search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
we included a check for getimagesize() existance... now we again can suppress notices...
[phpbb.git] / phpBB / download.php
blobc24ea81425e33ae88250633e7c72d50bb776b43c
1 <?php
2 /**
3 *
4 * @package phpBB3
5 * @version $Id$
6 * @copyright (c) 2005 phpBB Group
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
8 *
9 */
10
11 /**
12 * @ignore
13 */
14 define('IN_PHPBB', true);
15 $phpbb_root_path = './';
16 $phpEx = substr(strrchr(__FILE__, '.'), 1);
17
18 if (isset($_GET['avatar']))
19 {
20 require($phpbb_root_path . 'config.' . $phpEx);
21 require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
22 require($phpbb_root_path . 'includes/cache.' . $phpEx);
23 require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
24 require($phpbb_root_path . 'includes/constants.' . $phpEx);
25
26 $db = new $sql_db();
27 $cache = new cache();
28
29 // Connect to DB
30 if (!@$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, false))
31 {
32 exit;
33 }
34 unset($dbpasswd);
35
36 $config = $cache->obtain_config();
37 $filename = $_GET['avatar'];
38 $avatar_group = false;
39 if ($filename[0] === 'g')
40 {
41 $avatar_group = true;
42 $filename = substr($filename, 1);
43 }
44
45 // '==' is not a bug - . as the first char is as bad as no dot at all
46 if (strpos($filename, '.') == false)
47 {
48 header('HTTP/1.0 403 forbidden');
49 if (!empty($cache))
50 {
51 $cache->unload();
52 }
53 $db->sql_close();
54 exit;
55 }
56
57 $ext = substr(strrchr($filename, '.'), 1);
58 $filename = intval($filename);
59
60 if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
61 {
62 // no way such an avatar could exist. They are not following the rules, stop the show.
63 header("HTTP/1.0 403 forbidden");
64 if (!empty($cache))
65 {
66 $cache->unload();
67 }
68 $db->sql_close();
69 exit;
70 }
71
72 if (!$filename)
73 {
74 // no way such an avatar could exist. They are not following the rules, stop the show.
75 header("HTTP/1.0 403 forbidden");
76 if (!empty($cache))
77 {
78 $cache->unload();
79 }
80 $db->sql_close();
81 exit;
82 }
83
84 send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext);
85
86 if (!empty($cache))
87 {
88 $cache->unload();
89 }
90 $db->sql_close();
91 exit;
92 }
93
94 // implicit else: we are not in avatar mode
95 include($phpbb_root_path . 'common.' . $phpEx);
96
97 $download_id = request_var('id', 0);
98 $mode = request_var('mode', '');
99 $thumbnail = request_var('t', false);
100
101 // Start session management, do not update session page.
102 $user->session_begin(false);
103 $auth->acl($user->data);
104 $user->setup('viewtopic');
105
106 if (!$download_id)
107 {
108 trigger_error('NO_ATTACHMENT_SELECTED');
109 }
110
111 if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
112 {
113 trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
114 }
115
116 $sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id
117 FROM ' . ATTACHMENTS_TABLE . "
118 WHERE attach_id = $download_id";
119 $result = $db->sql_query_limit($sql, 1);
120 $attachment = $db->sql_fetchrow($result);
121 $db->sql_freeresult($result);
122
123 if (!$attachment)
124 {
125 trigger_error('ERROR_NO_ATTACHMENT');
126 }
127
128 if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach']))
129 {
130 trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
131 }
132
133 $row = array();
134
135 if ($attachment['is_orphan'])
136 {
137 // We allow admins having attachment permissions to see orphan attachments...
138 $own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;
139
140 if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
141 {
142 trigger_error('ERROR_NO_ATTACHMENT');
143 }
144
145 // Obtain all extensions...
146 $extensions = $cache->obtain_attach_extensions(true);
147 }
148 else
149 {
150 if (!$attachment['in_message'])
151 {
152 //
153 $sql = 'SELECT p.forum_id, f.forum_password, f.parent_id
154 FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
155 WHERE p.post_id = ' . $attachment['post_msg_id'] . '
156 AND p.forum_id = f.forum_id';
157 $result = $db->sql_query_limit($sql, 1);
158 $row = $db->sql_fetchrow($result);
159 $db->sql_freeresult($result);
160
161 // Global announcement?
162 $f_download = (!$row) ? $auth->acl_getf_global('f_download') : $auth->acl_get('f_download', $row['forum_id']);
163
164 if ($auth->acl_get('u_download') && $f_download)
165 {
166 if ($row && $row['forum_password'])
167 {
168 // Do something else ... ?
169 login_forum_box($row);
170 }
171 }
172 else
173 {
174 trigger_error('SORRY_AUTH_VIEW_ATTACH');
175 }
176 }
177 else
178 {
179 $row['forum_id'] = false;
180 if (!$auth->acl_get('u_pm_download'))
181 {
182 trigger_error('SORRY_AUTH_VIEW_ATTACH');
183 }
184 }
185
186 // disallowed?
187 $extensions = array();
188 if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
189 {
190 trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
191 }
192 }
193
194 if (!download_allowed())
195 {
196 trigger_error($user->lang['LINKAGE_FORBIDDEN']);
197 }
198
199 $download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
200
201 // Fetching filename here to prevent sniffing of filename
202 $sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype
203 FROM ' . ATTACHMENTS_TABLE . "
204 WHERE attach_id = $download_id";
205 $result = $db->sql_query_limit($sql, 1);
206 $attachment = $db->sql_fetchrow($result);
207 $db->sql_freeresult($result);
208
209 if (!$attachment)
210 {
211 trigger_error('ERROR_NO_ATTACHMENT');
212 }
213
214 $attachment['physical_filename'] = basename($attachment['physical_filename']);
215 $display_cat = $extensions[$attachment['extension']]['display_cat'];
216
217 if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))
218 {
219 $display_cat = ATTACHMENT_CATEGORY_NONE;
220 }
221
222 if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
223 {
224 $display_cat = ATTACHMENT_CATEGORY_NONE;
225 }
226
227 if ($thumbnail)
228 {
229 $attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
230 }
231 else if (($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT_CATEGORY_IMAGE) && !$attachment['is_orphan'])
232 {
233 // Update download count
234 $sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
235 SET download_count = download_count + 1
236 WHERE attach_id = ' . $attachment['attach_id'];
237 $db->sql_query($sql);
238 }
239
240 if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && strpos(strtolower($user->browser), 'msie') !== false)
241 {
242 wrap_img_in_html(append_sid('./download.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
243 }
244 else
245 {
246 // Determine the 'presenting'-method
247 if ($download_mode == PHYSICAL_LINK)
248 {
249 // This presenting method should no longer be used
250 if (!@is_dir($phpbb_root_path . $config['upload_path']))
251 {
252 trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
253 }
254
255 redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
256 exit;
257 }
258 else
259 {
260 send_file_to_browser($attachment, $config['upload_path'], $display_cat);
261 exit;
262 }
263 }
264
265
266 /**
267 * A simplified function to deliver avatars
268 * The argument needs to be checked before calling this function.
269 */
270 function send_avatar_to_browser($file)
271 {
272 global $config, $phpbb_root_path;
273
274 $prefix = $config['avatar_salt'] . '_';
275 $image_dir = $config['avatar_path'];
276
277 // worst-case default
278 $browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';
279
280 // Adjust image_dir path (no trailing slash)
281 if (substr($image_dir, -1, 1) == '/' || substr($image_dir, -1, 1) == '\\')
282 {
283 $image_dir = substr($image_dir, 0, -1) . '/';
284 }
285 $image_dir = str_replace(array('../', '..\\', './', '.\\'), '', $image_dir);
286
287 if ($image_dir && ($image_dir[0] == '/' || $image_dir[0] == '\\'))
288 {
289 $image_dir = '';
290 }
291 $file_path = $phpbb_root_path . $image_dir . '/' . $prefix . $file;
292
293 if ((@file_exists($file_path) && @is_readable($file_path)) || headers_sent())
294 {
295 header('Pragma: public');
296
297 $image_data = @getimagesize($file_path);
298 header('Content-Type: ' . image_type_to_mime_type($image_data[2]));
299
300 if (strpos(strtolower($browser), 'msie') !== false)
301 {
302 header('Content-Disposition: attachment; ' . header_filename($file));
303
304 if (strpos(strtolower($browser), 'msie 6.0') !== false)
305 {
306 header('Expires: -1');
307 }
308 else
309 {
310 header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
311 }
312 }
313 else
314 {
315 header('Content-Disposition: inline; ' . header_filename($file));
316 header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
317 }
318
319 $size = @filesize($file_path);
320 if ($size)
321 {
322 header("Content-Length: $size");
323 }
324
325 readfile($file_path);
326 flush();
327 }
328 else
329 {
330 header('HTTP/1.0 404 not found');
331 }
332 }
333
334 /**
335 * Wraps an url into a simple html page. Used to display attachments in IE.
