makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/attach-dl] Get rid of second query. Fetch all required info at once.

Browse source 
PHPBB3-11042
This commit is contained in:
Andreas Fischer 2012-08-10 01:54:41 +02:00
parent f0804f2db6
commit a7694dd512
1 changed files with 7 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
phpBB/download/file.php
View file

@ -154,17 +154,17 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
if ($download_id) if ($download_id)
{ {
// Attachment id (only 1 attachment) // Attachment id (only 1 attachment)
$sql_where = "a.attach_id = $download_id"; $sql_where = "attach_id = $download_id";
} }
else if ($post_id) else if ($post_id)
{ {
// Post id or private message id (multiple attachments) // Post id or private message id (multiple attachments)
$sql_where = "a.post_msg_id = $post_id"; $sql_where = "post_msg_id = $post_id";
} }
else if ($topic_id) else if ($topic_id)
{ {
// Topic id (multiple attachments) // Topic id (multiple attachments)
$sql_where = "a.topic_id = $topic_id"; $sql_where = "topic_id = $topic_id";
} }
else else
{ {
@ -172,8 +172,8 @@ else
trigger_error('NO_ATTACHMENT_SELECTED'); trigger_error('NO_ATTACHMENT_SELECTED');
} }
$sql = 'SELECT a.attach_id, a.in_message, a.post_msg_id, a.extension, a.is_orphan, a.poster_id, a.filetime $sql = 'SELECT attach_id, post_msg_id, in_message, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime
FROM ' . ATTACHMENTS_TABLE . " a FROM ' . ATTACHMENTS_TABLE . "
WHERE $sql_where"; WHERE $sql_where";
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
@ -291,6 +291,8 @@ else if ($download_id)
trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
} }
} }
} }
else else
{ {
@ -342,34 +344,6 @@ if ($attachment)
$download_mode = (int) $extensions[$attachment['extension']]['download_mode']; $download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
} }
// Fetching filename here to prevent sniffing of filename
if ($attachment)
{
$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filesize, filetime
FROM ' . ATTACHMENTS_TABLE . "
WHERE attach_id = $download_id";
$result = $db->sql_query_limit($sql, 1);
$attachment = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
if ($attachments)
{
$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filesize, filetime
FROM ' . ATTACHMENTS_TABLE . '
WHERE ' . $db->sql_in_set('attach_id', $attachment_ids);
$result = $db->sql_query($sql);
$attachments = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);
}
if (!$attachment && empty($attachments))
{
send_status_line(404, 'Not Found');
trigger_error('ERROR_NO_ATTACHMENT');
}
if ($attachment) if ($attachment)
{ {
$attachment['physical_filename'] = utf8_basename($attachment['physical_filename']); $attachment['physical_filename'] = utf8_basename($attachment['physical_filename']);