diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2012-08-07 02:36:20 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2012-08-07 02:36:20 +0200 |
| commit | ecab0212f8dbea04cd9a9a34a597db246a5290cd (patch) | |
| tree | ea82b0278fc223cb981891f4dd32f67d9e61b875 /phpBB | |
| parent | 60d382df4c9ce50447b07abf04ed97a6319b14b0 (diff) | |
| download | forums-ecab0212f8dbea04cd9a9a34a597db246a5290cd.tar forums-ecab0212f8dbea04cd9a9a34a597db246a5290cd.tar.gz forums-ecab0212f8dbea04cd9a9a34a597db246a5290cd.tar.bz2 forums-ecab0212f8dbea04cd9a9a34a597db246a5290cd.tar.xz forums-ecab0212f8dbea04cd9a9a34a597db246a5290cd.zip | |
[feature/attach-dl] Putting more old code under "else if ($download_id)".
PHPBB3-11042
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/download/file.php | 183 |
1 files changed, 101 insertions, 82 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 4f6bc6738c..67f315dd2f 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -196,123 +196,142 @@ else if ($download_id) // sizeof($attachments) == 1 $attachment = current($attachments); - // in_message = 1 means it's in a private message if (!$attachment['in_message'] && !$config['allow_attachments'] || $attachment['in_message'] && !$config['allow_pm_attach']) { send_status_line(404, 'Not Found'); trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); } -} -else -{ - // sizeof($attachments) > 1 -} -$row = array(); + if ($attachment['is_orphan']) + { + // We allow admins having attachment permissions to see orphan attachments... + $own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false; -if ($attachment && $attachment['is_orphan']) -{ - // We allow admins having attachment permissions to see orphan attachments... - $own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false; + if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download'))) + { + send_status_line(404, 'Not Found'); + trigger_error('ERROR_NO_ATTACHMENT'); + } - if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download'))) - { - send_status_line(404, 'Not Found'); - trigger_error('ERROR_NO_ATTACHMENT'); + // Obtain all extensions... + $extensions = $cache->obtain_attach_extensions(true); } - - // Obtain all extensions... - $extensions = $cache->obtain_attach_extensions(true); -} -else -{ - if ($attachments || ($attachment && !$attachment['in_message'])) + else { - if ($download_id || $post_id) + if (!$attachment['in_message']) { $sql = 'SELECT p.forum_id, f.forum_password, f.parent_id FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f - WHERE p.post_id = ' . (($attachment) ? $attachment['post_msg_id'] : $post_id) . ' - AND p.forum_id = f.forum_id'; - } - - if ($topic_id) - { - $sql = 'SELECT t.forum_id, f.forum_password, f.parent_id - FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f - WHERE t.topic_id = $topic_id - AND t.forum_id = f.forum_id"; - } - - $result = $db->sql_query_limit($sql, 1); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + WHERE p.post_id = ' . $attachment['post_msg_id'] . ' + AND p.forum_id = f.forum_id'; + $result = $db->sql_query_limit($sql, 1); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - $f_download = $auth->acl_get('f_download', $row['forum_id']); + $f_download = $auth->acl_get('f_download', $row['forum_id']); - if ($auth->acl_get('u_download') && $f_download) - { - if ($row && $row['forum_password']) + if ($auth->acl_get('u_download') && $f_download) + { + if ($row && $row['forum_password']) + { + // Do something else ... ? + login_forum_box($row); + } + } + else { - // Do something else ... ? - login_forum_box($row); + send_status_line(403, 'Forbidden'); + trigger_error('SORRY_AUTH_VIEW_ATTACH'); } } else { - send_status_line(403, 'Forbidden'); - trigger_error('SORRY_AUTH_VIEW_ATTACH'); - } - } - else - { - $row['forum_id'] = false; - if (!$auth->acl_get('u_pm_download')) - { - send_status_line(403, 'Forbidden'); - trigger_error('SORRY_AUTH_VIEW_ATTACH'); - } + // Attachment is in a private message. + $row['forum_id'] = false; + if (!$auth->acl_get('u_pm_download')) + { + send_status_line(403, 'Forbidden'); + trigger_error('SORRY_AUTH_VIEW_ATTACH'); + } - // Check if the attachment is within the users scope... - $sql = 'SELECT user_id, author_id - FROM ' . PRIVMSGS_TO_TABLE . ' - WHERE msg_id = ' . $attachment['post_msg_id']; - $result = $db->sql_query($sql); + // Check if the attachment is within the users scope... + $sql = 'SELECT user_id, author_id + FROM ' . PRIVMSGS_TO_TABLE . ' + WHERE msg_id = ' . $attachment['post_msg_id']; + $result = $db->sql_query($sql); - $allowed = false; - while ($user_row = $db->sql_fetchrow($result)) - { - if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id']) + $allowed = false; + while ($user_row = $db->sql_fetchrow($result)) { - $allowed = true; - break; + if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id']) + { + $allowed = true; + break; + } + } + $db->sql_freeresult($result); + + if (!$allowed) + { + send_status_line(403, 'Forbidden'); + trigger_error('ERROR_NO_ATTACHMENT'); } } - $db->sql_freeresult($result); - if (!$allowed) + // disallowed? + $extensions = $cache->obtain_attach_extensions($row['forum_id']); + if ($attachment) { - send_status_line(403, 'Forbidden'); - trigger_error('ERROR_NO_ATTACHMENT'); + $ary = array($attachment); + } + else + { + $ary = &$attachments; } - } - // disallowed? - $extensions = $cache->obtain_attach_extensions($row['forum_id']); - if ($attachment) + if (!phpbb_check_attach_extensions($extensions, $ary)) + { + send_status_line(404, 'Forbidden'); + trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); + } + } +} +else +{ + // sizeof($attachments) > 1 + if ($post_id) { - $ary = array($attachment); + $sql = 'SELECT p.forum_id, f.forum_password, f.parent_id + FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f + WHERE p.post_id = ' . (($attachment) ? $attachment['post_msg_id'] : $post_id) . ' + AND p.forum_id = f.forum_id'; } - else + else if ($topic_id) { - $ary = &$attachments; + $sql = 'SELECT t.forum_id, f.forum_password, f.parent_id + FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f + WHERE t.topic_id = $topic_id + AND t.forum_id = f.forum_id"; } - if (!phpbb_check_attach_extensions($extensions, $ary)) + $result = $db->sql_query_limit($sql, 1); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + $f_download = $auth->acl_get('f_download', $row['forum_id']); + + if ($auth->acl_get('u_download') && $f_download) { - send_status_line(404, 'Forbidden'); - $ext = ($attachment) ? $attachment['extension'] : $attachments[0]['extension']; - trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $ext)); + if ($row && $row['forum_password']) + { + // Do something else ... ? + login_forum_box($row); + } + } + else + { + send_status_line(403, 'Forbidden'); + trigger_error('SORRY_AUTH_VIEW_ATTACH'); } } |