diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/download/file.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index c9fcf67101..282708f846 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -366,6 +366,12 @@ else $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); + if (empty($row)) + { + send_status_line(404, 'Not Found'); + trigger_error('ERROR_NO_ATTACHMENT'); + } + $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); $clean_name = current($row); $clean_name = rawurlencode(str_replace($bad_chars, '_', strtolower($clean_name))); |