aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB')
-rw-r--r--phpBB/download.php374
-rw-r--r--phpBB/includes/functions.php1
-rw-r--r--phpBB/includes/functions_posting.php6
-rw-r--r--phpBB/includes/message_parser.php8
-rw-r--r--phpBB/includes/template.php25
-rw-r--r--phpBB/language/en/lang_main.php5
-rw-r--r--phpBB/posting.php24
-rw-r--r--phpBB/templates/subSilver/viewtopic_attach_body.html38
-rw-r--r--phpBB/templates/subSilver/viewtopic_body.html2
-rw-r--r--phpBB/viewtopic.php308
10 files changed, 731 insertions, 60 deletions
diff --git a/phpBB/download.php b/phpBB/download.php
new file mode 100644
index 0000000000..f20612d58b
--- /dev/null
+++ b/phpBB/download.php
@@ -0,0 +1,374 @@
+<?php
+/***************************************************************************
+ * download.php
+ * -------------------
+ * begin : Thu, Apr 10, 2003
+ * copyright : (C) 2003 The phpBB Group
+ * email : support@phpbb.com
+ *
+ * $Id$
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ ***************************************************************************/
+
+
+if ( defined('IN_PHPBB') )
+{
+ die('Hacking attempt');
+ exit;
+}
+
+define('IN_PHPBB', true);
+$phpbb_root_path = './';
+include($phpbb_root_path . 'extension.inc');
+include($phpbb_root_path . 'common.'.$phpEx);
+
+//
+// Delete the / * to uncomment the block, and edit the values (read the comments) to
+// enable additional security to your board (preventing third site linkage)
+//
+/*
+define('ALLOWED_DENIED', 0);
+define('DENIED_ALLOWED', 1);
+
+//
+// From this line on you are able to edit the stuff
+//
+
+// Possible Values:
+// ALLOWED_DENIED <- First allow the listed sites, and then deny all others
+// DENIED_ALLOWED <- First deny the listed sites, and then allow all others
+$allow_deny_order = ALLOWED_DENIED;
+
+//
+// Allowed Syntax:
+// Full Domain Name -> www.opentools.de
+// Partial Domain Names -> opentools.de
+//
+$sites = array(
+ $config['server_name'], // This is your domain
+ 'phpbb.com'
+);
+
+// This is the message displayed, if someone links to this site...
+$lang['Denied_Message'] = 'You are not authorized to view, download or link to this Site.';
+
+// End of editable area
+
+//
+// Parse the order and evaluate the array
+//
+
+$site = explode('?', $HTTP_SERVER_VARS['HTTP_REFERER']);
+$url = trim($site[0]);
+//$url = $HTTP_HOST;
+
+if ($url != '')
+{
+ $allowed = ($allow_deny_order == ALLOWED_DENIED) ? FALSE : TRUE;
+
+ for ($i = 0; $i < count($sites); $i++)
+ {
+ if (strstr($url, $sites[$i]))
+ {
+ $allowed = ($allow_deny_order == ALLOWED_DENIED) ? TRUE : FALSE;
+ break;
+ }
+ }
+}
+else
+{
+ $allowed = TRUE;
+}
+
+if ($allowed == FALSE)
+{
+ trigger_error($lang['Denied_Message']);
+}
+
+// Delete the following line, to uncomment this block
+*/
+
+$download_id = (isset($_REQUEST['id'])) ? intval($_REQUEST['id']) : -1;
+$thumbnail = (isset($_REQUEST['thumb'])) ? intval($_REQUEST['thumb']) : false;
+
+function send_file_to_browser($real_filename, $mimetype, $physical_filename, $upload_dir, $attach_id)
+{
+ global $_SERVER, $HTTP_USER_AGENT, $HTTP_SERVER_VARS, $user, $db, $config;
+
+ if ($config['upload_dir'] == '')
+ {
+ $filename = $physical_filename;
+ }
+ else
+ {
+ $filename = $config['upload_dir'] . '/' . $physical_filename;
+ }
+
+ $gotit = FALSE;
+
+ if (!intval($config['allow_ftp_upload']))
+ {
+ if (@!file_exists($filename))
+ {
+ trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . "<br /><br />" . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));
+ }
+ else
+ {
+ $gotit = TRUE;
+ }
+ }
+
+ // Determine the Browser the User is using, because of some nasty incompatibilities.
+ // borrowed from phpMyAdmin. :)
+ if (!empty($_SERVER['HTTP_USER_AGENT']))
+ {
+ $HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
+ }
+ else if (!empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']))
+ {
+ $HTTP_USER_AGENT = $HTTP_SERVER_VARS['HTTP_USER_AGENT'];
+ }
+ else if (!isset($HTTP_USER_AGENT))
+ {
+ $HTTP_USER_AGENT = '';
+ }
+
+ if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
+ {
+ $browser_version = $log_version[2];
+ $browser_agent = 'opera';
+ }
+ else if (ereg('MSIE ([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
+ {
+ $browser_version = $log_version[1];
+ $browser_agent = 'ie';
+ }
+ else if (ereg('OmniWeb/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
+ {
+ $browser_version = $log_version[1];
+ $browser_agent = 'omniweb';
+ }
+ else if (ereg('Netscape([0-9]{1})', $HTTP_USER_AGENT, $log_version))
+ {
+ $browser_version = $log_version[1];
+ $browser_agent = 'netscape';
+ }
+ else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
+ {
+ $browser_version = $log_version[1];
+ $browser_agent = 'mozilla';
+ }
+ else if (ereg('Konqueror/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
+ {
+ $browser_version = $log_version[1];
+ $browser_agent = 'konqueror';
+ }
+ else
+ {
+ $browser_version = 0;
+ $browser_agent = 'other';
+ }
+
+ // Correct the Mime Type, if it's an octetstream
+ if ( ($mimetype == 'application/octet-stream') || ($mimetype == 'application/octetstream') )
+ {
+ if ( ($browser_agent == 'ie') || ($browser_agent == 'opera') )
+ {
+ $mimetype = 'application/octetstream';
+ }
+ else
+ {
+ $mimetype = 'application/octet-stream';
+ }
+ }
+
+ // Now the tricky part... let's dance
+ @ob_end_clean();
+ @ini_set('zlib.output_compression', 'Off');
+ header('Pragma: public');
+ header('Content-Transfer-Encoding: none');
+
+ // Send out the Headers
+ if ($browser_agent == 'ie')
+ {
+ header('Content-Type: ' . $mimetype);
+ header('Content-Disposition: inline; filename="' . $real_filename . '"');
+ }
+ else
+ {
+ header('Content-Type: ' . $mimetype . '; name="' . $real_filename . '"');
+ header('Content-Disposition: attachment; filename=' . $real_filename);
+ }
+
+ // Now send the File Contents to the Browser
+ if ($gotit)
+ {
+ $size = @filesize($filename);
+ if ($size)
+ {
+ header("Content-length: $size");
+ }
+ readfile($filename);
+ }
+/* else if ((!$gotit) && (intval($config['allow_ftp_upload'])))
+ {
+ $conn_id = attach_init_ftp();
+
+ $tmp_path = ( !@ini_get('safe_mode') ) ? '/tmp' : $config['upload_dir'] . '/tmp';
+ $tmp_filename = @tempnam($tmp_path, 't0000');
+
+ @unlink($tmp_filename);
+
+ $mode = FTP_BINARY;
+ if ( (preg_match("/text/i", $mimetype)) || (preg_match("/html/i", $mimetype)) )
+ {
+ $mode = FTP_ASCII;
+ }
+
+ $result = @ftp_get($conn_id, $tmp_filename, $filename, $mode);
+
+ if (!$result)
+ {
+ trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . "<br /><br />" . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));
+ }
+
+ @ftp_quit($conn_id);
+
+ $size = @filesize($tmp_filename);
+ if ($size)
+ {
+ header("Content-length: $size");
+ }
+ readfile($tmp_filename);
+ @unlink($tmp_filename);
+ }*/
+ else
+ {
+ trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . "<br /><br />" . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));
+ }
+
+ exit;
+}
+
+// Start session management
+$user->start();
+$user->setup();
+$auth->acl($user->data);
+
+if ($download_id == -1)
+{
+ trigger_error('NO_ATTACHMENT_SELECTED');
+}
+
+if (!$config['allow_attachments'])
+{
+ trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
+}
+
+$sql = 'SELECT *
+ FROM ' . ATTACHMENTS_DESC_TABLE . '
+ WHERE attach_id = ' . intval($download_id);
+$result = $db->sql_query($sql);
+
+if (!$attachment = $db->sql_fetchrow($result))
+{
+ trigger_error('ERROR_NO_ATTACHMENT');
+}
+
+// get forum_id for attachment authorization or private message authorization
+$authorised = FALSE;
+
+// Additional query, because of more than one attachment assigned to posts and private messages
+$sql = "SELECT a.*, p.forum_id
+ FROM " . ATTACHMENTS_TABLE . " a, " . POSTS_TABLE . " p
+ WHERE a.attach_id = " . $attachment['attach_id'] . "
+ AND (a.post_id = p.post_id OR a.post_id = 0)";
+$result = $db->sql_query($sql);
+
+$auth_pages = $db->sql_fetchrowset($result);
+
+for ($i = 0; $i < count($auth_pages) && $authorised == FALSE; $i++)
+{
+ if (intval($auth_pages[$i]['post_id']) != 0)
+ {
+ $forum_id = $auth_pages[$i]['forum_id'];
+
+ if ($auth->acl_get('f_download', $forum_id))
+ {
+ $authorised = TRUE;
+ }
+ }
+ else
+ {
+ if ( (intval($config['allow_pm_attach'])) && ( ($user->data['user_id'] == $auth_pages[$i]['user_id_2']) || ($user->data['user_id'] == $auth_pages[$i]['user_id_1'])) )
+ {
+ $authorised = TRUE;
+ }
+ }
+}
+
+if (!$authorised)
+{
+ trigger_error('SORRY_AUTH_VIEW_ATTACH');
+}
+
+$extensions = array();
+obtain_attach_extensions($extensions);
+
+// disallowed ?
