diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-10-30 19:51:56 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-10-30 19:51:56 +0000 |
| commit | 12c75a0991a59eecd274eb2b03476e80ae608eaa (patch) | |
| tree | ca3acbedd1a8c67f3abb02587dcc2badd46f0189 /phpBB/download.php | |
| parent | c44f6ca080c944b57dc912de8708e5239c1543a2 (diff) | |
| download | forums-12c75a0991a59eecd274eb2b03476e80ae608eaa.tar forums-12c75a0991a59eecd274eb2b03476e80ae608eaa.tar.gz forums-12c75a0991a59eecd274eb2b03476e80ae608eaa.tar.bz2 forums-12c75a0991a59eecd274eb2b03476e80ae608eaa.tar.xz forums-12c75a0991a59eecd274eb2b03476e80ae608eaa.zip | |
- temporarily disable x-sendfile support (we need to look into methods of checking if it is enabled/disabled or introducing a switch)
- finally allow custom permission settings files (in acp/ as well as in mods/)
git-svn-id: file:///svn/phpbb/trunk@6539 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/download.php')
| -rw-r--r-- | phpBB/download.php | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/phpBB/download.php b/phpBB/download.php index 6f4dc329f7..dd81f1df4c 100644 --- a/phpBB/download.php +++ b/phpBB/download.php @@ -222,14 +222,20 @@ function send_file_to_browser($attachment, $upload_dir, $category) // Now the tricky part... let's dance header('Pragma: public'); - // Try X-Sendfile since it is much more server friendly - only works if the path is *not* outside of the root path... - // lighttpd has core support for it. An apache2 module is available at http://celebnamer.celebworld.ws/stuff/mod_xsendfile/ - - // Not really ideal, but should work fine... - if (strpos($upload_dir, '/') !== 0 && strpos($upload_dir, '../') === false) - { - header('X-Sendfile: ' . $filename); - } + /** + * Commented out X-Sendfile support. To not expose the physical filename within the header if xsendfile is absent we need to look into methods of checking it's status. + * + * Try X-Sendfile since it is much more server friendly - only works if the path is *not* outside of the root path... + * lighttpd has core support for it. An apache2 module is available at http://celebnamer.celebworld.ws/stuff/mod_xsendfile/ + * + * Not really ideal, but should work fine... + * <code> + * if (strpos($upload_dir, '/') !== 0 && strpos($upload_dir, '../') === false) + { + header('X-Sendfile: ' . $filename); + } + * </code> + */ // Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer. header('Content-Type: ' . $attachment['mimetype']); |