diff options
| author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2008-10-11 02:58:40 +0000 |
|---|---|---|
| committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2008-10-11 02:58:40 +0000 |
| commit | 4748ac2c4ff8c1477dc071ea12c57817834aee12 (patch) | |
| tree | b9610ca5ffece5019115bbda5522255e1f7af56b | |
| parent | 7e02f2f782418d3452bae636e63e3439e9802336 (diff) | |
| download | brdo-4748ac2c4ff8c1477dc071ea12c57817834aee12.tar.gz brdo-4748ac2c4ff8c1477dc071ea12c57817834aee12.tar.bz2 | |
#319328: SA-2008-060 (#318706): File upload access bypass.
| -rw-r--r-- | modules/upload/upload.module | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/upload/upload.module b/modules/upload/upload.module index 0c8e79227..4fceaa6ab 100644 --- a/modules/upload/upload.module +++ b/modules/upload/upload.module @@ -184,7 +184,7 @@ function upload_node_form_submit($form, &$form_state) { ); // Save new file uploads. - if (($user->uid != 1 || user_access('upload files')) && ($file = file_save_upload('upload', $validators, file_directory_path()))) { + if (user_access('upload files') && ($file = file_save_upload('upload', $validators, file_directory_path()))) { $file->list = variable_get('upload_list_default', 1); $file->description = $file->filename; $file->weight = 0; |