- Patch #16023 by chx: the upload.module still used the old node_access_*_sql calls.

2 files changed, 2 insertions, 2 deletions

diff --git a/modules/upload.module b/modules/upload.module
index 06ccde3fc..7a96a4c0f 100644
--- a/modules/upload.module
+++ b/modules/upload.module
@@ -90,7 +90,7 @@ function upload_download() {
 function upload_file_download($file) {
   if (user_access('view uploaded files')) {
     $file = file_create_path($file);
-    $result = db_query("SELECT * from {files} n " . node_access_join_sql() . " WHERE filepath = '%s' AND ". node_access_where_sql(), $file);
+    $result = db_query(node_rewrite_sql("SELECT f.nid, * from {files} f WHERE filepath = '%s", 'f'), $file);
     if ($file = db_fetch_object($result)) {
       $name = mime_header_encode($file->filename);
       // Serve images and text inline for the browser to display rather than download.
diff --git a/modules/upload/upload.module b/modules/upload/upload.module
index 06ccde3fc..7a96a4c0f 100644
--- a/modules/upload/upload.module
+++ b/modules/upload/upload.module
@@ -90,7 +90,7 @@ function upload_download() {
 function upload_file_download($file) {
   if (user_access('view uploaded files')) {
     $file = file_create_path($file);
-    $result = db_query("SELECT * from {files} n " . node_access_join_sql() . " WHERE filepath = '%s' AND ". node_access_where_sql(), $file);
+    $result = db_query(node_rewrite_sql("SELECT f.nid, * from {files} f WHERE filepath = '%s", 'f'), $file);
     if ($file = db_fetch_object($result)) {
       $name = mime_header_encode($file->filename);
       // Serve images and text inline for the browser to display rather than download.