Merge remote-tracking branch 'upstream/develop' into ticket/11015

* upstream/develop: (666 commits) [ticket/11077] Remove code from old global announcements system [ticket/11189] Replace DEBUG_EXTRA with DEBUG [ticket/11189] Always log critical errors when in cron or in image output [ticket/11187] Added a blank array to fix errors in functional tests [ticket/10780] Make L_COLON available in the installer. [ticket/11183] Remove $load_extensions and weird dl() calls [ticket/10970] Added extra documentation to parse_dynamic_path. [ticket/10939] Added documentation for phpbb_request::file [ticket/10865] Use code tags for install/database_update.php. [ticket/10865] Should have been a slash. [ticket/10780] Use L_COLON on LDAP page. [ticket/10780] Use L_COLON on search backend ACP pages. [ticket/10780] Use L_COLON for "download all attachments". [ticket/10780] Use colon from language in ucp_pm_compose.php where possible. [ticket/10780] Replace colons in phpBB/adm/style/acp_ext_details.html. [ticket/10780] Replace colon usage in adm template output with {L_COLON} [ticket/10780] Replace colon usage in template output with {L_COLON} [ticket/11181] Bump PHP requirement to 5.3.3 (from 5.3.2) [develop-olympus] [ticket/11181] Bump PHP requirement to 5.3.3 (from 5.3.2) [ticket/10172] Show prosilver birthday list even if there are no birthdays. ... Conflicts: phpBB/common.php phpBB/download/file.php phpBB/includes/db/dbal.php phpBB/includes/db/firebird.php phpBB/includes/db/mssql.php phpBB/includes/db/mssql_odbc.php phpBB/includes/db/mssqlnative.php phpBB/includes/db/mysql.php phpBB/includes/db/mysqli.php phpBB/includes/db/oracle.php phpBB/includes/db/postgres.php phpBB/includes/db/sqlite.php phpBB/includes/extension/manager.php phpBB/install/database_update.php
author: Igor Wiedler <igor@wiedler.ch> 2012-11-12 10:33:40 +0100
committer: Igor Wiedler <igor@wiedler.ch> 2012-11-12 10:33:40 +0100
commit: 5e52216b5e14ced69326813e748fc56be6e28a69 (patch)
tree: 4e47bd9290da80da48aaf30308e7d03965a904f6 /phpBB/includes/functions_download.php
parent: 0971d3f975ebaa8c2874115bd82b308b244783f2 (diff)
parent: 504158ceaba18bb8bc61d54504a2c870d0eb0407 (diff)
download: forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar
forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar.gz
forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar.bz2
forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar.xz
forums-5e52216b5e14ced69326813e748fc56be6e28a69.zip
1 files changed, 129 insertions, 0 deletions
diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php
index 1486113013..b6371dbecc 100644
--- a/phpBB/includes/functions_download.php
+++ b/phpBB/includes/functions_download.php
@@ -592,3 +592,132 @@ function phpbb_parse_range_request($request_array, $filesize)
 		);
 	}
 }
+
+/**
+* Increments the download count of all provided attachments
+*
+* @param dbal $db The database object
+* @param array|int $ids The attach_id of each attachment
+*
+* @return null
+*/
+function phpbb_increment_downloads($db, $ids)
+{
+	if (!is_array($ids))
+	{
+		$ids = array($ids);
+	}
+
+	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
+		SET download_count = download_count + 1
+		WHERE ' . $db->sql_in_set('attach_id', $ids);
+	$db->sql_query($sql);
+}
+
+/**
+* Handles authentication when downloading attachments from a post or topic
+*
+* @param dbal $db The database object
+* @param phpbb_auth $auth The authentication object
+* @param int $topic_id The id of the topic that we are downloading from
+*
+* @return null
+*/
+function phpbb_download_handle_forum_auth($db, $auth, $topic_id)
+{
+	$sql = 'SELECT t.forum_id, f.forum_password, f.parent_id
+		FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
+		WHERE t.topic_id = " . (int) $topic_id . "
+			AND t.forum_id = f.forum_id";
+	$result = $db->sql_query($sql);
+	$row = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
+
+	if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
+	{
+		if ($row && $row['forum_password'])
+		{
+			// Do something else ... ?
+			login_forum_box($row);
+		}
+	}
+	else
+	{
+		send_status_line(403, 'Forbidden');
+		trigger_error('SORRY_AUTH_VIEW_ATTACH');
+	}
+}
+
+/**
+* Handles authentication when downloading attachments from PMs
+*
+* @param dbal $db The database object
+* @param phpbb_auth $auth The authentication object
+* @param int $user_id The user id
+* @param int $msg_id The id of the PM that we are downloading from
+*
+* @return null
+*/
+function phpbb_download_handle_pm_auth($db, $auth, $user_id, $msg_id)
+{
+	if (!$auth->acl_get('u_pm_download'))
+	{
+		send_status_line(403, 'Forbidden');
+		trigger_error('SORRY_AUTH_VIEW_ATTACH');
+	}
+
+	$allowed = phpbb_download_check_pm_auth($db, $user_id, $msg_id);
+
+	if (!$allowed)
+	{
+		send_status_line(403, 'Forbidden');
+		trigger_error('ERROR_NO_ATTACHMENT');
+	}
+}
+
+/**
+* Checks whether a user can download from a particular PM
+*
+* @param dbal $db The database object
+* @param int $user_id The user id
+* @param int $msg_id The id of the PM that we are downloading from
+*
+* @return bool Whether the user is allowed to download from that PM or not
+*/
+function phpbb_download_check_pm_auth($db, $user_id, $msg_id)
+{
+	// Check if the attachment is within the users scope...
+	$sql = 'SELECT msg_id
+		FROM ' . PRIVMSGS_TO_TABLE . '
+		WHERE msg_id = ' . (int) $msg_id . '
+			AND (
+				user_id = ' . (int) $user_id . '
+				OR author_id = ' . (int) $user_id . '
+			)';
+	$result = $db->sql_query_limit($sql, 1);
+	$allowed = (bool) $db->sql_fetchfield('msg_id');
+	$db->sql_freeresult($result);
+
+	return $allowed;
+}
+
+/**
+* Cleans a filename of any characters that could potentially cause a problem on
+* a user's filesystem.
+*
+* @param string $filename The filename to clean
+*
+* @return string The cleaned filename
+*/
+function phpbb_download_clean_filename($filename)
+{
+	$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
+
+	// rawurlencode to convert any potentially 'bad' characters that we missed
+	$filename = rawurlencode(str_replace($bad_chars, '_', $filename));
+
+	// Turn the %xx entities created by rawurlencode to _
+	$filename = preg_replace("/%(\w{2})/", '_', $filename);
+
+	return $filename;
+}
author	Igor Wiedler <igor@wiedler.ch>	2012-11-12 10:33:40 +0100
committer	Igor Wiedler <igor@wiedler.ch>	2012-11-12 10:33:40 +0100
commit	5e52216b5e14ced69326813e748fc56be6e28a69 (patch)
tree	4e47bd9290da80da48aaf30308e7d03965a904f6 /phpBB/includes/functions_download.php
parent	0971d3f975ebaa8c2874115bd82b308b244783f2 (diff)
parent	504158ceaba18bb8bc61d54504a2c870d0eb0407 (diff)
download	forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar.gz forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar.bz2 forums-5e52216b5e14ced69326813e748fc56be6e28a69.tar.xz forums-5e52216b5e14ced69326813e748fc56be6e28a69.zip