diff options
Diffstat (limited to 'modules/file/file.module')
-rw-r--r-- | modules/file/file.module | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/modules/file/file.module b/modules/file/file.module index 5a635fd75..ed165368b 100644 --- a/modules/file/file.module +++ b/modules/file/file.module @@ -510,8 +510,9 @@ function file_managed_file_value(&$element, $input = FALSE, $form_state = NULL) $callback($element, $input, $form_state); } } - // Load file if the FID has changed to confirm it exists. - if (isset($input['fid']) && $file = file_load($input['fid'])) { + // Load file and check access if the FID has changed, to confirm it + // exists and that the current user has access to it. + if (isset($input['fid']) && ($file = file_load($input['fid'])) && file_download_access($file->uri)) { $fid = $file->fid; } } |