From f0755f6daf0713c360b4ac99ca3ce82e9d4c421e Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Tue, 6 Mar 2007 11:30:12 +0000
Subject: [PATCH] safer name for the updater downloads (even if removed after
 download) - reported by SHS`

git-svn-id: file:///svn/phpbb/trunk@7134 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/functions_compress.php | 22 ++++++++++++++++------
 phpBB/install/install_update.php      |  6 ++++--
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/phpBB/includes/functions_compress.php b/phpBB/includes/functions_compress.php
index 3fe2bf9a9b..d8267cf7f6 100644
--- a/phpBB/includes/functions_compress.php
+++ b/phpBB/includes/functions_compress.php
@@ -419,15 +419,20 @@ class compress_zip extends compress
 	/**
 	* Download archive
 	*/
-	function download($filename)
+	function download($filename, $download_name = false)
 	{
 		global $phpbb_root_path;
 
+		if ($download_name === false)
+		{
+			$download_name = $filename;
+		}
+
 		$mimetype = 'application/zip';
 
 		header('Pragma: no-cache');
-		header("Content-Type: $mimetype; name=\"$filename.zip\"");
-		header("Content-disposition: attachment; filename=$filename.zip");
+		header("Content-Type: $mimetype; name=\"$download_name.zip\"");
+		header("Content-disposition: attachment; filename=$download_name.zip");
 
 		$fp = fopen("{$phpbb_root_path}store/$filename.zip", 'rb');
 		while ($buffer = fread($fp, 1024))
@@ -611,10 +616,15 @@ class compress_tar extends compress
 	/**
 	* Download archive
 	*/
-	function download($filename)
+	function download($filename, $download_name = false)
 	{
 		global $phpbb_root_path;
 
+		if ($download_name === false)
+		{
+			$download_name = $filename;
+		}
+
 		switch ($this->type)
 		{
 			case '.tar':
@@ -635,8 +645,8 @@ class compress_tar extends compress
 		}
 
 		header('Pragma: no-cache');
-		header("Content-Type: $mimetype; name=\"$filename$this->type\"");
-		header("Content-disposition: attachment; filename=$filename$this->type");
+		header("Content-Type: $mimetype; name=\"$download_name$this->type\"");
+		header("Content-disposition: attachment; filename=$download_name$this->type");
 
 		$fp = fopen("{$phpbb_root_path}store/$filename$this->type", 'rb');
 		while ($buffer = fread($fp, 1024))
diff --git a/phpBB/install/install_update.php b/phpBB/install/install_update.php
index a2e2084f28..caa5158dad 100644
--- a/phpBB/install/install_update.php
+++ b/phpBB/install/install_update.php
@@ -590,7 +590,9 @@ class install_update extends module
 				}
 
 				// Now update the installation or download the archive...
-				$archive_filename = 'update_' . $this->update_info['version']['from'] . '_to_' . $this->update_info['version']['to'];
+				$download_filename = 'update_' . $this->update_info['version']['from'] . '_to_' . $this->update_info['version']['to'];
+				$archive_filename = $download_filename . '_' . time() . '_' . unique_id();
+
 				$update_list = $cache->get('_update_list');
 				$conflicts = request_var('conflict', array('' => 0));
 
@@ -749,7 +751,7 @@ class install_update extends module
 				{
 					$compress->close();
 
-					$compress->download($archive_filename);
+					$compress->download($archive_filename, $download_filename);
 					@unlink($phpbb_root_path . 'store/' . $archive_filename . $use_method);
 
 					exit;