diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2012-12-07 15:50:24 +0100 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2012-12-07 15:50:24 +0100 |
| commit | 37530abd394ebc22480a133ffd1ca41276d73b43 (patch) | |
| tree | d59e135f641a1ed06968ff2e649f3cfc7e138cbb /phpBB/includes/functions_download.php | |
| parent | 70d23380aa55c2aab33c1c2e5cea57f186314584 (diff) | |
| parent | b0948fb3470056b14a743dcfeb59aea0f35d0029 (diff) | |
| download | forums-37530abd394ebc22480a133ffd1ca41276d73b43.tar forums-37530abd394ebc22480a133ffd1ca41276d73b43.tar.gz forums-37530abd394ebc22480a133ffd1ca41276d73b43.tar.bz2 forums-37530abd394ebc22480a133ffd1ca41276d73b43.tar.xz forums-37530abd394ebc22480a133ffd1ca41276d73b43.zip | |
Merge branch 'develop' of https://github.com/phpbb/phpbb3 into ticket/10714
* 'develop' of https://github.com/phpbb/phpbb3: (645 commits)
[ticket/10679] Update module basename, we added the xcp_ prefix in 3.1
[ticket/10679] Use module_auth to limit access to the module
[ticket/10679] Add new permission for changing profile field information
[ticket/11219] Coding guidelines and naming consistency changes
[ticket/10841] Revert more whitespace changes.
[ticket/10841] Revert whitespace changes.
[ticket/10841] adding space after if
[ticket/10841] removing unnecessary spacing
[ticket/10841] changing affectedrows check to COUNT in sql
[ticket/10841] Modifying style and language selectors in UCP
[ticket/11247] Fix wrong property reference in flock class.
[ticket/10602] Avoid a race condition.
[ticket/10602] Use last_queue_run for its intended purpose.
[ticket/10716] Collect standard error from executed php process.
[ticket/10716] Skip test if php is not in PATH.
[ticket/10716] Exclude our dependencies from linting.
[ticket/10103] New and improved wording.
[ticket/10716] Only lint on php 5.3+.
[ticket/10103] Assert with messages.
[ticket/10103] assertLessThan/assertGreaterThan.
...
Diffstat (limited to 'phpBB/includes/functions_download.php')
| -rw-r--r-- | phpBB/includes/functions_download.php | 131 |
1 files changed, 130 insertions, 1 deletions
diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index 1486113013..fc6f1cc762 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -433,7 +433,7 @@ function set_modified_headers($stamp, $browser) * * @param bool $exit Whether to die or not. * -* @return void +* @return null */ function file_gc($exit = true) { @@ -592,3 +592,132 @@ function phpbb_parse_range_request($request_array, $filesize) ); } } + +/** +* Increments the download count of all provided attachments +* +* @param dbal $db The database object +* @param array|int $ids The attach_id of each attachment +* +* @return null +*/ +function phpbb_increment_downloads($db, $ids) +{ + if (!is_array($ids)) + { + $ids = array($ids); + } + + $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' + SET download_count = download_count + 1 + WHERE ' . $db->sql_in_set('attach_id', $ids); + $db->sql_query($sql); +} + +/** +* Handles authentication when downloading attachments from a post or topic +* +* @param dbal $db The database object +* @param phpbb_auth $auth The authentication object +* @param int $topic_id The id of the topic that we are downloading from +* +* @return null +*/ +function phpbb_download_handle_forum_auth($db, $auth, $topic_id) +{ + $sql = 'SELECT t.forum_id, f.forum_password, f.parent_id + FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f + WHERE t.topic_id = " . (int) $topic_id . " + AND t.forum_id = f.forum_id"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id'])) + { + if ($row && $row['forum_password']) + { + // Do something else ... ? + login_forum_box($row); + } + } + else + { + send_status_line(403, 'Forbidden'); + trigger_error('SORRY_AUTH_VIEW_ATTACH'); + } +} + +/** +* Handles authentication when downloading attachments from PMs +* +* @param dbal $db The database object +* @param phpbb_auth $auth The authentication object +* @param int $user_id The user id +* @param int $msg_id The id of the PM that we are downloading from +* +* @return null +*/ +function phpbb_download_handle_pm_auth($db, $auth, $user_id, $msg_id) +{ + if (!$auth->acl_get('u_pm_download')) + { + send_status_line(403, 'Forbidden'); + trigger_error('SORRY_AUTH_VIEW_ATTACH'); + } + + $allowed = phpbb_download_check_pm_auth($db, $user_id, $msg_id); + + if (!$allowed) + { + send_status_line(403, 'Forbidden'); + trigger_error('ERROR_NO_ATTACHMENT'); + } +} + +/** +* Checks whether a user can download from a particular PM +* +* @param dbal $db The database object +* @param int $user_id The user id +* @param int $msg_id The id of the PM that we are downloading from +* +* @return bool Whether the user is allowed to download from that PM or not +*/ +function phpbb_download_check_pm_auth($db, $user_id, $msg_id) +{ + // Check if the attachment is within the users scope... + $sql = 'SELECT msg_id + FROM ' . PRIVMSGS_TO_TABLE . ' + WHERE msg_id = ' . (int) $msg_id . ' + AND ( + user_id = ' . (int) $user_id . ' + OR author_id = ' . (int) $user_id . ' + )'; + $result = $db->sql_query_limit($sql, 1); + $allowed = (bool) $db->sql_fetchfield('msg_id'); + $db->sql_freeresult($result); + + return $allowed; +} + +/** +* Cleans a filename of any characters that could potentially cause a problem on +* a user's filesystem. +* +* @param string $filename The filename to clean +* +* @return string The cleaned filename +*/ +function phpbb_download_clean_filename($filename) +{ + $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); + + // rawurlencode to convert any potentially 'bad' characters that we missed + $filename = rawurlencode(str_replace($bad_chars, '_', $filename)); + + // Turn the %xx entities created by rawurlencode to _ + $filename = preg_replace("/%(\w{2})/", '_', $filename); + + return $filename; +} |