Verzeichnisstruktur phpBB-3.1.0
- Veröffentlicht
- 27.10.2014
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
file.php
001 <?php
002 /**
003 *
004 * This file is part of the phpBB Forum Software package.
005 *
006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
007 * @license GNU General Public License, version 2 (GPL-2.0)
008 *
009 * For full copyright and license information, please see
010 * the docs/CREDITS.txt file.
011 *
012 */
013
014 /**
015 * @ignore
016 */
017 define('IN_PHPBB', true);
018 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
019 $phpEx = substr(strrchr(__FILE__, '.'), 1);
020
021 // Thank you sun.
022 if (isset($_SERVER['CONTENT_TYPE']))
023 {
024 if ($_SERVER['CONTENT_TYPE'] === 'application/x-java-archive')
025 {
026 exit;
027 }
028 }
029 else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'Java') !== false)
030 {
031 exit;
032 }
033
034 if (isset($_GET['avatar']))
035 {
036 require($phpbb_root_path . 'includes/startup.' . $phpEx);
037
038 require($phpbb_root_path . 'phpbb/class_loader.' . $phpEx);
039 $phpbb_class_loader = new \phpbb\class_loader('phpbb\\', "{$phpbb_root_path}phpbb/", $phpEx);
040 $phpbb_class_loader->register();
041
042 $phpbb_config_php_file = new \phpbb\config_php_file($phpbb_root_path, $phpEx);
043 extract($phpbb_config_php_file->get_all());
044
045 if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
046 {
047 exit;
048 }
049
050 require($phpbb_root_path . 'includes/constants.' . $phpEx);
051 require($phpbb_root_path . 'includes/functions.' . $phpEx);
052 require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);
053 require($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx);
054
055 // Setup class loader first
056 $phpbb_class_loader_ext = new \phpbb\class_loader('\\', "{$phpbb_root_path}ext/", $phpEx);
057 $phpbb_class_loader_ext->register();
058
059 phpbb_load_extensions_autoloaders($phpbb_root_path);
060
061 // Set up container
062 $phpbb_container_builder = new \phpbb\di\container_builder($phpbb_config_php_file, $phpbb_root_path, $phpEx);
063 $phpbb_container = $phpbb_container_builder->get_container();
064
065 $phpbb_class_loader->set_cache($phpbb_container->get('cache.driver'));
066 $phpbb_class_loader_ext->set_cache($phpbb_container->get('cache.driver'));
067
068 // set up caching
069 $cache = $phpbb_container->get('cache');
070
071 $phpbb_dispatcher = $phpbb_container->get('dispatcher');
072 $request = $phpbb_container->get('request');
073 $db = $phpbb_container->get('dbal.conn');
074 $phpbb_log = $phpbb_container->get('log');
075
076 unset($dbpasswd);
077
078 request_var('', 0, false, false, $request);
079
080 $config = $phpbb_container->get('config');
081 set_config(null, null, null, $config);
082 set_config_count(null, null, null, $config);
083
084 // load extensions
085 $phpbb_extension_manager = $phpbb_container->get('ext.manager');
086
087 // worst-case default
088 $browser = strtolower($request->header('User-Agent', 'msie 6.0'));
089
090 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
091
092 $filename = request_var('avatar', '');
093 $avatar_group = false;
094 $exit = false;
095
096 if (isset($filename[0]) && $filename[0] === 'g')
097 {
098 $avatar_group = true;
099 $filename = substr($filename, 1);
100 }
101
102 // '==' is not a bug - . as the first char is as bad as no dot at all
103 if (strpos($filename, '.') == false)
104 {
105 send_status_line(403, 'Forbidden');
106 $exit = true;
107 }
108
109 if (!$exit)
110 {
111 $ext = substr(strrchr($filename, '.'), 1);
112 $stamp = (int) substr(stristr($filename, '_'), 1);
113 $filename = (int) $filename;
114 $exit = set_modified_headers($stamp, $browser);
115 }
116 if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
117 {
118 // no way such an avatar could exist. They are not following the rules, stop the show.
119 send_status_line(403, 'Forbidden');
120 $exit = true;
121 }
122
123
124 if (!$exit)
125 {
126 if (!$filename)
127 {
128 // no way such an avatar could exist. They are not following the rules, stop the show.
