diff options
| -rw-r--r-- | phpBB/download/file.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/functions_download.php | 22 |
2 files changed, 2 insertions, 27 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index c300df0235..b1a376155d 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -290,11 +290,8 @@ else if ($download_id) } } - // disallowed? - $extensions = $cache->obtain_attach_extensions($row['forum_id']); - - $attachments_filtered = phpbb_filter_disallowed_extensions($extensions, array($attachment)); - if (empty($attachments_filtered)) + $extensions = array(); + if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions)) { send_status_line(404, 'Forbidden'); trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index 8453469e83..b01712357d 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -613,25 +613,3 @@ function phpbb_increment_downloads($db, $ids) WHERE ' . $db->sql_in_set('attach_id', $ids); $db->sql_query($sql); } - -/** -* Checks every attachment to see if it has an allowed extension -* -* @param array $extensions As generated by phpbb_cache_service::obtain_attach_extensions -* @param array $attachments An array of attachment row to check -* -* @return array Array of attachment rows with allowed extension -*/ -function phpbb_filter_disallowed_extensions($extensions, $attachments) -{ - $result = array(); - foreach ($attachments as $key => $row) - { - if (isset($extensions['_allowed_'][$row['extension']])) - { - $result[$key] = $row; - } - } - - return $result; -} |