diff options
| author | Nils Adermann <naderman@naderman.de> | 2010-11-20 17:00:05 +0100 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2010-11-20 17:00:05 +0100 |
| commit | 7f21a5f46156660d7ea6a4bdb59166ac553e2be8 (patch) | |
| tree | 3963b4075f58c43ffc01fe290b04a800668bc53c /phpBB/download | |
| parent | c4e02a191628b4b9f7b6340f2876607663baeb5a (diff) | |
| parent | af4c2a3eb15fc4318b23dcb7794c230cf3ec2a0f (diff) | |
| download | forums-7f21a5f46156660d7ea6a4bdb59166ac553e2be8.tar forums-7f21a5f46156660d7ea6a4bdb59166ac553e2be8.tar.gz forums-7f21a5f46156660d7ea6a4bdb59166ac553e2be8.tar.bz2 forums-7f21a5f46156660d7ea6a4bdb59166ac553e2be8.tar.xz forums-7f21a5f46156660d7ea6a4bdb59166ac553e2be8.zip | |
Merge commit 'release-3.0.8'
* commit 'release-3.0.8': (393 commits)
[prep-release-3.0.8] Incrementing version number to 3.0.8 and update changelog
[ticket/9903] Script for detecting potentially malicious flash bbcodes
[ticket/9904] Update WebPI Parameters.xml to work with WebMatrix.
[ticket/9899] Change recaptcha theme from default to 'clean' in the ACP.
[ticket/9509] Fix a typo and wrong period placement
[ticket/9903] Fix XSS in BBcode-parser's Flash-BBcode.
[develop-olympus] Updating changelog for last minute 3.0.8-RC1 fixes.
[ticket/9140] Check current board version in incremental update packages
[ticket/9891] Updater drops language-selection after database-update
[develop-olympus] Updating changelog with latest changes for 3.0.8-RC1
[ticket/9884] Reduce queue interval to 60 seconds, email package size to 20
[ticket/9886] Update fails on PostgreSQL because of an error in _add_module
[ticket/9888] Update fails when Bing [Bot] was already added to the users table
[develop-olympus] Bumping version number for 3.0.8-RC1.
[ticket/9885] Fix extension group name updater. Loop through all languages.
[ticket/9847] Fix typo in search synonyms. Use british english for 'judgement'.
[ticket/9883] Change an American English spelling to British English.
[task/phing-build] Correct the path for update package patch files.
[ticket/9880] Change "antibot" to "anti-spambot".
[ticket/9696] Surpress is_dir() notice when using SQLite with open_basedir.
...
Diffstat (limited to 'phpBB/download')
| -rw-r--r-- | phpBB/download/file.php | 33 |
1 files changed, 16 insertions, 17 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 00b8e2e656..5f45b88359 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -31,6 +31,12 @@ else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT' if (isset($_GET['avatar'])) { + if (!defined('E_DEPRECATED')) + { + define('E_DEPRECATED', 8192); + } + error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED); + require($phpbb_root_path . 'config.' . $phpEx); if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type)) @@ -42,6 +48,7 @@ if (isset($_GET['avatar'])) require($phpbb_root_path . 'includes/cache.' . $phpEx); require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx); require($phpbb_root_path . 'includes/constants.' . $phpEx); + require($phpbb_root_path . 'includes/functions.' . $phpEx); $db = new $sql_db(); $cache = new cache(); @@ -61,7 +68,7 @@ if (isset($_GET['avatar'])) $avatar_group = false; $exit = false; - if ($filename[0] === 'g') + if (isset($filename[0]) && $filename[0] === 'g') { $avatar_group = true; $filename = substr($filename, 1); @@ -70,7 +77,7 @@ if (isset($_GET['avatar'])) // '==' is not a bug - . as the first char is as bad as no dot at all if (strpos($filename, '.') == false) { - header('HTTP/1.0 403 Forbidden'); + send_status_line(403, 'Forbidden'); $exit = true; } @@ -84,7 +91,7 @@ if (isset($_GET['avatar'])) if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg'))) { // no way such an avatar could exist. They are not following the rules, stop the show. - header("HTTP/1.0 403 Forbidden"); + send_status_line(403, 'Forbidden'); $exit = true; } @@ -94,7 +101,7 @@ if (isset($_GET['avatar'])) if (!$filename) { // no way such an avatar could exist. They are not following the rules, stop the show. - header("HTTP/1.0 403 Forbidden"); + send_status_line(403, 'Forbidden'); } else { @@ -192,7 +199,7 @@ else $row['forum_id'] = false; if (!$auth->acl_get('u_pm_download')) { - header('HTTP/1.0 403 Forbidden'); + send_status_line(403, 'Forbidden'); trigger_error('SORRY_AUTH_VIEW_ATTACH'); } @@ -215,7 +222,7 @@ else if (!$allowed) { - header('HTTP/1.0 403 Forbidden'); + send_status_line(403, 'Forbidden'); trigger_error('ERROR_NO_ATTACHMENT'); } } @@ -230,7 +237,7 @@ else if (!download_allowed()) { - header('HTTP/1.0 403 Forbidden'); + send_status_line(403, 'Forbidden'); trigger_error($user->lang['LINKAGE_FORBIDDEN']); } @@ -376,7 +383,7 @@ function send_avatar_to_browser($file, $browser) } else { - header('HTTP/1.0 404 Not Found'); + send_status_line(404, 'Not Found'); } } @@ -670,15 +677,7 @@ function set_modified_headers($stamp, $browser) { if ($last_load !== false && $last_load >= $stamp) { - if (substr(strtolower(@php_sapi_name()),0,3) === 'cgi') - { - // in theory, we shouldn't need that due to php doing it. Reality offers a differing opinion, though - header('Status: 304 Not Modified', true, 304); - } - else - { - header('HTTP/1.0 304 Not Modified', true, 304); - } + send_status_line(304, 'Not Modified'); // seems that we need those too ... browsers header('Pragma: public'); header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000)); |