Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Open sidebar
project
filefield
Commits
07083e2f
Commit
07083e2f
authored
Jun 16, 2010
by
quicksketch
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
#651394
: filefield_file_download() is too restrictive when nodes share files.
parent
8c7a91fb
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
8 additions
and
7 deletions
+8
-7
filefield.module
filefield.module
+8
-7
No files found.
filefield.module
View file @
07083e2f
...
...
@@ -172,7 +172,7 @@ function filefield_file_download($filepath) {
// denied for ALL nodes containing the file, deny the download as well.
// Node access checks also include checking for 'access content'.
$nodes
=
array
();
$denied
=
FALS
E
;
$denied
=
TRU
E
;
foreach
(
$cck_files
as
$field_name
=>
$field_files
)
{
foreach
(
$field_files
as
$revision_id
=>
$content
)
{
// Checking separately for each revision is probably not the best idea -
...
...
@@ -181,15 +181,16 @@ function filefield_file_download($filepath) {
if
(
isset
(
$nodes
[
$content
[
'nid'
]]))
{
continue
;
// Don't check the same node twice.
}
if
(
$denied
==
FALSE
&&
(
$node
=
node_load
(
$content
[
'nid'
]))
&&
(
node_access
(
'view'
,
$node
)
==
FALSE
||
filefield_view_access
(
$field_name
,
$node
)
==
FALSE
))
{
// You don't have permission to view the node this file is attached to.
$denied
=
TRUE
;
if
((
$node
=
node_load
(
$content
[
'nid'
]))
&&
(
node_access
(
'view'
,
$node
)
&&
filefield_view_access
(
$field_name
,
$node
)))
{
$denied
=
FALSE
;
break
2
;
}
$nodes
[
$content
[
'nid'
]]
=
$node
;
}
if
(
$denied
)
{
return
-
1
;
}
}
if
(
$denied
)
{
return
-
1
;
}
// Access is granted.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment