diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2008-07-29 11:49:56 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2008-07-29 11:49:56 +0000 |
| commit | 7997796789d7bad2acd68eb56f9728ae518bfe36 (patch) | |
| tree | 58e9e588cc00e26af47e9b2cd8308b06be929c8d /phpBB/download/file.php | |
| parent | e9a811cd33f76d7ee345fe1b7275b529a3ccdebc (diff) | |
| download | forums-7997796789d7bad2acd68eb56f9728ae518bfe36.tar forums-7997796789d7bad2acd68eb56f9728ae518bfe36.tar.gz forums-7997796789d7bad2acd68eb56f9728ae518bfe36.tar.bz2 forums-7997796789d7bad2acd68eb56f9728ae518bfe36.tar.xz forums-7997796789d7bad2acd68eb56f9728ae518bfe36.zip | |
Mylek is right - we should do this. Fixes some aspects of file.php, needs testing.
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8707 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/download/file.php')
| -rw-r--r-- | phpBB/download/file.php | 159 |
1 files changed, 85 insertions, 74 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 1d325a500e..b0ea17e7fc 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -45,6 +45,8 @@ if (isset($_GET['avatar'])) $config = $cache->obtain_config(); $filename = $_GET['avatar']; $avatar_group = false; + $exit = false; + if ($filename[0] === 'g') { $avatar_group = true; @@ -55,75 +57,38 @@ if (isset($_GET['avatar'])) if (strpos($filename, '.') == false) { header('HTTP/1.0 403 Forbidden'); - if (!empty($cache)) - { - $cache->unload(); - } - $db->sql_close(); - exit; + $exit = true; } - $ext = substr(strrchr($filename, '.'), 1); - $stamp = (int) substr(stristr($filename, '_'), 1); - $filename = (int) $filename; - - // let's see if we have to send the file at all - $last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false; - if (strpos(strtolower($browser), 'msie 6.0') === false) + if (!$exit) { - if ($last_load !== false && $last_load <= $stamp) - { - if (@php_sapi_name() === 'CGI') - { - header('Status: 304 Not Modified', true, 304); - } - else - { - header('HTTP/1.0 304 Not Modified', true, 304); - } - // seems that we need those too ... browsers - header('Pragma: public'); - header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000)); - exit(); - } - else - { - header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT'); - } + $ext = substr(strrchr($filename, '.'), 1); + $stamp = (int) substr(stristr($filename, '_'), 1); + $filename = (int) $filename; + $exit = set_modified_headers($stamp, $browser); } - - if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg'))) + if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg'))) { // no way such an avatar could exist. They are not following the rules, stop the show. header("HTTP/1.0 403 Forbidden"); - if (!empty($cache)) - { - $cache->unload(); - } - $db->sql_close(); - exit; + $exit = true; } - + + + if ($exit) + { + file_gc(); + } + if (!$filename) { // no way such an avatar could exist. They are not following the rules, stop the show. header("HTTP/1.0 403 Forbidden"); - if (!empty($cache)) - { - $cache->unload(); - } - $db->sql_close(); - exit; } - - send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser); - - if (!empty($cache)) + else { - $cache->unload(); + send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser); } - $db->sql_close(); - exit; } // implicit else: we are not in avatar mode @@ -148,7 +113,7 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach']) trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); } -$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id +$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id, filetime FROM ' . ATTACHMENTS_TABLE . " WHERE attach_id = $download_id"; $result = $db->sql_query_limit($sql, 1); @@ -259,7 +224,7 @@ if (!download_allowed()) $download_mode = (int) $extensions[$attachment['extension']]['download_mode']; // Fetching filename here to prevent sniffing of filename -$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype +$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filetime FROM ' . ATTACHMENTS_TABLE . " WHERE attach_id = $download_id"; $result = $db->sql_query_limit($sql, 1); @@ -313,12 +278,12 @@ else } redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']); - exit; + file_gc(); } else { send_file_to_browser($attachment, $config['upload_path'], $display_cat); - exit; + file_gc(); } } @@ -503,27 +468,29 @@ function send_file_to_browser($attachment, $upload_dir, $category) { header("Content-Length: $size"); } + if (!set_modified_headers($attachment['filetime'], $user->browser)) + { + // Try to deliver in chunks + @set_time_limit(0); - // Try to deliver in chunks - @set_time_limit(0); - - $fp = @fopen($filename, 'rb'); + $fp = @fopen($filename, 'rb'); - if ($fp !== false) - { - while (!feof($fp)) + if ($fp !== false) + { + while (!feof($fp)) + { + echo fread($fp, 8192); + } + fclose($fp); + } + else { - echo fread($fp, 8192); + @readfile($filename); } - fclose($fp); - } - else - { - @readfile($filename); - } - flush(); - exit; + flush(); + } + file_gc(); } /** @@ -655,4 +622,48 @@ function download_allowed() return $allowed; } +/** +* Check if the browser has the file already and set the appropriate headers- +* @returns false if a resend is in order. +*/ +function set_modified_headers($stamp, $browser) +{ + // let's see if we have to send the file at all + $last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false; + if (strpos(strtolower($browser), 'msie 6.0') === false) + { + if ($last_load !== false && $last_load <= $stamp) + { + if (@php_sapi_name() === 'CGI') + { + header('Status: 304 Not Modified', true, 304); + } + else + { + header('HTTP/1.0 304 Not Modified', true, 304); + } + // seems that we need those too ... browsers + header('Pragma: public'); + header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000)); + return true; + } + else + { + header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT'); + } + } + return false; +} + +function file_gc() +{ + global $cache, $db; + if (!empty($cache)) + { + $cache->unload(); + } + $db->sql_close(); + exit; +} + ?>
\ No newline at end of file |