+if ( (!in_array($attachment['extension'], $extensions['_allowed_'])) )
+{
+ trigger_error(sprintf($lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
+}
+
+$download_mode = intval($extensions[$attachment['extension']]['download_mode']);
+
+if ($thumbnail)
+{
+ $attachment['physical_filename'] = 'thumbs/t_' . $attachment['physical_filename'];
+}
+
+// Update download count
+if (!$thumbnail)
+{
+ $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . '
+ SET download_count = download_count + 1
+ WHERE attach_id = ' . $attachment['attach_id'];
+ $db->sql_query($sql);
+}
+
+// Determine the 'presenting'-method
+if ($download_mode == PHYSICAL_LINK)
+{
+ if (intval($config['allow_ftp_upload']) && $config['upload_dir'] == '')
+ {
+ trigger_error('Physical Download not possible with the current Attachment Setting');
+ }
+
+ redirect($config['upload_dir'] . '/' . $attachment['physical_filename']);
+}
+else
+{
+ if (intval($config['allow_ftp_upload']))
+ {
+ // We do not need a download path, we are not downloading physically
+ send_file_to_browser($attachment['real_filename'], $attachment['mimetype'], $attachment['physical_filename'] , '', $attachment['attach_id']);
+ exit();
+ }
+ else
+ {
+ send_file_to_browser($attachment['real_filename'], $attachment['mimetype'], $attachment['physical_filename'], $config['upload_dir'], $attachment['attach_id']);
+ exit();
+ }
+}
+
+?> \ No newline at end of file
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index fd9ae37841..cbce502231 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -796,6 +796,7 @@ function obtain_attach_extensions(&$extensions)
{
$extension = strtolower(trim($row['extension']));
+ $extensions['_allowed_'][] = $extension;
$extensions[$extension]['display_cat'] = intval($row['cat_id']);
$extensions[$extension]['download_mode'] = intval($row['download_mode']);
$extensions[$extension]['upload_icon'] = trim($row['upload_icon']);
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index eea3c611ca..3eaefe1b1b 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -574,7 +574,7 @@ function format_display($message, $html, $bbcode, $uid, $url, $smilies, $sig)
// Signature
$user_sig = ($sig && $config['allow_sig']) ? trim($user->data['user_sig']) : '';
- if ($user_sig != '' && $auth->acl_gets('f_sigs', 'm_', 'a_', $forum_id))
+ if ($user_sig != '' && $auth->acl_get('f_sigs', $forum_id))
{
if (!$auth->acl_get('f_html', $forum_id) && $user->data['user_allowhtml'])
{
@@ -733,7 +733,7 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
'topic_title' => stripslashes($subject),
'topic_time' => $current_time,
'topic_type' => $topic_type,
- 'topic_approved' => (($post_data['enable_moderate']) && !$auth->acl_gets('f_ignorequeue', 'm_', 'a_', $post_data['forum_id'])) ? 0 : 1,
+ 'topic_approved' => (($post_data['enable_moderate']) && !$auth->acl_get('f_ignorequeue', $post_data['forum_id'])) ? 0 : 1,
'icon_id' => $post_data['icon_id'],
'topic_attachment' => (sizeof($attachment_data['physical_filename'])) ? 1 : 0,
'topic_poster' => intval($user->data['user_id']),
@@ -765,7 +765,7 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
'icon_id' => $post_data['icon_id'],
'poster_ip' => $user->ip,
'post_time' => $current_time,
- 'post_approved' => ($post_data['enable_moderate'] && !$auth->acl_gets('f_ignorequeue', 'm_', 'a_', $post_data['forum_id'])) ? 0 : 1,
+ 'post_approved' => ($post_data['enable_moderate'] && !$auth->acl_get('f_ignorequeue', $post_data['forum_id'])) ? 0 : 1,
'post_edit_time' => ($mode == 'edit' && $post_data['poster_id'] == $user->data['user_id']) ? $current_time : 0,
'enable_sig' => $post_data['enable_sig'],
'enable_bbcode' => $post_data['enable_bbcode'],
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index e18abd6ce1..fcbc470b93 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -179,8 +179,6 @@ class parse_message
{
global $config, $_FILE, $_POST, $auth, $user;
- $config['max_attachments'] = 1;
-
$error = false;
$error_msg = '';
@@ -194,7 +192,7 @@ class parse_message
if ( $submit && ($mode == 'post' || $mode == 'reply' || $mode == 'edit') && $attachment_data['filename'] != '')
{
- if ( $num_attachments < $config['max_attachments'] || $auth->acl_get('m_', 'a_') )
+ if ( $num_attachments < $config['max_attachments'] ) //|| $auth->acl_gets('m_', 'a_', $forum_id) )
{
$filedata = upload_attachment($attachment_data['filename']);
@@ -326,7 +324,7 @@ class parse_message
if ((($add_file) || ($preview) ) && ($attachment_data['filename'] != '') )
{
- if ( $num_attachments < $config['max_attachments'] || $auth->acl_get('m_', 'a_') )
+ if ( $num_attachments < $config['max_attachments'] ) //|| $auth->acl_gets('m_', 'a_', $forum_id) )
{
$filedata = upload_attachment($attachment_data['filename']);
@@ -372,7 +370,7 @@ class parse_message
$err_msg = '';
// Process poll options
- if (!empty($poll_data['poll_option_text']) && (($auth->acl_get('f_poll', $forum_id) && !$poll_data['poll_last_vote']) || $auth->acl_gets('m_edit', 'a_', $forum_id)))
+ if (!empty($poll_data['poll_option_text']) && (($auth->acl_get('f_poll', $forum_id) && !$poll_data['poll_last_vote']) || $auth->acl_get('m_edit', $forum_id)))
{
if (($result = $this->parse($poll_data['poll_option_text'], $poll_data['enable_html'], $poll_data['enable_bbcode'], $poll_data['bbcode_uid'], $poll_data['enable_urls'], $poll_data['enable_smilies'], false)) != '')
{
diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php
index ceee724c81..079a40c0fe 100644
--- a/phpBB/includes/template.php
+++ b/phpBB/includes/template.php
@@ -247,6 +247,23 @@ class Template {
}
}
+ function merge_from_include($filename)
+ {
+ $handle = 'include_' . $this->include_counter++;
+
+ $this->filename[$handle] = $filename;
+ $this->files[$handle] = $this->make_filename($filename);
+
+ if (!file_exists($this->files[$handle]))
+ {
+ trigger_error("Template->pparse(): Couldn't load template file for handle $handle", E_USER_ERROR);
+ }
+
+ $content = implode('', @file($this->files[$handle]));
+
+ return ($content);
+ }
+
/**
* Root-level variable assignment. Adds to current assignments, overriding
* any existing variable assignment with the same name.
