From 00f8037e45b1dcb4f7ebde44793c1241b0ae314c Mon Sep 17 00:00:00 2001 From: Gerhard Killesreiter Date: Thu, 27 Apr 2006 09:38:34 +0000 Subject: #59648, Upload.module misuse of hook_file_download, paralyzes other modules' hook, patch by jakeg --- modules/upload.module | 16 ++++++++-------- modules/upload/upload.module | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/modules/upload.module b/modules/upload.module index 421e874de..9163586fa 100644 --- a/modules/upload.module +++ b/modules/upload.module @@ -27,7 +27,7 @@ function upload_help($section) { case 'admin/modules#description': return t('Allows users to upload and attach files to content.'); case 'admin/settings/upload': - return t('

Users with the upload files permission can upload attachments. You can choose which post types can take attachments on the content types settings page.

', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types'))); + return t('

Users with the upload files permission can upload attachments. Users with the view uploaded files permission can view uploaded attachments. You can choose which post types can take attachments on the content types settings page.

', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types'))); } } @@ -144,10 +144,10 @@ function upload_download() { } function upload_file_download($file) { - if (user_access('view uploaded files')) { - $file = file_create_path($file); - $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file); - if ($file = db_fetch_object($result)) { + $file = file_create_path($file); + $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file); + if ($file = db_fetch_object($result)) { + if (user_access('view uploaded files')) { $node = node_load($file->nid); if (node_access('view', $node)) { $name = mime_header_encode($file->filename); @@ -164,9 +164,9 @@ function upload_file_download($file) { return -1; } } - } - else { - return -1; + else { + return -1; + } } } diff --git a/modules/upload/upload.module b/modules/upload/upload.module index 421e874de..9163586fa 100644 --- a/modules/upload/upload.module +++ b/modules/upload/upload.module @@ -27,7 +27,7 @@ function upload_help($section) { case 'admin/modules#description': return t('Allows users to upload and attach files to content.'); case 'admin/settings/upload': - return t('

Users with the upload files permission can upload attachments. You can choose which post types can take attachments on the content types settings page.

', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types'))); + return t('

Users with the upload files permission can upload attachments. Users with the view uploaded files permission can view uploaded attachments. You can choose which post types can take attachments on the content types settings page.

', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types'))); } } @@ -144,10 +144,10 @@ function upload_download() { } function upload_file_download($file) { - if (user_access('view uploaded files')) { - $file = file_create_path($file); - $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file); - if ($file = db_fetch_object($result)) { + $file = file_create_path($file); + $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file); + if ($file = db_fetch_object($result)) { + if (user_access('view uploaded files')) { $node = node_load($file->nid); if (node_access('view', $node)) { $name = mime_header_encode($file->filename); @@ -164,9 +164,9 @@ function upload_file_download($file) { return -1; } } - } - else { - return -1; + else { + return -1; + } } } -- cgit v1.2.3