From 998b4baa7197db8ac163cfbab97e1cd2eac761dc Mon Sep 17 00:00:00 2001
From: Tristan Darricau <github@nicofuma.fr>
Date: Mon, 29 Sep 2014 15:39:15 +0200
Subject: [ticket/12620] Fix download/file.php and app.php outside of the
 root_path

PHPBB3-12620
---
 phpBB/download/file.php | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'phpBB/download/file.php')

diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index 77fb455bc1..4b8309c70e 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -42,6 +42,11 @@ if (isset($_GET['avatar']))
 	$phpbb_config_php_file = new \phpbb\config_php_file($phpbb_root_path, $phpEx);
 	extract($phpbb_config_php_file->get_all());
 
+	if (!defined('PHPBB_ENVIRONMENT'))
+	{
+		@define('PHPBB_ENVIRONMENT', 'production');
+	}
+
 	if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
 	{
 		exit;
-- 
cgit v1.2.1


From b5544b2f471ce4c93b08d19919ab062725545ce8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gae=CC=88tan=20Muller?= <m.gaetan89@gmail.com>
Date: Sat, 3 Jan 2015 11:39:29 +0100
Subject: [ticket/13450] Type-hint return value of $phpbb_container->get()

PHPBB3-13450
---
 phpBB/download/file.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'phpBB/download/file.php')

diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index 4b8309c70e..047f5210df 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -71,27 +71,38 @@ if (isset($_GET['avatar']))
 	$phpbb_class_loader_ext->set_cache($phpbb_container->get('cache.driver'));
 
 	// set up caching
+	/* @var $cache \phpbb\cache\service */
 	$cache = $phpbb_container->get('cache');
 
+	/* @var $phpbb_dispatcher \phpbb\event\dispatcher */
 	$phpbb_dispatcher = $phpbb_container->get('dispatcher');
+
+	/* @var $request \phpbb\request\request_interface */
 	$request	= $phpbb_container->get('request');
+
+	/* @var $db \phpbb\db\driver\driver_interface */
 	$db			= $phpbb_container->get('dbal.conn');
+
+	/* @var $phpbb_log \phpbb\log\log_interface */
 	$phpbb_log	= $phpbb_container->get('log');
 
 	unset($dbpasswd);
 
 	request_var('', 0, false, false, $request);
 
+	/* @var $config \phpbb\config\config */
 	$config = $phpbb_container->get('config');
 	set_config(null, null, null, $config);
 	set_config_count(null, null, null, $config);
 
 	// load extensions
+	/* @var $phpbb_extension_manager \phpbb\extension\manager */
 	$phpbb_extension_manager = $phpbb_container->get('ext.manager');
 
 	// worst-case default
 	$browser = strtolower($request->header('User-Agent', 'msie 6.0'));
 
+	/* @var $phpbb_avatar_manager \phpbb\avatar\manager */
 	$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
 
 	$filename = request_var('avatar', '');
-- 
cgit v1.2.1


From 79d4ff553844fa80be4da9286239f62a45489072 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gae=CC=88tan=20Muller?= <m.gaetan89@gmail.com>
Date: Sun, 11 Jan 2015 17:32:31 +0100
Subject: [ticket/13494] Update calls to `set_config()`

PHPBB3-13494
---
 phpBB/download/file.php | 1 -
 1 file changed, 1 deletion(-)

(limited to 'phpBB/download/file.php')

diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index 047f5210df..b708992fb0 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -92,7 +92,6 @@ if (isset($_GET['avatar']))
 
 	/* @var $config \phpbb\config\config */
 	$config = $phpbb_container->get('config');
-	set_config(null, null, null, $config);
 	set_config_count(null, null, null, $config);
 
 	// load extensions
-- 
cgit v1.2.1


From a633f3484c63fe4bd70df548b3ae4bd569bdef46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gae=CC=88tan=20Muller?= <m.gaetan89@gmail.com>
Date: Sun, 11 Jan 2015 18:01:52 +0100
Subject: [ticket/13496] Update calls to `set_config_count()`

PHPBB3-13496
---
 phpBB/download/file.php | 1 -
 1 file changed, 1 deletion(-)

(limited to 'phpBB/download/file.php')

diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index b708992fb0..26a76d8438 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -92,7 +92,6 @@ if (isset($_GET['avatar']))
 
 	/* @var $config \phpbb\config\config */
 	$config = $phpbb_container->get('config');
-	set_config_count(null, null, null, $config);
 
