Merge branch 'ticket/bantu/9790' into develop

* ticket/bantu/9790: [ticket/9790] Support for lighttpd's X-Sendfile header for attachments. [ticket/9790] Support for nginx's X-Accel-Redirect header for attachments. [ticket/9790] Always call file_gc(false) before sending the file. [ticket/9790] Add $exit parameter to file_gc().
2025-02-25 04:23:38 +01:00 · 2011-01-18 21:09:13 +01:00 · 2011-01-18 21:09:13 +01:00 · 40cf8b1c0a
commit 40cf8b1c0a
parent cde423591e f6a14cbcef
3 changed files with 55 additions and 20 deletions
--- a/phpBB/docs/lighttpd.sample.conf
+++ b/phpBB/docs/lighttpd.sample.conf
@ -3,6 +3,15 @@
 # from your system's lighttpd.conf.
 # Tested with lighttpd 1.4.26

+# If you want to use the X-Sendfile feature,
+# uncomment the 'allow-x-send-file' for the fastcgi
+# server below and add the following to your config.php
+#
+#  define('PHPBB_ENABLE_X_SENDFILE', true);
+#
+# See http://blog.lighttpd.net/articles/2006/07/02/x-sendfile
+# for the details on X-Sendfile.
+
 # Load moules
 server.modules += ( 
 	"mod_access",
@ -54,6 +63,7 @@ $HTTP["host"] == "www.myforums.com" {
 			"bin-copy-environment" => (
 				"PATH", "SHELL", "USER"
 			),
+			#"allow-x-send-file" => "enable",
 			"broken-scriptfilename" => "enable"
 		))
 	)
--- a/phpBB/docs/nginx.sample.conf
+++ b/phpBB/docs/nginx.sample.conf
@ -3,6 +3,14 @@
 # from your system's nginx.conf.
 # Tested with nginx 0.8.35.

+# If you want to use the X-Accel-Redirect feature,
+# add the following to your config.php.
+#
+#  define('PHPBB_ENABLE_X_ACCEL_REDIRECT', true);
+#
+# See http://wiki.nginx.org/XSendfile for the details
+# on X-Accel-Redirect.
+
 http {
    # Compression - requires gzip and gzip static modules.
    gzip on;
--- a/phpBB/includes/functions_download.php
+++ b/phpBB/includes/functions_download.php
@ -170,21 +170,6 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	// Now the tricky part... let's dance
 	header('Pragma: public');

-	/**
-	* Commented out X-Sendfile support. To not expose the physical filename within the header if xsendfile is absent we need to look into methods of checking it's status.
-	*
-	* Try X-Sendfile since it is much more server friendly - only works if the path is *not* outside of the root path...
-	* lighttpd has core support for it. An apache2 module is available at http://celebnamer.celebworld.ws/stuff/mod_xsendfile/
-	*
-	* Not really ideal, but should work fine...
-	* <code>
-	*	if (strpos($upload_dir, '/') !== 0 && strpos($upload_dir, '../') === false)
-	*	{
-	*		header('X-Sendfile: ' . $filename);
-	*	}
-	* </code>
-	*/
-
 	// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
 	$is_ie8 = (strpos(strtolower($user->browser), 'msie 8.0') !== false);
 	header('Content-Type: ' . $attachment['mimetype']);
@ -224,11 +209,29 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		header("Content-Length: $size");
 	}

-	// Close the db connection before sending the file
-	$db->sql_close();
+	// Close the db connection before sending the file etc.
+	file_gc(false);

 	if (!set_modified_headers($attachment['filetime'], $user->browser))
 	{
+		// We make sure those have to be enabled manually by defining a constant
+		// because of the potential disclosure of full attachment path
+		// in case support for features is absent in the webserver software.
+		if (defined('PHPBB_ENABLE_X_ACCEL_REDIRECT') && PHPBB_ENABLE_X_ACCEL_REDIRECT)
+		{
+			// X-Accel-Redirect - http://wiki.nginx.org/XSendfile
+			header('X-Accel-Redirect: ' . $user->page['root_script_path'] . $upload_dir . '/' . $attachment['physical_filename']);
+			exit;
+		}
+		else if (defined('PHPBB_ENABLE_X_SENDFILE') && PHPBB_ENABLE_X_SENDFILE && !phpbb_http_byte_range($size))
+		{
+			// X-Sendfile - http://blog.lighttpd.net/articles/2006/07/02/x-sendfile
+			// Lighttpd's X-Sendfile does not support range requests as of 1.4.26
+			// and always requires an absolute path.
+			header('X-Sendfile: ' . dirname(__FILE__) . "/../$upload_dir/{$attachment['physical_filename']}");
+			exit;
+		}
+
 		// Try to deliver in chunks
 		@set_time_limit(0);

@ -259,7 +262,8 @@ function send_file_to_browser($attachment, $upload_dir, $category)

 		flush();
 	}
-	file_gc();
+
+	exit;
 }

 /**
@ -417,15 +421,28 @@ function set_modified_headers($stamp, $browser)
 	return false;
 }

-function file_gc()
+/**
+* Garbage Collection
+*
+* @param bool $exit		Whether to die or not.
+*
+* @return void
+*/
+function file_gc($exit = true)
 {
 	global $cache, $db;
+
 	if (!empty($cache))
 	{
 		$cache->unload();
 	}
+
 	$db->sql_close();
-	exit;
+
+	if ($exit)
+	{
+		exit;
+	}
 }

 /**