makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/14285] Fix filenames when downloading from controller

Browse source 
PHPBB3-14285
This commit is contained in:
Rubén Calvo 2018-08-20 17:14:07 +02:00 committed by rubencm
parent 26b7180874
commit b1b29cd692
1 changed files with 59 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

118
phpBB/phpbb/storage/controller/attachment.php
View file

@ -186,20 +186,20 @@ class attachment extends controller
$redirect = ''; $redirect = '';
/** /**
* Event to modify data before sending file to browser * Event to modify data before sending file to browser
* *
* @event core.download_file_send_to_browser_before * @event core.download_file_send_to_browser_before
* @var int attach_id The attachment ID * @var int attach_id The attachment ID
* @var array attachment Array with attachment data * @var array attachment Array with attachment data
* @var array extensions Array with file extensions data * @var array extensions Array with file extensions data
* @var bool thumbnail Flag indicating if the file is a thumbnail * @var bool thumbnail Flag indicating if the file is a thumbnail
* @var string redirect Do a redirection instead of reading the file * @var string redirect Do a redirection instead of reading the file
* @since 3.1.6-RC1 * @since 3.1.6-RC1
* @changed 3.1.7-RC1 Fixing wrong name of a variable (replacing "extension" by "extensions") * @changed 3.1.7-RC1 Fixing wrong name of a variable (replacing "extension" by "extensions")
* @changed 3.3.0-a1 Add redirect variable * @changed 3.3.0-a1 Add redirect variable
* @changed 3.3.0-a1 Remove display_cat variable * @changed 3.3.0-a1 Remove display_cat variable
* @changed 3.3.0-a1 Remove mode variable * @changed 3.3.0-a1 Remove mode variable
*/ */
$vars = array( $vars = array(
'attach_id', 'attach_id',
'attachment', 'attachment',
@ -222,15 +222,15 @@ class attachment extends controller
} }
/** /**
* Event to alter attachment before it is sent to browser. * Event to alter attachment before it is sent to browser.
* *
* @event core.send_file_to_browser_before * @event core.send_file_to_browser_before
* @var array attachment Attachment data * @var array attachment Attachment data
* @since 3.1.11-RC1 * @since 3.1.11-RC1
* @changed 3.3.0-a1 Removed category variable * @changed 3.3.0-a1 Removed category variable
* @changed 3.3.0-a1 Removed size variable * @changed 3.3.0-a1 Removed size variable
* @changed 3.3.0-a1 Removed filename variable * @changed 3.3.0-a1 Removed filename variable
*/ */
$vars = array( $vars = array(
'attachment', 'attachment',
); );
@ -244,14 +244,14 @@ class attachment extends controller
{ {
$disposition = $this->response->headers->makeDisposition( $disposition = $this->response->headers->makeDisposition(
ResponseHeaderBag::DISPOSITION_INLINE, ResponseHeaderBag::DISPOSITION_INLINE,
rawurlencode($attachment['physical_filename']) rawurlencode(htmlspecialchars_decode($attachment['real_filename']))
); );
} }
else else
{ {
$disposition = $this->response->headers->makeDisposition( $disposition = $this->response->headers->makeDisposition(
ResponseHeaderBag::DISPOSITION_ATTACHMENT, ResponseHeaderBag::DISPOSITION_ATTACHMENT,
rawurlencode($attachment['physical_filename']) rawurlencode(htmlspecialchars_decode($attachment['real_filename']))
); );
} }
@ -265,12 +265,12 @@ class attachment extends controller
} }
/** /**
* Handles authentication when downloading attachments from a post or topic * Handles authentication when downloading attachments from a post or topic
* *
* @param int $topic_id The id of the topic that we are downloading from * @param int $topic_id The id of the topic that we are downloading from
* *
* @return null * @return null
*/ */
protected function phpbb_download_handle_forum_auth($topic_id) protected function phpbb_download_handle_forum_auth($topic_id)
{ {
$sql_array = array( $sql_array = array(
@ -307,12 +307,12 @@ class attachment extends controller
} }
/** /**
* Handles authentication when downloading attachments from PMs * Handles authentication when downloading attachments from PMs
* *
* @param int $msg_id The id of the PM that we are downloading from * @param int $msg_id The id of the PM that we are downloading from
* *
* @return null * @return null
*/ */
protected function phpbb_download_handle_pm_auth($msg_id) protected function phpbb_download_handle_pm_auth($msg_id)
{ {
if (!$this->auth->acl_get('u_pm_download')) if (!$this->auth->acl_get('u_pm_download'))
@ -323,14 +323,14 @@ class attachment extends controller
$allowed = $this->phpbb_download_check_pm_auth($msg_id); $allowed = $this->phpbb_download_check_pm_auth($msg_id);
/** /**
* Event to modify PM attachments download auth * Event to modify PM attachments download auth
* *
* @event core.modify_pm_attach_download_auth * @event core.modify_pm_attach_download_auth
* @var bool allowed Whether the user is allowed to download from that PM or not * @var bool allowed Whether the user is allowed to download from that PM or not
* @var int msg_id The id of the PM to download from * @var int msg_id The id of the PM to download from
* @var int user_id The user id for auth check * @var int user_id The user id for auth check
* @since 3.1.11-RC1 * @since 3.1.11-RC1
*/ */
$vars = array('allowed', 'msg_id', 'user_id'); $vars = array('allowed', 'msg_id', 'user_id');
extract($this->dispatcher->trigger_event('core.modify_pm_attach_download_auth', compact($vars))); extract($this->dispatcher->trigger_event('core.modify_pm_attach_download_auth', compact($vars)));
@ -341,12 +341,12 @@ class attachment extends controller
} }
/** /**
* Checks whether a user can download from a particular PM * Checks whether a user can download from a particular PM
* *
* @param int $msg_id The id of the PM that we are downloading from * @param int $msg_id The id of the PM that we are downloading from
* *
* @return bool Whether the user is allowed to download from that PM or not * @return bool Whether the user is allowed to download from that PM or not
*/ */
protected function phpbb_download_check_pm_auth($msg_id) protected function phpbb_download_check_pm_auth($msg_id)
{ {
$user_id = $this->user->data['user_id']; $user_id = $this->user->data['user_id'];
@ -367,12 +367,12 @@ class attachment extends controller
} }
/** /**
* Increments the download count of all provided attachments * Increments the download count of all provided attachments
* *
* @param array|int $ids The attach_id of each attachment * @param array|int $ids The attach_id of each attachment
* *
* @return null * @return null
*/ */
protected function phpbb_increment_downloads($ids) protected function phpbb_increment_downloads($ids)
{ {
if (!is_array($ids)) if (!is_array($ids))
@ -387,8 +387,8 @@ class attachment extends controller
} }
/** /**
* Check if downloading item is allowed * Check if downloading item is allowed
*/ */
protected function download_allowed() protected function download_allowed()
{ {
if (!$this->config['secure_downloads']) if (!$this->config['secure_downloads'])