From a7694dd512cbecd3732419ed4acae2c18ad0cd94 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Fri, 10 Aug 2012 01:54:41 +0200 Subject: [PATCH] [feature/attach-dl] Get rid of second query. Fetch all required info at once. PHPBB3-11042 --- phpBB/download/file.php | 40 +++++++--------------------------------- 1 file changed, 7 insertions(+), 33 deletions(-) diff --git a/phpBB/download/file.php b/phpBB/download/file.php index d79deadace..6887030a2b 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -154,17 +154,17 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach']) if ($download_id) { // Attachment id (only 1 attachment) - $sql_where = "a.attach_id = $download_id"; + $sql_where = "attach_id = $download_id"; } else if ($post_id) { // Post id or private message id (multiple attachments) - $sql_where = "a.post_msg_id = $post_id"; + $sql_where = "post_msg_id = $post_id"; } else if ($topic_id) { // Topic id (multiple attachments) - $sql_where = "a.topic_id = $topic_id"; + $sql_where = "topic_id = $topic_id"; } else { @@ -172,8 +172,8 @@ else trigger_error('NO_ATTACHMENT_SELECTED'); } -$sql = 'SELECT a.attach_id, a.in_message, a.post_msg_id, a.extension, a.is_orphan, a.poster_id, a.filetime - FROM ' . ATTACHMENTS_TABLE . " a +$sql = 'SELECT attach_id, post_msg_id, in_message, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime + FROM ' . ATTACHMENTS_TABLE . " WHERE $sql_where"; $result = $db->sql_query($sql); @@ -291,6 +291,8 @@ else if ($download_id) trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); } } + + } else { @@ -342,34 +344,6 @@ if ($attachment) $download_mode = (int) $extensions[$attachment['extension']]['download_mode']; } -// Fetching filename here to prevent sniffing of filename -if ($attachment) -{ - $sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filesize, filetime - FROM ' . ATTACHMENTS_TABLE . " - WHERE attach_id = $download_id"; - $result = $db->sql_query_limit($sql, 1); - $attachment = $db->sql_fetchrow($result); - $db->sql_freeresult($result); -} - -if ($attachments) -{ - $sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filesize, filetime - FROM ' . ATTACHMENTS_TABLE . ' - WHERE ' . $db->sql_in_set('attach_id', $attachment_ids); - - $result = $db->sql_query($sql); - $attachments = $db->sql_fetchrowset($result); - $db->sql_freeresult($result); -} - -if (!$attachment && empty($attachments)) -{ - send_status_line(404, 'Not Found'); - trigger_error('ERROR_NO_ATTACHMENT'); -} - if ($attachment) { $attachment['physical_filename'] = utf8_basename($attachment['physical_filename']);