Merge remote-tracking branch 'Fyorl/feature/attach-dl' into develop

* Fyorl/feature/attach-dl: (75 commits) [feature/attach-dl] Removed the use of some abbreviations [feature/attach-dl] Changed $files_added checks [feature/attach-dl] Renamed $post_id to $post_msg_id [feature/attach-dl] Fixed a comment [feature/attach-dl] Optimised an sql query [feature/attach-dl] Fixed the logic in an sql statement [feature/attch-dl] $forum_id cast to int [feature/attach-dl] Fixed $file_added to $files_added [feature/attach-dl] Moved definition of $archive_name [feature/attach-dl] Swapped the order of an if statement [feature/attach-dl] Cast variables to int [feature/attach-dl] Added $archive_path [feature/attach-dl] Used COMMA_SEPARATOR instead of actual comma [feature/attach-dl] Renamed $count to $files_added [feature/attach-dl] Removed sprintf() use [feature/attach-dl] Removed need for array_keys() [feature/attach-dl] Added multiple attachment downloads to PMs [feature/attach-dl] Removed reliance on current($row) [feature/attach-dl] Renamed to phpbb_download_handle_forum_auth [feature/attach-dl] Moved PM authentication handling into own function ...
2025-06-27 21:58:52 +00:00 · 2012-08-26 18:56:09 +02:00 · 2012-08-26 18:56:09 +02:00 · d0ce637251
commit d0ce637251
parent 18039cfa6a e1a4aa3ea2
9 changed files with 485 additions and 161 deletions
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@ -134,6 +134,9 @@ include($phpbb_root_path . 'common.' . $phpEx);
 require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);
 $download_id = request_var('id', 0);
 $topic_id = $request->variable('topic_id', 0);
 $post_msg_id = $request->variable('post_msg_id', 0);
 $archive = $request->variable('archive', '.tar');
 $mode = request_var('mode', '');
 $thumbnail = request_var('t', false);
@ -142,195 +145,268 @@ $user->session_begin(false);
 $auth->acl($user->data);
 $user->setup('viewtopic');
 if (!$download_id)
 {
 	send_status_line(404, 'Not Found');
 	trigger_error('NO_ATTACHMENT_SELECTED');
 }
 if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
 {
 	send_status_line(404, 'Not Found');
 	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 }
-$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id, filetime
+if ($download_id)
 {
 	// Attachment id (only 1 attachment)
 	$sql_where = "attach_id = $download_id";
 }
 else if ($post_msg_id)
 {
 	// Post id or private message id (multiple attachments)
 	$sql_where = "post_msg_id = $post_msg_id AND is_orphan = 0";
 }
 else if ($topic_id)
 {
 	// Topic id (multiple attachments)
 	$sql_where = "topic_id = $topic_id AND is_orphan = 0";
 }
 else
 {
 	send_status_line(404, 'Not Found');
 	trigger_error('NO_ATTACHMENT_SELECTED');
 }
 $sql = 'SELECT attach_id, post_msg_id, topic_id, in_message, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime
 	FROM ' . ATTACHMENTS_TABLE . "
-	WHERE attach_id = $download_id";
+	WHERE $sql_where";
-$result = $db->sql_query_limit($sql, 1);
+$result = $db->sql_query($sql);
-$attachment = $db->sql_fetchrow($result);
+
 $attachments = $attachment_ids = array();
 while ($row = $db->sql_fetchrow($result))
 {
 	$attachment_id = (int) $row['attach_id'];
 	$row['physical_filename'] = utf8_basename($row['physical_filename']);
 	$attachment_ids[$attachment_id] = $attachment_id;
 	$attachments[$attachment_id] = $row;
 }
 $db->sql_freeresult($result);
-if (!$attachment)
+// Make $attachment the first of the attachments we fetched.
 $attachment = current($attachments);
 if (empty($attachments))
 {
 	send_status_line(404, 'Not Found');
 	trigger_error('ERROR_NO_ATTACHMENT');
 }
-
+else if (!download_allowed())
 if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach']))
 {
-	send_status_line(404, 'Not Found');
+	send_status_line(403, 'Forbidden');
-	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
+	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
 }
-
+else if ($download_id)
 $row = array();
 if ($attachment['is_orphan'])
 {
-	// We allow admins having attachment permissions to see orphan attachments...
+	// sizeof($attachments) == 1
 	$own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;
-	if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
+	if (!$attachment['in_message'] && !$config['allow_attachments'] || $attachment['in_message'] && !$config['allow_pm_attach'])
 	{
 		send_status_line(404, 'Not Found');
 		trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 	}
 	if ($attachment['is_orphan'])
 	{
 		// We allow admins having attachment permissions to see orphan attachments...
 		$own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;
 		if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
 		{
 			send_status_line(404, 'Not Found');
 			trigger_error('ERROR_NO_ATTACHMENT');
 		}
 		// Obtain all extensions...
 		$extensions = $cache->obtain_attach_extensions(true);
 	}
 	else
 	{
 		if (!$attachment['in_message'])
 		{
 			phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']);
 		}
 		else
 		{
 			// Attachment is in a private message.
 			$row['forum_id'] = false;
 			phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']);
 		}
 		$extensions = array();
 		if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
 		{
 			send_status_line(404, 'Forbidden');
 			trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
 		}
 	}
 	$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
 	$display_cat = $extensions[$attachment['extension']]['display_cat'];
 	if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))
 	{
 		$display_cat = ATTACHMENT_CATEGORY_NONE;
 	}
 	if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
 	{
 		$display_cat = ATTACHMENT_CATEGORY_NONE;
 	}
 	if ($thumbnail)
 	{
 		$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
 	}
 	else if ($display_cat == ATTACHMENT_CATEGORY_NONE && !$attachment['is_orphan'] && !phpbb_http_byte_range($attachment['filesize']))
 	{
 		// Update download count
 		phpbb_increment_downloads($db, $attachment['attach_id']);
 	}
 	if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false)))
 	{
 		wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
 		file_gc();
 	}
 	else
 	{
 		// Determine the 'presenting'-method
 		if ($download_mode == PHYSICAL_LINK)
 		{
 			// This presenting method should no longer be used
 			if (!@is_dir($phpbb_root_path . $config['upload_path']))
 			{
 				send_status_line(500, 'Internal Server Error');
 				trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
 			}
 			redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
 			file_gc();
 		}
 		else
 		{
 			send_file_to_browser($attachment, $config['upload_path'], $display_cat);
 			file_gc();
 		}
 	}
 }
 else
 {
 	// sizeof($attachments) >= 1
 	if ($attachment['in_message'])
 	{
 		phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']);
 	}
 	else
 	{
 		phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']);
 	}
 	if (!class_exists('compress'))
 	{
 		require $phpbb_root_path . 'includes/functions_compress.' . $phpEx;
 	}
 	if (!in_array($archive, compress::methods()))
 	{
 		$archive = '.tar';
 	}
 	if ($post_msg_id)
 	{
 		if ($attachment['in_message'])
 		{
 			$sql = 'SELECT message_subject AS attach_subject
 				FROM ' . PRIVMSGS_TABLE . "
 				WHERE msg_id = $post_msg_id";
 		}
 		else
 		{
 			$sql = 'SELECT post_subject AS attach_subject, forum_id
 				FROM ' . POSTS_TABLE . "
 				WHERE post_id = $post_msg_id";
 		}
 	}
 	else
 	{
 		$sql = 'SELECT topic_title AS attach_subject, forum_id
 			FROM ' . TOPICS_TABLE . "
 			WHERE topic_id = $topic_id";
 	}
 	$result = $db->sql_query($sql);
 	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
 	if (empty($row))
 	{
 		send_status_line(404, 'Not Found');
 		trigger_error('ERROR_NO_ATTACHMENT');
 	}
-	// Obtain all extensions...
+	$clean_name = phpbb_download_clean_filename($row['attach_subject']);
-	$extensions = $cache->obtain_attach_extensions(true);
+	$suffix = '_' . (($post_msg_id) ? $post_msg_id : $topic_id) . '_' . $clean_name;
-}
+	$archive_name = 'attachments' . $suffix;
-else
+
-{
+	$store_name = 'att_' . time() . '_' . unique_id();
-	if (!$attachment['in_message'])
+	$archive_path = "{$phpbb_root_path}store/{$store_name}{$archive}";
 	if ($archive === '.zip')
 	{
-		//
+		$compress = new compress_zip('w', $archive_path);
 		$sql = 'SELECT p.forum_id, f.forum_password, f.parent_id
 			FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
 			WHERE p.post_id = ' . $attachment['post_msg_id'] . '
 				AND p.forum_id = f.forum_id';
 		$result = $db->sql_query_limit($sql, 1);
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 		$f_download = $auth->acl_get('f_download', $row['forum_id']);
 		if ($auth->acl_get('u_download') && $f_download)
 		{
 			if ($row && $row['forum_password'])
 			{
 				// Do something else ... ?
