phpBB

Code Changes

File: download/file.php

  Unmodified   Added   Modified   Removed
Line 14Line 14
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
$phpEx = substr(strrchr(__FILE__, '.'), 1);

define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
$phpEx = substr(strrchr(__FILE__, '.'), 1);

 


// Thank you sun.
if (isset($_SERVER['CONTENT_TYPE']))
{
if ($_SERVER['CONTENT_TYPE'] === 'application/x-java-archive')
{
exit;
}
}
else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'Java') !== false)
{
exit;
}


if (isset($_GET['avatar']))
{


if (isset($_GET['avatar']))
{

 
	require($phpbb_root_path . 'includes/startup.' . $phpEx);

	require($phpbb_root_path . 'config.' . $phpEx);

	require($phpbb_root_path . 'config.' . $phpEx);

 

if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
{
exit;
}


	require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
require($phpbb_root_path . 'includes/cache.' . $phpEx);
require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
require($phpbb_root_path . 'includes/constants.' . $phpEx);

	require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
require($phpbb_root_path . 'includes/cache.' . $phpEx);
require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
require($phpbb_root_path . 'includes/constants.' . $phpEx);

 
	require($phpbb_root_path . 'includes/functions.' . $phpEx);


$db = new $sql_db();
$cache = new cache();


$db = new $sql_db();
$cache = new cache();

Line 37Line 59
	$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';

$config = $cache->obtain_config();

	$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';

$config = $cache->obtain_config();

	$filename = $_GET['avatar'];

	$filename = request_var('avatar', '');

	$avatar_group = false;

	$avatar_group = false;

	if ($filename[0] === 'g')



	$exit = false;

if (isset($filename[0]) && $filename[0] === 'g')

	{
$avatar_group = true;
$filename = substr($filename, 1);

	{
$avatar_group = true;
$filename = substr($filename, 1);

Line 48Line 72
	// '==' is not a bug - . as the first char is as bad as no dot at all
if (strpos($filename, '.') == false)
{

	// '==' is not a bug - . as the first char is as bad as no dot at all
if (strpos($filename, '.') == false)
{

		header('HTTP/1.0 403 forbidden');
if (!empty($cache))
{
$cache->unload();
}
$db->sql_close();
exit;

		send_status_line(403, 'Forbidden');
$exit = true;






	}


	}


 
	if (!$exit)
{

	$ext		= substr(strrchr($filename, '.'), 1);
$stamp = (int) substr(stristr($filename, '_'), 1);
$filename = (int) $filename;

	$ext		= substr(strrchr($filename, '.'), 1);
$stamp = (int) substr(stristr($filename, '_'), 1);
$filename = (int) $filename;

	
// let's see if we have to send the file at all
$last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
if (strpos(strtolower($browser), 'msie 6.0') === false)
{
if ($last_load !== false && $last_load <= $stamp)
{
header('Not Modified', true, 304);
// seems that we need those too ... browsers
header('Pragma: public');
header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
exit();

		$exit = set_modified_headers($stamp, $browser);












		} 

		} 

		else

	if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))

		{

		{

			header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
}


		// no way such an avatar could exist. They are not following the rules, stop the show.
send_status_line(403, 'Forbidden');
$exit = true;

	}


	}


	if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))



if (!$exit)

	{

	{

		// no way such an avatar could exist. They are not following the rules, stop the show.
header("HTTP/1.0 403 forbidden");
if (!empty($cache))
{
$cache->unload();
}
$db->sql_close();
exit;
}


 
	if (!$filename)
{
// no way such an avatar could exist. They are not following the rules, stop the show.

	if (!$filename)
{
// no way such an avatar could exist. They are not following the rules, stop the show.

		header("HTTP/1.0 403 forbidden");
if (!empty($cache))
{
$cache->unload();

			send_status_line(403, 'Forbidden');




		}

		}

		$db->sql_close();
exit;
}


		else
{



	send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);

	send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);


if (!empty($cache))
{
$cache->unload();

 
	}

	}

	$db->sql_close();
exit;

	}
file_gc();

}

// implicit else: we are not in avatar mode

}

// implicit else: we are not in avatar mode

Line 127Line 120

if (!$download_id)
{


if (!$download_id)
{

 
	send_status_line(404, 'Not Found');

	trigger_error('NO_ATTACHMENT_SELECTED');
}

if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
{

	trigger_error('NO_ATTACHMENT_SELECTED');
}

if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
{

 
	send_status_line(404, 'Not Found');

	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
}


	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
}


$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id

$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id, filetime

	FROM ' . ATTACHMENTS_TABLE . "
WHERE attach_id = $download_id";
$result = $db->sql_query_limit($sql, 1);

	FROM ' . ATTACHMENTS_TABLE . "
WHERE attach_id = $download_id";
$result = $db->sql_query_limit($sql, 1);

