diff options
| author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2008-10-11 03:03:59 +0000 |
|---|---|---|
| committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2008-10-11 03:03:59 +0000 |
| commit | 706ea3e5c4a181892c9635704b2c29680c94a4b3 (patch) | |
| tree | 9958d75ccb34a9f37353f49a621157dd06b5dd04 | |
| parent | 4748ac2c4ff8c1477dc071ea12c57817834aee12 (diff) | |
| download | brdo-706ea3e5c4a181892c9635704b2c29680c94a4b3.tar.gz brdo-706ea3e5c4a181892c9635704b2c29680c94a4b3.tar.bz2 | |
#319341: SA-2008-060 (#318706): Access bypass for files attached to restricted nodes.
| -rw-r--r-- | modules/upload/upload.module | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/modules/upload/upload.module b/modules/upload/upload.module index 4fceaa6ab..666aa23e9 100644 --- a/modules/upload/upload.module +++ b/modules/upload/upload.module @@ -154,15 +154,17 @@ function _upload_file_limits($user) { */ function upload_file_download($filepath) { $filepath = file_create_path($filepath); - $result = db_query("SELECT f.* FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = '%s'", $filepath); + $result = db_query("SELECT f.*, u.nid FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = '%s'", $filepath); if ($file = db_fetch_object($result)) { - if (!user_access('view uploaded files')) { + if (user_access('view uploaded files') && ($node = node_load($file->nid)) && node_access('view', $node)) { + return array( + 'Content-Type: ' . $file->filemime, + 'Content-Length: ' . $file->filesize, + ); + } + else { return -1; } - return array( - 'Content-Type: ' . $file->filemime, - 'Content-Length: ' . $file->filesize, - ); } } |