diff options
| author | Fyorl <gaelreth@gmail.com> | 2012-08-04 15:29:26 +0100 |
|---|---|---|
| committer | Fyorl <gaelreth@gmail.com> | 2012-08-04 15:29:26 +0100 |
| commit | 16ec660e769360a8cd7063ea083487486051101f (patch) | |
| tree | 611af935815333b2f1f51919ce137c91dfd576e8 /phpBB/download/file.php | |
| parent | 50af76da7db5e1719349b3b5e89610b82aa9cbc6 (diff) | |
| download | forums-16ec660e769360a8cd7063ea083487486051101f.tar forums-16ec660e769360a8cd7063ea083487486051101f.tar.gz forums-16ec660e769360a8cd7063ea083487486051101f.tar.bz2 forums-16ec660e769360a8cd7063ea083487486051101f.tar.xz forums-16ec660e769360a8cd7063ea083487486051101f.zip | |
[feature/attach-dl] Added a function for checking allowed extensions
PHPBB3-11042
Diffstat (limited to 'phpBB/download/file.php')
| -rw-r--r-- | phpBB/download/file.php | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 8108b0dee1..6dfa1d7297 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -318,26 +318,20 @@ else // disallowed? $extensions = $cache->obtain_attach_extensions($row['forum_id']); - - if ($attachments) + if ($attachment) { - // Remove attachments with disallowed extensions - $new_ary = array(); - foreach ($attachments as $attach) - { - if (isset($extensions['_allowed_'][$attach['extension']])) - { - $new_ary[] = $attach; - } - } - - $attachments = $new_ary; + $ary = array($attachment); + } + else + { + $ary = &$attachments; } - if (($attachments && empty($attachments)) || ($attachment && !isset($extensions['_allowed_'][$attachment['extension']]))) + if (!phpbb_check_attach_extensions($extensions, $ary)) { send_status_line(404, 'Forbidden'); - trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); + $ext = ($attachment) ? $attachment['extension'] : $attachments[0]['extension']; + trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $ext)); } } |