- Patch #247095 by drewish ad flobruit: upload module performs permission checks on files it doesn't control.

author: Dries Buytaert <dries@buytaert.net> 2008-05-14 13:19:48 +0000
committer: Dries Buytaert <dries@buytaert.net> 2008-05-14 13:19:48 +0000
commit: 21137e1aed33add659b0105de871de2450d5b2db (patch)
tree: 883bb9b296f23e5c034db31fceee52a126fc52b7
parent: 757dbee6ab073293658f0336ba46ae62118460e5 (diff)
download: brdo-21137e1aed33add659b0105de871de2450d5b2db.tar.gz
brdo-21137e1aed33add659b0105de871de2450d5b2db.tar.bz2
1 files changed, 5 insertions, 5 deletions
diff --git a/modules/upload/upload.module b/modules/upload/upload.module
index 431d5bf00..dde2395db 100644
--- a/modules/upload/upload.module
+++ b/modules/upload/upload.module
@@ -146,13 +146,13 @@ function _upload_file_limits($user) {
 /**
  * Implementation of hook_file_download().
  */
-function upload_file_download($file) {
-  if (!user_access('view uploaded files')) {
-    return -1;
-  }
-  $file = file_create_path($file);
+function upload_file_download($filepath) {
+  $filepath = file_create_path($filepath);
   $result = db_query("SELECT f.* FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = '%s'", $file);
   if ($file = db_fetch_object($result)) {
+    if (!user_access('view uploaded files')) {
+      return -1;
+    }
     return array(
       'Content-Type: ' . $file->filemime,
       'Content-Length: ' . $file->filesize,
author	Dries Buytaert <dries@buytaert.net>	2008-05-14 13:19:48 +0000
committer	Dries Buytaert <dries@buytaert.net>	2008-05-14 13:19:48 +0000
commit	21137e1aed33add659b0105de871de2450d5b2db (patch)
tree	883bb9b296f23e5c034db31fceee52a126fc52b7
parent	757dbee6ab073293658f0336ba46ae62118460e5 (diff)
download	brdo-21137e1aed33add659b0105de871de2450d5b2db.tar.gz brdo-21137e1aed33add659b0105de871de2450d5b2db.tar.bz2