diff options
| -rw-r--r-- | modules/comment/comment.module | 2 | ||||
| -rw-r--r-- | modules/file/file.module | 11 |
2 files changed, 10 insertions, 3 deletions
diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 02c0b9295..ce976d139 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -1398,7 +1398,7 @@ function comment_access($op, $comment) { global $user; if ($op == 'edit') { - return ($user->uid && $user->uid == $comment->uid && user_access('edit own comments')) || user_access('administer comments'); + return ($user->uid && $user->uid == $comment->uid && $comment->status == COMMENT_PUBLISHED && user_access('edit own comments')) || user_access('administer comments'); } } diff --git a/modules/file/file.module b/modules/file/file.module index 0340eb059..445dc624d 100644 --- a/modules/file/file.module +++ b/modules/file/file.module @@ -125,9 +125,16 @@ function file_file_download($uri, $field_type = 'file') { // Get the file record based on the URI. If not in the database just return. $files = file_load_multiple(array(), array('uri' => $uri)); if (count($files)) { - $file = reset($files); + foreach ($files as $item) { + // Since some database servers sometimes use a case-insensitive comparison + // by default, double check that the filename is an exact match. + if ($item->uri === $uri) { + $file = $item; + break; + } + } } - else { + if (!isset($file)) { return; } |