diff options
Diffstat (limited to 'phpBB/includes/functions_download.php')
| -rw-r--r-- | phpBB/includes/functions_download.php | 114 |
1 files changed, 65 insertions, 49 deletions
diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index 053e362682..1f409be58c 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -124,7 +124,7 @@ function wrap_img_in_html($src, $title) */ function send_file_to_browser($attachment, $upload_dir, $category) { - global $user, $db, $config, $phpbb_dispatcher, $phpbb_root_path; + global $user, $db, $phpbb_dispatcher, $phpbb_root_path, $request; $filename = $phpbb_root_path . $upload_dir . '/' . $attachment['physical_filename']; @@ -196,7 +196,7 @@ function send_file_to_browser($attachment, $upload_dir, $category) } // Now the tricky part... let's dance - header('Cache-Control: public'); + header('Cache-Control: private'); // Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer. header('Content-Type: ' . $attachment['mimetype']); @@ -206,7 +206,7 @@ function send_file_to_browser($attachment, $upload_dir, $category) header('X-Content-Type-Options: nosniff'); } - if ($category == ATTACHMENT_CATEGORY_FLASH && request_var('view', 0) === 1) + if ($category == ATTACHMENT_CATEGORY_FLASH && $request->variable('view', 0) === 1) { // We use content-disposition: inline for flash files and view=1 to let it correctly play with flash player 10 - any other disposition will fail to play inline header('Content-Disposition: inline'); @@ -274,11 +274,21 @@ function send_file_to_browser($attachment, $upload_dir, $category) send_status_line(206, 'Partial Content'); header('Content-Range: bytes ' . $range['byte_pos_start'] . '-' . $range['byte_pos_end'] . '/' . $range['bytes_total']); header('Content-Length: ' . $range['bytes_requested']); - } - while (!feof($fp)) + // First read chunks + while (!feof($fp) && ftell($fp) < $range['byte_pos_end'] - 8192) + { + echo fread($fp, 8192); + } + // Then, read the remainder + echo fread($fp, $range['bytes_requested'] % 8192); + } + else { - echo fread($fp, 8192); + while (!feof($fp)) + { + echo fread($fp, 8192); + } } fclose($fp); } @@ -441,7 +451,7 @@ function set_modified_headers($stamp, $browser) { send_status_line(304, 'Not Modified'); // seems that we need those too ... browsers - header('Cache-Control: public'); + header('Cache-Control: private'); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 31536000) . ' GMT'); return true; } @@ -549,73 +559,75 @@ function phpbb_find_range_request() */ function phpbb_parse_range_request($request_array, $filesize) { + $first_byte_pos = -1; + $last_byte_pos = -1; + // Go through all ranges foreach ($request_array as $range_string) { $range = explode('-', trim($range_string)); // "-" is invalid, "0-0" however is valid and means the very first byte. - if (sizeof($range) != 2 || $range[0] === '' && $range[1] === '') + if (count($range) != 2 || $range[0] === '' && $range[1] === '') { continue; } + // Substitute defaults if ($range[0] === '') { - // Return last $range[1] bytes. - - if (!$range[1]) - { - continue; - } + $range[0] = 0; + } - if ($range[1] >= $filesize) - { - return false; - } + if ($range[1] === '') + { + $range[1] = $filesize - 1; + } - $first_byte_pos = $filesize - (int) $range[1]; - $last_byte_pos = $filesize - 1; + if ($last_byte_pos >= 0 && $last_byte_pos + 1 != $range[0]) + { + // We only support contiguous ranges, no multipart stuff :( + return false; } - else + + if ($range[1] && $range[1] < $range[0]) { - // Return bytes from $range[0] to $range[1] + // The requested range contains 0 bytes. + continue; + } + // Return bytes from $range[0] to $range[1] + if ($first_byte_pos < 0) + { $first_byte_pos = (int) $range[0]; - $last_byte_pos = (int) $range[1]; - - if ($last_byte_pos && $last_byte_pos < $first_byte_pos) - { - // The requested range contains 0 bytes. - continue; - } + } - if ($first_byte_pos >= $filesize) - { - // Requested range not satisfiable - return false; - } + $last_byte_pos = (int) $range[1]; - // Adjust last-byte-pos if it is absent or greater than the content. - if ($range[1] === '' || $last_byte_pos >= $filesize) - { - $last_byte_pos = $filesize - 1; - } + if ($first_byte_pos >= $filesize) + { + // Requested range not satisfiable + return false; } - // We currently do not support range requests that end before the end of the file - if ($last_byte_pos != $filesize - 1) + // Adjust last-byte-pos if it is absent or greater than the content. + if ($range[1] === '' || $last_byte_pos >= $filesize) { - continue; + $last_byte_pos = $filesize - 1; } + } - return array( - 'byte_pos_start' => $first_byte_pos, - 'byte_pos_end' => $last_byte_pos, - 'bytes_requested' => $last_byte_pos - $first_byte_pos + 1, - 'bytes_total' => $filesize, - ); + if ($first_byte_pos < 0 || $last_byte_pos < 0) + { + return false; } + + return array( + 'byte_pos_start' => $first_byte_pos, + 'byte_pos_end' => $last_byte_pos, + 'bytes_requested' => $last_byte_pos - $first_byte_pos + 1, + 'bytes_total' => $filesize, + ); } /** @@ -650,6 +662,8 @@ function phpbb_increment_downloads($db, $ids) */ function phpbb_download_handle_forum_auth($db, $auth, $topic_id) { + global $phpbb_container; + $sql_array = array( 'SELECT' => 't.topic_visibility, t.forum_id, f.forum_name, f.forum_password, f.parent_id', 'FROM' => array( @@ -665,7 +679,9 @@ function phpbb_download_handle_forum_auth($db, $auth, $topic_id) $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - if ($row && $row['topic_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $row['forum_id'])) + $phpbb_content_visibility = $phpbb_container->get('content.visibility'); + + if ($row && !$phpbb_content_visibility->is_visible('topic', $row['forum_id'], $row)) { send_status_line(404, 'Not Found'); trigger_error('ERROR_NO_ATTACHMENT'); |