mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into ticket/11015

Browse Source 
* upstream/develop: (666 commits)
  [ticket/11077] Remove code from old global announcements system
  [ticket/11189] Replace DEBUG_EXTRA with DEBUG
  [ticket/11189] Always log critical errors when in cron or in image output
  [ticket/11187] Added a blank array to fix errors in functional tests
  [ticket/10780] Make L_COLON available in the installer.
  [ticket/11183] Remove $load_extensions and weird dl() calls
  [ticket/10970] Added extra documentation to parse_dynamic_path.
  [ticket/10939] Added documentation for phpbb_request::file
  [ticket/10865] Use code tags for install/database_update.php.
  [ticket/10865] Should have been a slash.
  [ticket/10780] Use L_COLON on LDAP page.
  [ticket/10780] Use L_COLON on search backend ACP pages.
  [ticket/10780] Use L_COLON for "download all attachments".
  [ticket/10780] Use colon from language in ucp_pm_compose.php where possible.
  [ticket/10780] Replace colons in phpBB/adm/style/acp_ext_details.html.
  [ticket/10780] Replace colon usage in adm template output with {L_COLON}
  [ticket/10780] Replace colon usage in template output with {L_COLON}
  [ticket/11181] Bump PHP requirement to 5.3.3 (from 5.3.2) [develop-olympus]
  [ticket/11181] Bump PHP requirement to 5.3.3 (from 5.3.2)
  [ticket/10172] Show prosilver birthday list even if there are no birthdays.
  ...

Conflicts:
	phpBB/common.php
	phpBB/download/file.php
	phpBB/includes/db/dbal.php
	phpBB/includes/db/firebird.php
	phpBB/includes/db/mssql.php
	phpBB/includes/db/mssql_odbc.php
	phpBB/includes/db/mssqlnative.php
	phpBB/includes/db/mysql.php
	phpBB/includes/db/mysqli.php
	phpBB/includes/db/oracle.php
	phpBB/includes/db/postgres.php
	phpBB/includes/db/sqlite.php
	phpBB/includes/extension/manager.php
	phpBB/install/database_update.php
This commit is contained in:
Igor Wiedler
2012-11-12 10:33:40 +01:00
parent 0971d3f975 504158ceab
commit 5e52216b5e
449 changed files with 12779 additions and 3043 deletions
Download Patch File Download Diff File Expand all files Collapse all files

433
phpBB/download/file.php
View File

@@ -7,6 +7,10 @@
*
*/
use Symfony\Component\Config\FileLocator;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Loader\YamlFileLoader;
/**
* @ignore
*/
@@ -14,7 +18,6 @@ define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
// Thank you sun.
if (isset($_SERVER['CONTENT_TYPE']))
{
@@ -39,25 +42,28 @@ if (isset($_GET['avatar']))
}
require($phpbb_root_path . 'includes/class_loader.' . $phpEx);
require($phpbb_root_path . 'includes/constants.' . $phpEx);
require($phpbb_root_path . 'includes/functions.' . $phpEx);
require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);
require($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx);
$phpbb_class_loader_ext = new phpbb_class_loader('phpbb_ext_', $phpbb_root_path . 'ext/', ".$phpEx");
$phpbb_class_loader_ext->register();
$phpbb_class_loader = new phpbb_class_loader('phpbb_', $phpbb_root_path . 'includes/', ".$phpEx");
$phpbb_class_loader->register();
$phpbb_container = new ContainerBuilder();
$loader = new YamlFileLoader($phpbb_container, new FileLocator(__DIR__.'/../config'));
$loader->load('services.yml');
$processor = new phpbb_di_processor_config($phpbb_root_path . 'config.' . $phpEx, $phpbb_root_path, $phpEx);
$processor->process($phpbb_container);
$phpbb_class_loader = $phpbb_container->get('class_loader');
$phpbb_class_loader_ext = $phpbb_container->get('class_loader.ext');
// set up caching
$cache_factory = new phpbb_cache_factory($acm_type);
$cache = $cache_factory->get_service();
$phpbb_class_loader_ext->set_cache($cache->get_driver());
$phpbb_class_loader->set_cache($cache->get_driver());
$cache = $phpbb_container->get('cache');
$phpbb_dispatcher = new phpbb_event_dispatcher();
$request = new phpbb_request();
$db = new $dbms();
$phpbb_dispatcher = $phpbb_container->get('dispatcher');
$request = $phpbb_container->get('request');
$db = $phpbb_container->get('dbal.conn');
// Connect to DB
if (!@$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, false))
@@ -68,18 +74,23 @@ if (isset($_GET['avatar']))
request_var('', 0, false, false, $request);
// worst-case default
$browser = strtolower($request->header('User-Agent', 'msie 6.0'));
$config = new phpbb_config_db($db, $cache->get_driver(), CONFIG_TABLE);
$config = $phpbb_container->get('config');
set_config(null, null, null, $config);
set_config_count(null, null, null, $config);
// load extensions
$phpbb_extension_manager = new phpbb_extension_manager($db, EXT_TABLE, $phpbb_root_path, ".$phpEx", $cache->get_driver());
$phpbb_extension_manager = $phpbb_container->get('ext.manager');
$phpbb_subscriber_loader = $phpbb_container->get('event.subscriber_loader');
$phpbb_subscriber_loader = new phpbb_event_extension_subscriber_loader($phpbb_dispatcher, $phpbb_extension_manager);
$phpbb_subscriber_loader->load();
$ids = array_keys($phpbb_container->findTaggedServiceIds('container.processor'));
foreach ($ids as $id)
{
$processor = $phpbb_container->get($id);
$processor->process($phpbb_container);
}
// worst-case default
$browser = strtolower($request->header('User-Agent', 'msie 6.0'));
$filename = request_var('avatar', '');
$avatar_group = false;
@@ -133,6 +144,9 @@ include($phpbb_root_path . 'common.' . $phpEx);
require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);
$download_id = request_var('id', 0);
$topic_id = $request->variable('topic_id', 0);
$post_msg_id = $request->variable('post_msg_id', 0);
$archive = $request->variable('archive', '.tar');
$mode = request_var('mode', '');
$thumbnail = request_var('t', false);
@@ -141,195 +155,268 @@ $user->session_begin(false);
$auth->acl($user->data);
$user->setup('viewtopic');
if (!$download_id)
{
send_status_line(404, 'Not Found');
trigger_error('NO_ATTACHMENT_SELECTED');
}
if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
{
send_status_line(404, 'Not Found');
trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
}
$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id, filetime
if ($download_id)
{
// Attachment id (only 1 attachment)
$sql_where = "attach_id = $download_id";
}
else if ($post_msg_id)
{
// Post id or private message id (multiple attachments)
$sql_where = "post_msg_id = $post_msg_id AND is_orphan = 0";
}
else if ($topic_id)
{
// Topic id (multiple attachments)
$sql_where = "topic_id = $topic_id AND is_orphan = 0";
}
else
{
send_status_line(404, 'Not Found');
trigger_error('NO_ATTACHMENT_SELECTED');
}
$sql = 'SELECT attach_id, post_msg_id, topic_id, in_message, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime
FROM ' . ATTACHMENTS_TABLE . "
WHERE attach_id = $download_id";
$result = $db->sql_query_limit($sql, 1);
$attachment = $db->sql_fetchrow($result);
WHERE $sql_where";
$result = $db->sql_query($sql);
$attachments = $attachment_ids = array();
while ($row = $db->sql_fetchrow($result))
{
$attachment_id = (int) $row['attach_id'];
$row['physical_filename'] = utf8_basename($row['physical_filename']);
$attachment_ids[$attachment_id] = $attachment_id;
$attachments[$attachment_id] = $row;
}
$db->sql_freeresult($result);
if (!$attachment)
// Make $attachment the first of the attachments we fetched.
$attachment = current($attachments);
if (empty($attachments))
{
send_status_line(404, 'Not Found');
trigger_error('ERROR_NO_ATTACHMENT');
}
if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach']))
else if (!download_allowed())
{
send_status_line(404, 'Not Found');
trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
send_status_line(403, 'Forbidden');
trigger_error($user->lang['LINKAGE_FORBIDDEN']);
}
$row = array();
if ($attachment['is_orphan'])
else if ($download_id)
{
// We allow admins having attachment permissions to see orphan attachments...
$own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;
// sizeof($attachments) == 1
if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
if (!$attachment['in_message'] && !$config['allow_attachments'] || $attachment['in_message'] && !$config['allow_pm_attach'])
{
send_status_line(404, 'Not Found');
trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
}
if ($attachment['is_orphan'])
{
// We allow admins having attachment permissions to see orphan attachments...
$own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;
if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
{
send_status_line(404, 'Not Found');
trigger_error('ERROR_NO_ATTACHMENT');
}
// Obtain all extensions...
$extensions = $cache->obtain_attach_extensions(true);
}
else
{
if (!$attachment['in_message'])
{
phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']);
}
else
{
// Attachment is in a private message.
$row['forum_id'] = false;
phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']);
}
$extensions = array();
if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
{
send_status_line(404, 'Forbidden');
trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
}
}
$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
$display_cat = $extensions[$attachment['extension']]['display_cat'];
if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))
{
$display_cat = ATTACHMENT_CATEGORY_NONE;
}
if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
{
$display_cat = ATTACHMENT_CATEGORY_NONE;
}
if ($thumbnail)
{
$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
}
else if ($display_cat == ATTACHMENT_CATEGORY_NONE && !$attachment['is_orphan'] && !phpbb_http_byte_range($attachment['filesize']))
{
// Update download count
phpbb_increment_downloads($db, $attachment['attach_id']);
}
if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false)))
{
wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
file_gc();
}
else
{
// Determine the 'presenting'-method
if ($download_mode == PHYSICAL_LINK)
{
// This presenting method should no longer be used
if (!@is_dir($phpbb_root_path . $config['upload_path']))
{
send_status_line(500, 'Internal Server Error');
trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
}
redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
file_gc();
}
else
{
send_file_to_browser($attachment, $config['upload_path'], $display_cat);
file_gc();
}
}
}
else
{
// sizeof($attachments) >= 1
if ($attachment['in_message'])
{
phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']);
}
else
{
phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']);
}
if (!class_exists('compress'))
{
require $phpbb_root_path . 'includes/functions_compress.' . $phpEx;
}
if (!in_array($archive, compress::methods()))
{
$archive = '.tar';
}
if ($post_msg_id)
{
if ($attachment['in_message'])
{
$sql = 'SELECT message_subject AS attach_subject
FROM ' . PRIVMSGS_TABLE . "
WHERE msg_id = $post_msg_id";
}
else
{
$sql = 'SELECT post_subject AS attach_subject, forum_id
FROM ' . POSTS_TABLE . "
WHERE post_id = $post_msg_id";
}
}
else
{
$sql = 'SELECT topic_title AS attach_subject, forum_id
FROM ' . TOPICS_TABLE . "
WHERE topic_id = $topic_id";
}
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (empty($row))
{
send_status_line(404, 'Not Found');
trigger_error('ERROR_NO_ATTACHMENT');
}
// Obtain all extensions...
$extensions = $cache->obtain_attach_extensions(true);
}
else
{
if (!$attachment['in_message'])
$clean_name = phpbb_download_clean_filename($row['attach_subject']);
$suffix = '_' . (($post_msg_id) ? $post_msg_id : $topic_id) . '_' . $clean_name;
$archive_name = 'attachments' . $suffix;
$store_name = 'att_' . time() . '_' . unique_id();
$archive_path = "{$phpbb_root_path}store/{$store_name}{$archive}";
if ($archive === '.zip')
{
//
$sql = 'SELECT p.forum_id, f.forum_password, f.parent_id
FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
WHERE p.post_id = ' . $attachment['post_msg_id'] . '
AND p.forum_id = f.forum_id';
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$f_download = $auth->acl_get('f_download', $row['forum_id']);
if ($auth->acl_get('u_download') && $f_download)
{
if ($row && $row['forum_password'])
{
// Do something else ... ?
login_forum_box($row);
}
}
else
{
send_status_line(403, 'Forbidden');
trigger_error('SORRY_AUTH_VIEW_ATTACH');
}
$compress = new compress_zip('w', $archive_path);
}
else
{
$row['forum_id'] = false;
if (!$auth->acl_get('u_pm_download'))
{
send_status_line(403, 'Forbidden');
trigger_error('SORRY_AUTH_VIEW_ATTACH');
}
// Check if the attachment is within the users scope...
$sql = 'SELECT user_id, author_id
FROM ' . PRIVMSGS_TO_TABLE . '
WHERE msg_id = ' . $attachment['post_msg_id'];
$result = $db->sql_query($sql);
$allowed = false;
while ($user_row = $db->sql_fetchrow($result))
{
if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id'])
{
$allowed = true;
break;
}
}
$db->sql_freeresult($result);
if (!$allowed)
{
send_status_line(403, 'Forbidden');
trigger_error('ERROR_NO_ATTACHMENT');
}
$compress = new compress_tar('w', $archive_path, $archive);
}
// disallowed?
$extensions = array();
if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
$files_added = 0;
$forum_id = ($attachment['in_message']) ? false : (int) $row['forum_id'];
$disallowed = array();
foreach ($attachments as $attach)
{
send_status_line(404, 'Forbidden');
trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
if (!extension_allowed($forum_id, $attach['extension'], $extensions))
{
$disallowed[$attach['extension']] = $attach['extension'];
continue;
}
$prefix = '';
if ($topic_id)
{
$prefix = $attach['post_msg_id'] . '_';
}
$compress->add_custom_file("{$phpbb_root_path}files/{$attach['physical_filename']}", "{$prefix}{$attach['real_filename']}");
$files_added++;
}
}
if (!download_allowed())
{
send_status_line(403, 'Forbidden');
trigger_error($user->lang['LINKAGE_FORBIDDEN']);
}
$compress->close();
$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
if ($files_added)
{
phpbb_increment_downloads($db, $attachment_ids);
$compress->download($store_name, $archive_name);
}
// Fetching filename here to prevent sniffing of filename
$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filesize, filetime
FROM ' . ATTACHMENTS_TABLE . "
WHERE attach_id = $download_id";
$result = $db->sql_query_limit($sql, 1);
$attachment = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
unlink($archive_path);
if (!$attachment)
{
send_status_line(404, 'Not Found');
trigger_error('ERROR_NO_ATTACHMENT');
}
if (!$files_added)
{
// None of the attachments had a valid extension
$disallowed = implode($user->lang['COMMA_SEPARATOR'], $disallowed);
send_status_line(404, 'Forbidden');
trigger_error($user->lang('EXTENSION_DISABLED_AFTER_POSTING', $disallowed));
}
$attachment['physical_filename'] = utf8_basename($attachment['physical_filename']);
$display_cat = $extensions[$attachment['extension']]['display_cat'];
if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))
{
$display_cat = ATTACHMENT_CATEGORY_NONE;
}
if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
{
$display_cat = ATTACHMENT_CATEGORY_NONE;
}
if ($thumbnail)
{
$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
}
else if (($display_cat == ATTACHMENT_CATEGORY_NONE/* || $display_cat == ATTACHMENT_CATEGORY_IMAGE*/) && !$attachment['is_orphan'] && !phpbb_http_byte_range($attachment['filesize']))
{
// Update download count
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
SET download_count = download_count + 1
WHERE attach_id = ' . $attachment['attach_id'];
$db->sql_query($sql);
}
if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false)))
{
wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
file_gc();
}
else
{
// Determine the 'presenting'-method
if ($download_mode == PHYSICAL_LINK)
{
// This presenting method should no longer be used
if (!@is_dir($phpbb_root_path . $config['upload_path']))
{
send_status_line(500, 'Internal Server Error');
trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
}
redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
file_gc();
}
else
{
send_file_to_browser($attachment, $config['upload_path'], $display_cat);
file_gc();
}
}