Line 144Line 139

if (!$attachment)
{


if (!$attachment)
{

 
	send_status_line(404, 'Not Found');

	trigger_error('ERROR_NO_ATTACHMENT');
}

if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach']))
{

	trigger_error('ERROR_NO_ATTACHMENT');
}

if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach']))
{

 
	send_status_line(404, 'Not Found');

	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
}


	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
}


Line 161Line 158

if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
{


if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
{

 
		send_status_line(404, 'Not Found');

		trigger_error('ERROR_NO_ATTACHMENT');
}


		trigger_error('ERROR_NO_ATTACHMENT');
}


Line 172Line 170
	if (!$attachment['in_message'])
{
//

	if (!$attachment['in_message'])
{
//

		$sql = 'SELECT p.forum_id, f.forum_password, f.parent_id

		$sql = 'SELECT p.forum_id, f.forum_name, f.forum_password, f.parent_id

			FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
WHERE p.post_id = ' . $attachment['post_msg_id'] . '
AND p.forum_id = f.forum_id';

			FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
WHERE p.post_id = ' . $attachment['post_msg_id'] . '
AND p.forum_id = f.forum_id';

Line 193Line 191
		}
else
{

		}
else
{

 
			send_status_line(403, 'Forbidden');

			trigger_error('SORRY_AUTH_VIEW_ATTACH');
}
}

			trigger_error('SORRY_AUTH_VIEW_ATTACH');
}
}

Line 201Line 200
		$row['forum_id'] = false;
if (!$auth->acl_get('u_pm_download'))
{

		$row['forum_id'] = false;
if (!$auth->acl_get('u_pm_download'))
{

 
			send_status_line(403, 'Forbidden');

			trigger_error('SORRY_AUTH_VIEW_ATTACH');

			trigger_error('SORRY_AUTH_VIEW_ATTACH');

 
		}

// Check if the attachment is within the users scope...
$sql = 'SELECT user_id, author_id
FROM ' . PRIVMSGS_TO_TABLE . '
WHERE msg_id = ' . $attachment['post_msg_id'];
$result = $db->sql_query($sql);

$allowed = false;
while ($user_row = $db->sql_fetchrow($result))
{
if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id'])
{
$allowed = true;
break;
}
}
$db->sql_freeresult($result);

if (!$allowed)
{
send_status_line(403, 'Forbidden');
trigger_error('ERROR_NO_ATTACHMENT');

		}
}


		}
}


Line 209Line 232
	$extensions = array();
if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
{

	$extensions = array();
if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
{

 
		send_status_line(404, 'Forbidden');

		trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
}
}

if (!download_allowed())
{

		trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
}
}

if (!download_allowed())
{

 
	send_status_line(403, 'Forbidden');

	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
}

$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];

// Fetching filename here to prevent sniffing of filename

	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
}

$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];

// Fetching filename here to prevent sniffing of filename

$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype

$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filetime

	FROM ' . ATTACHMENTS_TABLE . "
WHERE attach_id = $download_id";
$result = $db->sql_query_limit($sql, 1);

	FROM ' . ATTACHMENTS_TABLE . "
WHERE attach_id = $download_id";
$result = $db->sql_query_limit($sql, 1);

Line 230Line 255

if (!$attachment)
{


if (!$attachment)
{

 
	send_status_line(404, 'Not Found');

	trigger_error('ERROR_NO_ATTACHMENT');
}


	trigger_error('ERROR_NO_ATTACHMENT');
}


$attachment['physical_filename'] = basename($attachment['physical_filename']);

$attachment['physical_filename'] = utf8_basename($attachment['physical_filename']);

$display_cat = $extensions[$attachment['extension']]['display_cat'];

if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))

$display_cat = $extensions[$attachment['extension']]['display_cat'];

if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))

Line 250Line 276
{
$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
}

{
$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
}

else if (($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT_CATEGORY_IMAGE) && !$attachment['is_orphan'])

else if (($display_cat == ATTACHMENT_CATEGORY_NONE/* || $display_cat == ATTACHMENT_CATEGORY_IMAGE*/) && !$attachment['is_orphan'])

{
// Update download count
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '

{
// Update download count
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '

Line 259Line 285
	$db->sql_query($sql);
}


	$db->sql_query($sql);
}


if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && strpos(strtolower($user->browser), 'msie') !== false)

if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && (strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7))

{
wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);

{
wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);

 
	file_gc();

}
else
{

}
else
{

Line 271Line 298
		// This presenting method should no longer be used
if (!@is_dir($phpbb_root_path . $config['upload_path']))
{

		// This presenting method should no longer be used
if (!@is_dir($phpbb_root_path . $config['upload_path']))
{

 
			send_status_line(500, 'Internal Server Error');

			trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
}

redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);

			trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
}

redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);

		exit;

		file_gc();

	}
else
{
send_file_to_browser($attachment, $config['upload_path'], $display_cat);

	}
else
{
send_file_to_browser($attachment, $config['upload_path'], $display_cat);

		exit;

		file_gc();

	}
}


	}
}


Line 316Line 344
		$image_data = @getimagesize($file_path);
header('Content-Type: ' . image_type_to_mime_type($image_data[2]));


