Commit 706ea3e5 authored by webchick's avatar webchick

#319341: SA-2008-060 (#318706): Access bypass for files attached to restricted nodes.

parent 4748ac2c
......@@ -154,15 +154,17 @@ function _upload_file_limits($user) {
*/
function upload_file_download($filepath) {
$filepath = file_create_path($filepath);
$result = db_query("SELECT f.* FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = '%s'", $filepath);
$result = db_query("SELECT f.*, u.nid FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = '%s'", $filepath);
if ($file = db_fetch_object($result)) {
if (!user_access('view uploaded files')) {
if (user_access('view uploaded files') && ($node = node_load($file->nid)) && node_access('view', $node)) {
return array(
'Content-Type: ' . $file->filemime,
'Content-Length: ' . $file->filesize,
);
}
else {
return -1;
}
return array(
'Content-Type: ' . $file->filemime,
'Content-Length: ' . $file->filesize,
);
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment