[ Index ]

PHP Cross Reference of phpBB-3.1.10-deutsch

title

Body

[close]

/download/ -> file.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  /**
  15  * @ignore
  16  */
  17  define('IN_PHPBB', true);
  18  $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
  19  $phpEx = substr(strrchr(__FILE__, '.'), 1);
  20  
  21  // Thank you sun.
  22  if (isset($_SERVER['CONTENT_TYPE']))
  23  {
  24      if ($_SERVER['CONTENT_TYPE'] === 'application/x-java-archive')
  25      {
  26          exit;
  27      }
  28  }
  29  else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'Java') !== false)
  30  {
  31      exit;
  32  }
  33  
  34  if (isset($_GET['avatar']))
  35  {
  36      require($phpbb_root_path . 'includes/startup.' . $phpEx);
  37  
  38      require($phpbb_root_path . 'phpbb/class_loader.' . $phpEx);
  39      $phpbb_class_loader = new \phpbb\class_loader('phpbb\\', "{$phpbb_root_path}phpbb/", $phpEx);
  40      $phpbb_class_loader->register();
  41  
  42      $phpbb_config_php_file = new \phpbb\config_php_file($phpbb_root_path, $phpEx);
  43      extract($phpbb_config_php_file->get_all());
  44  
  45      if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
  46      {
  47          exit;
  48      }
  49  
  50      require($phpbb_root_path . 'includes/constants.' . $phpEx);
  51      require($phpbb_root_path . 'includes/functions.' . $phpEx);
  52      require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);
  53      require($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx);
  54  
  55      // Setup class loader first
  56      $phpbb_class_loader_ext = new \phpbb\class_loader('\\', "{$phpbb_root_path}ext/", $phpEx);
  57      $phpbb_class_loader_ext->register();
  58  
  59      phpbb_load_extensions_autoloaders($phpbb_root_path);
  60  
  61      // Set up container
  62      $phpbb_container_builder = new \phpbb\di\container_builder($phpbb_config_php_file, $phpbb_root_path, $phpEx);
  63      $phpbb_container = $phpbb_container_builder->get_container();
  64  
  65      $phpbb_class_loader->set_cache($phpbb_container->get('cache.driver'));
  66      $phpbb_class_loader_ext->set_cache($phpbb_container->get('cache.driver'));
  67  
  68      // set up caching
  69      $cache = $phpbb_container->get('cache');
  70  
  71      $phpbb_dispatcher = $phpbb_container->get('dispatcher');
  72      $request    = $phpbb_container->get('request');
  73      $db            = $phpbb_container->get('dbal.conn');
  74      $phpbb_log    = $phpbb_container->get('log');
  75  
  76      unset($dbpasswd);
  77  
  78      request_var('', 0, false, false, $request);
  79  
  80      $config = $phpbb_container->get('config');
  81      set_config(null, null, null, $config);
  82      set_config_count(null, null, null, $config);
  83  
  84      // load extensions
  85      $phpbb_extension_manager = $phpbb_container->get('ext.manager');
  86  
  87      // worst-case default
  88      $browser = strtolower($request->header('User-Agent', 'msie 6.0'));
  89  
  90      $phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
  91  
  92      $filename = request_var('avatar', '');
  93      $avatar_group = false;
  94      $exit = false;
  95  
  96      if (isset($filename[0]) && $filename[0] === 'g')
  97      {
  98          $avatar_group = true;
  99          $filename = substr($filename, 1);
 100      }
 101  
 102      // '==' is not a bug - . as the first char is as bad as no dot at all
 103      if (strpos($filename, '.') == false)
 104      {
 105          send_status_line(403, 'Forbidden');
 106          $exit = true;
 107      }
 108  
 109      if (!$exit)
 110      {
 111          $ext        = substr(strrchr($filename, '.'), 1);
 112          $stamp        = (int) substr(stristr($filename, '_'), 1);
 113          $filename    = (int) $filename;
 114          $exit = set_modified_headers($stamp, $browser);
 115      }
 116      if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
 117      {
 118          // no way such an avatar could exist. They are not following the rules, stop the show.
 119          send_status_line(403, 'Forbidden');
 120          $exit = true;
 121      }
 122  
 123  
 124      if (!$exit)
 125      {
 126          if (!$filename)
 127          {
 128              // no way such an avatar could exist. They are not following the rules, stop the show.
 129              send_status_line(403, 'Forbidden');
 130          }
 131          else
 132          {
 133              send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
 134          }
 135      }
 136      file_gc();
 137  }
 138  
 139  // implicit else: we are not in avatar mode
 140  include($phpbb_root_path . 'common.' . $phpEx);
 141  require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);
 142  
 143  $attach_id = request_var('id', 0);
 144  $mode = request_var('mode', '');
 145  $thumbnail = request_var('t', false);
 146  
 147  // Start session management, do not update session page.
 148  $user->session_begin(false);
 149  $auth->acl($user->data);
 150  $user->setup('viewtopic');
 151  
 152  if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
 153  {
 154      send_status_line(404, 'Not Found');
 155      trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 156  }
 157  
 158  if (!$attach_id)
 159  {
 160      send_status_line(404, 'Not Found');
 161      trigger_error('NO_ATTACHMENT_SELECTED');
 162  }
 163  
 164  $sql = 'SELECT attach_id, post_msg_id, topic_id, in_message, poster_id, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime
 165      FROM ' . ATTACHMENTS_TABLE . "
 166      WHERE attach_id = $attach_id";
 167  $result = $db->sql_query($sql);
 168  $attachment = $db->sql_fetchrow($result);
 169  $db->sql_freeresult($result);
 170  
 171  if (!$attachment)
 172  {
 173      send_status_line(404, 'Not Found');
 174      trigger_error('ERROR_NO_ATTACHMENT');
 175  }
 176  else if (!download_allowed())
 177  {
 178      send_status_line(403, 'Forbidden');
 179      trigger_error($user->lang['LINKAGE_FORBIDDEN']);
 180  }
 181  else
 182  {
 183      $attachment['physical_filename'] = utf8_basename($attachment['physical_filename']);
 184  
 185      if (!$attachment['in_message'] && !$config['allow_attachments'] || $attachment['in_message'] && !$config['allow_pm_attach'])
 186      {
 187          send_status_line(404, 'Not Found');
 188          trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 189      }
 190  
 191      if ($attachment['is_orphan'])
 192      {
 193          // We allow admins having attachment permissions to see orphan attachments...
 194          $own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;
 195  
 196          if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
 197          {
 198              send_status_line(404, 'Not Found');
 199              trigger_error('ERROR_NO_ATTACHMENT');
 200          }
 201  
 202          // Obtain all extensions...
 203          $extensions = $cache->obtain_attach_extensions(true);
 204      }
 205      else
 206      {
 207          if (!$attachment['in_message'])
 208          {
 209              phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']);
 210  
 211              $sql = 'SELECT forum_id, post_visibility
 212                  FROM ' . POSTS_TABLE . '
 213                  WHERE post_id = ' . (int) $attachment['post_msg_id'];
 214              $result = $db->sql_query($sql);
 215              $post_row = $db->sql_fetchrow($result);
 216              $db->sql_freeresult($result);
 217  
 218              if (!$post_row || ($post_row['post_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $post_row['forum_id'])))
 219              {
 220                  // Attachment of a soft deleted post and the user is not allowed to see the post
 221                  send_status_line(404, 'Not Found');
 222                  trigger_error('ERROR_NO_ATTACHMENT');
 223              }
 224          }
 225          else
 226          {
 227              // Attachment is in a private message.
 228              $post_row = array('forum_id' => false);
 229              phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']);
 230          }
 231  
 232          $extensions = array();
 233          if (!extension_allowed($post_row['forum_id'], $attachment['extension'], $extensions))
 234          {
 235              send_status_line(403, 'Forbidden');
 236              trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
 237          }
 238      }
 239  
 240      $download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
 241      $display_cat = $extensions[$attachment['extension']]['display_cat'];
 242  
 243      if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))
 244      {
 245          $display_cat = ATTACHMENT_CATEGORY_NONE;
 246      }
 247  
 248      if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
 249      {
 250          $display_cat = ATTACHMENT_CATEGORY_NONE;
 251      }
 252  
 253      /**
 254      * Event to modify data before sending file to browser
 255      *
 256      * @event core.download_file_send_to_browser_before
 257      * @var    int        attach_id            The attachment ID
 258      * @var    array    attachment            Array with attachment data
 259      * @var    int        display_cat            Attachment category
 260      * @var    int        download_mode        File extension specific download mode
 261      * @var    array    extensions            Array with file extensions data
 262      * @var    string    mode                Download mode
 263      * @var    bool    thumbnail            Flag indicating if the file is a thumbnail
 264      * @since 3.1.6-RC1
 265      * @change 3.1.7-RC1    Fixing wrong name of a variable (replacing "extension" by "extensions")
 266      */
 267      $vars = array(
 268          'attach_id',
 269          'attachment',
 270          'display_cat',
 271          'download_mode',
 272          'extensions',
 273          'mode',
 274          'thumbnail',
 275      );
 276      extract($phpbb_dispatcher->trigger_event('core.download_file_send_to_browser_before', compact($vars)));
 277  
 278      if ($thumbnail)
 279      {
 280          $attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
 281      }
 282      else if ($display_cat == ATTACHMENT_CATEGORY_NONE && !$attachment['is_orphan'] && !phpbb_http_byte_range($attachment['filesize']))
 283      {
 284          // Update download count
 285          phpbb_increment_downloads($db, $attachment['attach_id']);
 286      }
 287  
 288      if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && (strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7))
 289      {
 290          wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
 291          file_gc();
 292      }
 293      else
 294      {
 295          // Determine the 'presenting'-method
 296          if ($download_mode == PHYSICAL_LINK)
 297          {
 298              // This presenting method should no longer be used
 299              if (!@is_dir($phpbb_root_path . $config['upload_path']))
 300              {
 301                  send_status_line(500, 'Internal Server Error');
 302                  trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
 303              }
 304  
 305              redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
 306              file_gc();
 307          }
 308          else
 309          {
 310              send_file_to_browser($attachment, $config['upload_path'], $display_cat);
 311              file_gc();
 312          }
 313      }
 314  }


Generated: Sun Feb 19 19:52:41 2017 Cross-referenced by PHPXref 0.7.1