 				login_forum_box($row);
 			}
 		}
 		else
 		{
 			send_status_line(403, 'Forbidden');
 			trigger_error('SORRY_AUTH_VIEW_ATTACH');
 		}
 	}
 	else
 	{
-		$row['forum_id'] = false;
+		$compress = new compress_tar('w', $archive_path, $archive);
 		if (!$auth->acl_get('u_pm_download'))
 		{
 			send_status_line(403, 'Forbidden');
 			trigger_error('SORRY_AUTH_VIEW_ATTACH');
 		}
 		// Check if the attachment is within the users scope...
 		$sql = 'SELECT user_id, author_id
 			FROM ' . PRIVMSGS_TO_TABLE . '
 			WHERE msg_id = ' . $attachment['post_msg_id'];
 		$result = $db->sql_query($sql);
 		$allowed = false;
 		while ($user_row = $db->sql_fetchrow($result))
 		{
 			if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id'])
 			{
 				$allowed = true;
 				break;
 			}
 		}
 		$db->sql_freeresult($result);
 		if (!$allowed)
 		{
 			send_status_line(403, 'Forbidden');
 			trigger_error('ERROR_NO_ATTACHMENT');
 		}
 	}
 	// disallowed?
 	$extensions = array();
-	if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
+	$files_added = 0;
 	$forum_id = ($attachment['in_message']) ? false : (int) $row['forum_id'];
 	$disallowed = array();
 	foreach ($attachments as $attach)
 	{
-		send_status_line(404, 'Forbidden');
+		if (!extension_allowed($forum_id, $attach['extension'], $extensions))
-		trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
+		{
 			$disallowed[$attach['extension']] = $attach['extension'];
 			continue;
 		}
 		$prefix = '';
 		if ($topic_id)
 		{
 			$prefix = $attach['post_msg_id'] . '_';
 		}
 		$compress->add_custom_file("{$phpbb_root_path}files/{$attach['physical_filename']}", "{$prefix}{$attach['real_filename']}");
 		$files_added++;
 	}
 }
-if (!download_allowed())
+	$compress->close();
 {
 	send_status_line(403, 'Forbidden');
 	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
 }
-$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
+	if ($files_added)
 	{
 		phpbb_increment_downloads($db, $attachment_ids);
 		$compress->download($store_name, $archive_name);
 	}
-// Fetching filename here to prevent sniffing of filename
+	unlink($archive_path);
 $sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filesize, filetime
 	FROM ' . ATTACHMENTS_TABLE . "
 	WHERE attach_id = $download_id";
 $result = $db->sql_query_limit($sql, 1);
 $attachment = $db->sql_fetchrow($result);
 $db->sql_freeresult($result);
-if (!$attachment)
+	if (!$files_added)
-{
+	{
-	send_status_line(404, 'Not Found');
+		// None of the attachments had a valid extension
-	trigger_error('ERROR_NO_ATTACHMENT');
+		$disallowed = implode($user->lang['COMMA_SEPARATOR'], $disallowed);
-}
+		send_status_line(404, 'Forbidden');
 		trigger_error($user->lang('EXTENSION_DISABLED_AFTER_POSTING', $disallowed));
 	}
 $attachment['physical_filename'] = utf8_basename($attachment['physical_filename']);
 $display_cat = $extensions[$attachment['extension']]['display_cat'];
 if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))
 {
 	$display_cat = ATTACHMENT_CATEGORY_NONE;
 }
 if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
 {
 	$display_cat = ATTACHMENT_CATEGORY_NONE;
 }
 if ($thumbnail)
 {
 	$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
 }
 else if (($display_cat == ATTACHMENT_CATEGORY_NONE/* || $display_cat == ATTACHMENT_CATEGORY_IMAGE*/) && !$attachment['is_orphan'] && !phpbb_http_byte_range($attachment['filesize']))
 {
 	// Update download count
 	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
 		SET download_count = download_count + 1
 		WHERE attach_id = ' . $attachment['attach_id'];
 	$db->sql_query($sql);
 }
 if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false)))
 {
 	wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
 	file_gc();
 }
 else
 {
 	// Determine the 'presenting'-method
 	if ($download_mode == PHYSICAL_LINK)
 	{
 		// This presenting method should no longer be used
 		if (!@is_dir($phpbb_root_path . $config['upload_path']))
 		{
 			send_status_line(500, 'Internal Server Error');
 			trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
 		}
 		redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
