Merge remote-tracking branch 'upstream/develop' into ticket/11015

* upstream/develop: (666 commits) [ticket/11077] Remove code from old global announcements system [ticket/11189] Replace DEBUG_EXTRA with DEBUG [ticket/11189] Always log critical errors when in cron or in image output [ticket/11187] Added a blank array to fix errors in functional tests [ticket/10780] Make L_COLON available in the installer. [ticket/11183] Remove $load_extensions and weird dl() calls [ticket/10970] Added extra documentation to parse_dynamic_path. [ticket/10939] Added documentation for phpbb_request::file [ticket/10865] Use code tags for install/database_update.php. [ticket/10865] Should have been a slash. [ticket/10780] Use L_COLON on LDAP page. [ticket/10780] Use L_COLON on search backend ACP pages. [ticket/10780] Use L_COLON for "download all attachments". [ticket/10780] Use colon from language in ucp_pm_compose.php where possible. [ticket/10780] Replace colons in phpBB/adm/style/acp_ext_details.html. [ticket/10780] Replace colon usage in adm template output with {L_COLON} [ticket/10780] Replace colon usage in template output with {L_COLON} [ticket/11181] Bump PHP requirement to 5.3.3 (from 5.3.2) [develop-olympus] [ticket/11181] Bump PHP requirement to 5.3.3 (from 5.3.2) [ticket/10172] Show prosilver birthday list even if there are no birthdays. ... Conflicts: phpBB/common.php phpBB/download/file.php phpBB/includes/db/dbal.php phpBB/includes/db/firebird.php phpBB/includes/db/mssql.php phpBB/includes/db/mssql_odbc.php phpBB/includes/db/mssqlnative.php phpBB/includes/db/mysql.php phpBB/includes/db/mysqli.php phpBB/includes/db/oracle.php phpBB/includes/db/postgres.php phpBB/includes/db/sqlite.php phpBB/includes/extension/manager.php phpBB/install/database_update.php
author: Igor Wiedler <igor@wiedler.ch> 2012-11-12 10:33:40 +0100
committer: Igor Wiedler <igor@wiedler.ch> 2012-11-12 10:33:40 +0100
commit: 5e52216b5e14ced69326813e748fc56be6e28a69 (patch)
tree: 4e47bd9290da80da48aaf30308e7d03965a904f6 /phpBB/download/file.php
parent: 0971d3f975ebaa8c2874115bd82b308b244783f2 (diff)
parent: 504158ceaba18bb8bc61d54504a2c870d0eb0407 (diff)
download: forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar
forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar.gz
forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar.bz2
forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar.xz
forums-5e52216b5e14ced69326813e748fc56be6e28a69.zip
1 files changed, 238 insertions, 151 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index 72c2d3ba3f..b581af7ce3 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -7,6 +7,10 @@
 *
 */
 
+use Symfony\Component\Config\FileLocator;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Loader\YamlFileLoader;
+
 /**
 * @ignore
 */
@@ -14,7 +18,6 @@ define('IN_PHPBB', true);
 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 
-
 // Thank you sun.
 if (isset($_SERVER['CONTENT_TYPE']))
 {
@@ -39,25 +42,28 @@ if (isset($_GET['avatar']))
 	}
 
 	require($phpbb_root_path . 'includes/class_loader.' . $phpEx);
+
 	require($phpbb_root_path . 'includes/constants.' . $phpEx);
 	require($phpbb_root_path . 'includes/functions.' . $phpEx);
 	require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);
 	require($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx);
 
