[Patch] Direct (php-less) attachment downloads

General discussion of development ideas and the approaches taken in the 3.x branch of phpBB. The next feature release of phpBB 3 will be 3.3/Proteus.
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.2.x. If you need support for phpBB 3.2.x please visit the 3.2.x Support Forum on phpbb.com.

If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
User avatar
haravikk
Registered User
Posts: 292
Joined: Sun Apr 20, 2003 5:05 pm
Contact:

Re: [Patch] Direct (php-less) attachment downloads

Post by haravikk » Wed Jun 08, 2011 9:26 pm

I think that for PHP-less downloads to work the administrator would need to be able to enable the feature per-forum, with the caveat that it means all users will be able to download the files. This way we can enable it for public forums, but leave the protection enabled in private forums.
Alternatively, it could automatically be enabled if all users have permission to download files from the forum; i.e - if guests, and all listed user-groups have that permission enabled along with the ability to read the contents of the forum. Ideally, if the forum's permissions change such that the files are no longer "public", then they would be relocated to a private folder so direct links will stop working; I expect moving the files should be more widely supported than symbolic links?

Support for HTTP range in the PHP script might help, but I still find that PHP file masking scripts are rarely cached properly so HTTP direct downloads are still desirable for serving up content that is accessed commonly.
Images in sigs! please.

User avatar
AmigoJack
Registered User
Posts: 103
Joined: Wed May 04, 2011 7:47 pm
Location: グリーン ヒル ゾーン
Contact:

Re: [Patch] Direct (php-less) attachment downloads

Post by AmigoJack » Thu Jul 21, 2011 8:26 am

haravikk wrote:HTTP direct downloads are still desirable for serving up content that is accessed commonly
...which is why you can put resources (e.g. files) directly on your server without any interaction of phpBB. The attachment feature doesn't come along with permissions only, it also includes a download counter which then can't be triggered anymore.

BTW: how do downloads count on partial transfers in the future?

User avatar
haravikk
Registered User
Posts: 292
Joined: Sun Apr 20, 2003 5:05 pm
Contact:

Re: [Patch] Direct (php-less) attachment downloads

Post by haravikk » Thu Jul 21, 2011 9:53 am

AmigoJack wrote:...which is why you can put resources (e.g. files) directly on your server without any interaction of phpBB.
…except that I can hardly do that when the content is posted by forum users now can I? If it were just files I posted myself that I was concerned about then I wouldn't be putting them up through a forum :P
Images in sigs! please.

jmt200
Registered User
Posts: 2
Joined: Tue Apr 03, 2012 12:05 am

Re: [Patch] Direct (php-less) attachment downloads

Post by jmt200 » Tue Apr 03, 2012 12:22 am

Is there a way to upload files to a phpbb forum other than "Img" (I presume that is only for graphic extensions?).
Where is the browse and select file interface? :-)
Meis2M wrote:any way to add an ability to multi upload attachments in topics or posts ?!

Oleg
Posts: 1150
Joined: Tue Feb 23, 2010 2:38 am
Contact:

Re: [Patch] Direct (php-less) attachment downloads

Post by Oleg » Wed Apr 25, 2012 4:43 pm

This was requested again: http://tracker.phpbb.com/browse/PHPBB3-10843

Moving topic to 3.2 discussion.

User avatar
haravikk
Registered User
Posts: 292
Joined: Sun Apr 20, 2003 5:05 pm
Contact:

Re: [Patch] Direct (php-less) attachment downloads

Post by haravikk » Wed Apr 25, 2012 5:36 pm

Since I don't really want to sign up to the JIRA just to comment on the one issue, I wanted to add that there is a fairly easy solution to the permissions question; simply store the files in a hierarchy that matches the forum layout, so if the forum permissions are changed then that branch of the hierarchy can simply be moved from the public location to the private one (inaccessible except via the PHP script).

With file-name "mangling", I think that it doesn't matter how they're stored on the server? For direct access you need the correct extension to serve up the content that way. Meanwhile for files stored in the private folder it shouldn't matter I don't think, since the request goes via the PHP script you only need to ensure the file has some kind of ID that can be used to look it up, such as the primary key used to store the file's info in the database. The file's name doesn't make it to the browser since the PHP script just dumps the file's content, after an appropriate HTTP header I think?

So file names should be safe to keep so long as the file's name is unique to the folder that it's stored within, though it probably couldn't hurt to shove the file's ID number in front for good measure.
Images in sigs! please.

Oleg
Posts: 1150
Joined: Tue Feb 23, 2010 2:38 am
Contact:

Re: [Patch] Direct (php-less) attachment downloads

Post by Oleg » Thu Apr 26, 2012 1:33 am

haravikk wrote:Since I don't really want to sign up to the JIRA just to comment on the one issue
Jira uses .com credentials.
haravikk wrote: simply store the files in a hierarchy that matches the forum layout, so if the forum permissions are changed then that branch of the hierarchy can simply be moved from the public location to the private one (inaccessible except via the PHP script).
This sounds too fragile to me but you are welcome to try to argue otherwise.

Post Reply