diff options
Diffstat (limited to 'phpBB/download/file.php')
| -rw-r--r-- | phpBB/download/file.php | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 5f45b88359..bf277c69fa 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -31,12 +31,7 @@ else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT' if (isset($_GET['avatar'])) { - if (!defined('E_DEPRECATED')) - { - define('E_DEPRECATED', 8192); - } - error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED); - + require($phpbb_root_path . 'includes/startup.' . $phpEx); require($phpbb_root_path . 'config.' . $phpEx); if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type)) @@ -64,7 +59,7 @@ if (isset($_GET['avatar'])) $browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0'; $config = $cache->obtain_config(); - $filename = $_GET['avatar']; + $filename = request_var('avatar', ''); $avatar_group = false; $exit = false; @@ -125,11 +120,13 @@ $user->setup('viewtopic'); if (!$download_id) { + send_status_line(404, 'Not Found'); trigger_error('NO_ATTACHMENT_SELECTED'); } if (!$config['allow_attachments'] && !$config['allow_pm_attach']) { + send_status_line(404, 'Not Found'); trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); } @@ -142,11 +139,13 @@ $db->sql_freeresult($result); if (!$attachment) { + send_status_line(404, 'Not Found'); trigger_error('ERROR_NO_ATTACHMENT'); } if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach'])) { + send_status_line(404, 'Not Found'); trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); } @@ -159,6 +158,7 @@ if ($attachment['is_orphan']) if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download'))) { + send_status_line(404, 'Not Found'); trigger_error('ERROR_NO_ATTACHMENT'); } @@ -191,6 +191,7 @@ else } else { + send_status_line(403, 'Forbidden'); trigger_error('SORRY_AUTH_VIEW_ATTACH'); } } @@ -231,6 +232,7 @@ else $extensions = array(); if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions)) { + send_status_line(404, 'Forbidden'); trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); } } @@ -253,6 +255,7 @@ $db->sql_freeresult($result); if (!$attachment) { + send_status_line(404, 'Not Found'); trigger_error('ERROR_NO_ATTACHMENT'); } @@ -295,6 +298,7 @@ else // This presenting method should no longer be used if (!@is_dir($phpbb_root_path . $config['upload_path'])) { + send_status_line(500, 'Internal Server Error'); trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']); } @@ -419,7 +423,8 @@ function send_file_to_browser($attachment, $upload_dir, $category) if (!@file_exists($filename)) { - trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename)); + send_status_line(404, 'Not Found'); + trigger_error('ERROR_NO_ATTACHMENT'); } // Correct the mime type - we force application/octetstream for all files, except images @@ -445,9 +450,11 @@ function send_file_to_browser($attachment, $upload_dir, $category) // PHP track_errors setting On? if (!empty($php_errormsg)) { + send_status_line(500, 'Internal Server Error'); trigger_error($user->lang['UNABLE_TO_DELIVER_FILE'] . '<br />' . sprintf($user->lang['TRACKED_PHP_ERROR'], $php_errormsg)); } + send_status_line(500, 'Internal Server Error'); trigger_error('UNABLE_TO_DELIVER_FILE'); } |