-	$phpbb_class_loader_ext = new phpbb_class_loader('phpbb_ext_', $phpbb_root_path . 'ext/', ".$phpEx");
-	$phpbb_class_loader_ext->register();
-	$phpbb_class_loader = new phpbb_class_loader('phpbb_', $phpbb_root_path . 'includes/', ".$phpEx");
-	$phpbb_class_loader->register();
+	$phpbb_container = new ContainerBuilder();
+	$loader = new YamlFileLoader($phpbb_container, new FileLocator(__DIR__.'/../config'));
+	$loader->load('services.yml');
+
+	$processor = new phpbb_di_processor_config($phpbb_root_path . 'config.' . $phpEx, $phpbb_root_path, $phpEx);
+	$processor->process($phpbb_container);
+
+	$phpbb_class_loader = $phpbb_container->get('class_loader');
+	$phpbb_class_loader_ext = $phpbb_container->get('class_loader.ext');
 
 	// set up caching
-	$cache_factory = new phpbb_cache_factory($acm_type);
-	$cache = $cache_factory->get_service();
-	$phpbb_class_loader_ext->set_cache($cache->get_driver());
-	$phpbb_class_loader->set_cache($cache->get_driver());
+	$cache = $phpbb_container->get('cache');
 
-	$phpbb_dispatcher = new phpbb_event_dispatcher();
-	$request = new phpbb_request();
-	$db = new $dbms();
+	$phpbb_dispatcher = $phpbb_container->get('dispatcher');
+	$request	= $phpbb_container->get('request');
+	$db			= $phpbb_container->get('dbal.conn');
 
 	// Connect to DB
 	if (!@$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, false))
@@ -68,18 +74,23 @@ if (isset($_GET['avatar']))
 
 	request_var('', 0, false, false, $request);
 
-	// worst-case default
-	$browser = strtolower($request->header('User-Agent', 'msie 6.0'));
-
-	$config = new phpbb_config_db($db, $cache->get_driver(), CONFIG_TABLE);
+	$config = $phpbb_container->get('config');
 	set_config(null, null, null, $config);
 	set_config_count(null, null, null, $config);
 
 	// load extensions
-	$phpbb_extension_manager = new phpbb_extension_manager($db, EXT_TABLE, $phpbb_root_path, ".$phpEx", $cache->get_driver());
+	$phpbb_extension_manager = $phpbb_container->get('ext.manager');
+	$phpbb_subscriber_loader = $phpbb_container->get('event.subscriber_loader');
 
-	$phpbb_subscriber_loader = new phpbb_event_extension_subscriber_loader($phpbb_dispatcher, $phpbb_extension_manager);
-	$phpbb_subscriber_loader->load();
+	$ids = array_keys($phpbb_container->findTaggedServiceIds('container.processor'));
+	foreach ($ids as $id)
+	{
+		$processor = $phpbb_container->get($id);
+		$processor->process($phpbb_container);
+	}
+
+	// worst-case default
+	$browser = strtolower($request->header('User-Agent', 'msie 6.0'));
 
 	$filename = request_var('avatar', '');
 	$avatar_group = false;
@@ -133,6 +144,9 @@ include($phpbb_root_path . 'common.' . $phpEx);
 require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);
 
 $download_id = request_var('id', 0);
+$topic_id = $request->variable('topic_id', 0);
+$post_msg_id = $request->variable('post_msg_id', 0);
+$archive = $request->variable('archive', '.tar');
 $mode = request_var('mode', '');
 $thumbnail = request_var('t', false);
 
@@ -141,195 +155,268 @@ $user->session_begin(false);
 $auth->acl($user->data);
 $user->setup('viewtopic');
 
-if (!$download_id)
+if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
 {
 	send_status_line(404, 'Not Found');
-	trigger_error('NO_ATTACHMENT_SELECTED');
+	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 }
 
-if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
+if ($download_id)
+{
+	// Attachment id (only 1 attachment)
+	$sql_where = "attach_id = $download_id";
+}
+else if ($post_msg_id)
+{
+	// Post id or private message id (multiple attachments)
+	$sql_where = "post_msg_id = $post_msg_id AND is_orphan = 0";
+}
+else if ($topic_id)
+{
+	// Topic id (multiple attachments)
+	$sql_where = "topic_id = $topic_id AND is_orphan = 0";
+}
+else
 {
 	send_status_line(404, 'Not Found');
-	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
+	trigger_error('NO_ATTACHMENT_SELECTED');
 }
 
