phpBB

Code Changes

File: download/file.php

  Unmodified   Added   Modified   Removed
Line 170Line 170
	if (!$attachment['in_message'])
{
//

	if (!$attachment['in_message'])
{
//

		$sql = 'SELECT p.forum_id, f.forum_password, f.parent_id

		$sql = 'SELECT p.forum_id, f.forum_name, f.forum_password, f.parent_id

			FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
WHERE p.post_id = ' . $attachment['post_msg_id'] . '
AND p.forum_id = f.forum_id';

			FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
WHERE p.post_id = ' . $attachment['post_msg_id'] . '
AND p.forum_id = f.forum_id';

Line 285Line 285
	$db->sql_query($sql);
}


	$db->sql_query($sql);
}


if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false)))

if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && (strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7))

{
wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
file_gc();

{
wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
file_gc();

Line 344Line 344
		$image_data = @getimagesize($file_path);
header('Content-Type: ' . image_type_to_mime_type($image_data[2]));


		$image_data = @getimagesize($file_path);
header('Content-Type: ' . image_type_to_mime_type($image_data[2]));


		if (strpos(strtolower($browser), 'msie') !== false && strpos(strtolower($browser), 'msie 8.0') === false)

		if ((strpos(strtolower($browser), 'msie') !== false) && !phpbb_is_greater_ie_version($browser, 7))

		{
header('Content-Disposition: attachment; ' . header_filename($file));


		{
header('Content-Disposition: attachment; ' . header_filename($file));


Line 424Line 424
	if (!@file_exists($filename))
{
send_status_line(404, 'Not Found');

	if (!@file_exists($filename))
{
send_status_line(404, 'Not Found');

		trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));

		trigger_error('ERROR_NO_ATTACHMENT');

	}

// Correct the mime type - we force application/octetstream for all files, except images

	}

// Correct the mime type - we force application/octetstream for all files, except images

Line 477Line 477
	*/

// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.

	*/

// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.

	$is_ie8 = (strpos(strtolower($user->browser), 'msie 8.0') !== false);

 
	header('Content-Type: ' . $attachment['mimetype']);


	header('Content-Type: ' . $attachment['mimetype']);


	if ($is_ie8)

	if (phpbb_is_greater_ie_version($user->browser, 7))

	{
header('X-Content-Type-Options: nosniff');
}

	{
header('X-Content-Type-Options: nosniff');
}

Line 492Line 491
	}
else
{

	}
else
{

		if (empty($user->browser) || (!$is_ie8 && (strpos(strtolower($user->browser), 'msie') !== false)))

		if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)))

		{
header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))

		{
header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))

Line 503Line 502
		else
{
header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));

		else
{
header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));

			if ($is_ie8 && (strpos($attachment['mimetype'], 'image') !== 0))

			if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0))

			{
header('X-Download-Options: noopen');
}
}

			{
header('X-Download-Options: noopen');
}
}

	}

if ($size)
{
header("Content-Length: $size");

 
	}

// Close the db connection before sending the file

	}

// Close the db connection before sending the file

Line 520Line 514

if (!set_modified_headers($attachment['filetime'], $user->browser))
{


if (!set_modified_headers($attachment['filetime'], $user->browser))
{

 
		// Send Content-Length only if set_modified_headers() does not send
// status 304 - Not Modified
if ($size)
{
header("Content-Length: $size");
}


		// Try to deliver in chunks
@set_time_limit(0);


		// Try to deliver in chunks
@set_time_limit(0);


Line 680Line 681
{
// let's see if we have to send the file at all
$last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;

{
// let's see if we have to send the file at all
$last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;

	if ((strpos(strtolower($browser), 'msie 6.0') === false) && (strpos(strtolower($browser), 'msie 8.0') === false))


		
if (strpos(strtolower($browser), 'msie 6.0') === false && !phpbb_is_greater_ie_version($browser, 7))

	{
if ($last_load !== false && $last_load >= $stamp)
{

	{
if ($last_load !== false && $last_load >= $stamp)
{

Line 707Line 709
	}
$db->sql_close();
exit;

	}
$db->sql_close();
exit;

 
}

/**
* Check if the browser is internet explorer version 7+
*
* @param string $user_agent User agent HTTP header
* @param int $version IE version to check against
*
* @return bool true if internet explorer version is greater than $version
*/
function phpbb_is_greater_ie_version($user_agent, $version)
{
if (preg_match('/msie (\d+)/', strtolower($user_agent), $matches))
{
$ie_version = (int) $matches[1];
return ($ie_version > $version);
}
else
{
return false;
}

}

?>

}

?>