Merge remote-tracking branch 'Fyorl/feature/attach-dl' into develop

* Fyorl/feature/attach-dl: (75 commits) [feature/attach-dl] Removed the use of some abbreviations [feature/attach-dl] Changed $files_added checks [feature/attach-dl] Renamed $post_id to $post_msg_id [feature/attach-dl] Fixed a comment [feature/attach-dl] Optimised an sql query [feature/attach-dl] Fixed the logic in an sql statement [feature/attch-dl] $forum_id cast to int [feature/attach-dl] Fixed $file_added to $files_added [feature/attach-dl] Moved definition of $archive_name [feature/attach-dl] Swapped the order of an if statement [feature/attach-dl] Cast variables to int [feature/attach-dl] Added $archive_path [feature/attach-dl] Used COMMA_SEPARATOR instead of actual comma [feature/attach-dl] Renamed $count to $files_added [feature/attach-dl] Removed sprintf() use [feature/attach-dl] Removed need for array_keys() [feature/attach-dl] Added multiple attachment downloads to PMs [feature/attach-dl] Removed reliance on current($row) [feature/attach-dl] Renamed to phpbb_download_handle_forum_auth [feature/attach-dl] Moved PM authentication handling into own function ...
2025-06-27 21:58:52 +00:00 · 2012-08-26 18:56:09 +02:00 · 2012-08-26 18:56:09 +02:00 · d0ce637251
commit d0ce637251
parent 18039cfa6a e1a4aa3ea2
9 changed files with 485 additions and 161 deletions
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@ -134,6 +134,9 @@ include($phpbb_root_path . 'common.' . $phpEx);
 require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);

 $download_id = request_var('id', 0);
+$topic_id = $request->variable('topic_id', 0);
+$post_msg_id = $request->variable('post_msg_id', 0);
+$archive = $request->variable('archive', '.tar');
 $mode = request_var('mode', '');
 $thumbnail = request_var('t', false);

@ -142,195 +145,268 @@ $user->session_begin(false);
 $auth->acl($user->data);
 $user->setup('viewtopic');

-if (!$download_id)
-{
-	send_status_line(404, 'Not Found');
-	trigger_error('NO_ATTACHMENT_SELECTED');
-}
-
 if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
 {
 	send_status_line(404, 'Not Found');
 	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 }

-$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id, filetime
+if ($download_id)
+{
+	// Attachment id (only 1 attachment)
+	$sql_where = "attach_id = $download_id";
+}
+else if ($post_msg_id)
+{
+	// Post id or private message id (multiple attachments)
+	$sql_where = "post_msg_id = $post_msg_id AND is_orphan = 0";
+}
+else if ($topic_id)
+{
+	// Topic id (multiple attachments)
+	$sql_where = "topic_id = $topic_id AND is_orphan = 0";
+}
+else
+{
+	send_status_line(404, 'Not Found');
+	trigger_error('NO_ATTACHMENT_SELECTED');
+}
+
+$sql = 'SELECT attach_id, post_msg_id, topic_id, in_message, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime
 	FROM ' . ATTACHMENTS_TABLE . "
-	WHERE attach_id = $download_id";
-$result = $db->sql_query_limit($sql, 1);
-$attachment = $db->sql_fetchrow($result);
+	WHERE $sql_where";
+$result = $db->sql_query($sql);
+
+$attachments = $attachment_ids = array();
+while ($row = $db->sql_fetchrow($result))
+{
+	$attachment_id = (int) $row['attach_id'];
+
+	$row['physical_filename'] = utf8_basename($row['physical_filename']);
+
+	$attachment_ids[$attachment_id] = $attachment_id;
+	$attachments[$attachment_id] = $row;
+}
 $db->sql_freeresult($result);

-if (!$attachment)
+// Make $attachment the first of the attachments we fetched.
+$attachment = current($attachments);
+
+if (empty($attachments))
 {
 	send_status_line(404, 'Not Found');
 	trigger_error('ERROR_NO_ATTACHMENT');
 }
-
-if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach']))
+else if (!download_allowed())
 {
-	send_status_line(404, 'Not Found');
-	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
+	send_status_line(403, 'Forbidden');
+	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
 }
-
-$row = array();
-
-if ($attachment['is_orphan'])
+else if ($download_id)
 {
-	// We allow admins having attachment permissions to see orphan attachments...
-	$own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;
+	// sizeof($attachments) == 1

-	if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
+	if (!$attachment['in_message'] && !$config['allow_attachments'] || $attachment['in_message'] && !$config['allow_pm_attach'])
+	{
+		send_status_line(404, 'Not Found');
+		trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
+	}
+
+	if ($attachment['is_orphan'])
+	{
+		// We allow admins having attachment permissions to see orphan attachments...
+		$own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;
+
+		if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
+		{
+			send_status_line(404, 'Not Found');
+			trigger_error('ERROR_NO_ATTACHMENT');
+		}
+
+		// Obtain all extensions...
+		$extensions = $cache->obtain_attach_extensions(true);
+	}
+	else
+	{
+		if (!$attachment['in_message'])
+		{
+			phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']);
+		}
+		else
+		{
+			// Attachment is in a private message.
+			$row['forum_id'] = false;
+			phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']);
+		}
+
+		$extensions = array();
+		if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
+		{
+			send_status_line(404, 'Forbidden');
+			trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
+		}
+	}
+
+	$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
+	$display_cat = $extensions[$attachment['extension']]['display_cat'];
+
+	if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))
+	{
+		$display_cat = ATTACHMENT_CATEGORY_NONE;
+	}
+
+	if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
+	{
+		$display_cat = ATTACHMENT_CATEGORY_NONE;
+	}
+
+	if ($thumbnail)
+	{
+		$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
+	}
+	else if ($display_cat == ATTACHMENT_CATEGORY_NONE && !$attachment['is_orphan'] && !phpbb_http_byte_range($attachment['filesize']))
+	{
+		// Update download count
+		phpbb_increment_downloads($db, $attachment['attach_id']);
+	}
+
+	if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false)))
+	{
+		wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
+		file_gc();
+	}
+	else
+	{
+		// Determine the 'presenting'-method
+		if ($download_mode == PHYSICAL_LINK)
+		{
+			// This presenting method should no longer be used
+			if (!@is_dir($phpbb_root_path . $config['upload_path']))
+			{
+				send_status_line(500, 'Internal Server Error');
+				trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
+			}
+
+			redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
+			file_gc();
+		}
+		else
+		{
+			send_file_to_browser($attachment, $config['upload_path'], $display_cat);
+			file_gc();
+		}
+	}
+}
+else
+{
+	// sizeof($attachments) >= 1
+	if ($attachment['in_message'])
+	{
+		phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']);
+	}
+	else
+	{
+		phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']);
+	}
+
+	if (!class_exists('compress'))
+	{
+		require $phpbb_root_path . 'includes/functions_compress.' . $phpEx;
+	}
+
+	if (!in_array($archive, compress::methods()))
+	{
+		$archive = '.tar';
+	}
+
+	if ($post_msg_id)
+	{
+		if ($attachment['in_message'])
+		{
+			$sql = 'SELECT message_subject AS attach_subject
+				FROM ' . PRIVMSGS_TABLE . "
+				WHERE msg_id = $post_msg_id";
+		}
+		else
+		{
+			$sql = 'SELECT post_subject AS attach_subject, forum_id
+				FROM ' . POSTS_TABLE . "
+				WHERE post_id = $post_msg_id";
+		}
+	}
+	else
+	{
+		$sql = 'SELECT topic_title AS attach_subject, forum_id
+			FROM ' . TOPICS_TABLE . "
+			WHERE topic_id = $topic_id";
+	}
+
+	$result = $db->sql_query($sql);
+	$row = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
+
+	if (empty($row))
 	{
 		send_status_line(404, 'Not Found');
 		trigger_error('ERROR_NO_ATTACHMENT');
 	}

-	// Obtain all extensions...
-	$extensions = $cache->obtain_attach_extensions(true);
-}
-else
-{
-	if (!$attachment['in_message'])
+	$clean_name = phpbb_download_clean_filename($row['attach_subject']);
+	$suffix = '_' . (($post_msg_id) ? $post_msg_id : $topic_id) . '_' . $clean_name;
+	$archive_name = 'attachments' . $suffix;
+
+	$store_name = 'att_' . time() . '_' . unique_id();
+	$archive_path = "{$phpbb_root_path}store/{$store_name}{$archive}";
+
+	if ($archive === '.zip')
 	{
-		//
-		$sql = 'SELECT p.forum_id, f.forum_password, f.parent_id
-			FROM ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . ' f
-			WHERE p.post_id = ' . $attachment['post_msg_id'] . '
-				AND p.forum_id = f.forum_id';
-		$result = $db->sql_query_limit($sql, 1);
-		$row = $db->sql_fetchrow($result);
-		$db->sql_freeresult($result);
-
-		$f_download = $auth->acl_get('f_download', $row['forum_id']);
-
-		if ($auth->acl_get('u_download') && $f_download)
-		{
-			if ($row && $row['forum_password'])
-			{
-				// Do something else ... ?
-				login_forum_box($row);
-			}
-		}
-		else
-		{
-			send_status_line(403, 'Forbidden');
-			trigger_error('SORRY_AUTH_VIEW_ATTACH');
-		}
+		$compress = new compress_zip('w', $archive_path);
 	}
 	else
 	{
-		$row['forum_id'] = false;
-		if (!$auth->acl_get('u_pm_download'))
-		{
-			send_status_line(403, 'Forbidden');
-			trigger_error('SORRY_AUTH_VIEW_ATTACH');
-		}
-
-		// Check if the attachment is within the users scope...
-		$sql = 'SELECT user_id, author_id
-			FROM ' . PRIVMSGS_TO_TABLE . '
-			WHERE msg_id = ' . $attachment['post_msg_id'];
-		$result = $db->sql_query($sql);
-
-		$allowed = false;
-		while ($user_row = $db->sql_fetchrow($result))
-		{
-			if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id'])
-			{
-				$allowed = true;
-				break;
-			}
-		}
-		$db->sql_freeresult($result);
-
-		if (!$allowed)
-		{
-			send_status_line(403, 'Forbidden');
-			trigger_error('ERROR_NO_ATTACHMENT');
-		}
+		$compress = new compress_tar('w', $archive_path, $archive);
 	}

-	// disallowed?
 	$extensions = array();
-	if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
+	$files_added = 0;
+	$forum_id = ($attachment['in_message']) ? false : (int) $row['forum_id'];
+	$disallowed = array();
+
+	foreach ($attachments as $attach)
 	{
-		send_status_line(404, 'Forbidden');
-		trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
+		if (!extension_allowed($forum_id, $attach['extension'], $extensions))
+		{
+			$disallowed[$attach['extension']] = $attach['extension'];
+			continue;
+		}
+		
+		$prefix = '';
+		if ($topic_id)
+		{
+			$prefix = $attach['post_msg_id'] . '_';
+		}
+
+		$compress->add_custom_file("{$phpbb_root_path}files/{$attach['physical_filename']}", "{$prefix}{$attach['real_filename']}");
+		$files_added++;
 	}
-}

-if (!download_allowed())
-{
-	send_status_line(403, 'Forbidden');
-	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
-}
+	$compress->close();

-$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
+	if ($files_added)
+	{
+		phpbb_increment_downloads($db, $attachment_ids);
+		$compress->download($store_name, $archive_name);
+	}

-// Fetching filename here to prevent sniffing of filename
-$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filesize, filetime
-	FROM ' . ATTACHMENTS_TABLE . "
-	WHERE attach_id = $download_id";
-$result = $db->sql_query_limit($sql, 1);
-$attachment = $db->sql_fetchrow($result);
-$db->sql_freeresult($result);
+	unlink($archive_path);

-if (!$attachment)
-{
-	send_status_line(404, 'Not Found');
-	trigger_error('ERROR_NO_ATTACHMENT');
-}
+	if (!$files_added)
+	{
+		// None of the attachments had a valid extension
+		$disallowed = implode($user->lang['COMMA_SEPARATOR'], $disallowed);
+		send_status_line(404, 'Forbidden');
+		trigger_error($user->lang('EXTENSION_DISABLED_AFTER_POSTING', $disallowed));
+	}

