mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-05 00:07:44 +02:00
Code Issues Releases Wiki Activity

Merge pull request #2021 from nickvergessen/ticket/12171

Browse Source 
Ticket/12171 Attachments from soft-deleted posts are still downloadable
This commit is contained in:
Nathan Guse
2014-02-20 20:51:58 -06:00
parent 92cf69abec 09a17b4944
commit b8d30bfc80
6 changed files with 455 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
phpBB/includes/functions_download.php
View File

@@ -625,17 +625,29 @@ function phpbb_increment_downloads($db, $ids)
*/
function phpbb_download_handle_forum_auth($db, $auth, $topic_id)
{
$sql = 'SELECT t.forum_id, f.forum_name, f.forum_password, f.parent_id
FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
WHERE t.topic_id = " . (int) $topic_id . "
AND t.forum_id = f.forum_id";
$sql_array = array(
'SELECT' => 't.topic_visibility, t.forum_id, f.forum_name, f.forum_password, f.parent_id',
'FROM' => array(
TOPICS_TABLE => 't',
FORUMS_TABLE => 'f',
),
'WHERE' => 't.topic_id = ' . (int) $topic_id . '
AND t.forum_id = f.forum_id',
);
$sql = $db->sql_build_query('SELECT', $sql_array);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
if ($row && $row['topic_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $row['forum_id']))
{
if ($row && $row['forum_password'])
send_status_line(404, 'Not Found');
trigger_error('ERROR_NO_ATTACHMENT');
}
else if ($row && $auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
{
if ($row['forum_password'])
{
// Do something else ... ?
login_forum_box($row);

2
phpBB/includes/ucp/ucp_pm_viewmessage.php
View File

@@ -274,7 +274,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
// Display not already displayed Attachments for this post, we already parsed them. ;)
if (isset($attachments) && sizeof($attachments))
{
$methods = phpbb_gen_download_links('post_msg_id', $msg_id, $phpbb_root_path, $phpEx);
$methods = phpbb_gen_download_links('msg_id', $msg_id, $phpbb_root_path, $phpEx);
foreach ($methods as $method)
{
$template->assign_block_vars('dl_method', $method);