		$image_data = @getimagesize($file_path);
header('Content-Type: ' . image_type_to_mime_type($image_data[2]));


		if (strpos(strtolower($browser), 'msie') !== false)

		if ((strpos(strtolower($browser), 'msie') !== false) && !phpbb_is_greater_ie_version($browser, 7))

		{
header('Content-Disposition: attachment; ' . header_filename($file));


		{
header('Content-Disposition: attachment; ' . header_filename($file));


Line 341Line 369
			header("Content-Length: $size");
}


			header("Content-Length: $size");
}


		if (@readfile($file_path) === false)

		if (@readfile($file_path) == false)

		{
$fp = @fopen($file_path, 'rb');


		{
$fp = @fopen($file_path, 'rb');


Line 359Line 387
	}
else
{

	}
else
{

		header('HTTP/1.0 404 not found');

		send_status_line(404, 'Not Found');

	}
}


	}
}


Line 395Line 423

if (!@file_exists($filename))
{


if (!@file_exists($filename))
{

		trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));


		send_status_line(404, 'Not Found');
trigger_error('ERROR_NO_ATTACHMENT');

	}

// Correct the mime type - we force application/octetstream for all files, except images

	}

// Correct the mime type - we force application/octetstream for all files, except images

Line 421Line 450
		// PHP track_errors setting On?
if (!empty($php_errormsg))
{

		// PHP track_errors setting On?
if (!empty($php_errormsg))
{

 
			send_status_line(500, 'Internal Server Error');

			trigger_error($user->lang['UNABLE_TO_DELIVER_FILE'] . '<br />' . sprintf($user->lang['TRACKED_PHP_ERROR'], $php_errormsg));
}


			trigger_error($user->lang['UNABLE_TO_DELIVER_FILE'] . '<br />' . sprintf($user->lang['TRACKED_PHP_ERROR'], $php_errormsg));
}


 
		send_status_line(500, 'Internal Server Error');

		trigger_error('UNABLE_TO_DELIVER_FILE');
}


		trigger_error('UNABLE_TO_DELIVER_FILE');
}


Line 448Line 479
	// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
header('Content-Type: ' . $attachment['mimetype']);


	// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
header('Content-Type: ' . $attachment['mimetype']);


	if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie') !== false))













	if (phpbb_is_greater_ie_version($user->browser, 7))
{
header('X-Content-Type-Options: nosniff');
}

if ($category == ATTACHMENT_CATEGORY_FLASH && request_var('view', 0) === 1)
{
// We use content-disposition: inline for flash files and view=1 to let it correctly play with flash player 10 - any other disposition will fail to play inline
header('Content-Disposition: inline');
}
else
{
if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)))

	{
header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))

	{
header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))

Line 459Line 502
	else
{
header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));

	else
{
header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));

 
			if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0))
{
header('X-Download-Options: noopen');
}
}

	}


	}


 
	// Close the db connection before sending the file
$db->sql_close();

if (!set_modified_headers($attachment['filetime'], $user->browser))
{
// Send Content-Length only if set_modified_headers() does not send
// status 304 - Not Modified

	if ($size)
{
header("Content-Length: $size");

	if ($size)
{
header("Content-Length: $size");

Line 485Line 540
	}

flush();

	}

flush();

	exit;


	}
file_gc();

}

/**

}

/**

Line 551Line 607
	}

// Check for own server...

	}

// Check for own server...

	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');

	$server_name = $user->host;


// Forcing server vars is the only way to specify/override the protocol
if ($config['force_server_vars'] || !$server_name)


// Forcing server vars is the only way to specify/override the protocol
if ($config['force_server_vars'] || !$server_name)

Line 615Line 671
	}

return $allowed;

	}

return $allowed;

 
}

/**
* Check if the browser has the file already and set the appropriate headers-
* @returns false if a resend is in order.
*/
function set_modified_headers($stamp, $browser)
{
// let's see if we have to send the file at all
$last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;

if (strpos(strtolower($browser), 'msie 6.0') === false && !phpbb_is_greater_ie_version($browser, 7))
{
if ($last_load !== false && $last_load >= $stamp)
{
send_status_line(304, 'Not Modified');
// seems that we need those too ... browsers
header('Pragma: public');
header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
return true;
}
else
{
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
}
}
return false;
}

function file_gc()
{
global $cache, $db;
if (!empty($cache))
{
$cache->unload();
}
$db->sql_close();
exit;
}

/**
* Check if the browser is internet explorer version 7+
*
* @param string $user_agent User agent HTTP header
* @param int $version IE version to check against
*
* @return bool true if internet explorer version is greater than $version
*/
function phpbb_is_greater_ie_version($user_agent, $version)
{
if (preg_match('/msie (\d+)/', strtolower($user_agent), $matches))
{
$ie_version = (int) $matches[1];
return ($ie_version > $version);
}
else
{
return false;
}

}

?>

}

?>