diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2011-07-11 00:29:45 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2011-07-11 00:29:45 +0200 |
| commit | c8da5ad9f42d8ced1aead79a42cc5caee5c5a2ff (patch) | |
| tree | b7e507311afa3db9e372f9d5b8b01455dbd50841 /phpBB/download/file.php | |
| parent | 7f21a5f46156660d7ea6a4bdb59166ac553e2be8 (diff) | |
| parent | e6572b766f7fd5f8547b28fd52d25e4a96cfc2cd (diff) | |
| download | forums-c8da5ad9f42d8ced1aead79a42cc5caee5c5a2ff.tar forums-c8da5ad9f42d8ced1aead79a42cc5caee5c5a2ff.tar.gz forums-c8da5ad9f42d8ced1aead79a42cc5caee5c5a2ff.tar.bz2 forums-c8da5ad9f42d8ced1aead79a42cc5caee5c5a2ff.tar.xz forums-c8da5ad9f42d8ced1aead79a42cc5caee5c5a2ff.zip | |
Merge branch 'prep-release-3.0.9'
* prep-release-3.0.9: (359 commits)
[prep-release-3.0.9] Bumping version number for 3.0.9 final.
[prep-release-3.0.9] Update Changelog for 3.0.9-RC4 release.
[prep-release-3.0.9] Decreasing version for an RC4 release.
[ticket/9859] Changing all phpBB footers to match the new credit line
[ticket/9859] New footer copyright line with registered symbol
[ticket/10250] The site_logo hash is different depending on imageset & language
[ticket/10250] Destroy cached md5 hash of site_logo on refreshing an imageset
[ticket/10250] Overwrite the site_logo width&height when the phpbb logo is used
[ticket/10247] Remove attempt_id as primary key from database_update.php
[ticket/10250] Added the new phpBB Logo with the Registered Trademark Symbol
[ticket/10247] Use COUNT(*) instead of COUNT(attempt_id)
[prep-release-3.0.9] Update Changelog for 3.0.9 release.
[prep-release-3.0.9] Bumping version number for the final 3.0.9 release.
[ticket/10247] Removing attempt_id column from the 3.0.8 to 3.0.9-RC1 updater.
[ticket/10247] Add a db_tools test for the removal of a primary key column.
[ticket/10247] Add empty data section to database update for RC4
[ticket/10247] Remove unecessary attempt_id primary key column
[prep-release-3.0.9] Bump database version to RC3 too.
[prep-release-3.0.9] Update Changelog for 3.0.9-RC3 release.
[prep-release-3.0.9] Bumping version number for 3.0.9-RC3.
...
Diffstat (limited to 'phpBB/download/file.php')
| -rw-r--r-- | phpBB/download/file.php | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 5f45b88359..c17f0cf018 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -31,12 +31,7 @@ else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT' if (isset($_GET['avatar'])) { - if (!defined('E_DEPRECATED')) - { - define('E_DEPRECATED', 8192); - } - error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED); - + require($phpbb_root_path . 'includes/startup.' . $phpEx); require($phpbb_root_path . 'config.' . $phpEx); if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type)) @@ -64,7 +59,7 @@ if (isset($_GET['avatar'])) $browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0'; $config = $cache->obtain_config(); - $filename = $_GET['avatar']; + $filename = request_var('avatar', ''); $avatar_group = false; $exit = false; @@ -125,11 +120,13 @@ $user->setup('viewtopic'); if (!$download_id) { + send_status_line(404, 'Not Found'); trigger_error('NO_ATTACHMENT_SELECTED'); } if (!$config['allow_attachments'] && !$config['allow_pm_attach']) { + send_status_line(404, 'Not Found'); trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); } @@ -142,11 +139,13 @@ $db->sql_freeresult($result); if (!$attachment) { + send_status_line(404, 'Not Found'); trigger_error('ERROR_NO_ATTACHMENT'); } if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach'])) { + send_status_line(404, 'Not Found'); trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); } @@ -159,6 +158,7 @@ if ($attachment['is_orphan']) if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download'))) { + send_status_line(404, 'Not Found'); trigger_error('ERROR_NO_ATTACHMENT'); } @@ -191,6 +191,7 @@ else } else { + send_status_line(403, 'Forbidden'); trigger_error('SORRY_AUTH_VIEW_ATTACH'); } } @@ -231,6 +232,7 @@ else $extensions = array(); if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions)) { + send_status_line(404, 'Forbidden'); trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); } } @@ -253,6 +255,7 @@ $db->sql_freeresult($result); if (!$attachment) { + send_status_line(404, 'Not Found'); trigger_error('ERROR_NO_ATTACHMENT'); } @@ -295,6 +298,7 @@ else // This presenting method should no longer be used if (!@is_dir($phpbb_root_path . $config['upload_path'])) { + send_status_line(500, 'Internal Server Error'); trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']); } @@ -419,6 +423,7 @@ function send_file_to_browser($attachment, $upload_dir, $category) if (!@file_exists($filename)) { + send_status_line(404, 'Not Found'); trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename)); } @@ -445,9 +450,11 @@ function send_file_to_browser($attachment, $upload_dir, $category) // PHP track_errors setting On? if (!empty($php_errormsg)) { + send_status_line(500, 'Internal Server Error'); trigger_error($user->lang['UNABLE_TO_DELIVER_FILE'] . '<br />' . sprintf($user->lang['TRACKED_PHP_ERROR'], $php_errormsg)); } + send_status_line(500, 'Internal Server Error'); trigger_error('UNABLE_TO_DELIVER_FILE'); } |