- fixed some bugs

- changed attachment handling a bit - tried to remove target tags out of the code - do not add session ids to urls for bots as well as not creating a new session on each page view for them I bet i introduced some bugs too. ;) git-svn-id: file:///svn/phpbb/trunk@6364 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-08-09 10:16:36 +02:00 · 2006-09-13 16:08:36 +00:00
parent 35c5fe21cb
commit b76222cb6e
104 changed files with 949 additions and 533 deletions
--- a/phpBB/download.php
+++ b/phpBB/download.php
@@ -34,7 +34,7 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
 	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 }

-$sql = 'SELECT attach_id, in_message, post_msg_id, extension
+$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id
 	FROM ' . ATTACHMENTS_TABLE . "
 	WHERE attach_id = $download_id";
 $result = $db->sql_query_limit($sql, 1);
@@ -52,57 +52,74 @@ if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachmen
 }

 $row = array();
-if (!$attachment['in_message'])
+
+if ($attachment['is_orphan'])
 {
-	// 
-	$sql = 'SELECT p.forum_id, f.forum_password, f.parent_id
-		FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
-		WHERE p.post_id = ' . $attachment['post_msg_id'] . '
-			AND p.forum_id = f.forum_id';
-	$result = $db->sql_query_limit($sql, 1);
-	$row = $db->sql_fetchrow($result);
-	$db->sql_freeresult($result);
+	// We allow admins having attachment permissions to see orphan attachments...
+	$own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;

-	// Global announcement?
-	if (!$row)
+	if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
 	{
-		$forum_id = request_var('f', 0);
-
-		$sql = 'SELECT forum_id, forum_password, parent_id
-			FROM ' . FORUMS_TABLE . '
-			WHERE forum_id = ' . $forum_id;
-		$result = $db->sql_query($sql);
-		$row = $db->sql_fetchrow($result);
-		$db->sql_freeresult($result);
+		trigger_error('ERROR_NO_ATTACHMENT');
 	}

-	if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
+	$extensions = array();
+	$cache->obtain_attach_extensions($extensions);
+}
+else
+{
+	if (!$attachment['in_message'])
 	{
-		if ($row['forum_password'])
+		// 
+		$sql = 'SELECT p.forum_id, f.forum_password, f.parent_id
+			FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
+			WHERE p.post_id = ' . $attachment['post_msg_id'] . '
+				AND p.forum_id = f.forum_id';
+		$result = $db->sql_query_limit($sql, 1);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		// Global announcement?
+		if (!$row)
 		{
-			// Do something else ... ?
-			login_forum_box($row);
+			$forum_id = request_var('f', 0);
+
+			$sql = 'SELECT forum_id, forum_password, parent_id
+				FROM ' . FORUMS_TABLE . '
+				WHERE forum_id = ' . $forum_id;
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+		}
+
+		if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
+		{
+			if ($row['forum_password'])
+			{
+				// Do something else ... ?
+				login_forum_box($row);
+			}
+		}
+		else
+		{
+			trigger_error('SORRY_AUTH_VIEW_ATTACH');
 		}
 	}
 	else
 	{
-		trigger_error('SORRY_AUTH_VIEW_ATTACH');
+		$row['forum_id'] = 0;
+		if (!$auth->acl_get('u_pm_download'))
+		{
+			trigger_error('SORRY_AUTH_VIEW_ATTACH');
+		}
 	}
-}
-else
-{
-	$row['forum_id'] = 0;
-	if (!$auth->acl_get('u_pm_download'))
-	{
-		trigger_error('SORRY_AUTH_VIEW_ATTACH');
-	}
-}

-// disallowed ?
-$extensions = array();
-if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
-{
-	trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
+	// disallowed ?
+	$extensions = array();
+	if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
+	{
+		trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
+	}
 }

 if (!download_allowed())
@@ -113,7 +130,7 @@ if (!download_allowed())
 $download_mode = (int) $extensions[$attachment['extension']]['download_mode'];

 // Fetching filename here to prevent sniffing of filename
-$sql = 'SELECT attach_id, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype
+$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype
 	FROM ' . ATTACHMENTS_TABLE . "
 	WHERE attach_id = $download_id";
 $result = $db->sql_query_limit($sql, 1);
@@ -125,7 +142,6 @@ if (!$attachment)
 	trigger_error('ERROR_NO_ATTACHMENT');
 }

-
 $attachment['physical_filename'] = basename($attachment['physical_filename']);
 $display_cat = $extensions[$attachment['extension']]['display_cat'];

@@ -133,7 +149,7 @@ if ($thumbnail)
 {
 	$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
 }
-else if ($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT_CATEGORY_IMAGE)
+else if (($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT_CATEGORY_IMAGE) && !$attachment['is_orphan'])
 {
 	// Update download count
 	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' 
@@ -176,7 +192,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)

 	// Correct the mime type - we force application/octetstream for all files, except images
 	// Please do not change this, it is a security precaution
-	if ($category == ATTACHMENT_CATEGORY_NONE && strpos($attachment['mimetype'], 'image') === false)
+	if (strpos($attachment['mimetype'], 'image') !== 0)
 	{
 		$attachment['mimetype'] = (strpos(strtolower($user->browser), 'msie') !== false || strpos(strtolower($user->browser), 'opera') !== false) ? 'application/octetstream' : 'application/octet-stream';
 	}
@@ -206,13 +222,18 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	// Now the tricky part... let's dance
 	header('Pragma: public');

-	// Try X-Sendfile since it is much more server friendly.
+	// Try X-Sendfile since it is much more server friendly - only works if the path is *not* outside of the root path...
 	// lighttpd has core support for it. An apache2 module is available at http://celebnamer.celebworld.ws/stuff/mod_xsendfile/
-	header('X-Sendfile: ' . $filename);
+
+	// Not really ideal, but should work fine...
+	if (strpos($upload_dir, '/') !== 0 && strpos($upload_dir, '../') === false)
+	{
+		header('X-Sendfile: ' . $filename);
+	}

 	// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
 	header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
-	header('Content-Disposition: attachment; filename="' . $attachment['real_filename'] . '"');
+	header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; filename="' . $attachment['real_filename'] . '"');

 	if ($size)
 	{
@@ -221,7 +242,6 @@ function send_file_to_browser($attachment, $upload_dir, $category)

 	// Might not be ideal to store the contents, but file_get_contents is binary-safe as well as the recommended method
 	echo @file_get_contents($filename);
-	unset($contents);

 	flush();
 	exit;