#319328: SA-2008-060 (#318706): File upload access bypass.

4748ac2c · webchick · 7e02f2f7 · 4748ac2c
Commit 4748ac2c authored Oct 11, 2008 by webchick
--- a/modules/upload/upload.module
+++ b/modules/upload/upload.module
@@ -184,7 +184,7 @@ function upload_node_form_submit($form, &$form_state) {
  );

  // Save new file uploads.
-  if (($user->uid != 1 || user_access('upload files')) && ($file = file_save_upload('upload', $validators, file_directory_path()))) {
+  if (user_access('upload files') && ($file = file_save_upload('upload', $validators, file_directory_path()))) {
    $file->list = variable_get('upload_list_default', 1);
    $file->description = $file->filename;
    $file->weight = 0;