diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2012-08-07 13:51:07 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2012-08-07 13:51:07 +0200 |
| commit | 4b06a220af23dd8888a9e7501348170746663458 (patch) | |
| tree | a1774f8f60ba3d6d81cb6985d276505f59e9b261 /phpBB | |
| parent | d6e8fbf94ad0f2a8ef5513dc8db4660a7b490027 (diff) | |
| download | forums-4b06a220af23dd8888a9e7501348170746663458.tar forums-4b06a220af23dd8888a9e7501348170746663458.tar.gz forums-4b06a220af23dd8888a9e7501348170746663458.tar.bz2 forums-4b06a220af23dd8888a9e7501348170746663458.tar.xz forums-4b06a220af23dd8888a9e7501348170746663458.zip | |
[feature/attach-dl] Use extension_allowed() again.
PHPBB3-11042
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/download/file.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/functions_download.php | 22 |
2 files changed, 2 insertions, 27 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index c300df0235..b1a376155d 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -290,11 +290,8 @@ else if ($download_id) } } - // disallowed? - $extensions = $cache->obtain_attach_extensions($row['forum_id']); - - $attachments_filtered = phpbb_filter_disallowed_extensions($extensions, array($attachment)); - if (empty($attachments_filtered)) + $extensions = array(); + if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions)) { send_status_line(404, 'Forbidden'); trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index 8453469e83..b01712357d 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -613,25 +613,3 @@ function phpbb_increment_downloads($db, $ids) WHERE ' . $db->sql_in_set('attach_id', $ids); $db->sql_query($sql); } - -/** -* Checks every attachment to see if it has an allowed extension -* -* @param array $extensions As generated by phpbb_cache_service::obtain_attach_extensions -* @param array $attachments An array of attachment row to check -* -* @return array Array of attachment rows with allowed extension -*/ -function phpbb_filter_disallowed_extensions($extensions, $attachments) -{ - $result = array(); - foreach ($attachments as $key => $row) - { - if (isset($extensions['_allowed_'][$row['extension']])) - { - $result[$key] = $row; - } - } - - return $result; -} |