0) || portalId < 0 || moduleId < 0) { Response.StatusCode = 400; Response.Write("Invalid Request"); Response.End(); return; } // Get the attachment including the "Can Read" permission for the associated content id. var attachment = new Data.AttachController().Get(attachmentId, attachFileId, true); // Make sure the attachment exists if (attachment == null) { Response.StatusCode = 404; Response.Write("Not Found"); Response.End(); return; } // Make sure the user has read access var u = new UserController().GetUser(portalId, moduleId); if (u == null || !Permissions.HasAccess(attachment.CanRead, u.UserRoles)) { Response.StatusCode = 401; Response.Write("Unauthorized"); Response.End(); return; } // Get the filename with the unique identifier prefix removed. var filename = Regex.Replace(attachment.FileName.TextOrEmpty(), @"__\d+__\d+__", string.Empty); // Some legacy attachments may still be stored in the DB. if (attachment.FileData != null) { Response.ContentType = attachment.ContentType; if (attachmentId > 0) { Response.AddHeader("Content-Disposition", "attachment; filename=" + Server.HtmlEncode(filename)); } else // Handle legacy inline attachments a bit differently { Response.AddHeader("Content-Disposition", "filename=" + Server.HtmlEncode(filename)); } Response.BinaryWrite(attachment.FileData); Response.End(); return; } var fileManager = FileManager.Instance; string filePath = null; // If there is a file id, access the file using the file manager if (attachment.FileId.HasValue && attachment.FileId.Value > 0) { var file = fileManager.GetFile(attachment.FileId.Value); if (file != null) { filePath = file.PhysicalPath; } } // Otherwise check the attachments directory (current and legacy) else { filePath = Server.MapPath(PortalSettings.HomeDirectory + "activeforums_Attach/") + attachment.FileName; // This is another check to support legacy attachments. if (!File.Exists(filePath)) { filePath = Server.MapPath(PortalSettings.HomeDirectory + "NTForums_Attach/") + attachment.FileName; } } // At this point, we should have a valid file path if (string.IsNullOrWhiteSpace(filePath) || !File.Exists(filePath)) { Response.StatusCode = 404; Response.Write("Not Found"); Response.End(); return; } var length = attachment.FileSize; if (length <= 0) { length = new System.IO.FileInfo(filePath).Length; } Response.Clear(); Response.ContentType = attachment.ContentType; if (attachmentId > 0) { Response.AddHeader("Content-Disposition", "attachment; filename=" + Server.HtmlEncode(filename)); } else // Handle legacy inline attachments a bit differently { Response.AddHeader("Content-Disposition", "filename=" + Server.HtmlEncode(filename)); } Response.AddHeader("Content-Length", length.ToString()); Response.WriteFile(filePath); Response.Flush(); Response.Close(); Response.End(); }
protected override void OnLoad(EventArgs e) { base.OnLoad(e); //Put user code to initialize the page here try { byte[] bindata = null; bool canView = false; string sContentType = string.Empty; if (!Page.IsPostBack) { int AttachId = 0; int intPortalID = 0; int intModuleID = 0; if (Request.Params["AttachID"] != null) { if (SimulateIsNumeric.IsNumeric(Request.Params["AttachID"])) { AttachId = Int32.Parse(Request.Params["AttachID"]); } else { AttachId = 0; } } else { AttachId = 0; } if (Request.Params["PortalID"] != null) { if (SimulateIsNumeric.IsNumeric(Request.Params["PortalID"])) { intPortalID = Int32.Parse(Request.Params["PortalID"]); } else { intPortalID = 0; } } else { intPortalID = 0; } if (Request.Params["ModuleID"] != null) { if (SimulateIsNumeric.IsNumeric(Request.Params["ModuleID"])) { intModuleID = Int32.Parse(Request.Params["ModuleID"]); } else { intModuleID = -1; } } else { intModuleID = -1; } IFileManager _fileManager = FileManager.Instance; IFileInfo _file = null; if (AttachId > 0) { DotNetNuke.Entities.Users.UserInfo ui = DotNetNuke.Entities.Users.UserController.GetCurrentUserInfo(); //DotNetNuke.Modules.ActiveForums.Settings.LoadUser(objUserInfo.UserID, intPortalID, intModuleID) UserController uc = new UserController(); User u = uc.GetUser(intPortalID, intModuleID); Data.AttachController ac = new Data.AttachController(); AttachInfo ai = null; try { if (Request.UrlReferrer.AbsolutePath.Contains("HtmlEditorProviders") | (Request.UrlReferrer.AbsolutePath.Contains("afv") & Request.UrlReferrer.AbsolutePath.Contains("post"))) { ai = ac.Attach_Get(AttachId, -1, ui.UserID, false); } else { ai = ac.Attach_Get(AttachId, -1, ui.UserID, true); } } catch (Exception ex) { ai = ac.Attach_Get(AttachId, -1, ui.UserID, true); } if (ai == null) { ai = new AttachInfo(); _file = _fileManager.GetFile(AttachId); ai.AttachID = _file.FileId; ai.AllowDownload = true; ai.Filename = _file.FileName; ai.FileUrl = _file.PhysicalPath; ai.CanRead = "0;1;-3;-1;|||"; ai.ContentType = _file.ContentType; } if (ai != null & u != null) { Response.ContentType = ai.ContentType.ToString(); if (ai.FileData != null) { if (Permissions.HasAccess(ai.CanRead, u.UserRoles)) { bindata = (byte[])ai.FileData; Response.BinaryWrite(bindata); Response.AddHeader("Content-Disposition", "attachment;filename=" + Server.HtmlEncode(ai.Filename.ToString())); } } else { if (Permissions.HasAccess(ai.CanRead, u.UserRoles)) { string fpath = string.Empty; string fName = string.Empty; if (string.IsNullOrEmpty(ai.FileUrl)) { fpath = Server.MapPath(PortalSettings.HomeDirectory + "activeforums_Attach/"); fpath += ai.Filename; fName = System.IO.Path.GetFileName(fpath); } else { _file = _fileManager.GetFile(ai.AttachID); fpath = _file.PhysicalPath; fName = _file.FileName; } if (System.IO.File.Exists(fpath)) { //Dim vpath As String //vpath = PortalSettings.HomeDirectory & "activeforums_Attach/" & Server.HtmlEncode(ai.Filename) FileStream fs = new FileStream(fpath, FileMode.Open, FileAccess.Read); long contentLength = 0; if (fs != null) { bindata = GetStreamAsByteArray(fs); fs.Close(); } string sExt = System.IO.Path.GetExtension(fName); Response.Clear(); Response.AddHeader("Content-Disposition", "attachment; filename=" + Server.HtmlEncode(fName)); Response.AddHeader("Content-Length", bindata.LongLength.ToString()); sContentType = ai.ContentType; switch (sExt.ToLowerInvariant()) { case ".png": sContentType = "image/png"; break; case ".jpg": case ".jpeg": sContentType = "image/jpeg"; break; case ".gif": sContentType = "image/gif"; break; case ".bmp": sContentType = "image/bmp"; break; } Response.ContentType = sContentType; Response.OutputStream.Write(bindata, 0, bindata.Length); Response.End(); } else { fpath = Server.MapPath(PortalSettings.HomeDirectory + "NTForums_Attach/"); fpath += ai.Filename; if (System.IO.File.Exists(fpath)) { string vpath = null; vpath = PortalSettings.HomeDirectory + "activeforums_Attach/" + Server.HtmlEncode(ai.Filename); Response.Redirect(Page.ResolveUrl(vpath)); } } } } } } } } catch (Exception ex) { } }