Merge remote-tracking branch 'Fyorl/feature/attach-dl' into develop

* Fyorl/feature/attach-dl: (75 commits)
  [feature/attach-dl] Removed the use of some abbreviations
  [feature/attach-dl] Changed $files_added checks
  [feature/attach-dl] Renamed $post_id to $post_msg_id
  [feature/attach-dl] Fixed a comment
  [feature/attach-dl] Optimised an sql query
  [feature/attach-dl] Fixed the logic in an sql statement
  [feature/attch-dl] $forum_id cast to int
  [feature/attach-dl] Fixed $file_added to $files_added
  [feature/attach-dl] Moved definition of $archive_name
  [feature/attach-dl] Swapped the order of an if statement
  [feature/attach-dl] Cast variables to int
  [feature/attach-dl] Added $archive_path
  [feature/attach-dl] Used COMMA_SEPARATOR instead of actual comma
  [feature/attach-dl] Renamed $count to $files_added
  [feature/attach-dl] Removed sprintf() use
  [feature/attach-dl] Removed need for array_keys()
  [feature/attach-dl] Added multiple attachment downloads to PMs
  [feature/attach-dl] Removed reliance on current($row)
  [feature/attach-dl] Renamed to phpbb_download_handle_forum_auth
  [feature/attach-dl] Moved PM authentication handling into own function
  ...

phpBB/includes/functions_display.php

@@ -1387,3 +1387,38 @@ function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $
 	$avatar_img .= $avatar;
 	return '<img src="' . (str_replace(' ', '%20', $avatar_img)) . '" width="' . $avatar_width . '" height="' . $avatar_height . '" alt="' . ((!empty($user->lang[$alt])) ? $user->lang[$alt] : $alt) . '" />';
 }
+
+/**
+* Generate a list of archive types available for compressing attachments
+*
+* @param string $param_key Either topic_id or post_id
+* @param string $param_val The value of the topic or post id
+* @param string $phpbb_root_path The root path of the phpBB installation
+* @param string $phpEx The PHP extension
+*
+* @return array Array containing the link and the type of compression
+*/
+function phpbb_gen_download_links($param_key, $param_val, $phpbb_root_path, $phpEx)
+{
+	if (!class_exists('compress'))
+	{
+		require $phpbb_root_path . 'includes/functions_compress.' . $phpEx;
+	}
+
+	$methods = compress::methods();
+	$links = array();
+
+	foreach ($methods as $method)
+	{
+		$type = array_pop(explode('.', $method));
+		$params = array('archive' => $method);
+		$params[$param_key] = $param_val;
+
+		$links[] = array(
+			'LINK' => append_sid("{$phpbb_root_path}download/file.$phpEx", $params),
+			'TYPE' => $type,
+		);
+	}
+
+	return $links;
+}

