diff --git a/app/messages/message_media.php b/app/messages/message_media.php
index df2c60c67f..c41b4076e0 100644
--- a/app/messages/message_media.php
+++ b/app/messages/message_media.php
@@ -27,13 +27,6 @@
//includes
require_once "root.php";
require_once "resources/require.php";
- require_once "resources/check_auth.php";
-
-//check permissions
- if (!permission_exists('message_view')) {
- echo "access denied";
- exit;
- }
//add multi-lingual support
$language = new text;
@@ -49,7 +42,9 @@
$sql = "select message_media_type, message_media_url, message_media_content from v_message_media ";
$sql .= "where message_media_uuid = '".$message_media_uuid."' ";
- $sql .= "and user_uuid = '".$_SESSION['user_uuid']."' ";
+ if (is_uuid($_SESSION['user_uuid'])) {
+ $sql .= "and user_uuid = '".$_SESSION['user_uuid']."' ";
+ }
$sql .= "and (domain_uuid = '".$domain_uuid."' or domain_uuid is null) ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
diff --git a/app/messages/message_send.php b/app/messages/message_send.php
index 05ce8e299e..02a7476b17 100644
--- a/app/messages/message_send.php
+++ b/app/messages/message_send.php
@@ -160,7 +160,9 @@
if (is_array($message_media) && sizeof($message_media) != 0) {
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? 'https://' : 'http://';
foreach ($message_media as $index => $media) {
- $message['media'][] = $protocol.$_SERVER['HTTP_HOST'].'/app/messages/message_media.php?id='.$media['uuid'].'&action=download';
+ $path = $protocol.$_SERVER['HTTP_HOST'].'/app/messages/message_media.php?id='.$media['uuid'].'&action=download&.'.strtolower(pathinfo($media['name'], PATHINFO_EXTENSION));
+ $message['media'][] = $path;
+ //echo $path."
";
}
}
$http_content = json_encode($message);
diff --git a/app/messages/messages.php b/app/messages/messages.php
index e95270f6f9..fe1c0e769b 100644
--- a/app/messages/messages.php
+++ b/app/messages/messages.php
@@ -170,7 +170,9 @@
echo " ".$text['title-messages']."
| \n";
echo " \n";