makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/14285] Update controllers

Browse source 
PHPBB3-14285
This commit is contained in:
Rubén Calvo 2018-07-03 04:14:25 +02:00 committed by rubencm
parent 5707d98682
commit 7b678fdbfa
3 changed files with 113 additions and 135 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/config/default/routing/storage.yml
View file

@ -7,3 +7,5 @@ phpbb_storage_attachment:
path: /download/attachment/{file} path: /download/attachment/{file}
defaults: defaults:
_controller: storage.controller.attachment:handle _controller: storage.controller.attachment:handle
requirements:
file: \d+

58
phpBB/phpbb/storage/controller/attachment.php
View file

@ -19,9 +19,11 @@ use phpbb\config\config;
use phpbb\content_visibility; use phpbb\content_visibility;
use phpbb\db\driver\driver_interface; use phpbb\db\driver\driver_interface;
use phpbb\event\dispatcher; use phpbb\event\dispatcher;
use phpbb\exception\http_exception;
use phpbb\request\request; use phpbb\request\request;
use phpbb\storage\storage; use phpbb\storage\storage;
use phpbb\user; use phpbb\user;
use Symfony\Component\HttpFoundation\RedirectResponse;
class attachment extends controller class attachment extends controller
{ {
@ -61,10 +63,9 @@ class attachment extends controller
public function handle($file) public function handle($file)
{ {
$attach_id = $file; $attach_id = (int) $file;
$mode = $this->request->variable('mode', ''); $mode = $this->request->variable('mode', '');
$thumbnail = $this->request->variable('t', false); $thumbnail = $this->request->variable('t', false);
global $phpbb_container;
// Start session management, do not update session page. // Start session management, do not update session page.
$this->user->session_begin(false); $this->user->session_begin(false);
@ -73,14 +74,12 @@ class attachment extends controller
if (!$this->config['allow_attachments'] && !$this->config['allow_pm_attach']) if (!$this->config['allow_attachments'] && !$this->config['allow_pm_attach'])
{ {
send_status_line(404, 'Not Found'); throw new http_exception(404, 'ATTACHMENT_FUNCTIONALITY_DISABLED');
trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
} }
if (!$attach_id) if (!$attach_id)
{ {
send_status_line(404, 'Not Found'); throw new http_exception(404, 'NO_ATTACHMENT_SELECTED');
trigger_error('NO_ATTACHMENT_SELECTED');
} }
$sql = 'SELECT attach_id, post_msg_id, topic_id, in_message, poster_id, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime $sql = 'SELECT attach_id, post_msg_id, topic_id, in_message, poster_id, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime
@ -92,22 +91,18 @@ class attachment extends controller
if (!$attachment) if (!$attachment)
{ {
send_status_line(404, 'Not Found'); throw new http_exception(404, 'ERROR_NO_ATTACHMENT');
trigger_error('ERROR_NO_ATTACHMENT');
} }
else if (!$this->download_allowed()) else if (!$this->download_allowed())
{ {
send_status_line(403, 'Forbidden'); throw new http_exception(403, 'LINKAGE_FORBIDDEN');
trigger_error($this->user->lang['LINKAGE_FORBIDDEN']);
} }
else
{
$attachment['physical_filename'] = utf8_basename($attachment['physical_filename']); $attachment['physical_filename'] = utf8_basename($attachment['physical_filename']);
if (!$attachment['in_message'] && !$this->config['allow_attachments'] || $attachment['in_message'] && !$this->config['allow_pm_attach']) if (!$attachment['in_message'] && !$this->config['allow_attachments'] || $attachment['in_message'] && !$this->config['allow_pm_attach'])
{ {
send_status_line(404, 'Not Found'); throw new http_exception(404, 'ATTACHMENT_FUNCTIONALITY_DISABLED');
trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
} }
if ($attachment['is_orphan']) if ($attachment['is_orphan'])
@ -117,8 +112,7 @@ class attachment extends controller
if (!$own_attachment || ($attachment['in_message'] && !$this->auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$this->auth->acl_get('u_download'))) if (!$own_attachment || ($attachment['in_message'] && !$this->auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$this->auth->acl_get('u_download')))
{ {
send_status_line(404, 'Not Found'); throw new http_exception(404, 'ERROR_NO_ATTACHMENT');
trigger_error('ERROR_NO_ATTACHMENT');
} }
// Obtain all extensions... // Obtain all extensions...
@ -140,8 +134,7 @@ class attachment extends controller
if (!$post_row || !$this->content_visibility->is_visible('post', $post_row['forum_id'], $post_row)) if (!$post_row || !$this->content_visibility->is_visible('post', $post_row['forum_id'], $post_row))
{ {
// Attachment of a soft deleted post and the user is not allowed to see the post // Attachment of a soft deleted post and the user is not allowed to see the post
send_status_line(404, 'Not Found'); throw new http_exception(404, 'ERROR_NO_ATTACHMENT');
trigger_error('ERROR_NO_ATTACHMENT');
} }
} }
else else
@ -154,8 +147,7 @@ class attachment extends controller
$extensions = array(); $extensions = array();
if (!extension_allowed($post_row['forum_id'], $attachment['extension'], $extensions)) if (!extension_allowed($post_row['forum_id'], $attachment['extension'], $extensions))
{ {
send_status_line(403, 'Forbidden'); throw new http_exception(403, 'EXTENSION_DISABLED_AFTER_POSTING', [$attachment['extension']]);
trigger_error(sprintf($this->user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
} }
} }
@ -211,15 +203,13 @@ class attachment extends controller
if (!empty($redirect)) if (!empty($redirect))
{ {
redirect($redirect, false, true); $response = new RedirectResponse($redirect);
$response->send();
} }
else else
{ {
$this->send_file_to_browser($attachment, $display_cat); $this->send_file_to_browser($attachment, $display_cat);
} }
$this->file_gc();
}
} }
/** /**
@ -231,8 +221,7 @@ class attachment extends controller
if (!$this->storage->exists($filename)) if (!$this->storage->exists($filename))
{ {
send_status_line(404, 'Not Found'); throw new http_exception(404, 'ERROR_NO_ATTACHMENT');
trigger_error('ERROR_NO_ATTACHMENT');
} }
// Correct the mime type - we force application/octetstream for all files, except images // Correct the mime type - we force application/octetstream for all files, except images
@ -281,8 +270,7 @@ class attachment extends controller
// Check if headers already sent or not able to get the file contents. // Check if headers already sent or not able to get the file contents.
if (headers_sent()) if (headers_sent())
{ {
send_status_line(500, 'Internal Server Error'); throw new http_exception(500, 'UNABLE_TO_DELIVER_FILE');
trigger_error('UNABLE_TO_DELIVER_FILE');
} }
// Make sure the database record for the filesize is correct // Make sure the database record for the filesize is correct
@ -331,7 +319,7 @@ class attachment extends controller
$fp = $this->storage->read_stream($filename); $fp = $this->storage->read_stream($filename);
// Close the db connection before sending the file etc. // Close the db connection before sending the file etc.
$this->file_gc(false); $this->file_gc();
if ($fp !== false) if ($fp !== false)
{ {
@ -372,8 +360,7 @@ class attachment extends controller
if ($row && !$this->content_visibility->is_visible('topic', $row['forum_id'], $row)) if ($row && !$this->content_visibility->is_visible('topic', $row['forum_id'], $row))
{ {
send_status_line(404, 'Not Found'); throw new http_exception(404, 'ERROR_NO_ATTACHMENT');
trigger_error('ERROR_NO_ATTACHMENT');
} }
else if ($row && $this->auth->acl_get('u_download') && $this->auth->acl_get('f_download', $row['forum_id'])) else if ($row && $this->auth->acl_get('u_download') && $this->auth->acl_get('f_download', $row['forum_id']))
{ {
@ -385,8 +372,7 @@ class attachment extends controller
} }
else else
{ {
send_status_line(403, 'Forbidden'); throw new http_exception(403, 'SORRY_AUTH_VIEW_ATTACH');
trigger_error('SORRY_AUTH_VIEW_ATTACH');
} }
} }
@ -401,8 +387,7 @@ class attachment extends controller
{ {
if (!$this->auth->acl_get('u_pm_download')) if (!$this->auth->acl_get('u_pm_download'))
{ {
send_status_line(403, 'Forbidden'); throw new http_exception(403, 'SORRY_AUTH_VIEW_ATTACH');
trigger_error('SORRY_AUTH_VIEW_ATTACH');
} }
$allowed = $this->phpbb_download_check_pm_auth($msg_id); $allowed = $this->phpbb_download_check_pm_auth($msg_id);
@ -421,8 +406,7 @@ class attachment extends controller
if (!$allowed) if (!$allowed)
{ {
send_status_line(403, 'Forbidden'); throw new http_exception(403, 'ERROR_NO_ATTACHMENT');
trigger_error('ERROR_NO_ATTACHMENT');
} }
} }

