Details
-
New Feature
-
Status: Unverified Fix (View Workflow)
-
Minor
-
Resolution: Fixed
-
None
-
None
-
nginx 0.7.67
Description
nginx doesn't support X-Sendfile, but something similar called X-Accel-Redirect. I believe this feature would be beneficial to nginx users, as the webserver excels at serving static content.
Altering the X-Sendfile support at lines 458-461 of download/file.php to
if (strpos($upload_dir, '/') !== 0 && strpos($upload_dir, '../') === false)
|
{
|
header('X-Accel-Redirect: ' . $filename);
|
}
|
is all which is required to send the header to nginx for processing. However, nginx will return a 404 as this sends what it calls an "unsafe URI". As an example, when altering download/file.php to match the above, a request for an attachment will return a 404 with the following entry in nginx's error log:
unsafe URI "./../files/2_d2b0982cf8938dae68840465cf6045da" was detected while reading response header from upstream
If the path sent to nginx isn't relative, but absolute to phpBB3's root, e.g. files/2_d2b0982cf8938dae68840465cf6045da then nginx will process the request.