Merge attachment caching

git-svn-id: file:///svn/phpbb/trunk@8714 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/download/file.php

@@ -24,6 +24,8 @@ if (isset($_GET['avatar']))
 	$config = cache::obtain_config();
 	$filename = $_GET['avatar'];
 	$avatar_group = false;
+	$exit = false;
+	
 	if ($filename[0] === 'g')
 	{
 		$avatar_group = true;
@@ -34,55 +36,37 @@ if (isset($_GET['avatar']))
 	if (strpos($filename, '.') == false)
 	{
 		header('HTTP/1.0 403 forbidden');
-		if (!empty($cache))
+		$exit = true;
-		{
-			$cache->unload();
-		}
-		$db->sql_close();
-		exit;
 	}
 
-	$ext		= substr(strrchr($filename, '.'), 1);
+	if (!$exit)
-	$stamp		= (int) substr(stristr($filename, '_'), 1);
-	$filename	= (int) $filename;
-
-	// let's see if we have to send the file at all
-	$last_load 	=  isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
-	if (strpos(strtolower($browser), 'msie 6.0') === false)
 	{
-		if ($last_load !== false && $last_load <= $stamp)
+		$ext		= substr(strrchr($filename, '.'), 1);
-		{
+		$stamp		= (int) substr(stristr($filename, '_'), 1);
-			if (@php_sapi_name() === 'CGI')
+		$filename	= (int) $filename;
-			{
+		$exit = set_modified_headers($stamp, $browser);
-				header('Status: 304 Not Modified', true, 304);
-			}
-			else
-			{
-				header('HTTP/1.0 304 Not Modified', true, 304);
-			}
-			// seems that we need those too ... browsers
-			header('Pragma: public');
-			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
-			exit();
-		}
-		else
-		{
-			header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
-		}
 	}
-
+	if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
-	if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg')) || !$filename)
 	{
 		// no way such an avatar could exist. They are not following the rules, stop the show.
 		header("HTTP/1.0 403 Forbidden");
-		garbage_collection();
+		$exit = true;
-		exit_handler();
 	}
-
+	
-	send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
+	
-
+	if (!$exit)
-	garbage_collection();
+	{
-	exit_handler();
+		if (!$filename)
+		{
+			// no way such an avatar could exist. They are not following the rules, stop the show.
+			header("HTTP/1.0 403 Forbidden");
+		}
+		else
+		{
+			send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
+		}
+	}
+	file_gc();
 }
 
 // implicit else: we are not in avatar mode
@@ -105,7 +89,7 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
 	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 }
 
-$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id
+$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id, filetime
 	FROM ' . ATTACHMENTS_TABLE . "
 	WHERE attach_id = $download_id";
 $result = $db->sql_query_limit($sql, 1);
@@ -216,7 +200,7 @@ if (!download_allowed())
 $download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
 
 // Fetching filename here to prevent sniffing of filename
-$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype
+$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filetime
 	FROM ' . ATTACHMENTS_TABLE . "
 	WHERE attach_id = $download_id";
 $result = $db->sql_query_limit($sql, 1);
@@ -270,12 +254,12 @@ else
 		}
 
 		redirect(PHPBB_ROOT_PATH . $config['upload_path'] . '/' . $attachment['physical_filename']);
-		exit;
+		file_gc();
 	}
 	else
 	{
 		send_file_to_browser($attachment, $config['upload_path'], $display_cat);
-		exit;
+		file_gc();
 	}
 }
 
@@ -460,27 +444,29 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	{
 		header("Content-Length: $size");
 	}
-
+	if (!set_modified_headers($attachment['filetime'], $user->browser))
-	// Try to deliver in chunks
-	@set_time_limit(0);
-
-	$fp = @fopen($filename, 'rb');
-
-	if ($fp !== false)
 	{
-		while (!feof($fp))
+		// Try to deliver in chunks
+		@set_time_limit(0);
+
+		$fp = @fopen($filename, 'rb');
+
+		if ($fp !== false)
 		{
-			echo fread($fp, 8192);
+			while (!feof($fp))
+			{
+				echo fread($fp, 8192);
+			}
+			fclose($fp);
+		}
+		else
+		{
+			@readfile($filename);
 		}
-		fclose($fp);
-	}
-	else
-	{
-		@readfile($filename);
-	}
 
-	flush();
+		flush();
-	exit;
+	}
+	file_gc();
 }
 
 /**
@@ -612,4 +598,48 @@ function download_allowed()
 	return $allowed;
 }
 
+/**
+* Check if the browser has the file already and set the appropriate headers-
+* @returns false if a resend is in order.
+*/
+function set_modified_headers($stamp, $browser)
+{
+	// let's see if we have to send the file at all
+	$last_load 	=  isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
+	if (strpos(strtolower($browser), 'msie 6.0') === false)
+	{
+		if ($last_load !== false && $last_load <= $stamp)
+		{
+			if (@php_sapi_name() === 'CGI')
+			{
+				header('Status: 304 Not Modified', true, 304);
+			}
+			else
+			{
+				header('HTTP/1.0 304 Not Modified', true, 304);
+			}
+			// seems that we need those too ... browsers
+			header('Pragma: public');
+			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
+			return true;
+		}
+		else
+		{
+			header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
+		}
+	}
+	return false;
+}
+
+function file_gc()
+{
+	global $cache, $db;
+	if (!empty($cache))
+	{
+		$cache->unload();
+	}
+	$db->sql_close();
+	exit;
+}
+
 ?>