aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/download.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/download.php')
-rw-r--r--phpBB/download.php196
1 files changed, 99 insertions, 97 deletions
diff --git a/phpBB/download.php b/phpBB/download.php
index 1bfa140db5..ece662c672 100644
--- a/phpBB/download.php
+++ b/phpBB/download.php
@@ -11,110 +11,14 @@
//
// -------------------------------------------------------------
-if ( defined('IN_PHPBB') )
-{
- die('Hacking attempt');
- exit;
-}
-
define('IN_PHPBB', true);
$phpbb_root_path = './';
-include($phpbb_root_path . 'extension.inc');
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.'.$phpEx);
$download_id = (isset($_REQUEST['id'])) ? intval($_REQUEST['id']) : FALSE;
$thumbnail = (isset($_REQUEST['thumb'])) ? intval($_REQUEST['thumb']) : FALSE;
-function send_file_to_browser($attachment, $upload_dir, $category)
-{
- global $_SERVER, $HTTP_USER_AGENT, $HTTP_SERVER_VARS, $user, $db, $config;
-
- $filename = ($upload_dir == '') ? $attachment['physical_filename'] : $upload_dir . '/' . $attachment['physical_filename'];
-
- if (!file_exists($filename))
- {
- trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));
- }
-
- // Determine the Browser the User is using, because of some nasty incompatibilities.
- // borrowed from phpMyAdmin. :)
- if (!empty($_SERVER['HTTP_USER_AGENT']))
- {
- $HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
- }
- else if (!empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']))
- {
- $HTTP_USER_AGENT = $HTTP_SERVER_VARS['HTTP_USER_AGENT'];
- }
- else if (!isset($HTTP_USER_AGENT))
- {
- $HTTP_USER_AGENT = '';
- }
-
- if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
- {
- $browser_version = $log_version[2];
- $browser_agent = 'opera';
- }
- else if (ereg('MSIE ([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
- {
- $browser_version = $log_version[1];
- $browser_agent = 'ie';
- }
- else if (ereg('OmniWeb/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
- {
- $browser_version = $log_version[1];
- $browser_agent = 'omniweb';
- }
- else if (ereg('Netscape([0-9]{1})', $HTTP_USER_AGENT, $log_version))
- {
- $browser_version = $log_version[1];
- $browser_agent = 'netscape';
- }
- else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
- {
- $browser_version = $log_version[1];
- $browser_agent = 'mozilla';
- }
- else if (ereg('Konqueror/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
- {
- $browser_version = $log_version[1];
- $browser_agent = 'konqueror';
- }
- else
- {
- $browser_version = 0;
- $browser_agent = 'other';
- }
-
- // Correct the mime type - we force application/octetstream for all files, except images
- // Please do not change this, it is a security precaution
- if ($category == NONE_CAT && !strstr($attachment['mimetype'], 'image'))
- {
- $attachment['mimetype'] = ($browser_agent == 'ie' || $browser_agent == 'opera') ? 'application/octetstream' : 'application/octet-stream';
- }
-
- // Now the tricky part... let's dance
- @ob_end_clean();
- @ini_set('zlib.output_compression', 'Off');
- header('Pragma: public');
- header('Content-Transfer-Encoding: none');
-
- // Send out the Headers
- header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
- header('Content-Disposition: inline; filename="' . $attachment['real_filename'] . '"');
-
- // Now send the File Contents to the Browser
- $size = @filesize($filename);
- if ($size)
- {
- header("Content-length: $size");
- }
- readfile($filename);
-
- exit;
-}
-
// Start session management
$user->start();
$auth->acl($user->data);
@@ -221,4 +125,102 @@ else
exit;
}
+
+// ---------
+// FUNCTIONS
+//
+
+function send_file_to_browser($attachment, $upload_dir, $category)
+{
+ global $_SERVER, $HTTP_USER_AGENT, $HTTP_SERVER_VARS, $user, $db, $config;
+
+ $filename = ($upload_dir == '') ? $attachment['physical_filename'] : $upload_dir . '/' . $attachment['physical_filename'];
+
+ if (!file_exists($filename))
+ {
+ trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));
+ }
+
+ // Determine the Browser the User is using, because of some nasty incompatibilities.
+ // borrowed from phpMyAdmin. :)
+ if (!empty($_SERVER['HTTP_USER_AGENT']))
+ {
+ $HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
+ }
+ else if (!empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']))
+ {
+ $HTTP_USER_AGENT = $HTTP_SERVER_VARS['HTTP_USER_AGENT'];
+ }
+ else if (!isset($HTTP_USER_AGENT))
+ {
+ $HTTP_USER_AGENT = '';
+ }
+
+ if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
+ {
+ $browser_version = $log_version[2];
+ $browser_agent = 'opera';
+ }
+ else if (ereg('MSIE ([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
+ {
+ $browser_version = $log_version[1];
+ $browser_agent = 'ie';
+ }
+ else if (ereg('OmniWeb/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
+ {
+ $browser_version = $log_version[1];
+ $browser_agent = 'omniweb';
+ }
+ else if (ereg('Netscape([0-9]{1})', $HTTP_USER_AGENT, $log_version))
+ {
+ $browser_version = $log_version[1];
+ $browser_agent = 'netscape';
+ }
+ else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
+ {
+ $browser_version = $log_version[1];
+ $browser_agent = 'mozilla';
+ }
+ else if (ereg('Konqueror/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
+ {
+ $browser_version = $log_version[1];
+ $browser_agent = 'konqueror';
+ }
+ else
+ {
+ $browser_version = 0;
+ $browser_agent = 'other';
+ }
+
+ // Correct the mime type - we force application/octetstream for all files, except images
+ // Please do not change this, it is a security precaution
+ if ($category == NONE_CAT && !strstr($attachment['mimetype'], 'image'))
+ {
+ $attachment['mimetype'] = ($browser_agent == 'ie' || $browser_agent == 'opera') ? 'application/octetstream' : 'application/octet-stream';
+ }
+
+ // Now the tricky part... let's dance
+ @ob_end_clean();
+ @ini_set('zlib.output_compression', 'Off');
+ header('Pragma: public');
+ header('Content-Transfer-Encoding: none');
+
+ // Send out the Headers
+ header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
+ header('Content-Disposition: inline; filename="' . $attachment['real_filename'] . '"');
+
+ // Now send the File Contents to the Browser
+ $size = @filesize($filename);
+ if ($size)
+ {
+ header("Content-length: $size");
+ }
+ readfile($filename);
+
+ exit;
+}
+//
+// FUNCTIONS
+// ---------
+
?> \ No newline at end of file
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-31 04:29:28 +0000