Commit 74315e5d authored by dsnopek's avatar dsnopek Committed by dsnopek

Issue #2820535 by dsnopek: [webform] Add D6 patch for SA-CONTRIB-2016-053

parent 13037285
diff --git a/webform.module b/webform.module
index de3b0c1..93e649e 100644
--- a/webform.module
+++ b/webform.module
@@ -914,7 +914,7 @@ function webform_webform_submission_render_alter(&$renderable) {
*
* Only allow users with view webform submissions to download files.
*/
-function webform_file_download($file) {
+function webform_file_download($filepath) {
global $user;
// If the Webform directory doesn't exist, don't attempt to deliver a file.
@@ -923,9 +923,20 @@ function webform_file_download($file) {
return;
}
- $file = file_check_location(file_directory_path() . '/' . $file, $webform_directory);
- if ($file && (user_access('access all webform results') || user_access('access own webform results'))) {
- $info = image_get_info(file_create_path($file));
+ // If this file isn't in the Webform directory, don't deliver a file.
+ $filepath = file_directory_path() . '/' . $filepath;
+ if (!file_check_location($filepath, $webform_directory)) {
+ return;
+ }
+
+ // If we can't load the file object for this file, don't deliver a file.
+ $file = db_fetch_object(db_query("SELECT * FROM {files} WHERE filepath = '%s'", $filepath));
+ if (!$file) {
+ return;
+ }
+
+ if (user_access('access all webform results') || ($file->uid == $user->uid && user_access('access own webform results'))) {
+ $info = image_get_info(file_create_path($filepath));
if (isset($info['mime_type'])) {
$headers = array('Content-type: ' . $info['mime_type']);
}
@@ -937,6 +948,8 @@ function webform_file_download($file) {
}
return $headers;
}
+
+ return -1;
}
/**
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment