| [ Index ] |
PHP Cross Reference of phpBB-3.3.14-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 /** 15 * @ignore 16 */ 17 define('IN_PHPBB', true); 18 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../'; 19 $phpEx = substr(strrchr(__FILE__, '.'), 1); 20 21 // Thank you sun. 22 if (isset($_SERVER['CONTENT_TYPE'])) 23 { 24 if ($_SERVER['CONTENT_TYPE'] === 'application/x-java-archive') 25 { 26 exit; 27 } 28 } 29 else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'Java') !== false) 30 { 31 exit; 32 } 33 34 if (isset($_GET['avatar'])) 35 { 36 require($phpbb_root_path . 'includes/startup.' . $phpEx); 37 38 require($phpbb_root_path . 'phpbb/class_loader.' . $phpEx); 39 $phpbb_class_loader = new \phpbb\class_loader('phpbb\\', "{$phpbb_root_path}phpbb/", $phpEx); 40 $phpbb_class_loader->register(); 41 42 $phpbb_config_php_file = new \phpbb\config_php_file($phpbb_root_path, $phpEx); 43 extract($phpbb_config_php_file->get_all()); 44 45 if (!defined('PHPBB_ENVIRONMENT')) 46 { 47 @define('PHPBB_ENVIRONMENT', 'production'); 48 } 49 50 if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type)) 51 { 52 exit; 53 } 54 55 require($phpbb_root_path . 'includes/constants.' . $phpEx); 56 require($phpbb_root_path . 'includes/functions.' . $phpEx); 57 require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx); 58 require($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx); 59 60 // Setup class loader first 61 $phpbb_class_loader_ext = new \phpbb\class_loader('\\', "{$phpbb_root_path}ext/", $phpEx); 62 $phpbb_class_loader_ext->register(); 63 64 // Set up container 65 $phpbb_container_builder = new \phpbb\di\container_builder($phpbb_root_path, $phpEx); 66 $phpbb_container = $phpbb_container_builder->with_config($phpbb_config_php_file)->get_container(); 67 68 $phpbb_class_loader->set_cache($phpbb_container->get('cache.driver')); 69 $phpbb_class_loader_ext->set_cache($phpbb_container->get('cache.driver')); 70 71 // set up caching 72 /* @var $cache \phpbb\cache\service */ 73 $cache = $phpbb_container->get('cache'); 74 75 /* @var $phpbb_dispatcher \phpbb\event\dispatcher */ 76 $phpbb_dispatcher = $phpbb_container->get('dispatcher'); 77 78 /* @var $request \phpbb\request\request_interface */ 79 $request = $phpbb_container->get('request'); 80 81 /* @var $db \phpbb\db\driver\driver_interface */ 82 $db = $phpbb_container->get('dbal.conn'); 83 84 /* @var $phpbb_log \phpbb\log\log_interface */ 85 $phpbb_log = $phpbb_container->get('log'); 86 87 unset($dbpasswd); 88 89 /* @var $config \phpbb\config\config */ 90 $config = $phpbb_container->get('config'); 91 92 // load extensions 93 /* @var $phpbb_extension_manager \phpbb\extension\manager */ 94 $phpbb_extension_manager = $phpbb_container->get('ext.manager'); 95 96 // worst-case default 97 $browser = strtolower($request->header('User-Agent', 'msie 6.0')); 98 99 /* @var $phpbb_avatar_manager \phpbb\avatar\manager */ 100 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); 101 102 $filename = $request->variable('avatar', ''); 103 $avatar_group = false; 104 $exit = false; 105 106 if (isset($filename[0]) && $filename[0] === 'g') 107 { 108 $avatar_group = true; 109 $filename = substr($filename, 1); 110 } 111 112 // '==' is not a bug - . as the first char is as bad as no dot at all 113 if (strpos($filename, '.') == false) 114 { 115 send_status_line(403, 'Forbidden'); 116 $exit = true; 117 } 118 119 if (!$exit) 120 { 121 $ext = substr(strrchr($filename, '.'), 1); 122 $stamp = (int) substr(stristr($filename, '_'), 1); 123 $filename = (int) $filename; 124 $exit = set_modified_headers($stamp, $browser); 125 } 126 if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg'))) 127 { 128 // no way such an avatar could exist. They are not following the rules, stop the show. 129 send_status_line(403, 'Forbidden'); 130 $exit = true; 131 } 132 133 134 if (!$exit) 135 { 136 if (!$filename) 137 { 138 // no way such an avatar could exist. They are not following the rules, stop the show. 139 send_status_line(403, 'Forbidden'); 140 } 141 else 142 { 143 send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser); 144 } 145 } 146 file_gc(); 147 } 148 149 // implicit else: we are not in avatar mode 150 include($phpbb_root_path . 'common.' . $phpEx); 151 require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx); 152 153 $attach_id = $request->variable('id', 0); 154 $mode = $request->variable('mode', ''); 155 $thumbnail = $request->variable('t', false); 156 157 // Start session management, do not update session page. 158 $user->session_begin(false); 159 $auth->acl($user->data); 160 $user->setup('viewtopic'); 161 162 $phpbb_content_visibility = $phpbb_container->get('content.visibility'); 163 164 if (!$config['allow_attachments'] && !$config['allow_pm_attach']) 165 { 166 send_status_line(404, 'Not Found'); 167 trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); 168 } 169 170 if (!