aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Fischer <bantu@phpbb.com>2012-08-10 03:26:30 +0200
committerAndreas Fischer <bantu@phpbb.com>2012-08-10 03:28:53 +0200
commit62305bec6dbb660eaa51f629de2f70341df12666 (patch)
tree96f773cdf8eeb73853fc0707d61968873cda467b
parentccb0baa20ab4727a970381f601c5e4740e0bbc8f (diff)
downloadforums-62305bec6dbb660eaa51f629de2f70341df12666.tar
forums-62305bec6dbb660eaa51f629de2f70341df12666.tar.gz
forums-62305bec6dbb660eaa51f629de2f70341df12666.tar.bz2
forums-62305bec6dbb660eaa51f629de2f70341df12666.tar.xz
forums-62305bec6dbb660eaa51f629de2f70341df12666.zip
[feature/attach-dl] Send 404 if we get empty row from privmsg|posts|topic table
PHPBB3-11042
Diffstat
-rw-r--r--phpBB/download/file.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index c9fcf67101..282708f846 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -366,6 +366,12 @@ else
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
+ if (empty($row))
+ {
+ send_status_line(404, 'Not Found');
+ trigger_error('ERROR_NO_ATTACHMENT');
+ }
+
$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
$clean_name = current($row);
$clean_name = rawurlencode(str_replace($bad_chars, '_', strtolower($clean_name)));
generated by cgit v1.2.1 (git 2.21.0) at 2025-11-14 18:37:40 +0000