#16993: Bad query in upload.

5f78d143 · Steven Wittens · 77fbe802 · 5f78d143 · 5f78d143
Commit 5f78d143 authored 20 years ago by Steven Wittens
--- a/modules/upload.module
+++ b/modules/upload.module
@@ -91,7 +91,7 @@ function upload_download() {
 function upload_file_download($file) {
  if (user_access('view uploaded files')) {
    $file = file_create_path($file);
-    $result = db_query(db_rewrite_sql("SELECT f.nid, * from {files} f WHERE filepath = '%s", 'f'), $file);
+    $result = db_query(db_rewrite_sql("SELECT f.nid, f.* from {files} f WHERE filepath = '%s", 'f'), $file);
    if ($file = db_fetch_object($result)) {
      $name = mime_header_encode($file->filename);
      // Serve images and text inline for the browser to display rather than download.

--- a/modules/upload/upload.module
+++ b/modules/upload/upload.module
@@ -91,7 +91,7 @@ function upload_download() {
 function upload_file_download($file) {
  if (user_access('view uploaded files')) {
    $file = file_create_path($file);
-    $result = db_query(db_rewrite_sql("SELECT f.nid, * from {files} f WHERE filepath = '%s", 'f'), $file);
+    $result = db_query(db_rewrite_sql("SELECT f.nid, f.* from {files} f WHERE filepath = '%s", 'f'), $file);
    if ($file = db_fetch_object($result)) {
      $name = mime_header_encode($file->filename);
      // Serve images and text inline for the browser to display rather than download.