@@ -323,6 +340,14 @@ class Template {
*/
function compile($code, $do_not_echo = false, $retvar = '')
{
+ // Pull out all merging includes, to let them parse with the code
+ preg_match_all('#<!-- MERGE_INCLUDE(.*?)-->#s', $code, $matches);
+ $merge_blocks = $matches[1];
+ foreach($merge_blocks as $filename)
+ {
+ $code = preg_replace('#<!-- MERGE_INCLUDE ' . preg_quote(trim($filename)) . ' -->#s', $this->merge_from_include(trim($filename)), $code);
+ }
+
// Pull out all block/statement level elements and seperate
// plain text
preg_match_all('#<!-- PHP -->(.*?)<!-- ENDPHP -->#s', $code, $matches);
diff --git a/phpBB/language/en/lang_main.php b/phpBB/language/en/lang_main.php
index 917fdaf9fa..1438e565ff 100644
--- a/phpBB/language/en/lang_main.php
+++ b/phpBB/language/en/lang_main.php
@@ -476,6 +476,11 @@ $lang = array(
'ATTACHMENT_TOO_BIG' => 'The Attachment is too big, maximum size is %1d %2s',
'ATTACH_QUOTA_REACHED' => 'Sorry, the total board attachment quota has been reached.',
+ 'EXTENSION_DISABLED_AFTER_POSTING' => 'The Extension \'%s\' has been deactivated by an board admin, therefore this Attachment is not displayed.', // used in Posts and PM's, replace %s with extension
+ 'DESCRIPTION' => 'Description',
+ 'DOWNLOAD' => 'Download',
+ 'FILESIZE' => 'Filesize',
+ 'FILE_NOT_FOUND_404' => '<b>404 File Not Found:</b> The File <i>%s</i> does not exist.',
'User_control_panel' => 'User Control Panel',
'UCP_Main' => 'Control Panel',
diff --git a/phpBB/posting.php b/phpBB/posting.php
index a3d81beae9..df9bd66025 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -327,22 +327,22 @@ if ($mode != 'post' && $user->data['user_id'] != ANONYMOUS)
// Collect general Permissions to be used within the complete page
$perm = array(
- 'm_lock' => $auth->acl_gets('m_lock', 'a_', $forum_id),
- 'm_edit' => $auth->acl_gets('m_edit', 'a_', $forum_id),
- 'm_delete' => $auth->acl_gets('m_delete', 'a_', $forum_id),
+ 'm_lock' => $auth->acl_get('m_lock', $forum_id),
+ 'm_edit' => $auth->acl_get('m_edit', $forum_id),
+ 'm_delete' => $auth->acl_get('m_delete', $forum_id),
'u_delete' => $auth->acl_get('f_delete', $forum_id),
- 'f_attach' => $auth->acl_get('f_attach', 'a_', $forum_id),
- 'f_news' => $auth->acl_gets('f_news', 'm_', 'a_', $forum_id),
- 'f_announce' => $auth->acl_gets('f_announce', 'm_', 'a_', $forum_id),
- 'f_sticky' => $auth->acl_gets('f_sticky', 'm_', 'a_', $forum_id),
- 'f_ignoreflood' => $auth->acl_gets('f_ignoreflood', 'm_', 'a_', $forum_id),
- 'f_sigs' => $auth->acl_gets('f_sigs', 'm_', 'a_', $forum_id),
- 'f_save' => $auth->acl_gets('f_save', 'm_', 'a_', $forum_id)
+ 'f_attach' => $auth->acl_get('f_attach', $forum_id),
+ 'f_news' => $auth->acl_get('f_news', $forum_id),
+ 'f_announce' => $auth->acl_get('f_announce', $forum_id),
+ 'f_sticky' => $auth->acl_get('f_sticky', $forum_id),
+ 'f_ignoreflood' => $auth->acl_get('f_ignoreflood', $forum_id),
+ 'f_sigs' => $auth->acl_get('f_sigs', $forum_id),
+ 'f_save' => $auth->acl_get('f_save', $forum_id)
);
-if ( (!$auth->acl_gets('f_' . $mode, 'm_', 'a_', $forum_id)) && ($forum_postable) )
+if ( (!$auth->acl_get('f_' . $mode, $forum_id)) && ($forum_postable) )
{
trigger_error($user->lang['USER_CANNOT_' . strtoupper($mode)]);
}
@@ -625,7 +625,7 @@ if ($preview)
$preview_subject = (sizeof($censors)) ? preg_replace($censors['match'], $censors['replace'], $subject) : $subject;
// Poll Preview
- if ( ( ($mode == 'post') || ( ($mode == 'edit') && ($post_id == $topic_first_post_id) && (empty($poll_last_vote)) )) && ( ($auth->acl_get('f_poll', $forum_id)) || ($auth->acl_gets('m_edit', 'a_', $forum_id)) ))
+ if ( ( ($mode == 'post') || ( ($mode == 'edit') && ($post_id == $topic_first_post_id) && (empty($poll_last_vote)) )) && ( ($auth->acl_get('f_poll', $forum_id)) || ($auth->acl_get('m_edit', $forum_id)) ))
{
decode_text($poll_title);
$preview_poll_title = format_display(stripslashes($poll_title), $enable_html, $enable_bbcode, $bbcode_uid, $enable_urls, $enable_smilies, false, false);
