diff options
| author | Nils Adermann <naderman@naderman.de> | 2011-08-18 19:15:00 -0400 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2011-08-18 19:15:00 -0400 |
| commit | 052e33823b98ec3e51fdb424937e72dd1f33d11f (patch) | |
| tree | 975749ed51ac43c98940b7dd7b0ed03a9f99d7a6 /phpBB/includes/functions_download.php | |
| parent | d06dcd69e60bc3e6eafb4a11dfb1639fa4e4646b (diff) | |
| parent | b05382d226d2c5d68ff5a483d8885f65e754c90d (diff) | |
| download | forums-052e33823b98ec3e51fdb424937e72dd1f33d11f.tar forums-052e33823b98ec3e51fdb424937e72dd1f33d11f.tar.gz forums-052e33823b98ec3e51fdb424937e72dd1f33d11f.tar.bz2 forums-052e33823b98ec3e51fdb424937e72dd1f33d11f.tar.xz forums-052e33823b98ec3e51fdb424937e72dd1f33d11f.zip | |
Merge remote-tracking branch 'github-igorw/feature/request-class' into develop
* github-igorw/feature/request-class:
[feature/request-class] Fix session_testable_factory
[feature/request-class] Adjust code base to do html decoding manually
[feature/request-class] Remove $html_encode arg, force manual decoding
[feature/request-class] Do not html escape user agent in header_filename
[feature/request-class] Make use of the is_secure() method
[feature/request-class] Add is_secure method to request for HTTPS
[feature/request-class] Make server() use the $html_encode parameter
[feature/request-class] Remove useless condition
[feature/request-class] Minor spacing CS adjustments
[feature/request-class] Add server(), header() and is_ajax() to request
Diffstat (limited to 'phpBB/includes/functions_download.php')
| -rw-r--r-- | phpBB/includes/functions_download.php | 39 |
1 files changed, 18 insertions, 21 deletions
diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index 91a09608c7..b4664d74cb 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -274,7 +274,9 @@ function send_file_to_browser($attachment, $upload_dir, $category) */ function header_filename($file) { - $user_agent = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; + global $request; + + $user_agent = $request->header('User-Agent'); // There be dragons here. // Not many follows the RFC... @@ -292,14 +294,14 @@ function header_filename($file) */ function download_allowed() { - global $config, $user, $db; + global $config, $user, $db, $request; if (!$config['secure_downloads']) { return true; } - $url = (!empty($_SERVER['HTTP_REFERER'])) ? trim($_SERVER['HTTP_REFERER']) : trim(getenv('HTTP_REFERER')); + $url = htmlspecialchars_decode($request->header('Referer')); if (!$url) { @@ -404,8 +406,10 @@ function download_allowed() */ function set_modified_headers($stamp, $browser) { + global $request; + // let's see if we have to send the file at all - $last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false; + $last_load = $request->header('Modified-Since') ? strtotime(trim($request->header('Modified-Since'))) : false; if ((strpos(strtolower($browser), 'msie 6.0') === false) && (strpos(strtolower($browser), 'msie 8.0') === false)) { if ($last_load !== false && $last_load >= $stamp) @@ -473,12 +477,12 @@ function phpbb_http_byte_range($filesize) { $request_array = phpbb_find_range_request(); } - + return (empty($request_array)) ? false : phpbb_parse_range_request($request_array, $filesize); } /** -* Searches for HTTP range request in super globals. +* Searches for HTTP range request in request headers. * * @return mixed false if no request found * array of strings containing the requested ranges otherwise @@ -486,23 +490,16 @@ function phpbb_http_byte_range($filesize) */ function phpbb_find_range_request() { - $globals = array( - array('_SERVER', 'HTTP_RANGE'), - array('_ENV', 'HTTP_RANGE'), - ); + global $request; - foreach ($globals as $array) - { - $global = $array[0]; - $key = $array[1]; + $value = $request->header('Range'); - // Make sure range request starts with "bytes=" - if (isset($GLOBALS[$global][$key]) && strpos($GLOBALS[$global][$key], 'bytes=') === 0) - { - // Strip leading 'bytes=' - // Multiple ranges can be separated by a comma - return explode(',', substr($GLOBALS[$global][$key], 6)); - } + // Make sure range request starts with "bytes=" + if (strpos($value, 'bytes=') === 0) + { + // Strip leading 'bytes=' + // Multiple ranges can be separated by a comma + return explode(',', substr($value, 6)); } return false; |