mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-07 15:05:43 +02:00
Code Issues Releases Wiki Activity

[feature/attach-dl] Putting more old code under "else if ($download_id)".

Browse Source 
PHPBB3-11042
This commit is contained in:
Andreas Fischer 2012-08-07 02:36:20 +02:00
parent 60d382df4c
commit ecab0212f8
1 changed files with 106 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
phpBB/download/file.php
View File

@ -196,22 +196,14 @@ else if ($download_id)
// sizeof($attachments) == 1 // sizeof($attachments) == 1
$attachment = current($attachments); $attachment = current($attachments);
// in_message = 1 means it's in a private message
if (!$attachment['in_message'] && !$config['allow_attachments'] || $attachment['in_message'] && !$config['allow_pm_attach']) if (!$attachment['in_message'] && !$config['allow_attachments'] || $attachment['in_message'] && !$config['allow_pm_attach'])
{ {
send_status_line(404, 'Not Found'); send_status_line(404, 'Not Found');
trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
} }
}
else
{
// sizeof($attachments) > 1
}
$row = array(); if ($attachment['is_orphan'])
{
if ($attachment && $attachment['is_orphan'])
{
// We allow admins having attachment permissions to see orphan attachments... // We allow admins having attachment permissions to see orphan attachments...
$own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false; $own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;
@ -223,27 +215,15 @@ if ($attachment && $attachment['is_orphan'])
// Obtain all extensions... // Obtain all extensions...
$extensions = $cache->obtain_attach_extensions(true); $extensions = $cache->obtain_attach_extensions(true);
} }
else else
{
if ($attachments || ($attachment && !$attachment['in_message']))
{ {
if ($download_id || $post_id) if (!$attachment['in_message'])
{ {
$sql = 'SELECT p.forum_id, f.forum_password, f.parent_id $sql = 'SELECT p.forum_id, f.forum_password, f.parent_id
FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
WHERE p.post_id = ' . (($attachment) ? $attachment['post_msg_id'] : $post_id) . ' WHERE p.post_id = ' . $attachment['post_msg_id'] . '
AND p.forum_id = f.forum_id'; AND p.forum_id = f.forum_id';
}
if ($topic_id)
{
$sql = 'SELECT t.forum_id, f.forum_password, f.parent_id
FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
WHERE t.topic_id = $topic_id
AND t.forum_id = f.forum_id";
}
$result = $db->sql_query_limit($sql, 1); $result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result); $row = $db->sql_fetchrow($result);
$db->sql_freeresult($result); $db->sql_freeresult($result);
@ -266,6 +246,7 @@ else
} }
else else
{ {
// Attachment is in a private message.
$row['forum_id'] = false; $row['forum_id'] = false;
if (!$auth->acl_get('u_pm_download')) if (!$auth->acl_get('u_pm_download'))
{ {
@ -311,8 +292,46 @@ else
if (!phpbb_check_attach_extensions($extensions, $ary)) if (!phpbb_check_attach_extensions($extensions, $ary))
{ {
send_status_line(404, 'Forbidden'); send_status_line(404, 'Forbidden');
$ext = ($attachment) ? $attachment['extension'] : $attachments[0]['extension']; trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $ext)); }
}
}
else
{
// sizeof($attachments) > 1
if ($post_id)
{
$sql = 'SELECT p.forum_id, f.forum_password, f.parent_id
FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
WHERE p.post_id = ' . (($attachment) ? $attachment['post_msg_id'] : $post_id) . '
AND p.forum_id = f.forum_id';
}
else if ($topic_id)
{
$sql = 'SELECT t.forum_id, f.forum_password, f.parent_id
FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
WHERE t.topic_id = $topic_id
AND t.forum_id = f.forum_id";
}
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$f_download = $auth->acl_get('f_download', $row['forum_id']);
if ($auth->acl_get('u_download') && $f_download)
{
if ($row && $row['forum_password'])
{
// Do something else ... ?
login_forum_box($row);
}
}
else
{
send_status_line(403, 'Forbidden');
trigger_error('SORRY_AUTH_VIEW_ATTACH');
} }
} }