 		file_gc();
 	}
 	else
 	{
 		send_file_to_browser($attachment, $config['upload_path'], $display_cat);
 		file_gc();
 	}
 }
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@ -1387,3 +1387,38 @@ function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $
 	$avatar_img .= $avatar;
 	return '<img src="' . (str_replace(' ', '%20', $avatar_img)) . '" width="' . $avatar_width . '" height="' . $avatar_height . '" alt="' . ((!empty($user->lang[$alt])) ? $user->lang[$alt] : $alt) . '" />';
 }
 /**
 * Generate a list of archive types available for compressing attachments
 *
 * @param string $param_key Either topic_id or post_id
 * @param string $param_val The value of the topic or post id
 * @param string $phpbb_root_path The root path of the phpBB installation
 * @param string $phpEx The PHP extension
 *
 * @return array Array containing the link and the type of compression
 */
 function phpbb_gen_download_links($param_key, $param_val, $phpbb_root_path, $phpEx)
 {
 	if (!class_exists('compress'))
 	{
 		require $phpbb_root_path . 'includes/functions_compress.' . $phpEx;
 	}
 	$methods = compress::methods();
 	$links = array();
 	foreach ($methods as $method)
 	{
 		$type = array_pop(explode('.', $method));
 		$params = array('archive' => $method);
 		$params[$param_key] = $param_val;
 		$links[] = array(
 			'LINK' => append_sid("{$phpbb_root_path}download/file.$phpEx", $params),
 			'TYPE' => $type,
 		);
 	}
 	return $links;
 }
--- a/phpBB/includes/functions_download.php
+++ b/phpBB/includes/functions_download.php
@ -592,3 +592,132 @@ function phpbb_parse_range_request($request_array, $filesize)
 		);
 	}
 }
 /**
 * Increments the download count of all provided attachments
 *
 * @param dbal $db The database object
 * @param array|int $ids The attach_id of each attachment
 *
 * @return null
 */
 function phpbb_increment_downloads($db, $ids)
 {
 	if (!is_array($ids))
 	{
 		$ids = array($ids);
 	}
 	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
 		SET download_count = download_count + 1
 		WHERE ' . $db->sql_in_set('attach_id', $ids);
 	$db->sql_query($sql);
 }
 /**
 * Handles authentication when downloading attachments from a post or topic
 *
 * @param dbal $db The database object
 * @param phpbb_auth $auth The authentication object
 * @param int $topic_id The id of the topic that we are downloading from
 *
 * @return null
 */
 function phpbb_download_handle_forum_auth($db, $auth, $topic_id)
 {
 	$sql = 'SELECT t.forum_id, f.forum_password, f.parent_id
 		FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
 		WHERE t.topic_id = " . (int) $topic_id . "
 			AND t.forum_id = f.forum_id";
 	$result = $db->sql_query($sql);
 	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
 	if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
 	{
 		if ($row && $row['forum_password'])
 		{
 			// Do something else ... ?
 			login_forum_box($row);
 		}
 	}
 	else
 	{
 		send_status_line(403, 'Forbidden');
 		trigger_error('SORRY_AUTH_VIEW_ATTACH');
 	}
 }
 /**
 * Handles authentication when downloading attachments from PMs
 *
 * @param dbal $db The database object
 * @param phpbb_auth $auth The authentication object
 * @param int $user_id The user id
 * @param int $msg_id The id of the PM that we are downloading from
 *
 * @return null
 */
 function phpbb_download_handle_pm_auth($db, $auth, $user_id, $msg_id)
 {
 	if (!$auth->acl_get('u_pm_download'))
 	{
 		send_status_line(403, 'Forbidden');
 		trigger_error('SORRY_AUTH_VIEW_ATTACH');
 	}
 	$allowed = phpbb_download_check_pm_auth($db, $user_id, $msg_id);
 	if (!$allowed)
 	{
 		send_status_line(403, 'Forbidden');
 		trigger_error('ERROR_NO_ATTACHMENT');
 	}
 }
 /**
 * Checks whether a user can download from a particular PM
 *
 * @param dbal $db The database object
 * @param int $user_id The user id
 * @param int $msg_id The id of the PM that we are downloading from
 *
 * @return bool Whether the user is allowed to download from that PM or not
 */
 function phpbb_download_check_pm_auth($db, $user_id, $msg_id)
 {
 	// Check if the attachment is within the users scope...
