include_once($path_to_root . "/includes/ui.inc");
include_once($path_to_root . "/includes/data_checks.inc");
include_once($path_to_root . "/admin/db/attachments_db.inc");
+include_once($path_to_root . "/admin/db/transactions_db.inc");
if (isset($_GET['vw']))
$view_id = $_GET['vw'];
$type = ($row['filetype']) ? $row['filetype'] : 'application/octet-stream';
header("Content-type: ".$type);
header('Content-Length: '.$row['filesize']);
- //if ($type == 'application/octet-stream')
- // header('Content-Disposition: attachment; filename='.$row['filename']);
- //else
- header("Content-Disposition: inline");
+ header("Content-Disposition: inline");
echo file_get_contents(company_path(). "/attachments/".$row['unique_name']);
exit();
}
}
$js = "";
-if ($use_popup_windows)
+if ($SysPrefs->use_popup_windows)
$js .= get_js_open_window(800, 500);
page(_($help_context = "Attach Documents"), false, false, "", $js);
if ($Mode == 'ADD_ITEM' || $Mode == 'UPDATE_ITEM')
{
- if (!$_POST['trans_no'])
- display_error(_("No transaction has been selected."));
- elseif ($Mode == 'ADD_ITEM' && (!isset($_FILES['filename']) || $_FILES['filename']['size'] == 0))
+ if (!transaction_exists($_POST['filterType'], $_POST['trans_no']))
+ display_error(_("Selected transaction does not exists."));
+ elseif ($Mode == 'ADD_ITEM' && !isset($_FILES['filename']))
display_error(_("Select attachment file."));
+ elseif ($Mode == 'ADD_ITEM' && ($_FILES['filename']['error'] > 0)) {
+ if ($_FILES['filename']['error'] == UPLOAD_ERR_INI_SIZE)
+ display_error(_("The file size is over the maximum allowed."));
+ else
+ display_error(_("Select attachment file."));
+ }
else {
//$content = base64_encode(file_get_contents($_FILES['filename']['tmp_name']));
$tmpname = $_FILES['filename']['tmp_name'];
if (!file_exists($dir))
{
mkdir ($dir,0777);
- $index_file = "<?php\nheader(\"Location: ../index.php\");\n?>";
+ $index_file = "<?php\nheader(\"Location: ../index.php\");\n";
$fp = fopen($dir."/index.php", "w");
fwrite($fp, $index_file);
fclose($fp);
// protect against directory traversal
if ($Mode == 'UPDATE_ITEM')
{
- $unique_name = preg_replace('/[^a-zA-Z0-9.\-_]/', '', $_POST['unique_name']);
+ $row = get_attachment($selected_id);
+ if ($row['filename'] == "")
+ exit();
+ $unique_name = $row['unique_name'];
if ($filename && file_exists($dir."/".$unique_name))
unlink($dir."/".$unique_name);
}
else
- $unique_name = uniqid('');
+ $unique_name = random_id();
//save the file
move_uploaded_file($tmpname, $dir."/".$unique_name);
display_notification(_("Attachment has been updated."));
}
}
- refresh_pager('trans_table');
+ refresh_pager('trans_tbl');
$Ajax->activate('_page_body');
$Mode = 'RESET';
}
end_page();
-?>