diff options
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 6 | ||||
| -rw-r--r-- | phpBB/download/file.php | 159 |
2 files changed, 90 insertions, 75 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 686362d8cd..b64a67acf4 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -93,7 +93,11 @@ <li>[Feature] Allow hard disabling of the template editor.</li> <li>[Fix] Delete avatar files (Bug #29985).</li> <li>[Fix] Preserve selection in the MCP. (Bug #31265).</li> - <li>[Fix] Added VST (Bug #30545).</li> + <li>[Fix] Added VST - Venezuela Standard Time (Bug #30545).</li> + <li>[Fix] Close DB connections in file.php.</li> + <li>[Change] Set headers to allow browsers to better cache attachments (Mylek pointed this out)</li> + + </ul> <a name="v301"></a><h3>1.ii. Changes since 3.0.1</h3> diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 1d325a500e..b0ea17e7fc 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -45,6 +45,8 @@ if (isset($_GET['avatar'])) $config = $cache->obtain_config(); $filename = $_GET['avatar']; $avatar_group = false; + $exit = false; + if ($filename[0] === 'g') { $avatar_group = true; @@ -55,75 +57,38 @@ if (isset($_GET['avatar'])) if (strpos($filename, '.') == false) { header('HTTP/1.0 403 Forbidden'); - if (!empty($cache)) - { - $cache->unload(); - } - $db->sql_close(); - exit; + $exit = true; } - $ext = substr(strrchr($filename, '.'), 1); - $stamp = (int) substr(stristr($filename, '_'), 1); - $filename = (int) $filename; - - // let's see if we have to send the file at all - $last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false; - if (strpos(strtolower($browser), 'msie 6.0') === false) + if (!$exit) { - if ($last_load !== false && $last_load <= $stamp) - { - if (@php_sapi_name() === 'CGI') - { - header('Status: 304 Not Modified', true, 304); - } - else - { - header('HTTP/1.0 304 Not Modified', true, 304); - } - // seems that we need those too ... browsers - header('Pragma: public'); - header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000)); - exit(); - } - else - { - header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT'); - } + $ext = substr(strrchr($filename, '.'), 1); + $stamp = (int) substr(stristr($filename, '_'), 1); + $filename = (int) $filename; + $exit = set_modified_headers($stamp, $browser); } - - if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg'))) + if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg'))) { // no way such an avatar could exist. They are not following the rules, stop the show. header("HTTP/1.0 403 Forbidden"); - if (!empty($cache)) - { - $cache->unload(); - } - $db->sql_close(); - exit; + $exit = true; } - + + + if ($exit) + { + file_gc(); + } + if (!$filename) { // no way such an avatar could exist. They are not following the rules, stop the show. header("HTTP/1.0 403 Forbidden"); - if (!empty($cache)) - { - $cache->unload(); - } - $db->sql_close(); - exit; } - - send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser); - - if (!empty($cache)) + else { - $cache->unload(); + send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser); } - $db->sql_close(); - exit; } // implicit else: we are not in avatar mode @@ -148,7 +113,7 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach']) trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); } -$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id +$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id, filetime FROM ' . ATTACHMENTS_TABLE . " WHERE attach_id = $download_id"; $result = $db->sql_query_limit($sql, 1); @@ -259,7 +224,7 @@ if (!download_allowed()) $download_mode = (int) $extensions[$attachment['extension']]['download_mode']; // Fetching filename here to prevent sniffing of filename -$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype +$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filetime FROM ' . ATTACHMENTS_TABLE . " WHERE attach_id = $download_id"; $result = $db->sql_query_limit($sql, 1); @@ -313,12 +278,12 @@ else } redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']); - exit; + file_gc(); } else { send_file_to_browser($attachment, $config['upload_path'], $display_cat); - exit; + file_gc(); } } @@ -503,27 +468,29 @@ function send_file_to_browser($attachment, $upload_dir, $category) { header("Content-Length: $size"); } + if (!set_modified_headers($attachment['filetime'], $user->browser)) + { + // Try to deliver in chunks + @set_time_limit(0); - // Try to deliver in chunks - @set_time_limit(0); - - $fp = @fopen($filename, 'rb'); + $fp = @fopen($filename, 'rb'); - if ($fp !== false) - { - while (!feof($fp)) + if ($fp !== false) + { + while (!feof($fp)) + { + echo fread($fp, 8192); + } + fclose($fp); + } + else { - echo fread($fp, 8192); + @readfile($filename); } - fclose($fp); - } - else - { - @readfile($filename); - } - flush(); - exit; + flush(); + } + file_gc(); } /** @@ -655,4 +622,48 @@ function download_allowed() return $allowed; } +/** +* Check if the browser has the file already and set the appropriate headers- +* @returns false if a resend is in order. +*/ +function set_modified_headers($stamp, $browser) +{ + // let's see if we have to send the file at all + $last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false; + if (strpos(strtolower($browser), 'msie 6.0') === false) + { + if ($last_load !== false && $last_load <= $stamp) + { + if (@php_sapi_name() === 'CGI') + { + header('Status: 304 Not Modified', true, 304); + } + else + { + header('HTTP/1.0 304 Not Modified', true, 304); + } + // seems that we need those too ... browsers + header('Pragma: public'); + header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000)); + return true; + } + else + { + header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT'); + } + } + return false; +} + +function file_gc() +{ + global $cache, $db; + if (!empty($cache)) + { + $cache->unload(); + } + $db->sql_close(); + exit; +} + ?>
\ No newline at end of file |