 	$sql = 'SELECT msg_id
 		FROM ' . PRIVMSGS_TO_TABLE . '
 		WHERE msg_id = ' . (int) $msg_id . '
 			AND (
 				user_id = ' . (int) $user_id . '
 				OR author_id = ' . (int) $user_id . '
 			)';
 	$result = $db->sql_query_limit($sql, 1);
 	$allowed = (bool) $db->sql_fetchfield('msg_id');
 	$db->sql_freeresult($result);
 	return $allowed;
 }
 /**
 * Cleans a filename of any characters that could potentially cause a problem on
 * a user's filesystem.
 *
 * @param string $filename The filename to clean
 *
 * @return string The cleaned filename
 */
 function phpbb_download_clean_filename($filename)
 {
 	$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
 	// rawurlencode to convert any potentially 'bad' characters that we missed
 	$filename = rawurlencode(str_replace($bad_chars, '_', $filename));
 	// Turn the %xx entities created by rawurlencode to _
 	$filename = preg_replace("/%(\w{2})/", '_', $filename);
 	return $filename;
 }
--- a/phpBB/includes/ucp/ucp_pm_viewmessage.php
+++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php
@ -257,6 +257,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 		'U_PM_ACTION'		=> $url . '&amp;mode=compose&amp;f=' . $folder_id . '&amp;p=' . $message_row['msg_id'],
 		'S_HAS_ATTACHMENTS'	=> (sizeof($attachments)) ? true : false,
 		'S_HAS_MULTIPLE_ATTACHMENTS' => (sizeof($attachments) > 1),
 		'S_DISPLAY_NOTICE'	=> $display_notice && $message_row['message_attachment'],
 		'S_AUTHOR_DELETED'	=> ($author_id == ANONYMOUS) ? true : false,
 		'S_SPECIAL_FOLDER'	=> in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)),
@ -301,6 +302,12 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 	// Display not already displayed Attachments for this post, we already parsed them. ;)
 	if (isset($attachments) && sizeof($attachments))
 	{
 		$methods = phpbb_gen_download_links('post_msg_id', $msg_id, $phpbb_root_path, $phpEx);
 		foreach ($methods as $method)
 		{
 			$template->assign_block_vars('dl_method', $method);
 		}
 		foreach ($attachments as $attachment)
 		{
 			$template->assign_block_vars('attachment', array(
--- a/phpBB/language/en/common.php
+++ b/phpBB/language/en/common.php
@ -161,6 +161,8 @@ $lang = array_merge($lang, array(
 	'DISPLAY_MESSAGES'		=> 'Display messages from previous',
 	'DISPLAY_POSTS'			=> 'Display posts from previous',
 	'DISPLAY_TOPICS'		=> 'Display topics from previous',
 	'DOWNLOAD_ALL'			=> 'Download all',
 	'DOWNLOAD_ALL_ATTACHMENTS'	=> 'Download all attachments',
 	'DOWNLOADED'			=> 'Downloaded',
 	'DOWNLOADING_FILE'		=> 'Downloading file',
 	'DOWNLOAD_COUNTS'		=> array(
--- a/phpBB/styles/prosilver/template/ucp_pm_viewmessage.html
+++ b/phpBB/styles/prosilver/template/ucp_pm_viewmessage.html
@ -41,12 +41,24 @@
 		<div class="content">{MESSAGE}</div>
 		<!-- IF S_HAS_ATTACHMENTS -->
-		<dl class="attachbox">
+			<dl class="attachbox">
-			<dt>{L_ATTACHMENTS}</dt>
+				<dt>
-			<!-- BEGIN attachment -->
+					{L_ATTACHMENTS}
-			<dd>{attachment.DISPLAY_ATTACHMENT}</dd>
+					<!-- IF S_HAS_MULTIPLE_ATTACHMENTS -->
-			<!-- END attachment -->
+						<div class="dl_links">
-		</dl>
+							<strong>{L_DOWNLOAD_ALL}:</strong>
 							<ul>
 							<!-- BEGIN dl_method -->
 								<li>[ <a href="{dl_method.LINK}">{dl_method.TYPE}</a> ]</li>
 							<!-- END dl_method -->
 							</ul>
 						</div>
 					<!-- ENDIF -->
 				</dt>
 				<!-- BEGIN attachment -->
 					<dd>{attachment.DISPLAY_ATTACHMENT}</dd>
 				<!-- END attachment -->
 			</dl>
 		<!-- ENDIF -->
 		<!-- IF S_DISPLAY_NOTICE -->
--- a/phpBB/styles/prosilver/template/viewtopic_body.html
+++ b/phpBB/styles/prosilver/template/viewtopic_body.html
@ -157,7 +157,19 @@
 			<!-- IF postrow.S_HAS_ATTACHMENTS -->
 				<dl class="attachbox">
-					<dt>{L_ATTACHMENTS}</dt>
+					<dt>
 						{L_ATTACHMENTS}
 						<!-- IF postrow.S_MULTIPLE_ATTACHMENTS -->
 							<div class="dl_links">
 								<strong>{L_DOWNLOAD_ALL}:</strong>
 								<ul>
 								<!-- BEGIN dl_method -->
 									<li>[ <a href="{postrow.dl_method.LINK}">{postrow.dl_method.TYPE}</a> ]</li>
 								<!-- END dl_method -->
 								</ul>
 							</div>
 						<!-- ENDIF -->
 					</dt>
 					<!-- BEGIN attachment -->
 						<dd>{postrow.attachment.DISPLAY_ATTACHMENT}</dd>
 					<!-- END attachment -->
@ -256,6 +268,17 @@
 	<!-- ENDIF -->
 	</div>
 	<!-- IF S_HAS_ATTACHMENTS -->
 		<div class="dl_links">
 			<strong>{L_DOWNLOAD_ALL_ATTACHMENTS}:</strong>
 			<ul>
 			<!-- BEGIN dl_method -->
 				<li>[ <a href="{dl_method.LINK}">{dl_method.TYPE}</a> ]</li>
 			<!-- END dl_method -->
 			</ul>
 		</div>
 	<!-- ENDIF -->
 	<!-- IF .pagination or TOTAL_POSTS -->
 		<div class="pagination">
 			{TOTAL_POSTS} &bull; 
--- a/phpBB/styles/prosilver/theme/content.css
+++ b/phpBB/styles/prosilver/theme/content.css
@ -702,3 +702,26 @@ dl.pmlist dd {
 	margin-left: 61% !important;
 	margin-bottom: 2px;
 }
 .topic-actions div.dl_links {
 	padding: 10px 0 0 10px;
 }
 div.dl_links {
 	display: inline-block;
 	text-transform: none;
 }
 .dl_links strong {
 	font-weight: bold;
 }
 .dl_links ul {
 	list-style-type: none;
 	margin: 0;
 	display: inline-block;
 }
 .dl_links li {
 	display: inline-block;
 }
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@ -1352,6 +1352,16 @@ if (sizeof($attach_list))
 	}
 }
 $template->assign_vars(array(
 	'S_HAS_ATTACHMENTS' => !empty($attachments),
 ));
 $methods = phpbb_gen_download_links('topic_id', $topic_id, $phpbb_root_path, $phpEx);
 foreach ($methods as $method)
 {
 	$template->assign_block_vars('dl_method', $method);
 }
 // Instantiate BBCode if need be
 if ($bbcode_bitfield !== '')
 {
@ -1594,6 +1604,7 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i)
 		'POSTER_ID'			=> $poster_id,
 		'S_HAS_ATTACHMENTS'	=> (!empty($attachments[$row['post_id']])) ? true : false,
 		'S_MULTIPLE_ATTACHMENTS'	=> !empty($attachments[$row['post_id']]) && sizeof($attachments[$row['post_id']]) > 1,
 		'S_POST_UNAPPROVED'	=> ($row['post_approved']) ? false : true,
 		'S_POST_REPORTED'	=> ($row['post_reported'] && $auth->acl_get('m_report', $forum_id)) ? true : false,
 		'S_DISPLAY_NOTICE'	=> $display_notice && $row['post_attachment'],
@ -1647,6 +1658,12 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i)
 				'DISPLAY_ATTACHMENT'	=> $attachment)
 			);
 		}
 		$methods = phpbb_gen_download_links('post_msg_id', $row['post_id'], $phpbb_root_path, $phpEx);
 		foreach ($methods as $method)
 		{
 			$template->assign_block_vars('postrow.dl_method', $method);
 		}
 	}
 	$prev_post_id = $row['post_id'];