diff options
| author | Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org> | 2006-04-27 09:38:34 +0000 |
|---|---|---|
| committer | Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org> | 2006-04-27 09:38:34 +0000 |
| commit | 00f8037e45b1dcb4f7ebde44793c1241b0ae314c (patch) | |
| tree | aede38bde9e3b3353861dc4bcecdee6d0fb080b5 | |
| parent | bd08cb5e9cf1d3ac2e10c88d0b48cad033856e50 (diff) | |
| download | brdo-00f8037e45b1dcb4f7ebde44793c1241b0ae314c.tar.gz brdo-00f8037e45b1dcb4f7ebde44793c1241b0ae314c.tar.bz2 | |
#59648, Upload.module misuse of hook_file_download, paralyzes other modules' hook, patch by jakeg
| -rw-r--r-- | modules/upload.module | 16 | ||||
| -rw-r--r-- | modules/upload/upload.module | 16 |
2 files changed, 16 insertions, 16 deletions
diff --git a/modules/upload.module b/modules/upload.module index 421e874de..9163586fa 100644 --- a/modules/upload.module +++ b/modules/upload.module @@ -27,7 +27,7 @@ function upload_help($section) { case 'admin/modules#description': return t('Allows users to upload and attach files to content.'); case 'admin/settings/upload': - return t('<p>Users with the <a href="%permissions">upload files permission</a> can upload attachments. You can choose which post types can take attachments on the <a href="%types">content types settings</a> page.</p>', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types'))); + return t('<p>Users with the <a href="%permissions">upload files permission</a> can upload attachments. Users with the <a href="%permissions">view uploaded files permission</a> can view uploaded attachments. You can choose which post types can take attachments on the <a href="%types">content types settings</a> page.</p>', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types'))); } } @@ -144,10 +144,10 @@ function upload_download() { } function upload_file_download($file) { - if (user_access('view uploaded files')) { - $file = file_create_path($file); - $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file); - if ($file = db_fetch_object($result)) { + $file = file_create_path($file); + $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file); + if ($file = db_fetch_object($result)) { + if (user_access('view uploaded files')) { $node = node_load($file->nid); if (node_access('view', $node)) { $name = mime_header_encode($file->filename); @@ -164,9 +164,9 @@ function upload_file_download($file) { return -1; } } - } - else { - return -1; + else { + return -1; + } } } diff --git a/modules/upload/upload.module b/modules/upload/upload.module index 421e874de..9163586fa 100644 --- a/modules/upload/upload.module +++ b/modules/upload/upload.module @@ -27,7 +27,7 @@ function upload_help($section) { case 'admin/modules#description': return t('Allows users to upload and attach files to content.'); case 'admin/settings/upload': - return t('<p>Users with the <a href="%permissions">upload files permission</a> can upload attachments. You can choose which post types can take attachments on the <a href="%types">content types settings</a> page.</p>', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types'))); + return t('<p>Users with the <a href="%permissions">upload files permission</a> can upload attachments. Users with the <a href="%permissions">view uploaded files permission</a> can view uploaded attachments. You can choose which post types can take attachments on the <a href="%types">content types settings</a> page.</p>', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types'))); } } @@ -144,10 +144,10 @@ function upload_download() { } function upload_file_download($file) { - if (user_access('view uploaded files')) { - $file = file_create_path($file); - $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file); - if ($file = db_fetch_object($result)) { + $file = file_create_path($file); + $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file); + if ($file = db_fetch_object($result)) { + if (user_access('view uploaded files')) { $node = node_load($file->nid); if (node_access('view', $node)) { $name = mime_header_encode($file->filename); @@ -164,9 +164,9 @@ function upload_file_download($file) { return -1; } } - } - else { - return -1; + else { + return -1; + } } } |