-$attachment['physical_filename'] = utf8_basename($attachment['physical_filename']);
-$display_cat = $extensions[$attachment['extension']]['display_cat'];
-
-if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))
-{
-	$display_cat = ATTACHMENT_CATEGORY_NONE;
-}
-
-if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
-{
-	$display_cat = ATTACHMENT_CATEGORY_NONE;
-}
-
-if ($thumbnail)
-{
-	$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
-}
-else if (($display_cat == ATTACHMENT_CATEGORY_NONE/* || $display_cat == ATTACHMENT_CATEGORY_IMAGE*/) && !$attachment['is_orphan'] && !phpbb_http_byte_range($attachment['filesize']))
-{
-	// Update download count
-	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
-		SET download_count = download_count + 1
-		WHERE attach_id = ' . $attachment['attach_id'];
-	$db->sql_query($sql);
-}
-
-if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false)))
-{
-	wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
 	file_gc();
 }
-else
-{
-	// Determine the 'presenting'-method
-	if ($download_mode == PHYSICAL_LINK)
-	{
-		// This presenting method should no longer be used
-		if (!@is_dir($phpbb_root_path . $config['upload_path']))
-		{
-			send_status_line(500, 'Internal Server Error');
-			trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
-		}
-
-		redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
-		file_gc();
-	}
-	else
-	{
-		send_file_to_browser($attachment, $config['upload_path'], $display_cat);
-		file_gc();
-	}
-}
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@ -1387,3 +1387,38 @@ function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $
 	$avatar_img .= $avatar;
 	return '<img src="' . (str_replace(' ', '%20', $avatar_img)) . '" width="' . $avatar_width . '" height="' . $avatar_height . '" alt="' . ((!empty($user->lang[$alt])) ? $user->lang[$alt] : $alt) . '" />';
 }
+
+/**
+* Generate a list of archive types available for compressing attachments
+*
+* @param string $param_key Either topic_id or post_id
+* @param string $param_val The value of the topic or post id
+* @param string $phpbb_root_path The root path of the phpBB installation
+* @param string $phpEx The PHP extension
+*
+* @return array Array containing the link and the type of compression
+*/
+function phpbb_gen_download_links($param_key, $param_val, $phpbb_root_path, $phpEx)
+{
+	if (!class_exists('compress'))
+	{
+		require $phpbb_root_path . 'includes/functions_compress.' . $phpEx;
+	}
+
+	$methods = compress::methods();
+	$links = array();
+
+	foreach ($methods as $method)
+	{
+		$type = array_pop(explode('.', $method));
+		$params = array('archive' => $method);
+		$params[$param_key] = $param_val;
+
+		$links[] = array(
+			'LINK' => append_sid("{$phpbb_root_path}download/file.$phpEx", $params),
+			'TYPE' => $type,
+		);
+	}
+
+	return $links;
+}
--- a/phpBB/includes/functions_download.php
+++ b/phpBB/includes/functions_download.php
@ -592,3 +592,132 @@ function phpbb_parse_range_request($request_array, $filesize)
 		);
 	}
 }
+
+/**
+* Increments the download count of all provided attachments
+*
+* @param dbal $db The database object
+* @param array|int $ids The attach_id of each attachment
+*
+* @return null
+*/
+function phpbb_increment_downloads($db, $ids)
+{
+	if (!is_array($ids))
+	{
+		$ids = array($ids);
+	}
+
+	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
+		SET download_count = download_count + 1
+		WHERE ' . $db->sql_in_set('attach_id', $ids);
+	$db->sql_query($sql);
+}
+
+/**
+* Handles authentication when downloading attachments from a post or topic
+*
+* @param dbal $db The database object
+* @param phpbb_auth $auth The authentication object
+* @param int $topic_id The id of the topic that we are downloading from
+*
+* @return null
+*/
+function phpbb_download_handle_forum_auth($db, $auth, $topic_id)
+{
+	$sql = 'SELECT t.forum_id, f.forum_password, f.parent_id
+		FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
+		WHERE t.topic_id = " . (int) $topic_id . "
+			AND t.forum_id = f.forum_id";
+	$result = $db->sql_query($sql);
+	$row = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
+
+	if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
+	{
+		if ($row && $row['forum_password'])
+		{
+			// Do something else ... ?
+			login_forum_box($row);
+		}
+	}
+	else
+	{
+		send_status_line(403, 'Forbidden');
+		trigger_error('SORRY_AUTH_VIEW_ATTACH');
+	}
+}
+
+/**
+* Handles authentication when downloading attachments from PMs
+*
+* @param dbal $db The database object
+* @param phpbb_auth $auth The authentication object
+* @param int $user_id The user id
+* @param int $msg_id The id of the PM that we are downloading from
+*
+* @return null
+*/
+function phpbb_download_handle_pm_auth($db, $auth, $user_id, $msg_id)
+{
+	if (!$auth->acl_get('u_pm_download'))
+	{
+		send_status_line(403, 'Forbidden');
+		trigger_error('SORRY_AUTH_VIEW_ATTACH');
+	}
+
+	$allowed = phpbb_download_check_pm_auth($db, $user_id, $msg_id);
+
+	if (!$allowed)
+	{
+		send_status_line(403, 'Forbidden');
+		trigger_error('ERROR_NO_ATTACHMENT');
+	}
+}
+
+/**
+* Checks whether a user can download from a particular PM
+*
+* @param dbal $db The database object
+* @param int $user_id The user id
+* @param int $msg_id The id of the PM that we are downloading from
+*
+* @return bool Whether the user is allowed to download from that PM or not
+*/
+function phpbb_download_check_pm_auth($db, $user_id, $msg_id)
+{
+	// Check if the attachment is within the users scope...
+	$sql = 'SELECT msg_id
+		FROM ' . PRIVMSGS_TO_TABLE . '
+		WHERE msg_id = ' . (int) $msg_id . '
+			AND (
+				user_id = ' . (int) $user_id . '
+				OR author_id = ' . (int) $user_id . '
+			)';
+	$result = $db->sql_query_limit($sql, 1);
+	$allowed = (bool) $db->sql_fetchfield('msg_id');
+	$db->sql_freeresult($result);
+
+	return $allowed;
+}
+
+/**
+* Cleans a filename of any characters that could potentially cause a problem on
+* a user's filesystem.
+*
+* @param string $filename The filename to clean
+*
+* @return string The cleaned filename
+*/
+function phpbb_download_clean_filename($filename)
+{
+	$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
+
+	// rawurlencode to convert any potentially 'bad' characters that we missed
+	$filename = rawurlencode(str_replace($bad_chars, '_', $filename));
+
+	// Turn the %xx entities created by rawurlencode to _
+	$filename = preg_replace("/%(\w{2})/", '_', $filename);
+
+	return $filename;
+}
--- a/phpBB/includes/ucp/ucp_pm_viewmessage.php
+++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php
@ -257,6 +257,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 		'U_PM_ACTION'		=> $url . '&amp;mode=compose&amp;f=' . $folder_id . '&amp;p=' . $message_row['msg_id'],

