Commit 07083e2f authored by quicksketch's avatar quicksketch

#651394: filefield_file_download() is too restrictive when nodes share files.

parent 8c7a91fb
...@@ -172,7 +172,7 @@ function filefield_file_download($filepath) { ...@@ -172,7 +172,7 @@ function filefield_file_download($filepath) {
// denied for ALL nodes containing the file, deny the download as well. // denied for ALL nodes containing the file, deny the download as well.
// Node access checks also include checking for 'access content'. // Node access checks also include checking for 'access content'.
$nodes = array(); $nodes = array();
$denied = FALSE; $denied = TRUE;
foreach ($cck_files as $field_name => $field_files) { foreach ($cck_files as $field_name => $field_files) {
foreach ($field_files as $revision_id => $content) { foreach ($field_files as $revision_id => $content) {
// Checking separately for each revision is probably not the best idea - // Checking separately for each revision is probably not the best idea -
...@@ -181,15 +181,16 @@ function filefield_file_download($filepath) { ...@@ -181,15 +181,16 @@ function filefield_file_download($filepath) {
if (isset($nodes[$content['nid']])) { if (isset($nodes[$content['nid']])) {
continue; // Don't check the same node twice. continue; // Don't check the same node twice.
} }
if ($denied == FALSE && ($node = node_load($content['nid'])) && (node_access('view', $node) == FALSE || filefield_view_access($field_name, $node) == FALSE)) { if (($node = node_load($content['nid'])) && (node_access('view', $node) && filefield_view_access($field_name, $node))) {
// You don't have permission to view the node this file is attached to. $denied = FALSE;
$denied = TRUE; break 2;
} }
$nodes[$content['nid']] = $node; $nodes[$content['nid']] = $node;
} }
if ($denied) { }
return -1;
} if ($denied) {
return -1;
} }
// Access is granted. // Access is granted.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment