makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-12 14:28:56 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/12171] Send correct status 403 when forbidden and 404 when not found

Browse source 
PHPBB3-12171
This commit is contained in:
Joas Schilling 2014-02-10 12:17:28 +01:00
parent c36b1c16f9
commit ee1c055b70
2 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
phpBB/download/file.php
View file

@ -257,7 +257,7 @@ else if ($download_id)
if (!$post_row || ($post_row['post_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $post_row['forum_id']))) if (!$post_row || ($post_row['post_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $post_row['forum_id'])))
{ {
// Attachment of a soft deleted post and the user is not allowed to see the post // Attachment of a soft deleted post and the user is not allowed to see the post
send_status_line(403, 'Forbidden'); send_status_line(404, 'Not Found');
trigger_error('ERROR_NO_ATTACHMENT'); trigger_error('ERROR_NO_ATTACHMENT');
} }
} }
@ -271,7 +271,7 @@ else if ($download_id)
$extensions = array(); $extensions = array();
if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions)) if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
{ {
send_status_line(404, 'Forbidden'); send_status_line(403, 'Forbidden');
trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
} }
} }
@ -454,12 +454,12 @@ else
{ {
// None of the attachments had a valid extension // None of the attachments had a valid extension
$disallowed_extension = implode($user->lang['COMMA_SEPARATOR'], $disallowed_extension); $disallowed_extension = implode($user->lang['COMMA_SEPARATOR'], $disallowed_extension);
send_status_line(404, 'Forbidden'); send_status_line(403, 'Forbidden');
trigger_error($user->lang('EXTENSION_DISABLED_AFTER_POSTING', $disallowed_extension)); trigger_error($user->lang('EXTENSION_DISABLED_AFTER_POSTING', $disallowed_extension));
} }
else if (!$files_added) else if (!$files_added)
{ {
send_status_line(403, 'Forbidden'); send_status_line(404, 'Not Found');
trigger_error('ERROR_NO_ATTACHMENT'); trigger_error('ERROR_NO_ATTACHMENT');
} }

10
phpBB/includes/functions_download.php
View file

@ -640,10 +640,14 @@ function phpbb_download_handle_forum_auth($db, $auth, $topic_id)
$row = $db->sql_fetchrow($result); $row = $db->sql_fetchrow($result);
$db->sql_freeresult($result); $db->sql_freeresult($result);
if ($row && ($row['topic_visibility'] == ITEM_APPROVED || $auth->acl_get('m_approve', $row['forum_id'])) if ($row && $row['topic_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $row['forum_id']))
&& $auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
{ {
if ($row && $row['forum_password']) send_status_line(404, 'Not Found');
trigger_error('ERROR_NO_ATTACHMENT');
}
else if ($row && $auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
{
if ($row['forum_password'])
{ {
// Do something else ... ? // Do something else ... ?
login_forum_box($row); login_forum_box($row);