diff --git a/phpBB/templates/subSilver/viewtopic_attach_body.html b/phpBB/templates/subSilver/viewtopic_attach_body.html
new file mode 100644
index 0000000000..eb91497d1b
--- /dev/null
+++ b/phpBB/templates/subSilver/viewtopic_attach_body.html
@@ -0,0 +1,38 @@
+<br /><br />
+<!-- BEGIN attachment -->
+<hr /><br />
+ <!-- IF postrow.attachment.IS_DENIED -->
+ <span class="postbody">[{postrow.attachment.L_DENIED}]</span><br /><br />
+ <!-- ENDIF -->
+ <!-- IF postrow.attachment.IS_STREAM -->
+ <span class="postbody">{postrow.attachment.COMMENT}</span><br />
+ <object id="wmp" classid="CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95" codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=6,0,0,0" standby="Loading Microsoft Windows Media Player components..." type="application/x-oleobject">
+ <param name="FileName" value="{postrow.attachment.U_DOWNLOAD_LINK}">
+ <param name="ShowControls" value="1">
+ <param name="ShowDisplay" value="0">
+ <param name="ShowStatusBar" value="1">
+ <param name="AutoSize" value="1">
+ <param name="AutoStart" value="0">
+ <param name="Visible" value="1">
+ <param name="AnimationStart" value="0">
+ <param name="Loop" value="0">
+ <embed type="application/x-mplayer2" pluginspage="http://www.microsoft.com/windows95/downloads/contents/wurecommended/s_wufeatured/mediaplayer/default.asp" src="{postrow.attachment.U_DOWNLOAD_LINK}" name=MediaPlayer2 showcontrols=1 showdisplay=0 showstatusbar=1 autosize=1 autostart=0 visible=1 animationatstart=0 loop=0></embed>
+ </object>
+ <br /><span class="gensmall">{postrow.attachment.DOWNLOAD_NAME} - {postrow.attachment.L_DOWNLOAD_COUNT}</span><br /><br />
+ <!-- ELSEIF postrow.attachment.IS_IMAGE -->
+ <span class="postbody">{postrow.attachment.COMMENT}<br />
+ <img src="{postrow.attachment.U_DOWNLOAD_LINK}" alt="{postrow.attachment.DOWNLOAD_NAME}" /></span>
+ <br /><span class="gensmall">{postrow.attachment.DOWNLOAD_NAME} - {postrow.attachment.L_DOWNLOAD_COUNT}</span><br /><br />
+ <!-- ELSEIF postrow.attachment.IS_THUMBNAIL -->
+ <span class="postbody">{postrow.attachment.COMMENT}<br />
+ <a href="{postrow.attachment.U_DOWNLOAD_LINK}" target="_blank"><img src="{postrow.attachment.IMG_THUMB_SRC}" alt="{postrow.attachment.DOWNLOAD_NAME}" border="0" /></a></span>
+ <br /><span class="gensmall">{postrow.attachment.DOWNLOAD_NAME} - {postrow.attachment.L_DOWNLOAD_COUNT}</span><br /><br />
+ <!-- ELSE -->
+ <span class="postbody">{postrow.attachment.COMMENT}</span><br />
+ <span class="postbody">{postrow.attachment.UPLOAD_IMG}
+ <a href="{postrow.attachment.U_DOWNLOAD_LINK}" target="_blank">{postrow.attachment.DOWNLOAD_NAME}</a> - {postrow.attachment.FILESIZE} {postrow.attachment.SIZE_VAR}<br /></span>
+ <span class="gensmall">{postrow.attachment.L_DOWNLOAD_COUNT}</span><br /><br />
+ <!-- ENDIF -->
+
+ {postrow.attachment.HELLO}
+<!-- END attachment -->
diff --git a/phpBB/templates/subSilver/viewtopic_body.html b/phpBB/templates/subSilver/viewtopic_body.html
index 697920f48a..6318bf794b 100644
--- a/phpBB/templates/subSilver/viewtopic_body.html
+++ b/phpBB/templates/subSilver/viewtopic_body.html
@@ -128,7 +128,7 @@
</tr>
<!-- ENDIF -->
<tr>
- <td><span class="postbody">{postrow.MESSAGE}{postrow.SIGNATURE}</span><span class="gensmall">{postrow.EDITED_MESSAGE}</span></td>
+ <td><span class="postbody">{postrow.MESSAGE}<!-- IF postrow.S_HAS_ATTACHMENTS --></span><!-- MERGE_INCLUDE viewtopic_attach_body.html --><span class="postbody"><!-- ENDIF -->{postrow.SIGNATURE}</span><span class="gensmall">{postrow.EDITED_MESSAGE}</span></td>
</tr>
</table></td>
</tr>
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 7df4d6bc8b..cd1d8313ff 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -160,7 +160,7 @@ if (!$forum_id)
{
$forum_id = 2;
}
