cleanup

git-svn-id: file:///svn/phpbb/trunk@4612 89ea8834-ac86-4346-8a33-228a782c2dd0
author: Meik Sievertsen <acydburn@phpbb.com> 2003-10-19 15:17:35 +0000
committer: Meik Sievertsen <acydburn@phpbb.com> 2003-10-19 15:17:35 +0000
commit: 5ea7428e1b5b885d773aa1b29dfe015b9512bbf4 (patch)
tree: 0b5ff4ad156623cac00232ac2203186808f59361 /phpBB/download.php
parent: 3d46c543cdcb8f1f9e0d5fda623f38323a3c9c4e (diff)
download: forums-5ea7428e1b5b885d773aa1b29dfe015b9512bbf4.tar
forums-5ea7428e1b5b885d773aa1b29dfe015b9512bbf4.tar.gz
forums-5ea7428e1b5b885d773aa1b29dfe015b9512bbf4.tar.bz2
forums-5ea7428e1b5b885d773aa1b29dfe015b9512bbf4.tar.xz
forums-5ea7428e1b5b885d773aa1b29dfe015b9512bbf4.zip
1 files changed, 44 insertions, 47 deletions
diff --git a/phpBB/download.php b/phpBB/download.php
index ece662c672..209a969caf 100644
--- a/phpBB/download.php
+++ b/phpBB/download.php
@@ -16,8 +16,9 @@ $phpbb_root_path = './';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 include($phpbb_root_path . 'common.'.$phpEx);
 
-$download_id = (isset($_REQUEST['id'])) ? intval($_REQUEST['id']) : FALSE;
-$thumbnail = (isset($_REQUEST['thumb'])) ? intval($_REQUEST['thumb']) : FALSE;
+$download_id = request_var('id', 0);
+// Thumbnails are not called from this file by default
+$thumbnail = request_var('thumb', false);
 
 // Start session management
 $user->start();
@@ -33,19 +34,20 @@ if (!$config['allow_attachments'])
 {
 	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 }
-	
+
 $sql = 'SELECT *
 	FROM ' . ATTACHMENTS_DESC_TABLE . "
 	WHERE attach_id = $download_id";
-$result = $db->sql_query($sql);
+$result = $db->sql_query_limit($sql, 1);
 
 if (!($attachment = $db->sql_fetchrow($result)))
 {
 	trigger_error('ERROR_NO_ATTACHMENT');
 }
+$db->sql_freeresult($result);
 
 // get forum_id for attachment authorization or private message authorization
-$authorised = FALSE;
+$authorised = false;
 
 // Additional query, because of more than one attachment assigned to posts and private messages
 $sql = 'SELECT a.*, p.forum_id, f.forum_password, f.parent_id
@@ -90,19 +92,19 @@ obtain_attach_extensions($extensions);
 // disallowed ?
 if (!in_array($attachment['extension'], $extensions['_allowed_']))
 {
-	trigger_error(sprintf($lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
+	trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
 }
 
-$download_mode = intval($extensions[$attachment['extension']]['download_mode']);
+$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
+$upload_dir = ($config['upload_dir'][0] == '/' || ($config['upload_dir'][0] != '/' && $config['upload_dir'][1] == ':')) ? $config['upload_dir'] : $phpbb_root_path . $config['upload_dir'];
 
 if ($thumbnail)
 {
 	$attachment['physical_filename'] = 'thumbs/t_' . $attachment['physical_filename'];
 }
-
-// Update download count
-if (!$thumbnail)
+else
 {
+	// Update download count
 	$sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . ' 
 		SET download_count = download_count + 1 
 		WHERE attach_id = ' . $attachment['attach_id'];
@@ -112,16 +114,16 @@ if (!$thumbnail)
 // Determine the 'presenting'-method
 if ($download_mode == PHYSICAL_LINK)
 {
-	if ($config['use_ftp_upload'] && $config['upload_dir'] == '')
+	if (!@is_dir($upload_dir))
 	{
 		trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
 	}
 
-	redirect($config['upload_dir'] . '/' . $attachment['physical_filename']);
+	redirect($upload_dir . '/' . $attachment['physical_filename']);
 }
 else
 {
-	send_file_to_browser($attachment, $config['upload_dir'], $extensions[$attachment['extension']]['display_cat']);
+	send_file_to_browser($attachment, $upload_dir, $extensions[$attachment['extension']]['display_cat']);
 	exit;
 }
 