18
phpBB/phpbb/storage/controller/controller.php
View file

@ -15,6 +15,7 @@ namespace phpbb\storage\controller;
use phpbb\cache\service; use phpbb\cache\service;
use phpbb\db\driver\driver_interface; use phpbb\db\driver\driver_interface;
use phpbb\exception\http_exception;
use phpbb\storage\storage; use phpbb\storage\storage;
class controller class controller
@ -40,16 +41,12 @@ class controller
{ {
if (!$this->is_allowed($file)) if (!$this->is_allowed($file))
{ {
send_status_line(403, 'Forbidden'); throw new http_exception(403, 'Forbidden');
$this->file_gc();
exit;
} }
if (!$this->file_exists($file)) if (!$this->file_exists($file))
{ {
send_status_line(404, 'Not Found'); throw new http_exception(404, 'Not Found');
$this->file_gc();
exit;
} }
$this->send($file); $this->send($file);
@ -94,7 +91,7 @@ class controller
$fp = $this->storage->read_stream($file); $fp = $this->storage->read_stream($file);
// Close db connection // Close db connection
$this->file_gc(false); $this->file_gc();
$output = fopen('php://output', 'w+b'); $output = fopen('php://output', 'w+b');
@ -114,7 +111,7 @@ class controller
* *
* @return null * @return null
*/ */
protected function file_gc($exit = true) protected function file_gc()
{ {
if (!empty($this->cache)) if (!empty($this->cache))
{ {
@ -122,10 +119,5 @@ class controller
} }
$this->db->sql_close(); $this->db->sql_close();
if ($exit)
{
exit;
}
} }
} }