diff --git a/CHANGELOG.md b/CHANGELOG.md index 1e653d2f7..217271296 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ - Updated TorrentPier footer text (: [\#1204](https://github.com/torrentpier/torrentpier/pull/1204) ([kovalensky](https://github.com/kovalensky)) - Repository link in page footer instead of forum [\#1205](https://github.com/torrentpier/torrentpier/pull/1205) ([kovalensky](https://github.com/kovalensky)) - Minor improvements [\#1206](https://github.com/torrentpier/torrentpier/pull/1206) ([belomaxorka](https://github.com/belomaxorka)) +- Some enhancements for dl.php [\#1209](https://github.com/torrentpier/torrentpier/pull/1209) ([belomaxorka](https://github.com/belomaxorka)) ## [v2.4.0-rc2](https://github.com/torrentpier/torrentpier/tree/v2.4.0-rc2) (2023-12-12) [Full Changelog](https://github.com/torrentpier/torrentpier/compare/v2.4.0-rc1...v2.4.0-rc2) diff --git a/dl.php b/dl.php index 2a8671e03..d0c8e4c5f 100644 --- a/dl.php +++ b/dl.php @@ -99,6 +99,11 @@ if (!($attachment = DB()->sql_fetchrow($result))) { $attachment['physical_filename'] = basename($attachment['physical_filename']); +// Re-define $attachment['physical_filename'] for thumbnails +if ($thumbnail) { + $attachment['physical_filename'] = THUMB_DIR . '/t_' . $attachment['physical_filename']; +} + DB()->sql_freeresult($result); // get forum_id for attachment authorization or private message authorization @@ -137,6 +142,7 @@ for ($i = 0; $i < $num_auth_pages && $authorised == false; $i++) { } } +// Check the auth rights if (!$authorised) { bb_die($lang['SORRY_AUTH_VIEW_ATTACH']); } @@ -176,10 +182,9 @@ if (!in_array($attachment['extension'], $allowed_extensions)) { bb_die(sprintf($lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']) . '

' . $lang['FILENAME'] . ": " . $attachment['physical_filename']); } -$download_mode = (int)$download_mode[$attachment['extension']]; - -if ($thumbnail) { - $attachment['physical_filename'] = THUMB_DIR . '/t_' . $attachment['physical_filename']; +// Getting download mode by extension +if (!$download_mode = (int)$download_mode[$attachment['extension']]) { + bb_die('Incorrect download mode'); } // Update download count @@ -192,29 +197,32 @@ if (!$thumbnail) { } // Determine the 'presenting'-method -if ($download_mode == PHYSICAL_LINK) { - $url = make_url($upload_dir . '/' . $attachment['physical_filename']); - header('Location: ' . $url); - exit; +switch ($download_mode) { + case PHYSICAL_LINK: + $url = make_url($upload_dir . '/' . $attachment['physical_filename']); + header('Location: ' . $url); + exit; + case INLINE_LINK: + if (IS_GUEST && !$bb_cfg['captcha']['disabled'] && !bb_captcha('check')) { + global $template; + + $redirect_url = $_POST['redirect_url'] ?? $_SERVER['HTTP_REFERER'] ?? '/'; + $message = '
'; + $message .= $lang['CAPTCHA'] . ':'; + $message .= '
' . bb_captcha('get') . '
'; + $message .= ''; + $message .= '  '; + $message .= ''; + $message .= '
'; + + $template->assign_vars(['ERROR_MESSAGE' => $message]); + + require(PAGE_HEADER); + require(PAGE_FOOTER); + } + + send_file_to_browser($attachment, $upload_dir); + exit; + default: + bb_die('Incorrect download mode: ' . $download_mode); } - -if (IS_GUEST && !$bb_cfg['captcha']['disabled'] && !bb_captcha('check')) { - global $template; - - $redirect_url = $_POST['redirect_url'] ?? $_SERVER['HTTP_REFERER'] ?? '/'; - $message = '
'; - $message .= $lang['CAPTCHA'] . ':'; - $message .= '
' . bb_captcha('get') . '
'; - $message .= ''; - $message .= '  '; - $message .= ''; - $message .= '
'; - - $template->assign_vars(['ERROR_MESSAGE' => $message]); - - require(PAGE_HEADER); - require(PAGE_FOOTER); -} - -send_file_to_browser($attachment, $upload_dir); -exit;