129 send_status_line(403, 'Forbidden');
130 }
131 else
132 {
133 send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
134 }
135 }
136 file_gc();
137 }
138
139 // implicit else: we are not in avatar mode
140 include($phpbb_root_path . 'common.' . $phpEx);
141 require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);
142
143 $attach_id = request_var('id', 0);
144 $mode = request_var('mode', '');
145 $thumbnail = request_var('t', false);
146
147 // Start session management, do not update session page.
148 $user->session_begin(false);
149 $auth->acl($user->data);
150 $user->setup('viewtopic');
151
152 if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
153 {
154 send_status_line(404, 'Not Found');
155 trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
156 }
157
158 if (!$attach_id)
159 {
160 send_status_line(404, 'Not Found');
161 trigger_error('NO_ATTACHMENT_SELECTED');
162 }
163
164 $sql = 'SELECT attach_id, post_msg_id, topic_id, in_message, poster_id, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime
165 FROM ' . ATTACHMENTS_TABLE . "
166 WHERE attach_id = $attach_id";
167 $result = $db->sql_query($sql);
168 $attachment = $db->sql_fetchrow($result);
169 $db->sql_freeresult($result);
170
171 if (!$attachment)
172 {
173 send_status_line(404, 'Not Found');
174 trigger_error('ERROR_NO_ATTACHMENT');
175 }
176 else if (!download_allowed())
177 {
178 send_status_line(403, 'Forbidden');
179 trigger_error($user->lang['LINKAGE_FORBIDDEN']);
180 }
181 else
182 {
183 $attachment['physical_filename'] = utf8_basename($attachment['physical_filename']);
184
185 if (!$attachment['in_message'] && !$config['allow_attachments'] || $attachment['in_message'] && !$config['allow_pm_attach'])
186 {
187 send_status_line(404, 'Not Found');
188 trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
189 }
190
191 if ($attachment['is_orphan'])
192 {
193 // We allow admins having attachment permissions to see orphan attachments...
194 $own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;
195
196 if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
197 {
198 send_status_line(404, 'Not Found');
199 trigger_error('ERROR_NO_ATTACHMENT');
200 }
201
202 // Obtain all extensions...
203 $extensions = $cache->obtain_attach_extensions(true);
204 }
205 else
206 {
207 if (!$attachment['in_message'])
208 {
209 phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']);
210
211 $sql = 'SELECT forum_id, post_visibility
212 FROM ' . POSTS_TABLE . '
213 WHERE post_id = ' . (int) $attachment['post_msg_id'];
214 $result = $db->sql_query($sql);
215 $post_row = $db->sql_fetchrow($result);
216 $db->sql_freeresult($result);
217
218 if (!$post_row || ($post_row['post_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $post_row['forum_id'])))
219 {
220 // Attachment of a soft deleted post and the user is not allowed to see the post
221 send_status_line(404, 'Not Found');
222 trigger_error('ERROR_NO_ATTACHMENT');
223 }
224 }
225 else
226 {
227 // Attachment is in a private message.
228 $post_row = array('forum_id' => false);
229 phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']);
230 }
231
232 $extensions = array();
233 if (!extension_allowed($post_row['forum_id'], $attachment['extension'], $extensions))
234 {
235 send_status_line(403, 'Forbidden');
236 trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
237 }
238 }
239
240 $download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
241 $display_cat = $extensions[$attachment['extension']]['display_cat'];
242
243 if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg'))
244 {
245 $display_cat = ATTACHMENT_CATEGORY_NONE;
246 }
247
248 if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
249 {
250 $display_cat = ATTACHMENT_CATEGORY_NONE;
251 }
252
253 if ($thumbnail)
254 {
255 $attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
256 }
257 else if ($display_cat == ATTACHMENT_CATEGORY_NONE && !$attachment['is_orphan'] && !phpbb_http_byte_range($attachment['filesize']))
258 {
259 // Update download count
260 phpbb_increment_downloads($db, $attachment['attach_id']);
261 }
262
263 if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && (strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7))
264 {
265 wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
266 file_gc();
267 }
268 else
269 {
270 // Determine the 'presenting'-method
271 if ($download_mode == PHYSICAL_LINK)
272 {
273 // This presenting method should no longer be used
274 if (!@is_dir($phpbb_root_path . $config['upload_path']))
275 {
276 send_status_line(500, 'Internal Server Error');
277 trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
278 }
279
280 redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
281 file_gc();
282 }
283 else
284 {
285 send_file_to_browser($attachment, $config['upload_path'], $display_cat);
286 file_gc();
287 }
288 }
289 }
290