From 6660bf26e469c1c62702fe8634bef6c7f94df2bc Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Mon, 18 Dec 2023 16:24:23 +0700 Subject: [PATCH] Fixed extensions issue (#1218) * Fixed extensions issue * Update CHANGELOG.md --- CHANGELOG.md | 1 + dl.php | 7 +++++-- library/attach_mod/displaying.php | 7 +++++-- .../includes/datastore/build_attach_extensions.php | 13 ++++--------- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6bfa0bf86..98a2c1e7b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ - Limit execution time for forum file-listing [\#1211](https://github.com/torrentpier/torrentpier/pull/1211) ([kovalensky](https://github.com/kovalensky), [belomaxorka](https://github.com/belomaxorka)) - Some reported bugfixes [\#1214](https://github.com/torrentpier/torrentpier/pull/1214) ([belomaxorka](https://github.com/belomaxorka)) - Minor improvements [\#1215](https://github.com/torrentpier/torrentpier/pull/1215), [\#1217](https://github.com/torrentpier/torrentpier/pull/1217) ([belomaxorka](https://github.com/belomaxorka)) +- Fixed extensions issue [\#1218](https://github.com/torrentpier/torrentpier/pull/1218) ([belomaxorka](https://github.com/belomaxorka)) ## [v2.4.0-rc2](https://github.com/torrentpier/torrentpier/tree/v2.4.0-rc2) (2023-12-12) [Full Changelog](https://github.com/torrentpier/torrentpier/compare/v2.4.0-rc1...v2.4.0-rc2) diff --git a/dl.php b/dl.php index d0c8e4c5f..41f0cdf19 100644 --- a/dl.php +++ b/dl.php @@ -173,12 +173,15 @@ $num_rows = count($rows); $allowed_extensions = $download_mode = []; for ($i = 0; $i < $num_rows; $i++) { $extension = strtolower(trim($rows[$i]['extension'])); - $allowed_extensions[] = $extension; + // Get allowed extensions + if ((int)$rows[$i]['allow_group'] === 1) { + $allowed_extensions[] = $extension; + } $download_mode[$extension] = $rows[$i]['download_mode']; } // Disallowed -if (!in_array($attachment['extension'], $allowed_extensions)) { +if (!in_array($attachment['extension'], $allowed_extensions) && !IS_ADMIN) { bb_die(sprintf($lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']) . '

' . $lang['FILENAME'] . ": " . $attachment['physical_filename']); } diff --git a/library/attach_mod/displaying.php b/library/attach_mod/displaying.php index 12f3a72b7..441a7ffd3 100644 --- a/library/attach_mod/displaying.php +++ b/library/attach_mod/displaying.php @@ -28,11 +28,14 @@ function init_complete_extensions_data() $GLOBALS['datastore']->update('attach_extensions'); $extension_informations = get_extension_informations(); } - $allowed_extensions = []; + $allowed_extensions = []; for ($i = 0, $size = count($extension_informations); $i < $size; $i++) { $extension = strtolower(trim($extension_informations[$i]['extension'])); - $allowed_extensions[] = $extension; + // Get allowed extensions + if ((int)$extension_informations[$i]['allow_group'] === 1) { + $allowed_extensions[] = $extension; + } $display_categories[$extension] = (int)$extension_informations[$i]['cat_id']; $download_modes[$extension] = (int)$extension_informations[$i]['download_mode']; $upload_icons[$extension] = trim($extension_informations[$i]['upload_icon']); diff --git a/library/includes/datastore/build_attach_extensions.php b/library/includes/datastore/build_attach_extensions.php index a5d383423..ae306ebcd 100644 --- a/library/includes/datastore/build_attach_extensions.php +++ b/library/includes/datastore/build_attach_extensions.php @@ -11,16 +11,11 @@ if (!defined('BB_ROOT')) { die(basename(__FILE__)); } -// Don't count on forbidden extensions table, because it is not allowed to allow forbidden extensions at all $extensions = DB()->fetch_rowset(" - SELECT - e.extension, g.cat_id, g.download_mode, g.upload_icon - FROM - " . BB_EXTENSIONS . " e, - " . BB_EXTENSION_GROUPS . " g - WHERE - e.group_id = g.group_id - AND g.allow_group = 1 + SELECT e.extension, g.cat_id, g.download_mode, g.upload_icon, g.allow_group FROM + " . BB_EXTENSIONS . " e, + " . BB_EXTENSION_GROUPS . " g + WHERE e.group_id = g.group_id "); $this->store('attach_extensions', $extensions);