2012-10-21, 01:52 AM
This patch will make mybb chmod the attachment folders for each month to 0750. This will make it so the attachment files cannot be viewed through the browser, which is useful for sites that make their users pay to download attachments (such as subscription plugin sites and such). Normally you could just goto something like http://mysite.com/mybb/uploads/201210/ and view all of the attachments (they do get renamed to something random, but you can still open with winzip, or whatever program would normally open the file). This patch will now add a fallback and add an index.html to the directory so you cannot see the list of files even if for some reason you can view the directory.
In inc/functions_upload.php
Find:
Add after:
NOTE: if you use the patches plugin you can download an xml file that will let you automatically apply the patch after updates to mybb in the attachments for this thread.
In inc/functions_upload.php
Find:
if(!@is_dir($mybb->settings['uploadspath']."/".$month_dir))
{
$month_dir = '';
}
Add after:
else
{
@chmod($mybb->settings['uploadspath']."/".$month_dir, 0750);
$fh = @fopen($mybb->settings['uploadspath']."/".$month_dir."/index.html", "a+");
fclose($fh);
}
NOTE: if you use the patches plugin you can download an xml file that will let you automatically apply the patch after updates to mybb in the attachments for this thread.