phpBB/includes/functions_download.php

@@ -592,3 +592,132 @@ function phpbb_parse_range_request($request_array, $filesize)
 		);
 	}
 }
+
+/**
+* Increments the download count of all provided attachments
+*
+* @param dbal $db The database object
+* @param array|int $ids The attach_id of each attachment
+*
+* @return null
+*/
+function phpbb_increment_downloads($db, $ids)
+{
+	if (!is_array($ids))
+	{
+		$ids = array($ids);
+	}
+
+	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
+		SET download_count = download_count + 1
+		WHERE ' . $db->sql_in_set('attach_id', $ids);
+	$db->sql_query($sql);
+}
+
+/**
+* Handles authentication when downloading attachments from a post or topic
+*
+* @param dbal $db The database object
+* @param phpbb_auth $auth The authentication object
+* @param int $topic_id The id of the topic that we are downloading from
+*
+* @return null
+*/
+function phpbb_download_handle_forum_auth($db, $auth, $topic_id)
+{
+	$sql = 'SELECT t.forum_id, f.forum_password, f.parent_id
+		FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
+		WHERE t.topic_id = " . (int) $topic_id . "
+			AND t.forum_id = f.forum_id";
+	$result = $db->sql_query($sql);
+	$row = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
+
+	if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
+	{
+		if ($row && $row['forum_password'])
+		{
+			// Do something else ... ?
+			login_forum_box($row);
+		}
+	}
+	else
+	{
+		send_status_line(403, 'Forbidden');
+		trigger_error('SORRY_AUTH_VIEW_ATTACH');
+	}
+}
+
+/**
+* Handles authentication when downloading attachments from PMs
+*
+* @param dbal $db The database object
+* @param phpbb_auth $auth The authentication object
+* @param int $user_id The user id
+* @param int $msg_id The id of the PM that we are downloading from
+*
+* @return null
+*/
+function phpbb_download_handle_pm_auth($db, $auth, $user_id, $msg_id)
+{
+	if (!$auth->acl_get('u_pm_download'))
+	{
+		send_status_line(403, 'Forbidden');
+		trigger_error('SORRY_AUTH_VIEW_ATTACH');
+	}
+
+	$allowed = phpbb_download_check_pm_auth($db, $user_id, $msg_id);
+
+	if (!$allowed)
+	{
+		send_status_line(403, 'Forbidden');
+		trigger_error('ERROR_NO_ATTACHMENT');
+	}
+}
+
+/**
+* Checks whether a user can download from a particular PM
+*
+* @param dbal $db The database object
+* @param int $user_id The user id
+* @param int $msg_id The id of the PM that we are downloading from
+*
+* @return bool Whether the user is allowed to download from that PM or not
+*/
+function phpbb_download_check_pm_auth($db, $user_id, $msg_id)
+{
+	// Check if the attachment is within the users scope...
+	$sql = 'SELECT msg_id
+		FROM ' . PRIVMSGS_TO_TABLE . '
+		WHERE msg_id = ' . (int) $msg_id . '
+			AND (
+				user_id = ' . (int) $user_id . '
+				OR author_id = ' . (int) $user_id . '
+			)';
+	$result = $db->sql_query_limit($sql, 1);
+	$allowed = (bool) $db->sql_fetchfield('msg_id');
+	$db->sql_freeresult($result);
+
+	return $allowed;
+}
+
+/**
+* Cleans a filename of any characters that could potentially cause a problem on
+* a user's filesystem.
+*
+* @param string $filename The filename to clean
+*
+* @return string The cleaned filename
+*/
+function phpbb_download_clean_filename($filename)
+{
+	$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
+
+	// rawurlencode to convert any potentially 'bad' characters that we missed
+	$filename = rawurlencode(str_replace($bad_chars, '_', $filename));
+
+	// Turn the %xx entities created by rawurlencode to _
+	$filename = preg_replace("/%(\w{2})/", '_', $filename);
+
+	return $filename;
+}

phpBB/includes/ucp/ucp_pm_viewmessage.php

@@ -257,6 +257,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 		'U_PM_ACTION'		=> $url . '&mode=compose&f=' . $folder_id . '&p=' . $message_row['msg_id'],
 
 		'S_HAS_ATTACHMENTS'	=> (sizeof($attachments)) ? true : false,
+		'S_HAS_MULTIPLE_ATTACHMENTS' => (sizeof($attachments) > 1),
 		'S_DISPLAY_NOTICE'	=> $display_notice && $message_row['message_attachment'],
 		'S_AUTHOR_DELETED'	=> ($author_id == ANONYMOUS) ? true : false,
 		'S_SPECIAL_FOLDER'	=> in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)),
@@ -301,6 +302,12 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 	// Display not already displayed Attachments for this post, we already parsed them. ;)
 	if (isset($attachments) && sizeof($attachments))
 	{
+		$methods = phpbb_gen_download_links('post_msg_id', $msg_id, $phpbb_root_path, $phpEx);
+		foreach ($methods as $method)
+		{
+			$template->assign_block_vars('dl_method', $method);
+		}
+	
 		foreach ($attachments as $attachment)
 		{
 			$template->assign_block_vars('attachment', array(