makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-11 22:08:54 +00:00
Code Issues Projects Releases Packages Wiki Activity

oops

Browse source 
git-svn-id: file:///svn/phpbb/trunk@7431 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof 2007-04-30 11:42:19 +00:00
parent f90a81cf77
commit ed272ece1d
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
phpBB/download.php
View file

@ -31,7 +31,7 @@ if (isset($_GET['avatar']))
{ {
exit; exit;
} }
unset($dbpasswd) unset($dbpasswd);
$config = $cache->obtain_config(); $config = $cache->obtain_config();
$filename = $_GET['avatar']; $filename = $_GET['avatar'];
@ -272,7 +272,8 @@ function send_avatar_to_browser($file)
global $config, $phpbb_root_path; global $config, $phpbb_root_path;
$prefix = $config['avatar_salt'] . '_'; $prefix = $config['avatar_salt'] . '_';
$img_dir = $config['avatar_path']; $img_dir = $config['avatar_path'];
$browser = $_SERVER['HTTP_USER_AGENT']; // worst-case default
$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';
// Adjust img_dir path (no trailing slash) // Adjust img_dir path (no trailing slash)
if (substr($img_dir, -1, 1) == '/' || substr($img_dir, -1, 1) == '\\') if (substr($img_dir, -1, 1) == '/' || substr($img_dir, -1, 1) == '\\')
@ -411,10 +412,10 @@ function send_file_to_browser($attachment, $upload_dir, $category)
// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer. // Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
header('Content-Type: ' . $attachment['mimetype']); header('Content-Type: ' . $attachment['mimetype']);
if (strpos(strtolower($user->browser), 'msie') !== false) if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie') !== false))
{ {
header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename']))); header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
if (strpos(strtolower($user->browser), 'msie 6.0') !== false) if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
{ {
header('expires: -1'); header('expires: -1');
} }
@ -452,7 +453,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
*/ */
function header_filename($file) function header_filename($file)
{ {
$user_agent = $_SERVER['HTTP_USER_AGENT']; $user_agent = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
// There be dragons here. // There be dragons here.
// Not many follows the RFC... // Not many follows the RFC...