-$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id, filetime
+$sql = 'SELECT attach_id, post_msg_id, topic_id, in_message, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime
 	FROM ' . ATTACHMENTS_TABLE . "
-	WHERE attach_id = $download_id";
-$result = $db->sql_query_limit($sql, 1);
-$attachment = $db->sql_fetchrow($result);
+	WHERE $sql_where";
+$result = $db->sql_query($sql);
+
+$attachments = $attachment_ids = array();
+while ($row = $db->sql_fetchrow($result))
+{
+	$attachment_id = (int) $row['attach_id'];
+
+	$row['physical_filename'] = utf8_basename($row['physical_filename']);
+
+	$attachment_ids[$attachment_id] = $attachment_id;
+	$attachments[$attachment_id] = $row;
+}
 $db->sql_freeresult($result);
 
-if (!$attachment)
+// Make $attachment the first of the attachments we fetched.
+$attachment = current($attachments);
+
+if (empty($attachments))
 {
 	send_status_line(404, 'Not Found');
 	trigger_error('ERROR_NO_ATTACHMENT');
 }
-
-if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach']))
+else if (!download_allowed())
 {
-	send_status_line(404, 'Not Found');
-	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
+	send_status_line(403, 'Forbidden');
+	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
 }
-
-$row = array();
-
-if ($attachment['is_orphan'])
+else if ($download_id)
 {
-	// We allow admins having attachment permissions to see orphan attachments...
-	$own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;
+	// sizeof($attachments) == 1
 
-	if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
+	if (!$attachment['in_message'] && !$config['allow_attachments'] || $attachment['in_message'] && !$config['allow_pm_attach'])
 	{
 		send_status_line(404, 'Not Found');
-		trigger_error('ERROR_NO_ATTACHMENT');
+		trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 	}
 
-	// Obtain all extensions...
-	$extensions = $cache->obtain_attach_extensions(true);
-}
-else
-{
-	if (!$attachment['in_message'])
+	if ($attachment['is_orphan'])
 	{
-		//
-		$sql = 'SELECT p.forum_id, f.forum_password, f.parent_id
-			FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
-			WHERE p.post_id = ' . $attachment['post_msg_id'] . '
-				AND p.forum_id = f.forum_id';
-		$result = $db->sql_query_limit($sql, 1);
-		$row = $db->sql_fetchrow($result);
-		$db->sql_freeresult($result);
-
-		$f_download = $auth->acl_get('f_download', $row['forum_id']);
-
-		if ($auth->acl_get('u_download') && $f_download)
-		{
-			if ($row && $row['forum_password'])
-			{
-				// Do something else ... ?
-				login_forum_box($row);
-			}
-		}
-		else
+		// We allow admins having attachment permissions to see orphan attachments...
+		$own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;
+
+		if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
 		{
-			send_status_line(403, 'Forbidden');
-			trigger_error('SORRY_AUTH_VIEW_ATTACH');
+			send_status_line(404, 'Not Found');
+			trigger_error('ERROR_NO_ATTACHMENT');
 		}
+
+		// Obtain all extensions...
+		$extensions = $cache->obtain_attach_extensions(true);
 	}
 	else
 	{
-		$row['forum_id'] = false;
-		if (!$auth->acl_get('u_pm_download'))
+		if (!$attachment['in_message'])
 		{
-			send_status_line(403, 'Forbidden');
-			trigger_error('SORRY_AUTH_VIEW_ATTACH');
+			phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']);
+		}
+		else
+		{
+			// Attachment is in a private message.
+			$row['forum_id'] = false;
+			phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']);
+		}
+
+		$extensions = array();
+		if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
+		{
+			send_status_line(404, 'Forbidden');
+			trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
 		}
+	}
+
+	$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
+	$display_cat = $extensions[$attachment['extension']]['display_cat'];
+
+	if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))
+	{
+		$display_cat = ATTACHMENT_CATEGORY_NONE;
+	}
 
