mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-13 04:04:12 +02:00
Code Issues Releases Wiki Activity

- fix security issue in download.php

Browse Source 
- fixing some phpdocumentor warnings/errors
- adjust pop-before-smtp "auth" (nowadays no one should rely on it)
- add backtrace for smtp email errors if DEBUG_EXTRA is enabled


git-svn-id: file:///svn/phpbb/trunk@6352 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2006-09-04 20:35:46 +00:00
parent 8c567e8c68
commit 8ab85ebdb0
6 changed files with 106 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/download.php
View File

@@ -133,7 +133,7 @@ if ($thumbnail)
{
$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
}
else if ($display_cat == ATTACHMENT_CATEGORY_NONE)
else if ($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT_CATEGORY_IMAGE)
{
// Update download count
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
@@ -210,9 +210,9 @@ function send_file_to_browser($attachment, $upload_dir, $category)
// lighttpd has core support for it. An apache2 module is available at http://celebnamer.celebworld.ws/stuff/mod_xsendfile/
header('X-Sendfile: ' . $filename);
// Send out the Headers
// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
header('Content-Disposition: inline; filename="' . $attachment['real_filename'] . '"');
header('Content-Disposition: attachment; filename="' . $attachment['real_filename'] . '"');
if ($size)
{