Commit 4748ac2c authored by webchick's avatar webchick

#319328: SA-2008-060 (#318706): File upload access bypass.

parent 7e02f2f7
......@@ -184,7 +184,7 @@ function upload_node_form_submit($form, &$form_state) {
);
// Save new file uploads.
if (($user->uid != 1 || user_access('upload files')) && ($file = file_save_upload('upload', $validators, file_directory_path()))) {
if (user_access('upload files') && ($file = file_save_upload('upload', $validators, file_directory_path()))) {
$file->list = variable_get('upload_list_default', 1);
$file->description = $file->filename;
$file->weight = 0;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment