set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config);
// Check for a document ID
if (!isset($_GET['id']) && !intval($_GET['id'])) {
header("Location: documents.php");
exit();
}
$document_id = intval($_GET['id']);
$sql_document = mysqli_query($mysqli,
"SELECT document_id, document_name, document_content, document_description
FROM documents
WHERE document_id = $document_id AND document_client_visible = 1 AND document_client_id = $session_client_id AND document_archived_at IS NULL
LIMIT 1"
);
$row = mysqli_fetch_array($sql_document);
if ($row) {
$document_id = intval($row['document_id']);
$document_name = nullable_htmlentities($row['document_name']);
$document_content = $purifier->purify($row['document_content']);
$document_description = nullable_htmlentities($row['document_description']);
} else {
header("Location: post.php?logout");
exit();
}
// Check for associated files
$sql_files = mysqli_query($mysqli,
"SELECT f.file_id, f.file_name, f.file_reference_name, f.file_ext, f.file_size, f.file_mime_type
FROM files f
INNER JOIN document_files df ON f.file_id = df.file_id
WHERE df.document_id = $document_id AND f.file_client_id = $session_client_id
ORDER BY f.file_name ASC"
);
?>
-
Home
-
Documents
-
Document
0) {
$file_row = mysqli_fetch_array($sql_files);
$file_id = intval($file_row['file_id']);
$file_name = nullable_htmlentities($file_row['file_name']);
$file_reference_name = nullable_htmlentities($file_row['file_reference_name']);
$file_ext = strtolower($file_row['file_ext']);
$file_size = intval($file_row['file_size']);
$file_mime_type = nullable_htmlentities($file_row['file_mime_type']);
$file_size_formatted = formatBytes($file_size);
$file_path = "../uploads/clients/$session_client_id/$file_reference_name";
// For PDF files, display them inline
if ($file_ext == 'pdf') {
?>
Type: File
Size:
Uploaded file:
$file_name$document_description
") { ?>