-		// Check if the attachment is within the users scope...
-		$sql = 'SELECT user_id, author_id
-			FROM ' . PRIVMSGS_TO_TABLE . '
-			WHERE msg_id = ' . $attachment['post_msg_id'];
-		$result = $db->sql_query($sql);
+	if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
+	{
+		$display_cat = ATTACHMENT_CATEGORY_NONE;
+	}
 
-		$allowed = false;
-		while ($user_row = $db->sql_fetchrow($result))
+	if ($thumbnail)
+	{
+		$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
+	}
+	else if ($display_cat == ATTACHMENT_CATEGORY_NONE && !$attachment['is_orphan'] && !phpbb_http_byte_range($attachment['filesize']))
+	{
+		// Update download count
+		phpbb_increment_downloads($db, $attachment['attach_id']);
+	}
+
+	if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false)))
+	{
+		wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
+		file_gc();
+	}
+	else
+	{
+		// Determine the 'presenting'-method
+		if ($download_mode == PHYSICAL_LINK)
 		{
-			if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id'])
+			// This presenting method should no longer be used
+			if (!@is_dir($phpbb_root_path . $config['upload_path']))
 			{
-				$allowed = true;
-				break;
+				send_status_line(500, 'Internal Server Error');
+				trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
 			}
-		}
-		$db->sql_freeresult($result);
 
-		if (!$allowed)
+			redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
+			file_gc();
+		}
+		else
 		{
-			send_status_line(403, 'Forbidden');
-			trigger_error('ERROR_NO_ATTACHMENT');
+			send_file_to_browser($attachment, $config['upload_path'], $display_cat);
+			file_gc();
 		}
 	}
+}
+else
+{
+	// sizeof($attachments) >= 1
+	if ($attachment['in_message'])
+	{
+		phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']);
+	}
+	else
+	{
+		phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']);
+	}
 
-	// disallowed?
-	$extensions = array();
-	if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
+	if (!class_exists('compress'))
 	{
-		send_status_line(404, 'Forbidden');
-		trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
+		require $phpbb_root_path . 'includes/functions_compress.' . $phpEx;
 	}
-}
 
-if (!download_allowed())
-{
-	send_status_line(403, 'Forbidden');
-	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
-}
+	if (!in_array($archive, compress::methods()))
+	{
+		$archive = '.tar';
+	}
 
-$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
+	if ($post_msg_id)
+	{
+		if ($attachment['in_message'])
+		{
+			$sql = 'SELECT message_subject AS attach_subject
+				FROM ' . PRIVMSGS_TABLE . "
+				WHERE msg_id = $post_msg_id";
+		}
+		else
+		{
+			$sql = 'SELECT post_subject AS attach_subject, forum_id
+				FROM ' . POSTS_TABLE . "
+				WHERE post_id = $post_msg_id";
+		}
+	}
+	else
+	{
+		$sql = 'SELECT topic_title AS attach_subject, forum_id
+			FROM ' . TOPICS_TABLE . "
+			WHERE topic_id = $topic_id";
+	}
 
-// Fetching filename here to prevent sniffing of filename
-$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filesize, filetime
-	FROM ' . ATTACHMENTS_TABLE . "
-	WHERE attach_id = $download_id";
-$result = $db->sql_query_limit($sql, 1);
-$attachment = $db->sql_fetchrow($result);
-$db->sql_freeresult($result);
+	$result = $db->sql_query($sql);
+	$row = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
 
-if (!$attachment)
-{
-	send_status_line(404, 'Not Found');
-	trigger_error('ERROR_NO_ATTACHMENT');
-}
+	if (empty($row))
+	{
+		send_status_line(404, 'Not Found');
+		trigger_error('ERROR_NO_ATTACHMENT');
+	}
 