336 * this is a workaround for now; might be moved to template system later
337 * direct any complaints to 1 Microsoft Way, Redmond
338 */
339 function wrap_img_in_html($src, $title)
340 {
341 echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-Strict.dtd">';
342 echo '<html>';
343 echo '<head>';
344 echo '<meta http-equiv="content-type" content="text/html; charset=UTF-8" />';
345 echo '<title>' . $title . '</title>';
346 echo '</head>';
347 echo '<body>';
348 echo '<div>';
349 echo '<img src="' . $src . '" alt="' . $title . '" />';
350 echo '</div>';
351 echo '</body>';
352 echo '</html>';
353 }
354
355 /**
356 * Send file to browser
357 */
358 function send_file_to_browser($attachment, $upload_dir, $category)
359 {
360 global $user, $db, $config, $phpbb_root_path;
361
362 $filename = $phpbb_root_path . $upload_dir . '/' . $attachment['physical_filename'];
363
364 if (!@file_exists($filename))
365 {
366 trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));
367 }
368
369 // Correct the mime type - we force application/octetstream for all files, except images
370 // Please do not change this, it is a security precaution
371 if ($category != ATTACHMENT_CATEGORY_IMAGE || strpos($attachment['mimetype'], 'image') !== 0)
372 {
373 $attachment['mimetype'] = (strpos(strtolower($user->browser), 'msie') !== false || strpos(strtolower($user->browser), 'opera') !== false) ? 'application/octetstream' : 'application/octet-stream';
374 }
375
376 if (@ob_get_length())
377 {
378 @ob_end_clean();
379 }
380
381 // Now send the File Contents to the Browser
382 $size = @filesize($filename);
383
384 // To correctly display further errors we need to make sure we are using the correct headers for both (unsetting content-length may not work)
385
386 // Check if headers already sent or not able to get the file contents.
387 if (headers_sent() || !@file_exists($filename) || !@is_readable($filename))
388 {
389 // PHP track_errors setting On?
390 if (!empty($php_errormsg))
391 {
392 trigger_error($user->lang['UNABLE_TO_DELIVER_FILE'] . '<br />' . sprintf($user->lang['TRACKED_PHP_ERROR'], $php_errormsg));
393 }
394
395 trigger_error('UNABLE_TO_DELIVER_FILE');
396 }
397
398 // Now the tricky part... let's dance
399 header('Pragma: public');
400
401 /**
402 * Commented out X-Sendfile support. To not expose the physical filename within the header if xsendfile is absent we need to look into methods of checking it's status.
403 *
404 * Try X-Sendfile since it is much more server friendly - only works if the path is *not* outside of the root path...
405 * lighttpd has core support for it. An apache2 module is available at http://celebnamer.celebworld.ws/stuff/mod_xsendfile/
406 *
407 * Not really ideal, but should work fine...
