public async Task <ActionResult> Add(int messageId = 0) { var(messageGetResult, message) = await GetMessageAndThreadAsync(messageId); if (!messageGetResult) { return(Json(new { success = false, responseMessage = "Upload failed." })); } var forum = await _cache.GetForumAsync(message.Thread.ForumID); if (forum == null) { return(Json(new { success = false, responseMessage = "Upload failed." })); } // Check if the thread is sticky, or that the user can see normal threads started // by others. If not, the user isn't allowed to view the thread the message is in, and therefore is denied access. if ((message.Thread.StartedByUserID != this.HttpContext.Session.GetUserID()) && !this.HttpContext.Session.CanPerformForumActionRight(message.Thread.ForumID, ActionRights.ViewNormalThreadsStartedByOthers) && !message.Thread.IsSticky) { // user can't view the thread the message is in, because: // - the thread isn't sticky // AND // - the thread isn't posted by the calling user and the user doesn't have the right to view normal threads started by others return(Json(new { success = false, responseMessage = "Upload failed." })); } var totalNumberOfAttachmentsOfMessage = await MessageGuiHelper.GetTotalNumberOfAttachmentsOfMessageAsync(messageId); bool userMayAddAttachment = forum.MaxNoOfAttachmentsPerMessage > 0 && this.HttpContext.Session.CanPerformForumActionRight(forum.ForumID, ActionRights.AddAttachment) && this.HttpContext.Session.GetUserID() == message.PostedByUserID && totalNumberOfAttachmentsOfMessage < forum.MaxNoOfAttachmentsPerMessage; if (!userMayAddAttachment) { return(Json(new { success = false, responseMessage = "Upload failed." })); } try { if (this.Request.Form.Files.Count <= 0) { return(Json(new { success = false, responseMessage = "No file attached!" })); } var fileContent = this.Request.Form.Files[0]; if (fileContent == null || fileContent.Length <= 0) { return(Json(new { success = false, responseMessage = "The file uploaded is empty (0KB)." })); } var fileLengthInKB = fileContent.Length / 1024; if (fileLengthInKB > forum.MaxAttachmentSize) { return(Json(new { success = false, responseMessage = $"The file uploaded is too large ({fileLengthInKB}KB). The max. file size is {forum.MaxAttachmentSize}KB" })); } // all is well, save the attachment! var fileData = new byte[fileContent.Length]; await using (var reader = fileContent.OpenReadStream()) { await reader.ReadAsync(fileData, 0, (int)fileContent.Length); } await MessageManager.AddAttachmentAsync(messageId, fileContent.FileName, fileData, this.HttpContext.Session.CanPerformForumActionRight(forum.ForumID, ActionRights.GetsAttachmentsApprovedAutomatically)); ApplicationAdapter.InvalidateCachedNumberOfUnapprovedAttachments(); return(Json(new { success = true, responseMessage = string.Empty })); } catch (Exception) { Response.StatusCode = (int)HttpStatusCode.BadRequest; return(Json(new { success = false, responseMessage = "Upload failed." })); } }