From 00f8037e45b1dcb4f7ebde44793c1241b0ae314c Mon Sep 17 00:00:00 2001
From: Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org>
Date: Thu, 27 Apr 2006 09:38:34 +0000
Subject: [PATCH] #59648, Upload.module misuse of hook_file_download, paralyzes
other modules' hook, patch by jakeg
---
modules/upload.module | 16 ++++++++--------
modules/upload/upload.module | 16 ++++++++--------
2 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/modules/upload.module b/modules/upload.module
index 421e874deca8..9163586fa5fa 100644
--- a/modules/upload.module
+++ b/modules/upload.module
@@ -27,7 +27,7 @@ function upload_help($section) {
case 'admin/modules#description':
return t('Allows users to upload and attach files to content.');
case 'admin/settings/upload':
- return t('<p>Users with the <a href="%permissions">upload files permission</a> can upload attachments. You can choose which post types can take attachments on the <a href="%types">content types settings</a> page.</p>', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types')));
+ return t('<p>Users with the <a href="%permissions">upload files permission</a> can upload attachments. Users with the <a href="%permissions">view uploaded files permission</a> can view uploaded attachments. You can choose which post types can take attachments on the <a href="%types">content types settings</a> page.</p>', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types')));
}
}
@@ -144,10 +144,10 @@ function upload_download() {
}
function upload_file_download($file) {
- if (user_access('view uploaded files')) {
- $file = file_create_path($file);
- $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file);
- if ($file = db_fetch_object($result)) {
+ $file = file_create_path($file);
+ $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file);
+ if ($file = db_fetch_object($result)) {
+ if (user_access('view uploaded files')) {
$node = node_load($file->nid);
if (node_access('view', $node)) {
$name = mime_header_encode($file->filename);
@@ -164,9 +164,9 @@ function upload_file_download($file) {
return -1;
}
}
- }
- else {
- return -1;
+ else {
+ return -1;
+ }
}
}
diff --git a/modules/upload/upload.module b/modules/upload/upload.module
index 421e874deca8..9163586fa5fa 100644
--- a/modules/upload/upload.module
+++ b/modules/upload/upload.module
@@ -27,7 +27,7 @@ function upload_help($section) {
case 'admin/modules#description':
return t('Allows users to upload and attach files to content.');
case 'admin/settings/upload':
- return t('<p>Users with the <a href="%permissions">upload files permission</a> can upload attachments. You can choose which post types can take attachments on the <a href="%types">content types settings</a> page.</p>', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types')));
+ return t('<p>Users with the <a href="%permissions">upload files permission</a> can upload attachments. Users with the <a href="%permissions">view uploaded files permission</a> can view uploaded attachments. You can choose which post types can take attachments on the <a href="%types">content types settings</a> page.</p>', array('%permissions' => url('admin/access'), '%types' => url('admin/settings/content-types')));
}
}
@@ -144,10 +144,10 @@ function upload_download() {
}
function upload_file_download($file) {
- if (user_access('view uploaded files')) {
- $file = file_create_path($file);
- $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file);
- if ($file = db_fetch_object($result)) {
+ $file = file_create_path($file);
+ $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file);
+ if ($file = db_fetch_object($result)) {
+ if (user_access('view uploaded files')) {
$node = node_load($file->nid);
if (node_access('view', $node)) {
$name = mime_header_encode($file->filename);
@@ -164,9 +164,9 @@ function upload_file_download($file) {
return -1;
}
}
- }
- else {
- return -1;
+ else {
+ return -1;
+ }
}
}
--
GitLab