mirror of
https://github.com/phpbb/phpbb.git
synced 2025-05-04 06:39:14 +02:00
Mylek is right - we should do this. Fixes some aspects of file.php, needs testing.
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8707 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof
parent
e9a811cd33
commit
7997796789
@ -93,7 +93,11 @@
|
||||
<li>[Feature] Allow hard disabling of the template editor.</li>
|
||||
<li>[Fix] Delete avatar files (Bug #29985).</li>
|
||||
<li>[Fix] Preserve selection in the MCP. (Bug #31265).</li>
|
||||
<li>[Fix] Added VST (Bug #30545).</li>
|
||||
<li>[Fix] Added VST - Venezuela Standard Time (Bug #30545).</li>
|
||||
<li>[Fix] Close DB connections in file.php.</li>
|
||||
<li>[Change] Set headers to allow browsers to better cache attachments (Mylek pointed this out)</li>
|
||||
|
||||
|
||||
</ul>
|
||||
|
||||
<a name="v301"></a><h3>1.ii. Changes since 3.0.1</h3>
|
||||
|
||||
@ -45,6 +45,8 @@ if (isset($_GET['avatar']))
|
||||
$config = $cache->obtain_config();
|
||||
$filename = $_GET['avatar'];
|
||||
$avatar_group = false;
|
||||
$exit = false;
|
||||
|
||||
if ($filename[0] === 'g')
|
||||
{
|
||||
$avatar_group = true;
|
||||
@ -55,75 +57,38 @@ if (isset($_GET['avatar']))
|
||||
if (strpos($filename, '.') == false)
|
||||
{
|
||||
header('HTTP/1.0 403 Forbidden');
|
||||
if (!empty($cache))
|
||||
{
|
||||
$cache->unload();
|
||||
}
|
||||
$db->sql_close();
|
||||
exit;
|
||||
$exit = true;
|
||||
}
|
||||
|
||||
$ext = substr(strrchr($filename, '.'), 1);
|
||||
$stamp = (int) substr(stristr($filename, '_'), 1);
|
||||
$filename = (int) $filename;
|
||||
|
||||
// let's see if we have to send the file at all
|
||||
$last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
|
||||
if (strpos(strtolower($browser), 'msie 6.0') === false)
|
||||
if (!$exit)
|
||||
{
|
||||
if ($last_load !== false && $last_load <= $stamp)
|
||||
{
|
||||
if (@php_sapi_name() === 'CGI')
|
||||
{
|
||||
header('Status: 304 Not Modified', true, 304);
|
||||
}
|
||||
else
|
||||
{
|
||||
header('HTTP/1.0 304 Not Modified', true, 304);
|
||||
}
|
||||
// seems that we need those too ... browsers
|
||||
header('Pragma: public');
|
||||
header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
|
||||
exit();
|
||||
}
|
||||
else
|
||||
{
|
||||
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
|
||||
}
|
||||
$ext = substr(strrchr($filename, '.'), 1);
|
||||
$stamp = (int) substr(stristr($filename, '_'), 1);
|
||||
$filename = (int) $filename;
|
||||
$exit = set_modified_headers($stamp, $browser);
|
||||
}
|
||||
|
||||
if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
|
||||
if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
|
||||
{
|
||||
// no way such an avatar could exist. They are not following the rules, stop the show.
|
||||
header("HTTP/1.0 403 Forbidden");
|
||||
if (!empty($cache))
|
||||
{
|
||||
$cache->unload();
|
||||
}
|
||||
$db->sql_close();
|
||||
exit;
|
||||
$exit = true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
if ($exit)
|
||||
{
|
||||
file_gc();
|
||||
}
|
||||
|
||||
if (!$filename)
|
||||
{
|
||||
// no way such an avatar could exist. They are not following the rules, stop the show.
|
||||
header("HTTP/1.0 403 Forbidden");
|
||||
if (!empty($cache))
|
||||
{
|
||||
$cache->unload();
|
||||
}
|
||||
$db->sql_close();
|
||||
exit;
|
||||
}
|
||||
|
||||
send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
|
||||
|
||||
if (!empty($cache))
|
||||
else
|
||||
{
|
||||
$cache->unload();
|
||||
send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
|
||||
}
|
||||
$db->sql_close();
|
||||
exit;
|
||||
}
|
||||
|
||||
// implicit else: we are not in avatar mode
|
||||
@ -148,7 +113,7 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
|
||||
trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
|
||||
}
|
||||
|
||||
$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id
|
||||
$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id, filetime
|
||||
FROM ' . ATTACHMENTS_TABLE . "
|
||||
WHERE attach_id = $download_id";
|
||||
$result = $db->sql_query_limit($sql, 1);
|
||||
@ -259,7 +224,7 @@ if (!download_allowed())
|
||||
$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
|
||||
|
||||
// Fetching filename here to prevent sniffing of filename
|
||||
$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype
|
||||
$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filetime
|
||||
FROM ' . ATTACHMENTS_TABLE . "
|
||||
WHERE attach_id = $download_id";
|
||||
$result = $db->sql_query_limit($sql, 1);
|
||||
@ -313,12 +278,12 @@ else
|
||||
}
|
||||
|
||||
redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
|
||||
exit;
|
||||
file_gc();
|
||||
}
|
||||
else
|
||||
{
|
||||
send_file_to_browser($attachment, $config['upload_path'], $display_cat);
|
||||
exit;
|
||||
file_gc();
|
||||
}
|
||||
}
|
||||
|
||||
@ -503,27 +468,29 @@ function send_file_to_browser($attachment, $upload_dir, $category)
|
||||
{
|
||||
header("Content-Length: $size");
|
||||
}
|
||||
|
||||
// Try to deliver in chunks
|
||||
@set_time_limit(0);
|
||||
|
||||
$fp = @fopen($filename, 'rb');
|
||||
|
||||
if ($fp !== false)
|
||||
if (!set_modified_headers($attachment['filetime'], $user->browser))
|
||||
{
|
||||
while (!feof($fp))
|
||||
// Try to deliver in chunks
|
||||
@set_time_limit(0);
|
||||
|
||||
$fp = @fopen($filename, 'rb');
|
||||
|
||||
if ($fp !== false)
|
||||
{
|
||||
echo fread($fp, 8192);
|
||||
while (!feof($fp))
|
||||
{
|
||||
echo fread($fp, 8192);
|
||||
}
|
||||
fclose($fp);
|
||||
}
|
||||
else
|
||||
{
|
||||
@readfile($filename);
|
||||
}
|
||||
fclose($fp);
|
||||
}
|
||||
else
|
||||
{
|
||||
@readfile($filename);
|
||||
}
|
||||
|
||||
flush();
|
||||
exit;
|
||||
flush();
|
||||
}
|
||||
file_gc();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -655,4 +622,48 @@ function download_allowed()
|
||||
return $allowed;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the browser has the file already and set the appropriate headers-
|
||||
* @returns false if a resend is in order.
|
||||
*/
|
||||
function set_modified_headers($stamp, $browser)
|
||||
{
|
||||
// let's see if we have to send the file at all
|
||||
$last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
|
||||
if (strpos(strtolower($browser), 'msie 6.0') === false)
|
||||
{
|
||||
if ($last_load !== false && $last_load <= $stamp)
|
||||
{
|
||||
if (@php_sapi_name() === 'CGI')
|
||||
{
|
||||
header('Status: 304 Not Modified', true, 304);
|
||||
}
|
||||
else
|
||||
{
|
||||
header('HTTP/1.0 304 Not Modified', true, 304);
|
||||
}
|
||||
// seems that we need those too ... browsers
|
||||
header('Pragma: public');
|
||||
header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
function file_gc()
|
||||
{
|
||||
global $cache, $db;
|
||||
if (!empty($cache))
|
||||
{
|
||||
$cache->unload();
|
||||
}
|
||||
$db->sql_close();
|
||||
exit;
|
||||
}
|
||||
|
||||
?>
|
||||
Loading…
x
Reference in New Issue
Block a user