$attach_id) 171 { 172 send_status_line(404, 'Not Found'); 173 trigger_error('NO_ATTACHMENT_SELECTED'); 174 } 175 176 $sql = 'SELECT attach_id, post_msg_id, topic_id, in_message, poster_id, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime 177 FROM ' . ATTACHMENTS_TABLE . " 178 WHERE attach_id = $attach_id"; 179 $result = $db->sql_query($sql); 180 $attachment = $db->sql_fetchrow($result); 181 $db->sql_freeresult($result); 182 183 if (!$attachment) 184 { 185 send_status_line(404, 'Not Found'); 186 trigger_error('ERROR_NO_ATTACHMENT'); 187 } 188 else if (!download_allowed()) 189 { 190 send_status_line(403, 'Forbidden'); 191 trigger_error($user->lang['LINKAGE_FORBIDDEN']); 192 } 193 else 194 { 195 $attachment['physical_filename'] = utf8_basename($attachment['physical_filename']); 196 197 if (!$attachment['in_message'] && !$config['allow_attachments'] || $attachment['in_message'] && !$config['allow_pm_attach']) 198 { 199 send_status_line(404, 'Not Found'); 200 trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); 201 } 202 203 if ($attachment['is_orphan']) 204 { 205 // We allow admins having attachment permissions to see orphan attachments... 206 $own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false; 207 208 if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download'))) 209 { 210 send_status_line(404, 'Not Found'); 211 trigger_error('ERROR_NO_ATTACHMENT'); 212 } 213 214 // Obtain all extensions... 215 $extensions = $cache->obtain_attach_extensions(true); 216 } 217 else 218 { 219 if (!$attachment['in_message']) 220 { 221 phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']); 222 223 $sql = 'SELECT forum_id, poster_id, post_visibility 224 FROM ' . POSTS_TABLE . ' 225 WHERE post_id = ' . (int) $attachment['post_msg_id']; 226 $result = $db->sql_query($sql); 227 $post_row = $db->sql_fetchrow($result); 228 $db->sql_freeresult($result); 229 230 if (!$post_row || !$phpbb_content_visibility->is_visible('post', $post_row['forum_id'], $post_row)) 231 { 232 // Attachment of a soft deleted post and the user is not allowed to see the post 233 send_status_line(404, 'Not Found'); 234 trigger_error('ERROR_NO_ATTACHMENT'); 235 } 236 } 237 else 238 { 239 // Attachment is in a private message. 240 $post_row = array('forum_id' => false); 241 phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']); 242 } 243 244 $extensions = array(); 245 if (!extension_allowed($post_row['forum_id'], $attachment['extension'], $extensions)) 246 { 247 send_status_line(403, 'Forbidden'); 248 trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); 249 } 250 } 251 252 $download_mode = (int) $extensions[$attachment['extension']]['download_mode']; 253 $display_cat = $extensions[$attachment['extension']]['display_cat']; 254 255 if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg')) 256 { 257 $display_cat = ATTACHMENT_CATEGORY_NONE; 258 } 259 260 /** 261 * Event to modify data before sending file to browser 262 * 263 * @event core.download_file_send_to_browser_before 264 * @var int attach_id The attachment ID 265 * @var array attachment Array with attachment data 266 * @var int display_cat Attachment category 267 * @var int download_mode File extension specific download mode 268 * @var array extensions Array with file extensions data 269 * @var string mode Download mode 270 * @var bool thumbnail Flag indicating if the file is a thumbnail 271 * @since 3.1.6-RC1 272 * @changed 3.1.7-RC1 Fixing wrong name of a variable (replacing "extension" by "extensions") 273 */ 274 $vars = array( 275 'attach_id', 276 'attachment', 277 'display_cat', 278 'download_mode', 279 'extensions', 280 'mode', 281 'thumbnail', 282 ); 283 extract($phpbb_dispatcher->trigger_event('core.download_file_send_to_browser_before', compact($vars))); 284 285 if ($thumbnail) 286 { 287 $attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename']; 288 } 289 else if ($display_cat == ATTACHMENT_CATEGORY_NONE && !$attachment['is_orphan'] && !phpbb_http_byte_range($attachment['filesize'])) 290 { 291 // Update download count 292 phpbb_increment_downloads($db, $attachment['attach_id']); 293 } 294 295 if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && (strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)) 296 { 297 wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']); 298 file_gc(); 299 } 300 else 301 { 302 // Determine the 'presenting'-method 303 if ($download_mode == PHYSICAL_LINK) 304 { 305 // This presenting method should no longer be used 306 if (!@is_dir($phpbb_root_path . $config['upload_path'])) 307 { 308 send_status_line(500, 'Internal Server Error'); 309 trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']); 310 } 311 312 redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']); 313 file_gc(); 314 } 315 else 316 { 317 send_file_to_browser($attachment, $config['upload_path'], $display_cat); 318 file_gc(); 319 } 320 } 321 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Nov 25 19:05:08 2024 | Cross-referenced by PHPXref 0.7.1 |