[feature/attach-dl] Added a function for checking allowed extensions

PHPBB3-11042

phpBB/download/file.php

@@ -318,26 +318,20 @@ else
 
 	// disallowed?
 	$extensions = $cache->obtain_attach_extensions($row['forum_id']);
-
+	if ($attachment)
-	if ($attachments)
 	{
-		// Remove attachments with disallowed extensions
+		$ary = array($attachment);
-		$new_ary = array();
-		foreach ($attachments as $attach)
-		{
-			if (isset($extensions['_allowed_'][$attach['extension']]))
-			{
-				$new_ary[] = $attach;
 	}
+	else
+	{
+		$ary = &$attachments;
 	}
 
-		$attachments = $new_ary;
+	if (!phpbb_check_attach_extensions($extensions, $ary))
-	}
-
-	if (($attachments && empty($attachments)) || ($attachment && !isset($extensions['_allowed_'][$attachment['extension']])))
 	{
 		send_status_line(404, 'Forbidden');
-		trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
+		$ext = ($attachment) ? $attachment['extension'] : $attachments[0]['extension'];
+		trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $ext));
 	}
 }
 

phpBB/includes/functions_download.php

@@ -613,3 +613,26 @@ function phpbb_increment_downloads($db, $ids)
 		WHERE ' . $db->sql_in_set('attach_id', $ids);
 	$db->sql_query($sql);
 }
+
+/**
+* Checks every attachment to see if it has an allowed extension
+*
+* @param array $extensions As generated by phpbb_cache_service::obtain_attach_extensions
+* @param array &$attachments An array of attachments to check
+*
+* @return bool Whether any of the attachments had allowed extensions
+*/
+function phpbb_check_attach_extensions($extensions, &$attachments)
+{
+	$new_ary = array();
+	foreach ($attachments as $attach)
+	{
+		if (isset($extensions['_allowed_'][$attach['extension']]))
+		{
+			$new_ary[] = $attach;
+		}
+	}
+
+	$attachments = $new_ary;
+	return !empty($attachments);
+}