diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2014-02-10 12:17:28 +0100 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2014-02-10 12:56:45 +0100 |
| commit | ee1c055b7048e55aed91b3ec56cca01e9fc485d3 (patch) | |
| tree | 0671e447d8da16c6e57017a9cbb1190ad1b52262 /phpBB | |
| parent | c36b1c16f97deffdf9f1278fba88f835451bb66e (diff) | |
| download | forums-ee1c055b7048e55aed91b3ec56cca01e9fc485d3.tar forums-ee1c055b7048e55aed91b3ec56cca01e9fc485d3.tar.gz forums-ee1c055b7048e55aed91b3ec56cca01e9fc485d3.tar.bz2 forums-ee1c055b7048e55aed91b3ec56cca01e9fc485d3.tar.xz forums-ee1c055b7048e55aed91b3ec56cca01e9fc485d3.zip | |
[ticket/12171] Send correct status 403 when forbidden and 404 when not found
PHPBB3-12171
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/download/file.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/functions_download.php | 10 |
2 files changed, 11 insertions, 7 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index b3d5f25c32..163ab673b9 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -257,7 +257,7 @@ else if ($download_id) if (!$post_row || ($post_row['post_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $post_row['forum_id']))) { // Attachment of a soft deleted post and the user is not allowed to see the post - send_status_line(403, 'Forbidden'); + send_status_line(404, 'Not Found'); trigger_error('ERROR_NO_ATTACHMENT'); } } @@ -271,7 +271,7 @@ else if ($download_id) $extensions = array(); if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions)) { - send_status_line(404, 'Forbidden'); + send_status_line(403, 'Forbidden'); trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); } } @@ -454,12 +454,12 @@ else { // None of the attachments had a valid extension $disallowed_extension = implode($user->lang['COMMA_SEPARATOR'], $disallowed_extension); - send_status_line(404, 'Forbidden'); + send_status_line(403, 'Forbidden'); trigger_error($user->lang('EXTENSION_DISABLED_AFTER_POSTING', $disallowed_extension)); } else if (!$files_added) { - send_status_line(403, 'Forbidden'); + send_status_line(404, 'Not Found'); trigger_error('ERROR_NO_ATTACHMENT'); } diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index e17fe9de61..c895f7b54b 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -640,10 +640,14 @@ function phpbb_download_handle_forum_auth($db, $auth, $topic_id) $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - if ($row && ($row['topic_visibility'] == ITEM_APPROVED || $auth->acl_get('m_approve', $row['forum_id'])) - && $auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id'])) + if ($row && $row['topic_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $row['forum_id'])) { - if ($row && $row['forum_password']) + send_status_line(404, 'Not Found'); + trigger_error('ERROR_NO_ATTACHMENT'); + } + else if ($row && $auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id'])) + { + if ($row['forum_password']) { // Do something else ... ? login_forum_box($row); |