phpBB

Code Changes

File: includes/functions_download.php

  Unmodified   Added   Modified   Removed
Line 208Line 208

if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)))
{


if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)))
{

		header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));

		header('Content-Disposition: attachment; ' . header_filename(html_entity_decode($attachment['real_filename'], ENT_COMPAT)));

		if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
{
header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');

		if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
{
header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');

Line 216Line 216
	}
else
{

	}
else
{

		header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));

		header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(html_entity_decode($attachment['real_filename'], ENT_COMPAT)));

		if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0))
{
header('X-Download-Options: noopen');

		if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0))
{
header('X-Download-Options: noopen');

Line 242Line 242
			// X-Sendfile - http://blog.lighttpd.net/articles/2006/07/02/x-sendfile
// Lighttpd's X-Sendfile does not support range requests as of 1.4.26
// and always requires an absolute path.

			// X-Sendfile - http://blog.lighttpd.net/articles/2006/07/02/x-sendfile
// Lighttpd's X-Sendfile does not support range requests as of 1.4.26
// and always requires an absolute path.

			header('X-Sendfile: ' . dirname(__FILE__) . "/../$upload_dir/{$attachment['physical_filename']}");

			header('X-Sendfile: ' . __DIR__ . "/../$upload_dir/{$attachment['physical_filename']}");

			exit;
}


			exit;
}


Line 327Line 327
		return true;
}


		return true;
}


	$url = htmlspecialchars_decode($request->header('Referer'));

	$url = html_entity_decode($request->header('Referer'), ENT_COMPAT);


if (!$url)
{


if (!$url)
{

Line 656Line 656
{
global $phpbb_container;


{
global $phpbb_container;


	$sql_array = array(
'SELECT' => 't.topic_visibility, t.forum_id, f.forum_name, f.forum_password, f.parent_id',
'FROM' => array(

	$sql_array = [
'SELECT' => 't.forum_id, t.topic_poster, t.topic_visibility, f.forum_name, f.forum_password, f.parent_id',
'FROM' => [

			TOPICS_TABLE => 't',
FORUMS_TABLE => 'f',

			TOPICS_TABLE => 't',
FORUMS_TABLE => 'f',

		),
'WHERE' => 't.topic_id = ' . (int) $topic_id . '

		],
'WHERE' => 't.topic_id = ' . (int) $topic_id . '

			AND t.forum_id = f.forum_id',

			AND t.forum_id = f.forum_id',

	);

	];


$sql = $db->sql_build_query('SELECT', $sql_array);
$result = $db->sql_query($sql);


$sql = $db->sql_build_query('SELECT', $sql_array);
$result = $db->sql_query($sql);