mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 14:00:31 +02:00
Code Issues Releases Wiki Activity

[ticket/12171] Check topic visibility before allowing to download attachments

Browse Source 
PHPBB3-12171
This commit is contained in:
Joas Schilling
2014-02-08 13:53:23 +01:00
parent 344baf9180
commit 8744b0da6d
2 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/download/file.php
View File

@@ -163,17 +163,17 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
if ($download_id)
{
// Attachment id (only 1 attachment)
$sql_where = "attach_id = $download_id";
$sql_where = 'attach_id = ' . $download_id;
}
else if ($post_msg_id)
{
// Post id or private message id (multiple attachments)
$sql_where = "post_msg_id = $post_msg_id AND is_orphan = 0";
$sql_where = 'is_orphan = 0 AND post_msg_id = ' . $post_msg_id;
}
else if ($topic_id)
{
// Topic id (multiple attachments)
$sql_where = "topic_id = $topic_id AND is_orphan = 0";
$sql_where = 'is_orphan = 0 AND topic_id = ' . $topic_id;
}
else
{