diff --git a/phpBB/config/default/routing/storage.yml b/phpBB/config/default/routing/storage.yml index 1149d8cf69..ec66c8f544 100644 --- a/phpBB/config/default/routing/storage.yml +++ b/phpBB/config/default/routing/storage.yml @@ -4,9 +4,9 @@ phpbb_storage_avatar: _controller: storage.controller.avatar:handle phpbb_storage_attachment: - path: /attachment/{file}/{filename} + path: /attachment/{id}/{filename} defaults: filename: '' - _controller: storage.controller.attachment:handle + _controller: storage.controller.attachment:handle_attachment requirements: - file: \d+ + id: \d+ diff --git a/phpBB/download/file.php b/phpBB/download/file.php index c71cc2274c..e1eddf5bba 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -47,7 +47,7 @@ $thumbnail = $request->variable('t', false); $response = new RedirectResponse( $controller_helper->route('phpbb_storage_attachment', array( - 'file' => $attach_id, + 'id' => $attach_id, 't' => $thumbnail, ), false), 301 diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 8b4806a6bf..f8969f8007 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -1115,7 +1115,7 @@ class acp_attachments 'U_FILE' => $this->controller_helper->route( 'phpbb_storage_attachment', [ - 'file' => (int) $row['attach_id'], + 'id' => (int) $row['attach_id'], 'filename' => $row['real_filename'], ] ), @@ -1311,7 +1311,7 @@ class acp_attachments 'U_FILE' => $this->controller_helper->route( 'phpbb_storage_attachment', [ - 'file' => $row['attach_id'], + 'id' => $row['attach_id'], 'filename' => $row['real_filename'], ] ) diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 6305a91d70..268bc16a49 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -2309,7 +2309,7 @@ class acp_users 'U_DOWNLOAD' => $controller_helper->route( 'phpbb_storage_attachment', [ - 'file' => (int) $row['attach_id'], + 'id' => (int) $row['attach_id'], 'filename' => $row['real_filename'], ] ), diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php index 7c228d7a24..2a2e9be5de 100644 --- a/phpBB/includes/functions_content.php +++ b/phpBB/includes/functions_content.php @@ -1288,7 +1288,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a $download_link = $controller_helper->route( 'phpbb_storage_attachment', [ - 'file' => (int) $attachment['attach_id'], + 'id' => (int) $attachment['attach_id'], 'filename' => $attachment['real_filename'], ] ); @@ -1301,7 +1301,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a $inline_link = $controller_helper->route( 'phpbb_storage_attachment', [ - 'file' => (int) $attachment['attach_id'], + 'id' => (int) $attachment['attach_id'], 'filename' => $attachment['real_filename'], ] ); @@ -1319,7 +1319,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a $thumbnail_link = $controller_helper->route( 'phpbb_storage_attachment', [ - 'file' => (int) $attachment['attach_id'], + 'id' => (int) $attachment['attach_id'], 'filename' => $attachment['real_filename'], 't' => 1, ] diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index b46a8b2a45..1551ba7ae9 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -872,7 +872,7 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data, $show_a ->route( 'phpbb_storage_attachment', [ - 'file' => (int) $attach_row['attach_id'], + 'id' => (int) $attach_row['attach_id'], 'filename' => $attach_row['real_filename'], ] ); diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 6b7fa8733c..e82b2168b4 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1719,7 +1719,7 @@ class parse_message extends bbcode_firstpass $download_url = $controller_helper->route( 'phpbb_storage_attachment', [ - 'file' => (int) $new_entry['attach_id'], + 'id' => (int) $new_entry['attach_id'], 'filename' => $new_entry['real_filename'], ] ); diff --git a/phpBB/includes/ucp/ucp_attachments.php b/phpBB/includes/ucp/ucp_attachments.php index c143bea429..666170574b 100644 --- a/phpBB/includes/ucp/ucp_attachments.php +++ b/phpBB/includes/ucp/ucp_attachments.php @@ -188,7 +188,7 @@ class ucp_attachments 'U_VIEW_ATTACHMENT' => $controller_helper->route( 'phpbb_storage_attachment', [ - 'file' => (int) $row['attach_id'], + 'id' => (int) $row['attach_id'], 'filename' => $row['real_filename'], ] ), diff --git a/phpBB/phpbb/storage/controller/attachment.php b/phpBB/phpbb/storage/controller/attachment.php index 08cd012290..d9e108e098 100644 --- a/phpBB/phpbb/storage/controller/attachment.php +++ b/phpBB/phpbb/storage/controller/attachment.php @@ -86,11 +86,14 @@ class attachment extends controller } /** - * {@inheritdoc} + * Handle attachments + * + * @param int $id File ID + * @param string $filename Filename */ - public function handle(string $file): Response + public function handle_attachment(int $id, string $filename): Response { - $attach_id = (int) $file; + $attach_id = $id; $thumbnail = $this->request->variable('t', false); $this->language->add_lang('viewtopic'); @@ -109,7 +112,8 @@ class attachment extends controller is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime FROM ' . ATTACHMENTS_TABLE . " - WHERE attach_id = $attach_id"; + WHERE attach_id = $attach_id" . + (($filename) ? " AND real_filename = '" . $this->db->sql_escape($filename) . "'" : ''); $result = $this->db->sql_query($sql); $attachment = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result);