Verzeichnisstruktur phpBB-3.3.16
- Veröffentlicht
- 27.04.2026
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
file.php
001 <?php
002 /**
003 *
004 * This file is part of the phpBB Forum Software package.
005 *
006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
007 * @license GNU General Public License, version 2 (GPL-2.0)
008 *
009 * For full copyright and license information, please see
010 * the docs/CREDITS.txt file.
011 *
012 */
013
014 /**
015 * @ignore
016 */
017 define('IN_PHPBB', true);
018 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
019 $phpEx = substr(strrchr(__FILE__, '.'), 1);
020
021 // Thank you sun.
022 if (isset($_SERVER['CONTENT_TYPE']))
023 {
024 if ($_SERVER['CONTENT_TYPE'] === 'application/x-java-archive')
025 {
026 exit;
027 }
028 }
029 else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'Java') !== false)
030 {
031 exit;
032 }
033
034 if (isset($_GET['avatar']))
035 {
036 require($phpbb_root_path . 'includes/startup.' . $phpEx);
037
038 require($phpbb_root_path . 'phpbb/class_loader.' . $phpEx);
039 $phpbb_class_loader = new \phpbb\class_loader('phpbb\\', "{$phpbb_root_path}phpbb/", $phpEx);
040 $phpbb_class_loader->register();
041
042 $phpbb_config_php_file = new \phpbb\config_php_file($phpbb_root_path, $phpEx);
043 extract($phpbb_config_php_file->get_all());
044
045 if (!defined('PHPBB_ENVIRONMENT'))
046 {
047 @define('PHPBB_ENVIRONMENT', 'production');
048 }
049
050 if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
051 {
052 exit;
053 }
054
055 require($phpbb_root_path . 'includes/constants.' . $phpEx);
056 require($phpbb_root_path . 'includes/functions.' . $phpEx);
057 require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);
058 require($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx);
059
060 // Setup class loader first
061 $phpbb_class_loader_ext = new \phpbb\class_loader('\\', "{$phpbb_root_path}ext/", $phpEx);
062 $phpbb_class_loader_ext->register();
063
064 // Set up container
065 $phpbb_container_builder = new \phpbb\di\container_builder($phpbb_root_path, $phpEx);
066 $phpbb_container = $phpbb_container_builder->with_config($phpbb_config_php_file)->get_container();
067
068 $phpbb_class_loader->set_cache($phpbb_container->get('cache.driver'));
069 $phpbb_class_loader_ext->set_cache($phpbb_container->get('cache.driver'));
070
071 // set up caching
072 /* @var $cache \phpbb\cache\service */
073 $cache = $phpbb_container->get('cache');
074
075 /* @var $phpbb_dispatcher \phpbb\event\dispatcher */
076 $phpbb_dispatcher = $phpbb_container->get('dispatcher');
077
078 /* @var $request \phpbb\request\request_interface */
079 $request = $phpbb_container->get('request');
080
081 /* @var $db \phpbb\db\driver\driver_interface */
082 $db = $phpbb_container->get('dbal.conn');
083
084 /* @var $phpbb_log \phpbb\log\log_interface */
085 $phpbb_log = $phpbb_container->get('log');
086
087 unset($dbpasswd);
088
089 /* @var $config \phpbb\config\config */
090 $config = $phpbb_container->get('config');
091
092 // load extensions
093 /* @var $phpbb_extension_manager \phpbb\extension\manager */
094 $phpbb_extension_manager = $phpbb_container->get('ext.manager');
095
096 // worst-case default
097 $browser = strtolower($request->header('User-Agent', 'msie 6.0'));
098
099 /* @var $phpbb_avatar_manager \phpbb\avatar\manager */
100 $phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
101
102 $filename = $request->variable('avatar', '');
103 $avatar_group = false;
104 $exit = false;
105
106 if (isset($filename[0]) && $filename[0] === 'g')
107 {
108 $avatar_group = true;
109 $filename = substr($filename, 1);
110 }
111
112 // '==' is not a bug - . as the first char is as bad as no dot at all
113 if (strpos($filename, '.') == false)
114 {
115 send_status_line(403, 'Forbidden');
116 $exit = true;
117 }
118
119 if (!$exit)
120 {
121 $ext = substr(strrchr($filename, '.'), 1);
122 $stamp = (int) substr(stristr($filename, '_'), 1);
123 $filename = (int) $filename;
124 $exit = set_modified_headers($stamp, $browser);
125 }
126 if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
127 {
128 // no way such an avatar could exist. They are not following the rules, stop the show.
129 send_status_line(403, 'Forbidden');
130 $exit = true;
131 }
132
133
134 if (!$exit)
135 {
136 if (!$filename)
137 {
138 // no way such an avatar could exist. They are not following the rules, stop the show.
139 send_status_line(403, 'Forbidden');
140 }
141 else
142 {
143 send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
144 }
145 }
146 file_gc();
147 }
148
149 // implicit else: we are not in avatar mode
150 include($phpbb_root_path . 'common.' . $phpEx);
151 require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);
152
153 $attach_id = $request->variable('id', 0);
154 $mode = $request->variable('mode', '');
155 $thumbnail = $request->variable('t', false);
156
157 // Start session management, do not update session page.