 		'S_HAS_ATTACHMENTS'	=> (sizeof($attachments)) ? true : false,
+		'S_HAS_MULTIPLE_ATTACHMENTS' => (sizeof($attachments) > 1),
 		'S_DISPLAY_NOTICE'	=> $display_notice && $message_row['message_attachment'],
 		'S_AUTHOR_DELETED'	=> ($author_id == ANONYMOUS) ? true : false,
 		'S_SPECIAL_FOLDER'	=> in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)),
@ -301,6 +302,12 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 	// Display not already displayed Attachments for this post, we already parsed them. ;)
 	if (isset($attachments) && sizeof($attachments))
 	{
+		$methods = phpbb_gen_download_links('post_msg_id', $msg_id, $phpbb_root_path, $phpEx);
+		foreach ($methods as $method)
+		{
+			$template->assign_block_vars('dl_method', $method);
+		}
+	
 		foreach ($attachments as $attachment)
 		{
 			$template->assign_block_vars('attachment', array(
--- a/phpBB/language/en/common.php
+++ b/phpBB/language/en/common.php
@ -161,6 +161,8 @@ $lang = array_merge($lang, array(
 	'DISPLAY_MESSAGES'		=> 'Display messages from previous',
 	'DISPLAY_POSTS'			=> 'Display posts from previous',
 	'DISPLAY_TOPICS'		=> 'Display topics from previous',
+	'DOWNLOAD_ALL'			=> 'Download all',
+	'DOWNLOAD_ALL_ATTACHMENTS'	=> 'Download all attachments',
 	'DOWNLOADED'			=> 'Downloaded',
 	'DOWNLOADING_FILE'		=> 'Downloading file',
 	'DOWNLOAD_COUNTS'		=> array(
--- a/phpBB/styles/prosilver/template/ucp_pm_viewmessage.html
+++ b/phpBB/styles/prosilver/template/ucp_pm_viewmessage.html
@ -41,12 +41,24 @@
 		<div class="content">{MESSAGE}</div>

 		<!-- IF S_HAS_ATTACHMENTS -->
-		<dl class="attachbox">
-			<dt>{L_ATTACHMENTS}</dt>
-			<!-- BEGIN attachment -->
-			<dd>{attachment.DISPLAY_ATTACHMENT}</dd>
-			<!-- END attachment -->
-		</dl>
+			<dl class="attachbox">
+				<dt>
+					{L_ATTACHMENTS}
+					<!-- IF S_HAS_MULTIPLE_ATTACHMENTS -->
+						<div class="dl_links">
+							<strong>{L_DOWNLOAD_ALL}:</strong>
+							<ul>
+							<!-- BEGIN dl_method -->
+								<li>[ <a href="{dl_method.LINK}">{dl_method.TYPE}</a> ]</li>
+							<!-- END dl_method -->
+							</ul>
+						</div>
+					<!-- ENDIF -->
+				</dt>
+				<!-- BEGIN attachment -->
+					<dd>{attachment.DISPLAY_ATTACHMENT}</dd>
+				<!-- END attachment -->
+			</dl>
 		<!-- ENDIF -->

 		<!-- IF S_DISPLAY_NOTICE -->
--- a/phpBB/styles/prosilver/template/viewtopic_body.html
+++ b/phpBB/styles/prosilver/template/viewtopic_body.html
@ -157,7 +157,19 @@

 			<!-- IF postrow.S_HAS_ATTACHMENTS -->
 				<dl class="attachbox">
-					<dt>{L_ATTACHMENTS}</dt>
+					<dt>
+						{L_ATTACHMENTS}
+						<!-- IF postrow.S_MULTIPLE_ATTACHMENTS -->
+							<div class="dl_links">
+								<strong>{L_DOWNLOAD_ALL}:</strong>
+								<ul>
+								<!-- BEGIN dl_method -->
+									<li>[ <a href="{postrow.dl_method.LINK}">{postrow.dl_method.TYPE}</a> ]</li>
+								<!-- END dl_method -->
+								</ul>
+							</div>
+						<!-- ENDIF -->
+					</dt>
 					<!-- BEGIN attachment -->
 						<dd>{postrow.attachment.DISPLAY_ATTACHMENT}</dd>
 					<!-- END attachment -->
@ -256,6 +268,17 @@
 	<!-- ENDIF -->
 	</div>

+	<!-- IF S_HAS_ATTACHMENTS -->
+		<div class="dl_links">
+			<strong>{L_DOWNLOAD_ALL_ATTACHMENTS}:</strong>
+			<ul>
+			<!-- BEGIN dl_method -->
+				<li>[ <a href="{dl_method.LINK}">{dl_method.TYPE}</a> ]</li>
+			<!-- END dl_method -->
+			</ul>
+		</div>
+	<!-- ENDIF -->
+
 	<!-- IF .pagination or TOTAL_POSTS -->
 		<div class="pagination">
 			{TOTAL_POSTS} &bull; 
--- a/phpBB/styles/prosilver/theme/content.css
+++ b/phpBB/styles/prosilver/theme/content.css
@ -702,3 +702,26 @@ dl.pmlist dd {
 	margin-left: 61% !important;
 	margin-bottom: 2px;
 }
+
+.topic-actions div.dl_links {
+	padding: 10px 0 0 10px;
+}
+
+div.dl_links {
+	display: inline-block;
+	text-transform: none;
+}
+
+.dl_links strong {
+	font-weight: bold;
+}
+
+.dl_links ul {
+	list-style-type: none;
+	margin: 0;
+	display: inline-block;
+}
+
+.dl_links li {
+	display: inline-block;
+}
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@ -1352,6 +1352,16 @@ if (sizeof($attach_list))
 	}
 }

+$template->assign_vars(array(
+	'S_HAS_ATTACHMENTS' => !empty($attachments),
+));
+
+$methods = phpbb_gen_download_links('topic_id', $topic_id, $phpbb_root_path, $phpEx);
+foreach ($methods as $method)
+{
+	$template->assign_block_vars('dl_method', $method);
+}
+
 // Instantiate BBCode if need be
 if ($bbcode_bitfield !== '')
 {
@ -1594,6 +1604,7 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i)
 		'POSTER_ID'			=> $poster_id,

 		'S_HAS_ATTACHMENTS'	=> (!empty($attachments[$row['post_id']])) ? true : false,
+		'S_MULTIPLE_ATTACHMENTS'	=> !empty($attachments[$row['post_id']]) && sizeof($attachments[$row['post_id']]) > 1,
 		'S_POST_UNAPPROVED'	=> ($row['post_approved']) ? false : true,
 		'S_POST_REPORTED'	=> ($row['post_reported'] && $auth->acl_get('m_report', $forum_id)) ? true : false,
 		'S_DISPLAY_NOTICE'	=> $display_notice && $row['post_attachment'],
@ -1647,6 +1658,12 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i)
 				'DISPLAY_ATTACHMENT'	=> $attachment)
 			);
 		}
+
+		$methods = phpbb_gen_download_links('post_msg_id', $row['post_id'], $phpbb_root_path, $phpEx);
+		foreach ($methods as $method)
+		{
+			$template->assign_block_vars('postrow.dl_method', $method);
+		}
 	}

 	$prev_post_id = $row['post_id'];