-$sql = "SELECT t.topic_id, t.forum_id AS real_forum_id, t.topic_title, t.topic_status, " . (($auth->acl_get('m_approve')) ? 't.topic_replies_real AS topic_replies' : 't.topic_replies') . ", t.topic_time, t.topic_type, t.poll_start, t.poll_length, t.poll_title, f.forum_name, f.forum_desc, f.forum_parents, f.parent_id, f.left_id, f.right_id, f.forum_status, f.forum_id, f.forum_style" . $extra_fields . "
+$sql = "SELECT t.topic_id, t.forum_id AS real_forum_id, t.topic_title, t.topic_attachment, t.topic_status, " . (($auth->acl_get('m_approve')) ? 't.topic_replies_real AS topic_replies' : 't.topic_replies') . ", t.topic_time, t.topic_type, t.poll_start, t.poll_length, t.poll_title, f.forum_name, f.forum_desc, f.forum_parents, f.parent_id, f.left_id, f.right_id, f.forum_status, f.forum_id, f.forum_style" . $extra_fields . "
FROM " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f" . $join_sql_table . "
WHERE $join_sql
AND (f.forum_id = t.forum_id
@@ -195,6 +195,13 @@ if (!empty($post_id))
$start = floor(($prev_posts - 1) / $config['posts_per_page']) * $config['posts_per_page'];
}
+// Fill extension informations, if this topic has attachments
+$extensions = array();
+
+if ($topic_attachment)
+{
+ obtain_attach_extensions($extensions);
+}
// Are we watching this topic?
$s_watching_topic = '';
@@ -464,10 +471,33 @@ if (!empty($poll_start))
// Container for user details, only process once
-$user_cache = $attach_list = array();
+$user_cache = $attachments = $attach_list = array();
$force_encoding = '';
$i = 0;
+// Pull attachment data
+if ( ($config['allow_attachments']) && ($topic_attachment) && ($auth->acl_get('f_download', $forum_id)) )
+{
+ $sql = "SELECT a.post_id, p.topic_id, d.*
+ FROM " . ATTACHMENTS_TABLE . " a, " . ATTACHMENTS_DESC_TABLE . " d, " . POSTS_TABLE . " p
+ WHERE p.topic_id = " . $topic_id . "
+ AND p.post_id = a.post_id
+ AND a.attach_id = d.attach_id
+ AND p.post_attachment = 1
+ ORDER BY d.filetime " . ((!$config['display_order']) ? "ASC" : "DESC") . ", a.post_id ASC";
+ $result = $db->sql_query($sql);
+
+ if ($row = $db->sql_fetchrow($result))
+ {
+ do
+ {
+ $attachments[$row['post_id']][] = $row;
+ }
+ while ($row = $db->sql_fetchrow($result));
+ }
+ $db->sql_freeresult($result);
+}
+
// Go ahead and pull all data for this topic
$sql = "SELECT u.username, u.user_id, u.user_posts, u.user_from, u.user_karma, u.user_website, u.user_email, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_viewemail, u.user_rank, u.user_sig, u.user_avatar, u.user_avatar_type, u.user_avatar_width, u.user_avatar_height, p.*
FROM " . POSTS_TABLE . " p, " . USERS_TABLE . " u
@@ -723,9 +753,9 @@ if ($row = $db->sql_fetchrow($result))
// Does post have an attachment? If so, add it to the list
- if ($row['post_attachment'])
+ if ( ($row['post_attachment']) && ($config['allow_attachments']) && ($auth->acl_get('f_download', $forum_id)) )
{
- $attach_list[] = $post_id;
+ $attach_list[] = $row['post_id'];
}
@@ -872,7 +902,7 @@ if ($row = $db->sql_fetchrow($result))
'YIM_IMG' => $user_cache[$poster_id]['yim_img'],
'YIM' => $user_cache[$poster_id]['yim'],
- 'S_POST_REPORTED' => ($row['post_reported'] && $auth->acl_gets('m_', $forum_id)) ? TRUE : FALSE,
+ 'S_POST_REPORTED' => ($row['post_reported'] && $auth->acl_get('m_', $forum_id)) ? TRUE : FALSE,
'U_REPORT' => "report.$phpEx$SID&amp;p=" . $row['post_id'],
'U_MCP_REPORT' => ($auth->acl_get('f_report', $forum_id)) ? "mcp.$phpEx$SID&amp;mode=post_details&amp;p=" . $row['post_id'] : '',
@@ -882,12 +912,234 @@ if ($row = $db->sql_fetchrow($result))
'S_ROW_COUNT' => $i++,
+ 'S_HAS_ATTACHMENTS' => ($row['post_attachment']) ? TRUE : FALSE,
'S_POST_UNAPPROVED' => ($row['post_approved']) ? FALSE : TRUE,
'U_MCP_APPROVE' => "mcp.$phpEx$SID&amp;mode=approve&amp;p=" . $row['post_id'],
'U_MINI_POST' => $mini_post_url,
'U_POST_ID' => $u_post_id
));
+
+ // Process Attachments for this post
+ if (sizeof($attachments[$row['post_id']]) && $row['post_attachment'])
+ {
+ foreach($attachments[$row['post_id']] as $attachment)
+ {
+ // Some basics...
