From 12c75a0991a59eecd274eb2b03476e80ae608eaa Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Mon, 30 Oct 2006 19:51:56 +0000 Subject: - temporarily disable x-sendfile support (we need to look into methods of checking if it is enabled/disabled or introducing a switch) - finally allow custom permission settings files (in acp/ as well as in mods/) git-svn-id: file:///svn/phpbb/trunk@6539 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/download.php | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'phpBB/download.php') diff --git a/phpBB/download.php b/phpBB/download.php index 6f4dc329f7..dd81f1df4c 100644 --- a/phpBB/download.php +++ b/phpBB/download.php @@ -222,14 +222,20 @@ function send_file_to_browser($attachment, $upload_dir, $category) // Now the tricky part... let's dance header('Pragma: public'); - // Try X-Sendfile since it is much more server friendly - only works if the path is *not* outside of the root path... - // lighttpd has core support for it. An apache2 module is available at http://celebnamer.celebworld.ws/stuff/mod_xsendfile/ - - // Not really ideal, but should work fine... - if (strpos($upload_dir, '/') !== 0 && strpos($upload_dir, '../') === false) - { - header('X-Sendfile: ' . $filename); - } + /** + * Commented out X-Sendfile support. To not expose the physical filename within the header if xsendfile is absent we need to look into methods of checking it's status. + * + * Try X-Sendfile since it is much more server friendly - only works if the path is *not* outside of the root path... + * lighttpd has core support for it. An apache2 module is available at http://celebnamer.celebworld.ws/stuff/mod_xsendfile/ + * + * Not really ideal, but should work fine... + * + * if (strpos($upload_dir, '/') !== 0 && strpos($upload_dir, '../') === false) + { + header('X-Sendfile: ' . $filename); + } + * + */ // Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer. header('Content-Type: ' . $attachment['mimetype']); -- cgit v1.2.1