From 7997796789d7bad2acd68eb56f9728ae518bfe36 Mon Sep 17 00:00:00 2001
From: Henry Sudhof <kellanved@phpbb.com>
Date: Tue, 29 Jul 2008 11:49:56 +0000
Subject: [PATCH] Mylek is right - we should do this. Fixes some aspects of
 file.php, needs testing.

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8707 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/docs/CHANGELOG.html |   6 +-
 phpBB/download/file.php   | 161 ++++++++++++++++++++------------------
 2 files changed, 91 insertions(+), 76 deletions(-)

diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 686362d8cd..b64a67acf4 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -93,7 +93,11 @@
 		<li>[Feature] Allow hard disabling of the template editor.</li>
 		<li>[Fix] Delete avatar files (Bug #29985).</li>
 		<li>[Fix] Preserve selection in the MCP. (Bug #31265).</li>
-		<li>[Fix] Added VST (Bug #30545).</li>
+		<li>[Fix] Added VST - Venezuela Standard Time (Bug #30545).</li>
+		<li>[Fix] Close DB connections in file.php.</li>
+		<li>[Change] Set headers to allow browsers to better cache attachments (Mylek pointed this out)</li>
+
+
 </ul>
 
 	<a name="v301"></a><h3>1.ii. Changes since 3.0.1</h3>
diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index 1d325a500e..b0ea17e7fc 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -45,6 +45,8 @@ if (isset($_GET['avatar']))
 	$config = $cache->obtain_config();
 	$filename = $_GET['avatar'];
 	$avatar_group = false;
+	$exit = false;
+	
 	if ($filename[0] === 'g')
 	{
 		$avatar_group = true;
@@ -55,75 +57,38 @@ if (isset($_GET['avatar']))
 	if (strpos($filename, '.') == false)
 	{
 		header('HTTP/1.0 403 Forbidden');
-		if (!empty($cache))
-		{
-			$cache->unload();
-		}
-		$db->sql_close();
-		exit;
+		$exit = true;
 	}
 
-	$ext		= substr(strrchr($filename, '.'), 1);
-	$stamp		= (int) substr(stristr($filename, '_'), 1);
-	$filename	= (int) $filename;
-
-	// let's see if we have to send the file at all
-	$last_load 	=  isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
-	if (strpos(strtolower($browser), 'msie 6.0') === false)
+	if (!$exit)
 	{
-		if ($last_load !== false && $last_load <= $stamp)
-		{
-			if (@php_sapi_name() === 'CGI')
-			{
-				header('Status: 304 Not Modified', true, 304);
-			}
-			else
-			{
-				header('HTTP/1.0 304 Not Modified', true, 304);
-			}
-			// seems that we need those too ... browsers
-			header('Pragma: public');
-			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
-			exit();
-		}
-		else
-		{
-			header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
-		}
+		$ext		= substr(strrchr($filename, '.'), 1);
+		$stamp		= (int) substr(stristr($filename, '_'), 1);
+		$filename	= (int) $filename;
+		$exit = set_modified_headers($stamp, $browser);
 	}
-
-	if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
+	if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
 	{
 		// no way such an avatar could exist. They are not following the rules, stop the show.
 		header("HTTP/1.0 403 Forbidden");
-		if (!empty($cache))
-		{
-			$cache->unload();
-		}
-		$db->sql_close();
-		exit;
+		$exit = true;
 	}
-
+	
+	
+	if ($exit)
+	{
+		file_gc();
+	}
+	
 	if (!$filename)
 	{
 		// no way such an avatar could exist. They are not following the rules, stop the show.
 		header("HTTP/1.0 403 Forbidden");
-		if (!empty($cache))
-		{
-			$cache->unload();
-		}
-		$db->sql_close();
-		exit;
 	}
-
-	send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
-
-	if (!empty($cache))
+	else
 	{
-		$cache->unload();
+		send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
 	}
-	$db->sql_close();
-	exit;
 }
 
 // implicit else: we are not in avatar mode
@@ -148,7 +113,7 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
 	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 }
 
-$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id
+$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id, filetime
 	FROM ' . ATTACHMENTS_TABLE . "
 	WHERE attach_id = $download_id";
 $result = $db->sql_query_limit($sql, 1);
@@ -259,7 +224,7 @@ if (!download_allowed())
 $download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
 
 // Fetching filename here to prevent sniffing of filename
-$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype
+$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filetime
 	FROM ' . ATTACHMENTS_TABLE . "
 	WHERE attach_id = $download_id";
 $result = $db->sql_query_limit($sql, 1);
@@ -313,12 +278,12 @@ else
 		}
 
 		redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
-		exit;
+		file_gc();
 	}
 	else
 	{
 		send_file_to_browser($attachment, $config['upload_path'], $display_cat);
-		exit;
+		file_gc();
 	}
 }
 
@@ -503,27 +468,29 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	{
 		header("Content-Length: $size");
 	}
-
-	// Try to deliver in chunks
-	@set_time_limit(0);
-
-	$fp = @fopen($filename, 'rb');
-
-	if ($fp !== false)
+	if (!set_modified_headers($attachment['filetime'], $user->browser))
 	{
-		while (!feof($fp))
+		// Try to deliver in chunks
+		@set_time_limit(0);
+
+		$fp = @fopen($filename, 'rb');
+
+		if ($fp !== false)
 		{
-			echo fread($fp, 8192);
+			while (!feof($fp))
+			{
+				echo fread($fp, 8192);
+			}
+			fclose($fp);
+		}
+		else
+		{
+			@readfile($filename);
 		}
-		fclose($fp);
-	}
-	else
-	{
-		@readfile($filename);
-	}
 
-	flush();
-	exit;
+		flush();
+	}
+	file_gc();
 }
 
 /**
@@ -655,4 +622,48 @@ function download_allowed()
 	return $allowed;
 }
 
+/**
+* Check if the browser has the file already and set the appropriate headers-
+* @returns false if a resend is in order.
+*/
+function set_modified_headers($stamp, $browser)
+{
+	// let's see if we have to send the file at all
+	$last_load 	=  isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
+	if (strpos(strtolower($browser), 'msie 6.0') === false)
+	{
+		if ($last_load !== false && $last_load <= $stamp)
+		{
+			if (@php_sapi_name() === 'CGI')
+			{
+				header('Status: 304 Not Modified', true, 304);
+			}
+			else
+			{
+				header('HTTP/1.0 304 Not Modified', true, 304);
+			}
+			// seems that we need those too ... browsers
+			header('Pragma: public');
+			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
+			return true;
+		}
+		else
+		{
+			header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
+		}
+	}
+	return false;
+}
+
+function file_gc()
+{
+	global $cache, $db;
+	if (!empty($cache))
+	{
+		$cache->unload();
+	}
+	$db->sql_close();
+	exit;
+}
+
 ?>
\ No newline at end of file