+ $attachment['extension'] = strtolower(trim($attachment['extension']));
+ $filename = $config['upload_dir'] . '/' . $attachment['physical_filename'];
+ $thumbnail_filename = $config['upload_dir'] . '/thumbs/t_' . $attachment['physical_filename'];
+
+ $upload_image = '';
+
+ if ( ($user->img('icon_attach', '') != '') && (trim($extensions[$attachment['extension']]['upload_icon']) == '') )
+ {
+ $upload_image = $user->img('icon_attach', '');
+ }
+ else if (trim($extensions[$attachment['extension']]['upload_icon']) != '')
+ {
+ $upload_image = '<img src="' . trim($extensions[$attachment['extension']]['upload_icon']) . '" alt="" border="0" />';
+ }
+
+ $filesize = $attachment['filesize'];
+ $size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
+ if ($filesize >= 1048576)
+ {
+ $filesize = (round((round($filesize / 1048576 * 100) / 100), 2));
+ }
+ else if ($filesize >= 1024)
+ {
+ $filesize = (round((round($filesize / 1024 * 100) / 100), 2));
+ }
+
+ $display_name = $attachment['real_filename'];
+ $comment = stripslashes(trim(nl2br($attachment['comment'])));
+
+ $denied = false;
+ $update_count = false;
+
+ // Admin is allowed to view forbidden Attachments, but the error-message is displayed too to inform the Admin
+ if ( (!in_array($attachment['extension'], $extensions['_allowed_'])) )
+ {
+ $denied = true;
+
+ $template->assign_block_vars('postrow.attachment', array(
+ 'IS_DENIED' => true,
+ 'L_DENIED' => sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']))
+ );
+ }
+
+ if (!$denied)
+ {
+ // define category
+ $image = FALSE;
+ $stream = FALSE;
+// $swf = FALSE;
+ $thumbnail = FALSE;
+ $link = FALSE;
+
+ $l_downloaded_viewed = '';
+ $download_link = '';
+ $additional_array = array();
+
+ switch (intval($extensions[$attachment['extension']]['display_cat']))
+ {
+ case STREAM_CAT:
+ $stream = TRUE;
+ break;
+/* case SWF_CAT:
+ $swf = TRUE;
+ break;*/
+ case IMAGE_CAT:
+ if (intval($config['img_display_inlined']))
+ {
+ if ( (intval($config['img_link_width']) != 0) || (intval($config['img_link_height']) != 0) )
+ {
+ list($width, $height) = image_getdimension($filename);
+
+ $image = (($width == 0) && ($height == 0)) ? true : ((($width <= intval($config['img_link_width'])) && ($height <= intval($config['img_link_height']))) ? true : false);
+ }
+ }
+ else
+ {
+ $image = TRUE;
+ }
+
+ if ($attachment['thumbnail'])
+ {
+ $thumbnail = TRUE;
+ $image = FALSE;
+ }
+ break;
+ }
+
+
+ if ( (!$image) && (!$stream) /*&& (!$swf)*/ && (!$thumbnail) )
+ {
+ $link = TRUE;
+ }
+
+ if ($image)
+ {
+ // Images
+ // NOTE: If you want to use the download.php everytime an image is displayed inlined, replace the
+ // Section between BEGIN and END with (Without the // of course):
+ // $img_source = $phpbb_root_path . 'download.' . $phpEx . $SID . '&amp;id=' . $attachment['attach_id'];
+ // $download_link = TRUE;
+ //
+ // BEGIN
+ if ((intval($config['ftp_upload'])) && (trim($config['upload_dir']) == ''))
+ {
+ $img_source = $phpbb_root_path . 'download.' . $phpEx . $SID . '&amp;id=' . $attachment['attach_id'];
+ $download_link = TRUE;
+ }
+ else
+ {
+ $img_source = $filename;
+ $download_link = FALSE;
+ }
+ // END
+
+ $l_downloaded_viewed = $user->lang['VIEWED'];
+ $download_link = $img_source;
+
+ // Directly Viewed Image ... update the download count
+ if (!$download_link)
+ {
+ $update_count = true;
+ }
+ }
+
+ if ($thumbnail)
+ {
+ // Images, but display Thumbnail
+ // NOTE: If you want to use the download.php everytime an thumnmail is displayed inlined, replace the
+ // Section between BEGIN and END with (Without the // of course):
+ // $thumb_source = $phpbb_root_path . 'download.' . $phpEx . $SID . '&amp;id=' . $attachment['attach_id'] . '&amp;thumb=1';
+ //
+ // BEGIN
+ if ( (intval($config['allow_ftp_upload'])) && (trim($config['upload_dir']) == '') )
+ {