-$attachment['physical_filename'] = utf8_basename($attachment['physical_filename']);
-$display_cat = $extensions[$attachment['extension']]['display_cat'];
+	$clean_name = phpbb_download_clean_filename($row['attach_subject']);
+	$suffix = '_' . (($post_msg_id) ? $post_msg_id : $topic_id) . '_' . $clean_name;
+	$archive_name = 'attachments' . $suffix;
 
-if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))
-{
-	$display_cat = ATTACHMENT_CATEGORY_NONE;
-}
+	$store_name = 'att_' . time() . '_' . unique_id();
+	$archive_path = "{$phpbb_root_path}store/{$store_name}{$archive}";
 
-if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
-{
-	$display_cat = ATTACHMENT_CATEGORY_NONE;
-}
+	if ($archive === '.zip')
+	{
+		$compress = new compress_zip('w', $archive_path);
+	}
+	else
+	{
+		$compress = new compress_tar('w', $archive_path, $archive);
+	}
 
-if ($thumbnail)
-{
-	$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
-}
-else if (($display_cat == ATTACHMENT_CATEGORY_NONE/* || $display_cat == ATTACHMENT_CATEGORY_IMAGE*/) && !$attachment['is_orphan'] && !phpbb_http_byte_range($attachment['filesize']))
-{
-	// Update download count
-	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
-		SET download_count = download_count + 1
-		WHERE attach_id = ' . $attachment['attach_id'];
-	$db->sql_query($sql);
-}
+	$extensions = array();
+	$files_added = 0;
+	$forum_id = ($attachment['in_message']) ? false : (int) $row['forum_id'];
+	$disallowed = array();
 
-if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false)))
-{
-	wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
-	file_gc();
-}
-else
-{
-	// Determine the 'presenting'-method
-	if ($download_mode == PHYSICAL_LINK)
+	foreach ($attachments as $attach)
 	{
-		// This presenting method should no longer be used
-		if (!@is_dir($phpbb_root_path . $config['upload_path']))
+		if (!extension_allowed($forum_id, $attach['extension'], $extensions))
 		{
-			send_status_line(500, 'Internal Server Error');
-			trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
+			$disallowed[$attach['extension']] = $attach['extension'];
+			continue;
 		}
 
-		redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
-		file_gc();
+		$prefix = '';
+		if ($topic_id)
+		{
+			$prefix = $attach['post_msg_id'] . '_';
+		}
+
+		$compress->add_custom_file("{$phpbb_root_path}files/{$attach['physical_filename']}", "{$prefix}{$attach['real_filename']}");
+		$files_added++;
 	}
-	else
+
+	$compress->close();
+
+	if ($files_added)
 	{
-		send_file_to_browser($attachment, $config['upload_path'], $display_cat);
-		file_gc();
+		phpbb_increment_downloads($db, $attachment_ids);
+		$compress->download($store_name, $archive_name);
 	}
+
+	unlink($archive_path);
+
+	if (!$files_added)
+	{
+		// None of the attachments had a valid extension
+		$disallowed = implode($user->lang['COMMA_SEPARATOR'], $disallowed);
+		send_status_line(404, 'Forbidden');
+		trigger_error($user->lang('EXTENSION_DISABLED_AFTER_POSTING', $disallowed));
+	}
+
+	file_gc();
 }
author	Igor Wiedler <igor@wiedler.ch>	2012-11-12 10:33:40 +0100
committer	Igor Wiedler <igor@wiedler.ch>	2012-11-12 10:33:40 +0100
commit	5e52216b5e14ced69326813e748fc56be6e28a69 (patch)
tree	4e47bd9290da80da48aaf30308e7d03965a904f6 /phpBB/download/file.php
parent	0971d3f975ebaa8c2874115bd82b308b244783f2 (diff)
parent	504158ceaba18bb8bc61d54504a2c870d0eb0407 (diff)
download	forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar.gz forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar.bz2 forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar.xz forums-5e52216b5e14ced69326813e748fc56be6e28a69.zip