@@ -134,63 +136,52 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 {
 	global $_SERVER, $HTTP_USER_AGENT, $HTTP_SERVER_VARS, $user, $db, $config;
 
-	$filename = ($upload_dir == '') ? $attachment['physical_filename'] : $upload_dir . '/' . $attachment['physical_filename'];
+	$filename = $upload_dir . '/' . $attachment['physical_filename'];
 
-	if (!file_exists($filename))
+	if (!@file_exists($filename))
 	{
 		trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));
 	}
 
 	// Determine the Browser the User is using, because of some nasty incompatibilities.
 	// borrowed from phpMyAdmin. :)
-	if (!empty($_SERVER['HTTP_USER_AGENT'])) 
-	{
-		$HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
-	} 
-	else if (!empty($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) 
-	{
-		$HTTP_USER_AGENT = $HTTP_SERVER_VARS['HTTP_USER_AGENT'];
-	}
-	else if (!isset($HTTP_USER_AGENT))
-	{
-		$HTTP_USER_AGENT = '';
-	}
+	$user_agent = (!empty($_SERVER['HTTP_USER_AGENT'])) ? $_SERVER['HTTP_USER_AGENT'] : ((!empty($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : '');
 
-	if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) 
+	if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $user_agent, $log_version))
 	{
 		$browser_version = $log_version[2];
 		$browser_agent = 'opera';
-	} 
-	else if (ereg('MSIE ([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) 
+	}
+	else if (ereg('MSIE ([0-9].[0-9]{1,2})', $user_agent, $log_version))
 	{
 		$browser_version = $log_version[1];
 		$browser_agent = 'ie';
-	} 
-	else if (ereg('OmniWeb/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) 
+	}
+	else if (ereg('OmniWeb/([0-9].[0-9]{1,2})', $user_agent, $log_version))
 	{
 		$browser_version = $log_version[1];
 		$browser_agent = 'omniweb';
-	} 
-	else if (ereg('Netscape([0-9]{1})', $HTTP_USER_AGENT, $log_version)) 
+    }
+	else if (ereg('(Konqueror/)(.*)(;)', $user_agent, $log_version))
 	{
-		$browser_version = $log_version[1];
-		$browser_agent = 'netscape';
-	} 
-	else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) 
+		$browser_version = $log_version[2];
+		$browser_agent = 'konqueror';
+    }
+	else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $user_agent, $log_version) && ereg('Safari/([0-9]*)', $user_agent, $log_version2))
 	{
-		$browser_version = $log_version[1];
-		$browser_agent = 'mozilla';
-	} 
-	else if (ereg('Konqueror/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) 
+		$browser_version = $log_version[1] . '.' . $log_version2[1];
+		$browser_agent = 'safari';
+    }
+	else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $user_agent, $log_version))
 	{
 		$browser_version = $log_version[1];
-		$browser_agent = 'konqueror';
-	} 
-	else 
+		$browser_agent = 'mozilla';
+    }
+	else
 	{
 		$browser_version = 0;
 		$browser_agent = 'other';
-	}
+    }
 
 	// Correct the mime type - we force application/octetstream for all files, except images
 	// Please do not change this, it is a security precaution
@@ -215,8 +206,14 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	{
 		header("Content-length: $size");
 	}
-	readfile($filename);
+	$result = @readfile($filename);
+
+	if (!$result)
+	{
+		trigger_error('Unable to deliver file.<br />Error was: ' . $php_errormsg, E_USER_WARNING);
+	}
 
+	flush();
 	exit;
 }
 //
author	Meik Sievertsen <acydburn@phpbb.com>	2003-10-19 15:17:35 +0000
committer	Meik Sievertsen <acydburn@phpbb.com>	2003-10-19 15:17:35 +0000
commit	5ea7428e1b5b885d773aa1b29dfe015b9512bbf4 (patch)
tree	0b5ff4ad156623cac00232ac2203186808f59361 /phpBB/download.php
parent	3d46c543cdcb8f1f9e0d5fda623f38323a3c9c4e (diff)
download	forums-5ea7428e1b5b885d773aa1b29dfe015b9512bbf4.tar forums-5ea7428e1b5b885d773aa1b29dfe015b9512bbf4.tar.gz forums-5ea7428e1b5b885d773aa1b29dfe015b9512bbf4.tar.bz2 forums-5ea7428e1b5b885d773aa1b29dfe015b9512bbf4.tar.xz forums-5ea7428e1b5b885d773aa1b29dfe015b9512bbf4.zip