[ticket/15687] Force supplied filename to be correct and modify route

PHPBB3-15687
2025-06-07 20:08:53 +00:00 · 2023-06-28 10:51:22 +02:00 · 2023-06-28 10:51:22 +02:00 · 4e9cf239ed
commit 4e9cf239ed
parent 5cb0b267d3
9 changed files with 21 additions and 17 deletions
--- a/phpBB/config/default/routing/storage.yml
+++ b/phpBB/config/default/routing/storage.yml
@ -4,9 +4,9 @@ phpbb_storage_avatar:
        _controller:  storage.controller.avatar:handle

 phpbb_storage_attachment:
-    path:             /attachment/{file}/{filename}
+    path:             /attachment/{id}/{filename}
    defaults:
        filename: ''
-        _controller:  storage.controller.attachment:handle
+        _controller:  storage.controller.attachment:handle_attachment
    requirements:
-        file:         \d+
+        id:         \d+
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@ -47,7 +47,7 @@ $thumbnail = $request->variable('t', false);

 $response = new RedirectResponse(
 	$controller_helper->route('phpbb_storage_attachment', array(
-		'file'	=> $attach_id,
+		'id'	=> $attach_id,
 		't'		=> $thumbnail,
 	), false),
 	301
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@ -1115,7 +1115,7 @@ class acp_attachments
 						'U_FILE'			=> $this->controller_helper->route(
 							'phpbb_storage_attachment',
 							[
-								'file'		=> (int) $row['attach_id'],
+								'id'		=> (int) $row['attach_id'],
 								'filename'	=> $row['real_filename'],
 							]
 						),
@ -1311,7 +1311,7 @@ class acp_attachments
 						'U_FILE'			=> $this->controller_helper->route(
 							'phpbb_storage_attachment',
 							[
-								'file'		=> $row['attach_id'],
+								'id'		=> $row['attach_id'],
 								'filename'	=> $row['real_filename'],
 							]
 						)
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@ -2309,7 +2309,7 @@ class acp_users
 						'U_DOWNLOAD'		=> $controller_helper->route(
 							'phpbb_storage_attachment',
 							[
-								'file'		=> (int) $row['attach_id'],
+								'id'		=> (int) $row['attach_id'],
 								'filename'	=> $row['real_filename'],
 							]
 						),
--- a/phpBB/includes/functions_content.php
+++ b/phpBB/includes/functions_content.php
@ -1288,7 +1288,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a
 			$download_link = $controller_helper->route(
 				'phpbb_storage_attachment',
 				[
-					'file'		=> (int) $attachment['attach_id'],
+					'id'		=> (int) $attachment['attach_id'],
 					'filename'	=> $attachment['real_filename'],
 				]
 			);
@ -1301,7 +1301,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a
 					$inline_link = $controller_helper->route(
 						'phpbb_storage_attachment',
 						[
-							'file'		=> (int) $attachment['attach_id'],
+							'id'		=> (int) $attachment['attach_id'],
 							'filename'	=> $attachment['real_filename'],
 						]
 					);
@ -1319,7 +1319,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a
 					$thumbnail_link = $controller_helper->route(
 						'phpbb_storage_attachment',
 						[
-							'file'		=> (int) $attachment['attach_id'],
+							'id'		=> (int) $attachment['attach_id'],
 							'filename'	=> $attachment['real_filename'],
 							't'			=> 1,
 						]
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@ -872,7 +872,7 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data, $show_a
 				->route(
 					'phpbb_storage_attachment',
 					[
-						'file'		=> (int) $attach_row['attach_id'],
+						'id'		=> (int) $attach_row['attach_id'],
 						'filename'	=> $attach_row['real_filename'],
 					]
 				);
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@ -1719,7 +1719,7 @@ class parse_message extends bbcode_firstpass
 							$download_url = $controller_helper->route(
 								'phpbb_storage_attachment',
 								[
-									'file'		=> (int) $new_entry['attach_id'],
+									'id'		=> (int) $new_entry['attach_id'],
 									'filename'	=> $new_entry['real_filename'],
 								]
 							);
--- a/phpBB/includes/ucp/ucp_attachments.php
+++ b/phpBB/includes/ucp/ucp_attachments.php
@ -188,7 +188,7 @@ class ucp_attachments
 					'U_VIEW_ATTACHMENT'	=> $controller_helper->route(
 						'phpbb_storage_attachment',
 						[
-							'file'		=> (int) $row['attach_id'],
+							'id'		=> (int) $row['attach_id'],
 							'filename'	=> $row['real_filename'],
 						]
 					),
--- a/phpBB/phpbb/storage/controller/attachment.php
+++ b/phpBB/phpbb/storage/controller/attachment.php
@ -86,11 +86,14 @@ class attachment extends controller
 	}

 	/**
-	 * {@inheritdoc}
+	 * Handle attachments
+	 *
+	 * @param int $id File ID
+	 * @param string $filename Filename
 	 */
-	public function handle(string $file): Response
+	public function handle_attachment(int $id, string $filename): Response
 	{
-		$attach_id = (int) $file;
+		$attach_id = $id;
 		$thumbnail = $this->request->variable('t', false);

 		$this->language->add_lang('viewtopic');
@ -109,7 +112,8 @@ class attachment extends controller
 				is_orphan, physical_filename, real_filename, extension, mimetype,
 				filesize, filetime
 			FROM ' . ATTACHMENTS_TABLE . "
-			WHERE attach_id = $attach_id";
+			WHERE attach_id = $attach_id" .
+				(($filename) ? " AND real_filename = '" . $this->db->sql_escape($filename) . "'" : '');
 		$result = $this->db->sql_query($sql);
 		$attachment = $this->db->sql_fetchrow($result);
 		$this->db->sql_freeresult($result);