diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2012-08-10 01:54:41 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2012-08-10 01:54:41 +0200 |
| commit | a7694dd512cbecd3732419ed4acae2c18ad0cd94 (patch) | |
| tree | 157956582f369492de5584e82dcacfcf35bf1d59 | |
| parent | f0804f2db65b14b98a77e75f9dae243f2c613b86 (diff) | |
| download | forums-a7694dd512cbecd3732419ed4acae2c18ad0cd94.tar forums-a7694dd512cbecd3732419ed4acae2c18ad0cd94.tar.gz forums-a7694dd512cbecd3732419ed4acae2c18ad0cd94.tar.bz2 forums-a7694dd512cbecd3732419ed4acae2c18ad0cd94.tar.xz forums-a7694dd512cbecd3732419ed4acae2c18ad0cd94.zip | |
[feature/attach-dl] Get rid of second query. Fetch all required info at once.
PHPBB3-11042
| -rw-r--r-- | phpBB/download/file.php | 40 |
1 files changed, 7 insertions, 33 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index d79deadace..6887030a2b 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -154,17 +154,17 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach']) if ($download_id) { // Attachment id (only 1 attachment) - $sql_where = "a.attach_id = $download_id"; + $sql_where = "attach_id = $download_id"; } else if ($post_id) { // Post id or private message id (multiple attachments) - $sql_where = "a.post_msg_id = $post_id"; + $sql_where = "post_msg_id = $post_id"; } else if ($topic_id) { // Topic id (multiple attachments) - $sql_where = "a.topic_id = $topic_id"; + $sql_where = "topic_id = $topic_id"; } else { @@ -172,8 +172,8 @@ else trigger_error('NO_ATTACHMENT_SELECTED'); } -$sql = 'SELECT a.attach_id, a.in_message, a.post_msg_id, a.extension, a.is_orphan, a.poster_id, a.filetime - FROM ' . ATTACHMENTS_TABLE . " a +$sql = 'SELECT attach_id, post_msg_id, in_message, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime + FROM ' . ATTACHMENTS_TABLE . " WHERE $sql_where"; $result = $db->sql_query($sql); @@ -291,6 +291,8 @@ else if ($download_id) trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); } } + + } else { @@ -342,34 +344,6 @@ if ($attachment) $download_mode = (int) $extensions[$attachment['extension']]['download_mode']; } -// Fetching filename here to prevent sniffing of filename -if ($attachment) -{ - $sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filesize, filetime - FROM ' . ATTACHMENTS_TABLE . " - WHERE attach_id = $download_id"; - $result = $db->sql_query_limit($sql, 1); - $attachment = $db->sql_fetchrow($result); - $db->sql_freeresult($result); -} - -if ($attachments) -{ - $sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filesize, filetime - FROM ' . ATTACHMENTS_TABLE . ' - WHERE ' . $db->sql_in_set('attach_id', $attachment_ids); - - $result = $db->sql_query($sql); - $attachments = $db->sql_fetchrowset($result); - $db->sql_freeresult($result); -} - -if (!$attachment && empty($attachments)) -{ - send_status_line(404, 'Not Found'); - trigger_error('ERROR_NO_ATTACHMENT'); -} - if ($attachment) { $attachment['physical_filename'] = utf8_basename($attachment['physical_filename']); |