diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2011-01-13 02:25:22 +0100 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2011-01-18 21:04:49 +0100 |
| commit | f6a14cbcef93f40cf368bc1ec5351fae09982e17 (patch) | |
| tree | 024c7d08ccef43fad5f5890acf5b00e8052526c2 /phpBB/includes/functions_download.php | |
| parent | 6bbdc129c09b781007863fc49a9c7f9f3b1cf157 (diff) | |
| download | forums-f6a14cbcef93f40cf368bc1ec5351fae09982e17.tar forums-f6a14cbcef93f40cf368bc1ec5351fae09982e17.tar.gz forums-f6a14cbcef93f40cf368bc1ec5351fae09982e17.tar.bz2 forums-f6a14cbcef93f40cf368bc1ec5351fae09982e17.tar.xz forums-f6a14cbcef93f40cf368bc1ec5351fae09982e17.zip | |
[ticket/9790] Support for lighttpd's X-Sendfile header for attachments.
PHPBB3-9790
Diffstat (limited to 'phpBB/includes/functions_download.php')
| -rw-r--r-- | phpBB/includes/functions_download.php | 23 |
1 files changed, 8 insertions, 15 deletions
diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index 4c8f539979..63693c1db4 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -170,21 +170,6 @@ function send_file_to_browser($attachment, $upload_dir, $category) // Now the tricky part... let's dance header('Pragma: public'); - /** - * Commented out X-Sendfile support. To not expose the physical filename within the header if xsendfile is absent we need to look into methods of checking it's status. - * - * Try X-Sendfile since it is much more server friendly - only works if the path is *not* outside of the root path... - * lighttpd has core support for it. An apache2 module is available at http://celebnamer.celebworld.ws/stuff/mod_xsendfile/ - * - * Not really ideal, but should work fine... - * <code> - * if (strpos($upload_dir, '/') !== 0 && strpos($upload_dir, '../') === false) - * { - * header('X-Sendfile: ' . $filename); - * } - * </code> - */ - // Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer. $is_ie8 = (strpos(strtolower($user->browser), 'msie 8.0') !== false); header('Content-Type: ' . $attachment['mimetype']); @@ -238,6 +223,14 @@ function send_file_to_browser($attachment, $upload_dir, $category) header('X-Accel-Redirect: ' . $user->page['root_script_path'] . $upload_dir . '/' . $attachment['physical_filename']); exit; } + else if (defined('PHPBB_ENABLE_X_SENDFILE') && PHPBB_ENABLE_X_SENDFILE && !phpbb_http_byte_range($size)) + { + // X-Sendfile - http://blog.lighttpd.net/articles/2006/07/02/x-sendfile + // Lighttpd's X-Sendfile does not support range requests as of 1.4.26 + // and always requires an absolute path. + header('X-Sendfile: ' . dirname(__FILE__) . "/../$upload_dir/{$attachment['physical_filename']}"); + exit; + } // Try to deliver in chunks @set_time_limit(0); |