diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2012-08-26 18:56:09 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2012-08-26 18:56:09 +0200 |
| commit | d0ce637251da211b2e969f7a173d3bde97b0894b (patch) | |
| tree | fcb6c80b5b1c7c21d212bd5f51b7eb93d71cc092 /phpBB/includes/functions_download.php | |
| parent | 18039cfa6af73d6582145023b6a3e67788d7a948 (diff) | |
| parent | e1a4aa3ea255874660d31e13c0b4cadc8993ef4f (diff) | |
| download | forums-d0ce637251da211b2e969f7a173d3bde97b0894b.tar forums-d0ce637251da211b2e969f7a173d3bde97b0894b.tar.gz forums-d0ce637251da211b2e969f7a173d3bde97b0894b.tar.bz2 forums-d0ce637251da211b2e969f7a173d3bde97b0894b.tar.xz forums-d0ce637251da211b2e969f7a173d3bde97b0894b.zip | |
Merge remote-tracking branch 'Fyorl/feature/attach-dl' into develop
* Fyorl/feature/attach-dl: (75 commits)
[feature/attach-dl] Removed the use of some abbreviations
[feature/attach-dl] Changed $files_added checks
[feature/attach-dl] Renamed $post_id to $post_msg_id
[feature/attach-dl] Fixed a comment
[feature/attach-dl] Optimised an sql query
[feature/attach-dl] Fixed the logic in an sql statement
[feature/attch-dl] $forum_id cast to int
[feature/attach-dl] Fixed $file_added to $files_added
[feature/attach-dl] Moved definition of $archive_name
[feature/attach-dl] Swapped the order of an if statement
[feature/attach-dl] Cast variables to int
[feature/attach-dl] Added $archive_path
[feature/attach-dl] Used COMMA_SEPARATOR instead of actual comma
[feature/attach-dl] Renamed $count to $files_added
[feature/attach-dl] Removed sprintf() use
[feature/attach-dl] Removed need for array_keys()
[feature/attach-dl] Added multiple attachment downloads to PMs
[feature/attach-dl] Removed reliance on current($row)
[feature/attach-dl] Renamed to phpbb_download_handle_forum_auth
[feature/attach-dl] Moved PM authentication handling into own function
...
Diffstat (limited to 'phpBB/includes/functions_download.php')
| -rw-r--r-- | phpBB/includes/functions_download.php | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index 1486113013..b6371dbecc 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -592,3 +592,132 @@ function phpbb_parse_range_request($request_array, $filesize) ); } } + +/** +* Increments the download count of all provided attachments +* +* @param dbal $db The database object +* @param array|int $ids The attach_id of each attachment +* +* @return null +*/ +function phpbb_increment_downloads($db, $ids) +{ + if (!is_array($ids)) + { + $ids = array($ids); + } + + $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' + SET download_count = download_count + 1 + WHERE ' . $db->sql_in_set('attach_id', $ids); + $db->sql_query($sql); +} + +/** +* Handles authentication when downloading attachments from a post or topic +* +* @param dbal $db The database object +* @param phpbb_auth $auth The authentication object +* @param int $topic_id The id of the topic that we are downloading from +* +* @return null +*/ +function phpbb_download_handle_forum_auth($db, $auth, $topic_id) +{ + $sql = 'SELECT t.forum_id, f.forum_password, f.parent_id + FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f + WHERE t.topic_id = " . (int) $topic_id . " + AND t.forum_id = f.forum_id"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id'])) + { + if ($row && $row['forum_password']) + { + // Do something else ... ? + login_forum_box($row); + } + } + else + { + send_status_line(403, 'Forbidden'); + trigger_error('SORRY_AUTH_VIEW_ATTACH'); + } +} + +/** +* Handles authentication when downloading attachments from PMs +* +* @param dbal $db The database object +* @param phpbb_auth $auth The authentication object +* @param int $user_id The user id +* @param int $msg_id The id of the PM that we are downloading from +* +* @return null +*/ +function phpbb_download_handle_pm_auth($db, $auth, $user_id, $msg_id) +{ + if (!$auth->acl_get('u_pm_download')) + { + send_status_line(403, 'Forbidden'); + trigger_error('SORRY_AUTH_VIEW_ATTACH'); + } + + $allowed = phpbb_download_check_pm_auth($db, $user_id, $msg_id); + + if (!$allowed) + { + send_status_line(403, 'Forbidden'); + trigger_error('ERROR_NO_ATTACHMENT'); + } +} + +/** +* Checks whether a user can download from a particular PM +* +* @param dbal $db The database object +* @param int $user_id The user id +* @param int $msg_id The id of the PM that we are downloading from +* +* @return bool Whether the user is allowed to download from that PM or not +*/ +function phpbb_download_check_pm_auth($db, $user_id, $msg_id) +{ + // Check if the attachment is within the users scope... + $sql = 'SELECT msg_id + FROM ' . PRIVMSGS_TO_TABLE . ' + WHERE msg_id = ' . (int) $msg_id . ' + AND ( + user_id = ' . (int) $user_id . ' + OR author_id = ' . (int) $user_id . ' + )'; + $result = $db->sql_query_limit($sql, 1); + $allowed = (bool) $db->sql_fetchfield('msg_id'); + $db->sql_freeresult($result); + + return $allowed; +} + +/** +* Cleans a filename of any characters that could potentially cause a problem on +* a user's filesystem. +* +* @param string $filename The filename to clean +* +* @return string The cleaned filename +*/ +function phpbb_download_clean_filename($filename) +{ + $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); + + // rawurlencode to convert any potentially 'bad' characters that we missed + $filename = rawurlencode(str_replace($bad_chars, '_', $filename)); + + // Turn the %xx entities created by rawurlencode to _ + $filename = preg_replace("/%(\w{2})/", '_', $filename); + + return $filename; +} |