 	// load extensions
 	/* @var $phpbb_extension_manager \phpbb\extension\manager */
-- 
cgit v1.2.1


From f6e06da4c68917dafb057bf7fe19f884a3e148c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gae=CC=88tan=20Muller?= <m.gaetan89@gmail.com>
Date: Sun, 4 Jan 2015 20:41:04 +0100
Subject: [ticket/13455] Update calls to `request_var()`

PHPBB3-13455
---
 phpBB/download/file.php | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

(limited to 'phpBB/download/file.php')

diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index 26a76d8438..235dd3c95c 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -88,8 +88,6 @@ if (isset($_GET['avatar']))
 
 	unset($dbpasswd);
 
-	request_var('', 0, false, false, $request);
-
 	/* @var $config \phpbb\config\config */
 	$config = $phpbb_container->get('config');
 
@@ -103,7 +101,7 @@ if (isset($_GET['avatar']))
 	/* @var $phpbb_avatar_manager \phpbb\avatar\manager */
 	$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
 
-	$filename = request_var('avatar', '');
+	$filename = $request->variable('avatar', '');
 	$avatar_group = false;
 	$exit = false;
 
@@ -154,9 +152,9 @@ if (isset($_GET['avatar']))
 include($phpbb_root_path . 'common.' . $phpEx);
 require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);
 
-$attach_id = request_var('id', 0);
-$mode = request_var('mode', '');
-$thumbnail = request_var('t', false);
+$attach_id = $request->variable('id', 0);
+$mode = $request->variable('mode', '');
+$thumbnail = $request->variable('t', false);
 
 // Start session management, do not update session page.
 $user->session_begin(false);
-- 
cgit v1.2.1


From c96e7ef1711932c2236620903bc256b346514dfc Mon Sep 17 00:00:00 2001
From: Tristan Darricau <tristan.darricau@sensiolabs.com>
Date: Sun, 26 Apr 2015 19:41:07 +0200
Subject: [ticket/13770] Wither interface for container_builder

PHPBB3-13770
---
 phpBB/download/file.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'phpBB/download/file.php')

diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index 235dd3c95c..9d54b824f8 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -61,11 +61,9 @@ if (isset($_GET['avatar']))
 	$phpbb_class_loader_ext = new \phpbb\class_loader('\\', "{$phpbb_root_path}ext/", $phpEx);
 	$phpbb_class_loader_ext->register();
 
-	phpbb_load_extensions_autoloaders($phpbb_root_path);
-
 	// Set up container
-	$phpbb_container_builder = new \phpbb\di\container_builder($phpbb_config_php_file, $phpbb_root_path, $phpEx);
-	$phpbb_container = $phpbb_container_builder->get_container();
+	$phpbb_container_builder = new \phpbb\di\container_builder($phpbb_root_path, $phpEx);
+	$phpbb_container = $phpbb_container_builder->with_config($phpbb_config_php_file)->get_container();
 
 	$phpbb_class_loader->set_cache($phpbb_container->get('cache.driver'));
 	$phpbb_class_loader_ext->set_cache($phpbb_container->get('cache.driver'));
-- 
cgit v1.2.1


From bd81af3b9e3174d1ea2dbf405b694e535e8b1b40 Mon Sep 17 00:00:00 2001
From: javiexin <javiexin@gmail.com>
Date: Wed, 12 Jul 2017 13:25:22 +0200
Subject: [ticket/15266] Expand functionality of content_visibility

Added new function "is_visible", and replaced several immediate
uses of the above, including a single event in the new function
to handle change in all places consistently, and much simpler.

PHPBB3-15266
---
 phpBB/download/file.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'phpBB/download/file.php')

diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index e60ffad6b0..c0837ab7a9 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -149,6 +149,8 @@ $user->session_begin(false);
 $auth->acl($user->data);
 $user->setup('viewtopic');
 
+$phpbb_content_visibility = $phpbb_container->get('content.visibility');
+
 if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
 {
 	send_status_line(404, 'Not Found');
@@ -215,7 +217,7 @@ else
 			$post_row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
 
-			if (!$post_row || ($post_row['post_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $post_row['forum_id'])))
+			if (!$post_row || !$phpbb_content_visibility->is_visible('post', $post_row['forum_id'], $post_row))
 			{
 				// Attachment of a soft deleted post and the user is not allowed to see the post
 				send_status_line(404, 'Not Found');
-- 
cgit v1.2.1