Merge branch '7.12-security' into 7.x

author: webchick <webchick@24967.no-reply.drupal.org> 2012-05-02 15:04:41 -0700
committer: webchick <webchick@24967.no-reply.drupal.org> 2012-05-02 15:04:41 -0700
commit: cdb0df93be92c8cb68e1a5d3badbdc4e1be148da (patch)
tree: 4639d784e81cb085c8e107b1377c9674e296e125 /includes/file.inc
parent: ef788926008f96942eaeac0faa4d7b4776b0f25a (diff)
parent: 9879d29f731570a34b24c4eae4cc8cb30c7a5082 (diff)
download: brdo-cdb0df93be92c8cb68e1a5d3badbdc4e1be148da.tar.gz
brdo-cdb0df93be92c8cb68e1a5d3badbdc4e1be148da.tar.bz2
1 files changed, 8 insertions, 3 deletions
diff --git a/includes/file.inc b/includes/file.inc
index f7d3f34c1..c5e5cf07d 100644
--- a/includes/file.inc
+++ b/includes/file.inc
@@ -1967,7 +1967,9 @@ function file_download() {
       $function = $module . '_file_download';
       $result = $function($uri);
       if ($result == -1) {
-        return drupal_access_denied();
+        // Throw away the headers received so far.
+        $headers = array();
+        break;
       }
       if (isset($result) && is_array($result)) {
         $headers = array_merge($headers, $result);
@@ -1976,9 +1978,12 @@ function file_download() {
     if (count($headers)) {
       file_transfer($uri, $headers);
     }
-    return drupal_access_denied();
+    drupal_access_denied();
   }
-  return drupal_not_found();
+  else {
+    drupal_not_found();
+  }
+  drupal_exit();
 }
author	webchick <webchick@24967.no-reply.drupal.org>	2012-05-02 15:04:41 -0700
committer	webchick <webchick@24967.no-reply.drupal.org>	2012-05-02 15:04:41 -0700
commit	cdb0df93be92c8cb68e1a5d3badbdc4e1be148da (patch)
tree	4639d784e81cb085c8e107b1377c9674e296e125 /includes/file.inc
parent	ef788926008f96942eaeac0faa4d7b4776b0f25a (diff)
parent	9879d29f731570a34b24c4eae4cc8cb30c7a5082 (diff)
download	brdo-cdb0df93be92c8cb68e1a5d3badbdc4e1be148da.tar.gz brdo-cdb0df93be92c8cb68e1a5d3badbdc4e1be148da.tar.bz2