makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'ticket/bantu/9790' into develop

Browse source 
* ticket/bantu/9790:
  [ticket/9790] Support for lighttpd's X-Sendfile header for attachments.
  [ticket/9790] Support for nginx's X-Accel-Redirect header for attachments.
  [ticket/9790] Always call file_gc(false) before sending the file.
  [ticket/9790] Add $exit parameter to file_gc().
This commit is contained in:
Igor Wiedler 2011-01-18 21:09:13 +01:00
commit 40cf8b1c0a
3 changed files with 55 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
phpBB/docs/lighttpd.sample.conf
View file

@ -3,6 +3,15 @@
# from your system's lighttpd.conf. # from your system's lighttpd.conf.
# Tested with lighttpd 1.4.26 # Tested with lighttpd 1.4.26
# If you want to use the X-Sendfile feature,
# uncomment the 'allow-x-send-file' for the fastcgi
# server below and add the following to your config.php
#
# define('PHPBB_ENABLE_X_SENDFILE', true);
#
# See http://blog.lighttpd.net/articles/2006/07/02/x-sendfile
# for the details on X-Sendfile.
# Load moules # Load moules
server.modules += ( server.modules += (
"mod_access", "mod_access",
@ -54,6 +63,7 @@ $HTTP["host"] == "www.myforums.com" {
"bin-copy-environment" => ( "bin-copy-environment" => (
"PATH", "SHELL", "USER" "PATH", "SHELL", "USER"
), ),
#"allow-x-send-file" => "enable",
"broken-scriptfilename" => "enable" "broken-scriptfilename" => "enable"
)) ))
) )

8
phpBB/docs/nginx.sample.conf
View file

@ -3,6 +3,14 @@
# from your system's nginx.conf. # from your system's nginx.conf.
# Tested with nginx 0.8.35. # Tested with nginx 0.8.35.
# If you want to use the X-Accel-Redirect feature,
# add the following to your config.php.
#
# define('PHPBB_ENABLE_X_ACCEL_REDIRECT', true);
#
# See http://wiki.nginx.org/XSendfile for the details
# on X-Accel-Redirect.
http { http {
# Compression - requires gzip and gzip static modules. # Compression - requires gzip and gzip static modules.
gzip on; gzip on;

57
phpBB/includes/functions_download.php
View file

@ -170,21 +170,6 @@ function send_file_to_browser($attachment, $upload_dir, $category)
// Now the tricky part... let's dance // Now the tricky part... let's dance
header('Pragma: public'); header('Pragma: public');
/**
* Commented out X-Sendfile support. To not expose the physical filename within the header if xsendfile is absent we need to look into methods of checking it's status.
*
* Try X-Sendfile since it is much more server friendly - only works if the path is *not* outside of the root path...
* lighttpd has core support for it. An apache2 module is available at http://celebnamer.celebworld.ws/stuff/mod_xsendfile/
*
* Not really ideal, but should work fine...
* <code>
* if (strpos($upload_dir, '/') !== 0 && strpos($upload_dir, '../') === false)
* {
* header('X-Sendfile: ' . $filename);
* }
* </code>
*/
// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer. // Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
$is_ie8 = (strpos(strtolower($user->browser), 'msie 8.0') !== false); $is_ie8 = (strpos(strtolower($user->browser), 'msie 8.0') !== false);
header('Content-Type: ' . $attachment['mimetype']); header('Content-Type: ' . $attachment['mimetype']);
@ -224,11 +209,29 @@ function send_file_to_browser($attachment, $upload_dir, $category)
header("Content-Length: $size"); header("Content-Length: $size");
} }
// Close the db connection before sending the file // Close the db connection before sending the file etc.
$db->sql_close(); file_gc(false);
if (!set_modified_headers($attachment['filetime'], $user->browser)) if (!set_modified_headers($attachment['filetime'], $user->browser))
{ {
// We make sure those have to be enabled manually by defining a constant
// because of the potential disclosure of full attachment path
// in case support for features is absent in the webserver software.
if (defined('PHPBB_ENABLE_X_ACCEL_REDIRECT') && PHPBB_ENABLE_X_ACCEL_REDIRECT)
{
// X-Accel-Redirect - http://wiki.nginx.org/XSendfile
header('X-Accel-Redirect: ' . $user->page['root_script_path'] . $upload_dir . '/' . $attachment['physical_filename']);
exit;
}
else if (defined('PHPBB_ENABLE_X_SENDFILE') && PHPBB_ENABLE_X_SENDFILE && !phpbb_http_byte_range($size))
{
// X-Sendfile - http://blog.lighttpd.net/articles/2006/07/02/x-sendfile
// Lighttpd's X-Sendfile does not support range requests as of 1.4.26
// and always requires an absolute path.
header('X-Sendfile: ' . dirname(__FILE__) . "/../$upload_dir/{$attachment['physical_filename']}");
exit;
}
// Try to deliver in chunks // Try to deliver in chunks
@set_time_limit(0); @set_time_limit(0);
@ -259,7 +262,8 @@ function send_file_to_browser($attachment, $upload_dir, $category)
flush(); flush();
} }
file_gc();
exit;
} }
/** /**
@ -417,15 +421,28 @@ function set_modified_headers($stamp, $browser)
return false; return false;
} }
function file_gc() /**
* Garbage Collection
*
* @param bool $exit Whether to die or not.
*
* @return void
*/
function file_gc($exit = true)
{ {
global $cache, $db; global $cache, $db;
if (!empty($cache)) if (!empty($cache))
{ {
$cache->unload(); $cache->unload();
} }
$db->sql_close(); $db->sql_close();
exit;
if ($exit)
{
exit;
}
} }
/** /**