makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/attach-dl] Use extension_allowed() again.

Browse source 
PHPBB3-11042
This commit is contained in:
Andreas Fischer 2012-08-07 13:51:07 +02:00
parent d6e8fbf94a
commit 4b06a220af
2 changed files with 2 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
phpBB/download/file.php
View file

@ -290,11 +290,8 @@ else if ($download_id)
} }
} }
// disallowed? $extensions = array();
$extensions = $cache->obtain_attach_extensions($row['forum_id']); if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
$attachments_filtered = phpbb_filter_disallowed_extensions($extensions, array($attachment));
if (empty($attachments_filtered))
{ {
send_status_line(404, 'Forbidden'); send_status_line(404, 'Forbidden');
trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));

22
phpBB/includes/functions_download.php
View file

@ -613,25 +613,3 @@ function phpbb_increment_downloads($db, $ids)
WHERE ' . $db->sql_in_set('attach_id', $ids); WHERE ' . $db->sql_in_set('attach_id', $ids);
$db->sql_query($sql); $db->sql_query($sql);
} }
/**
* Checks every attachment to see if it has an allowed extension
*
* @param array $extensions As generated by phpbb_cache_service::obtain_attach_extensions
* @param array $attachments An array of attachment row to check
*
* @return array Array of attachment rows with allowed extension
*/
function phpbb_filter_disallowed_extensions($extensions, $attachments)
{
$result = array();
foreach ($attachments as $key => $row)
{
if (isset($extensions['_allowed_'][$row['extension']]))
{
$result[$key] = $row;
}
}
return $result;
}