| [ Index ] |
PHP Cross Reference of phpBB-3.1.12-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 /** 15 * @ignore 16 */ 17 define('IN_PHPBB', true); 18 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../'; 19 $phpEx = substr(strrchr(__FILE__, '.'), 1); 20 21 // Thank you sun. 22 if (isset($_SERVER['CONTENT_TYPE'])) 23 { 24 if ($_SERVER['CONTENT_TYPE'] === 'application/x-java-archive') 25 { 26 exit; 27 } 28 } 29 else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'Java') !== false) 30 { 31 exit; 32 } 33 34 if (isset($_GET['avatar'])) 35 { 36 require($phpbb_root_path . 'includes/startup.' . $phpEx); 37 38 require($phpbb_root_path . 'phpbb/class_loader.' . $phpEx); 39 $phpbb_class_loader = new \phpbb\class_loader('phpbb\\', "{$phpbb_root_path}phpbb/", $phpEx); 40 $phpbb_class_loader->register(); 41 42 $phpbb_config_php_file = new \phpbb\config_php_file($phpbb_root_path, $phpEx); 43 extract($phpbb_config_php_file->get_all()); 44 45 if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type)) 46 { 47 exit; 48 } 49 50 require($phpbb_root_path . 'includes/constants.' . $phpEx); 51 require($phpbb_root_path . 'includes/functions.' . $phpEx); 52 require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx); 53 require($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx); 54 55 // Setup class loader first 56 $phpbb_class_loader_ext = new \phpbb\class_loader('\\', "{$phpbb_root_path}ext/", $phpEx); 57 $phpbb_class_loader_ext->register(); 58 59 phpbb_load_extensions_autoloaders($phpbb_root_path); 60 61 // Set up container 62 $phpbb_container_builder = new \phpbb\di\container_builder($phpbb_config_php_file, $phpbb_root_path, $phpEx); 63 $phpbb_container = $phpbb_container_builder->get_container(); 64 65 $phpbb_class_loader->set_cache($phpbb_container->get('cache.driver')); 66 $phpbb_class_loader_ext->set_cache($phpbb_container->get('cache.driver')); 67 68 // set up caching 69 $cache = $phpbb_container->get('cache'); 70 71 $phpbb_dispatcher = $phpbb_container->get('dispatcher'); 72 $request = $phpbb_container->get('request'); 73 $db = $phpbb_container->get('dbal.conn'); 74 $phpbb_log = $phpbb_container->get('log'); 75 76 unset($dbpasswd); 77 78 request_var('', 0, false, false, $request); 79 80 $config = $phpbb_container->get('config'); 81 set_config(null, null, null, $config); 82 set_config_count(null, null, null, $config); 83 84 // load extensions 85 $phpbb_extension_manager = $phpbb_container->get('ext.manager'); 86 87 // worst-case default 88 $browser = strtolower($request->header('User-Agent', 'msie 6.0')); 89 90 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); 91 92 $filename = request_var('avatar', ''); 93 $avatar_group = false; 94 $exit = false; 95 96 if (isset($filename[0]) && $filename[0] === 'g') 97 { 98 $avatar_group = true; 99 $filename = substr($filename, 1); 100 } 101 102 // '==' is not a bug - . as the first char is as bad as no dot at all 103 if (strpos($filename, '.') == false) 104 { 105 send_status_line(403, 'Forbidden'); 106 $exit = true; 107 } 108 109 if (!$exit) 110 { 111 $ext = substr(strrchr($filename, '.'), 1); 112 $stamp = (int) substr(stristr($filename, '_'), 1); 113 $filename = (int) $filename; 114 $exit = set_modified_headers($stamp, $browser); 115 } 116 if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg'))) 117 { 118 // no way such an avatar could exist. They are not following the rules, stop the show. 119 send_status_line(403, 'Forbidden'); 120 $exit = true; 121 } 122 123 124 if (!$exit) 125 { 126 if (!$filename) 127 { 128 // no way such an avatar could exist. They are not following the rules, stop the show. 129 send_status_line(403, 'Forbidden'); 130 } 131 else 132 { 133 send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser); 134 } 135 } 136 file_gc(); 137 } 138 139 // implicit else: we are not in avatar mode 140 include($phpbb_root_path . 'common.' . $phpEx); 141 require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx); 142 143 $attach_id = request_var('id', 0); 144 $mode = request_var('mode', ''); 145 $thumbnail = request_var('t', false); 146 147 // Start session management, do not update session page. 148 $user->session_begin(false); 149 $auth->acl($user->data); 150 $user->setup('viewtopic'); 151 152 if (!$config['allow_attachments'] && !$config['allow_pm_attach']) 153 { 154 send_status_line(404, 'Not Found'); 155 trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); 156 } 157 158 if (!$attach_id) 159 { 160 send_status_line(404, 'Not Found'); 161 trigger_error('NO_ATTACHMENT_SELECTED'); 162 } 163 164 $sql = 'SELECT attach_id, post_msg_id, topic_id, in_message, poster_id, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime 165 FROM ' . ATTACHMENTS_TABLE . " 166 WHERE attach_id = $attach_id"; 167 $result = $db->sql_query($sql); 168 $attachment = $db->sql_fetchrow($result); 169 $db->sql_freeresult($result); 170 171 if (!