408 * <code>
409 * if (strpos($upload_dir, '/') !== 0 && strpos($upload_dir, '../') === false)
410 * {
411 * header('X-Sendfile: ' . $filename);
412 * }
413 * </code>
414 */
415
416 // Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
417 header('Content-Type: ' . $attachment['mimetype']);
418
419 if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie') !== false))
420 {
421 header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
422 if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
423 {
424 header('expires: -1');
425 }
426 }
427 else
428 {
429 header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
430 }
431
432 if ($size)
433 {
434 header("Content-Length: $size");
435 }
436
437 // Try to deliver in chunks
438 @set_time_limit(0);
439
440 $fp = @fopen($filename, 'rb');
441
442 if ($fp !== false)
443 {
444 while (!feof($fp))
445 {
446 echo fread($fp, 8192);
447 }
448 fclose($fp);
449 }
450
451 flush();
452 exit;
453 }
454
455 /**
456 * Get a browser friendly UTF-8 encoded filename
457 */
458 function header_filename($file)
459 {
460 $user_agent = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
461
462 // There be dragons here.
463 // Not many follows the RFC...
464 if (strpos($user_agent, 'MSIE') !== false || strpos($user_agent, 'Safari') !== false || strpos($user_agent, 'Konqueror') !== false)
465 {
466 return "filename=" . rawurlencode($file);
467 }
468
469 // follow the RFC for extended filename for the rest
470 return "filename*=UTF-8''" . rawurlencode($file);
471 }
472
473 /**
474 * Check if downloading item is allowed
475 */
476 function download_allowed()
477 {
478 global $config, $user, $db;
479
480 if (!$config['secure_downloads'])
481 {
482 return true;
483 }
484
485 $url = (!empty($_SERVER['HTTP_REFERER'])) ? trim($_SERVER['HTTP_REFERER']) : trim(getenv('HTTP_REFERER'));
486
487 if (!$url)
488 {
489 return ($config['secure_allow_empty_referer']) ? true : false;
490 }
491
492 // Split URL into domain and script part
493 $url = @parse_url($url);
494
495 if ($url === false)
496 {
497 return ($config['secure_allow_empty_referer']) ? true : false;
498 }
499
500 $hostname = $url['host'];
501 unset($url);
502
503 $allowed = ($config['secure_allow_deny']) ? false : true;
504 $iplist = array();
505
506 if (($ip_ary = @gethostbynamel($hostname)) !== false)
507 {
508 foreach ($ip_ary as $ip)
509 {
510 if ($ip)
511 {
512 $iplist[] = $ip;
513 }
514 }
515 }
516
517 // Check for own server...
518 $server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
519
520 // Forcing server vars is the only way to specify/override the protocol
521 if ($config['force_server_vars'] || !$server_name)
522 {
523 $server_name = $config['server_name'];
524 }
525
526 if (preg_match('#^.*?' . preg_quote($server_name, '#') . '.*?$#i', $hostname))
527 {
528 $allowed = true;
529 }
530
531 // Get IP's and Hostnames
532 if (!$allowed)
533 {
534 $sql = 'SELECT site_ip, site_hostname, ip_exclude
535 FROM ' . SITELIST_TABLE;
536 $result = $db->sql_query($sql);
537
538 while ($row = $db->sql_fetchrow($result))
539 {
540 $site_ip = trim($row['site_ip']);
541 $site_hostname = trim($row['site_hostname']);
542
543 if ($site_ip)
544 {
545 foreach ($iplist as $ip)
546 {
547 if (preg_match('#^' . str_replace('*', '.*?', preg_quote($site_ip, '#')) . '$#i', $ip))
548 {
549 if ($row['ip_exclude'])
550 {
551 $allowed = ($config['secure_allow_deny']) ? false : true;
552 break 2;
553 }
554 else
555 {
556 $allowed = ($config['secure_allow_deny']) ? true : false;
557 }
558 }
559 }
560 }
561
562 if ($site_hostname)
563 {
564 if (preg_match('#^' . str_replace('*', '.*?', preg_quote($site_hostname, '#')) . '$#i', $hostname))
565 {
566 if ($row['ip_exclude'])
567 {
568 $allowed = ($config['secure_allow_deny']) ? false : true;
569 break;
570 }
571 else
572 {
573 $allowed = ($config['secure_allow_deny']) ? true : false;
574 }
575 }
576 }
577 }
578 $db->sql_freeresult($result);
579 }
580
581 return $allowed;
582 }
583
584 ?>
phpbb is a php-based BBS (buletin board system)