158 $user->session_begin(false);
159 $auth->acl($user->data);
160 $user->setup('viewtopic');
161
162 $phpbb_content_visibility = $phpbb_container->get('content.visibility');
163
164 if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
165 {
166 send_status_line(404, 'Not Found');
167 trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
168 }
169
170 if (!$attach_id)
171 {
172 send_status_line(404, 'Not Found');
173 trigger_error('NO_ATTACHMENT_SELECTED');
174 }
175
176 $sql = 'SELECT attach_id, post_msg_id, topic_id, in_message, poster_id, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime
177 FROM ' . ATTACHMENTS_TABLE . "
178 WHERE attach_id = $attach_id";
179 $result = $db->sql_query($sql);
180 $attachment = $db->sql_fetchrow($result);
181 $db->sql_freeresult($result);
182
183 if (!$attachment)
184 {
185 send_status_line(404, 'Not Found');
186 trigger_error('ERROR_NO_ATTACHMENT');
187 }
188 else if (!download_allowed())
189 {
190 send_status_line(403, 'Forbidden');
191 trigger_error($user->lang['LINKAGE_FORBIDDEN']);
192 }
193 else
194 {
195 $attachment['physical_filename'] = utf8_basename($attachment['physical_filename']);
196
197 if (!$attachment['in_message'] && !$config['allow_attachments'] || $attachment['in_message'] && !$config['allow_pm_attach'])
198 {
199 send_status_line(404, 'Not Found');
200 trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
201 }
202
203 if ($attachment['is_orphan'])
204 {
205 // We allow admins having attachment permissions to see orphan attachments...
206 $own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;
207
208 if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
209 {
210 send_status_line(404, 'Not Found');
211 trigger_error('ERROR_NO_ATTACHMENT');
212 }
213
214 // Obtain all extensions...
215 $extensions = $cache->obtain_attach_extensions(true);
216 }
217 else
218 {
219 if (!$attachment['in_message'])
220 {
221 phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']);
222
223 $sql = 'SELECT forum_id, poster_id, post_visibility
224 FROM ' . POSTS_TABLE . '
225 WHERE post_id = ' . (int) $attachment['post_msg_id'];
226 $result = $db->sql_query($sql);
227 $post_row = $db->sql_fetchrow($result);
228 $db->sql_freeresult($result);
229
230 if (!$post_row || !$phpbb_content_visibility->is_visible('post', $post_row['forum_id'], $post_row))
231 {
232 // Attachment of a soft deleted post and the user is not allowed to see the post
233 send_status_line(404, 'Not Found');
234 trigger_error('ERROR_NO_ATTACHMENT');
235 }
236 }
237 else
238 {
239 // Attachment is in a private message.
240 $post_row = array('forum_id' => false);
241 phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']);
242 }
243
244 $extensions = array();
245 if (!extension_allowed($post_row['forum_id'], $attachment['extension'], $extensions))
246 {
247 send_status_line(403, 'Forbidden');
248 trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
249 }
250 }
251
252 $download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
253 $display_cat = $extensions[$attachment['extension']]['display_cat'];
254
255 if ($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB)
256 {
257 // Do not display if either display inline is disabled or user is not allowed to view images
258 if (!$config['img_display_inlined'] || !$user->optionget('viewimg'))
259 {
260 $display_cat = ATTACHMENT_CATEGORY_NONE;
261 }
262 }
263
264 /**
265 * Event to modify data before sending file to browser
266 *
267 * @event core.download_file_send_to_browser_before
268 * @var int attach_id The attachment ID
269 * @var array attachment Array with attachment data
270 * @var int display_cat Attachment category
271 * @var int download_mode File extension specific download mode
272 * @var array extensions Array with file extensions data
273 * @var string mode Download mode
274 * @var bool thumbnail Flag indicating if the file is a thumbnail
275 * @since 3.1.6-RC1
276 * @changed 3.1.7-RC1 Fixing wrong name of a variable (replacing "extension" by "extensions")
277 */
278 $vars = array(
279 'attach_id',
280 'attachment',
281 'display_cat',
282 'download_mode',
283 'extensions',
284 'mode',
285 'thumbnail',
286 );
287 extract($phpbb_dispatcher->trigger_event('core.download_file_send_to_browser_before', compact($vars)));
288
289 if ($thumbnail)
290 {
291 $attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
292 }
293 else if ($display_cat == ATTACHMENT_CATEGORY_NONE && !$attachment['is_orphan'] && !phpbb_http_byte_range($attachment['filesize']))
294 {
295 // Update download count
296 phpbb_increment_downloads($db, $attachment['attach_id']);
297 }
298
299 if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && (strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7))
300 {
301 wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
302 file_gc();
303 }
304 else
305 {
306 // Determine the 'presenting'-method
307 if ($download_mode == PHYSICAL_LINK)
308 {
309 // This presenting method should no longer be used
310 if (!@is_dir($phpbb_root_path . $config['upload_path']))
311 {
312 send_status_line(500, 'Internal Server Error');
313 trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
314 }
315
316 redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
317 file_gc();
318 }
319 else
320 {
321 send_file_to_browser($attachment, $config['upload_path'], $display_cat);
322 file_gc();
323 }
324 }
325 }
326