$attachment) 172 { 173 send_status_line(404, 'Not Found'); 174 trigger_error('ERROR_NO_ATTACHMENT'); 175 } 176 else if (!download_allowed()) 177 { 178 send_status_line(403, 'Forbidden'); 179 trigger_error($user->lang['LINKAGE_FORBIDDEN']); 180 } 181 else 182 { 183 $attachment['physical_filename'] = utf8_basename($attachment['physical_filename']); 184 185 if (!$attachment['in_message'] && !$config['allow_attachments'] || $attachment['in_message'] && !$config['allow_pm_attach']) 186 { 187 send_status_line(404, 'Not Found'); 188 trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); 189 } 190 191 if ($attachment['is_orphan']) 192 { 193 // We allow admins having attachment permissions to see orphan attachments... 194 $own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false; 195 196 if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download'))) 197 { 198 send_status_line(404, 'Not Found'); 199 trigger_error('ERROR_NO_ATTACHMENT'); 200 } 201 202 // Obtain all extensions... 203 $extensions = $cache->obtain_attach_extensions(true); 204 } 205 else 206 { 207 if (!$attachment['in_message']) 208 { 209 phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']); 210 211 $sql = 'SELECT forum_id, post_visibility 212 FROM ' . POSTS_TABLE . ' 213 WHERE post_id = ' . (int) $attachment['post_msg_id']; 214 $result = $db->sql_query($sql); 215 $post_row = $db->sql_fetchrow($result); 216 $db->sql_freeresult($result); 217 218 if (!$post_row || ($post_row['post_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $post_row['forum_id']))) 219 { 220 // Attachment of a soft deleted post and the user is not allowed to see the post 221 send_status_line(404, 'Not Found'); 222 trigger_error('ERROR_NO_ATTACHMENT'); 223 } 224 } 225 else 226 { 227 // Attachment is in a private message. 228 $post_row = array('forum_id' => false); 229 phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']); 230 } 231 232 $extensions = array(); 233 if (!extension_allowed($post_row['forum_id'], $attachment['extension'], $extensions)) 234 { 235 send_status_line(403, 'Forbidden'); 236 trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); 237 } 238 } 239 240 $download_mode = (int) $extensions[$attachment['extension']]['download_mode']; 241 $display_cat = $extensions[$attachment['extension']]['display_cat']; 242 243 if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg')) 244 { 245 $display_cat = ATTACHMENT_CATEGORY_NONE; 246 } 247 248 if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash')) 249 { 250 $display_cat = ATTACHMENT_CATEGORY_NONE; 251 } 252 253 /** 254 * Event to modify data before sending file to browser 255 * 256 * @event core.download_file_send_to_browser_before 257 * @var int attach_id The attachment ID 258 * @var array attachment Array with attachment data 259 * @var int display_cat Attachment category 260 * @var int download_mode File extension specific download mode 261 * @var array extensions Array with file extensions data 262 * @var string mode Download mode 263 * @var bool thumbnail Flag indicating if the file is a thumbnail 264 * @since 3.1.6-RC1 265 * @changed 3.1.7-RC1 Fixing wrong name of a variable (replacing "extension" by "extensions") 266 */ 267 $vars = array( 268 'attach_id', 269 'attachment', 270 'display_cat', 271 'download_mode', 272 'extensions', 273 'mode', 274 'thumbnail', 275 ); 276 extract($phpbb_dispatcher->trigger_event('core.download_file_send_to_browser_before', compact($vars))); 277 278 if ($thumbnail) 279 { 280 $attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename']; 281 } 282 else if ($display_cat == ATTACHMENT_CATEGORY_NONE && !$attachment['is_orphan'] && !phpbb_http_byte_range($attachment['filesize'])) 283 { 284 // Update download count 285 phpbb_increment_downloads($db, $attachment['attach_id']); 286 } 287 288 if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && (strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)) 289 { 290 wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']); 291 file_gc(); 292 } 293 else 294 { 295 // Determine the 'presenting'-method 296 if ($download_mode == PHYSICAL_LINK) 297 { 298 // This presenting method should no longer be used 299 if (!@is_dir($phpbb_root_path . $config['upload_path'])) 300 { 301 send_status_line(500, 'Internal Server Error'); 302 trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']); 303 } 304 305 redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']); 306 file_gc(); 307 } 308 else 309 { 310 send_file_to_browser($attachment, $config['upload_path'], $display_cat); 311 file_gc(); 312 } 313 } 314 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Jan 11 00:25:41 2018 | Cross-referenced by PHPXref 0.7.1 |