+ $thumb_source = $phpbb_root_path . 'download.' . $phpEx . $SID . '&amp;id=' . $attachment['attach_id'] . '&thumb=1';
+ }
+ else
+ {
+ $thumb_source = $thumbnail_filename;
+ }
+ // END
+
+ $l_downloaded_viewed = $user->lang['VIEWED'];
+ $download_link = $phpbb_root_path . 'download.' . $phpEx . $SID . '&amp;id=' . $attachment['attach_id'];
+
+ $additional_array = array(
+ 'IMG_THUMB_SRC' => $thumb_source
+ );
+ }
+
+ if ($stream)
+ {
+ // Streams
+ $l_downloaded_viewed = $user->lang['VIEWED'];
+ $download_link = $filename;
+// $download_link = $phpbb_root_path . 'download.' . $phpEx . $SID . '&amp;id=' . $attachment['attach_id'];
+
+ // Viewed/Heared File ... update the download count (download.php is not called here)
+ $update_count = true;
+ }
+/*
+ if ($swf)
+ {
+ // Macromedia Flash Files
+ list($width, $height) = swf_getdimension($filename);
+
+ $l_downloaded_viewed = $user->lang['VIEWED'];
+ $download_link = $filename;
+
+ $additional_array = array(
+ 'WIDTH' => $width,
+ 'HEIGHT' => $height
+ );
+
+ // Viewed/Heared File ... update the download count (download.php is not called here)
+ $update_count = true;
+ }
+*/
+ if ($link)
+ {
+ $l_downloaded_viewed = $user->lang['DOWNLOADED'];
+ $download_link = $phpbb_root_path . 'download.' . $phpEx . $SID . '&amp;id=' . $attachment['attach_id'];
+ }
+
+ if ($image || $thumbnail || $stream || $thumbnail || $link)
+ {
+ $template_array = array_merge($additional_array, array(
+// 'IS_FLASH' => ($swf) ? true : false,
+ 'IS_STREAM' => ($stream) ? true : false,
+ 'IS_THUMBNAIL' => ($thumbnail) ? true : false,
+ 'IS_IMAGE' => ($image) ? true : false,
+ 'U_DOWNLOAD_LINK' => $download_link,
+ 'UPLOAD_IMG' => $upload_image,
+ 'DOWNLOAD_NAME' => $display_name,
+ 'FILESIZE' => $filesize,
+ 'SIZE_VAR' => $size_lang,
+ 'COMMENT' => $comment,
+ 'L_DOWNLOADED_VIEWED' => $l_downloaded_viewed,
+ 'L_DOWNLOAD_COUNT' => sprintf($user->lang['DOWNLOAD_NUMBER'], $attachment['download_count']))
+ );
+
+ $template->assign_block_vars('postrow.attachment', $template_array);
+ }
+
+ if ($update_count)
+ {
+ $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . '
+ SET download_count = download_count + 1
+ WHERE attach_id = ' . $attachment['attach_id'];
+ $db->sql_query($sql);
+ }
+ }
+ }
+ }
}
while ($row = $db->sql_fetchrow($result));
@@ -898,43 +1150,21 @@ else
trigger_error($user->lang['NO_TOPIC']);
}
-// If we have attachments, grab them ...
-if (sizeof($attach_list))
+// No attachments exist, but post table thinks they do
+// so go ahead and reset post_attach flags
+if ( (sizeof($attach_list)) && (count($attachments) == 0) )
{
- $sql = "SELECT a.post_id, d.*
- FROM " . ATTACHMENTS_TABLE . " a, " . ATTACHMENTS_DESC_TABLE . " d
- WHERE a.post_id IN (" . implode(', ', $attach_list) . ")
- AND a.attach_id = d.attach_id
- ORDER BY d.filetime " . ((!$config['display_order']) ? "ASC" : "DESC");
- $result = $db->sql_query($sql);
-
- $extensions = array();
- obtain_attach_extensions($extensions);
-
- if ($db->sql_fetchrow($result))
- {
-
- do
- {
- }
- while ($db->sql_fetchrow($result));
- }
- else
- {
- // No attachments exist, but post table thinks they do
- // so go ahead and reset post_attach flags
- $sql = "UPDATE " . POSTS_TABLE . "
- SET post_attachment = 0
- WHERE post_id IN (" . implode(', ', $attach_list) . ")";
- $db->sql_query($sql);
-
- // We need to update the topic indicator too if the
- // complete topic is now without an attachment
- }
- $db->sql_freeresult($result);
+ echo "DELETE THOSE STUFF";
+/*
+ $sql = "UPDATE " . POSTS_TABLE . "
+ SET post_attachment = 0
+ WHERE post_id IN (" . implode(', ', $attach_list) . ")";
+ $db->sql_query($sql);
+*/
+ // We need to update the topic indicator too if the
+ // complete topic is now without an attachment
}
-
// Mark topics read
markread('topic', $forum_id, $topic_id, $forum_topic_data['topic_last_post_id']);