diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-06-06 10:54:51 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-06-06 10:54:51 +0000 |
| commit | 2c8afb820e3842bed2ab6cec4053e71b5c566985 (patch) | |
| tree | 68131fc384d2eb5f8040e32178fac372da076526 /phpBB/includes/message_parser.php | |
| parent | 2ab88e7c56619d303c991251522aaaf6ae454fa7 (diff) | |
| download | forums-2c8afb820e3842bed2ab6cec4053e71b5c566985.tar forums-2c8afb820e3842bed2ab6cec4053e71b5c566985.tar.gz forums-2c8afb820e3842bed2ab6cec4053e71b5c566985.tar.bz2 forums-2c8afb820e3842bed2ab6cec4053e71b5c566985.tar.xz forums-2c8afb820e3842bed2ab6cec4053e71b5c566985.zip | |
make sure we check the attachment status for the correct user ;)
git-svn-id: file:///svn/phpbb/trunk@6014 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/message_parser.php')
| -rw-r--r-- | phpBB/includes/message_parser.php | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 344fdff8a6..e4be20a91b 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1116,13 +1116,15 @@ class parse_message extends bbcode_firstpass /** * Get Attachment Data */ - function get_submitted_attachment_data() + function get_submitted_attachment_data($check_user_id = false) { global $user, $db, $phpbb_root_path, $phpEx, $config; $this->filename_data['filecomment'] = request_var('filecomment', '', true); $this->attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array(); + $check_user_id = ($check_user_id === false) ? $user->data['user_id'] : $check_user_id; + // Regenerate data array... $attach_ids = $filenames = array(); @@ -1149,7 +1151,7 @@ class parse_message extends bbcode_firstpass $sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id IN (' . implode(', ', array_keys($attach_ids)) . ') - AND poster_id = ' . $user->data['user_id']; + AND poster_id = ' . $check_user_id; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -1167,7 +1169,7 @@ class parse_message extends bbcode_firstpass if (sizeof($attach_ids)) { - trigger_error('NO_ACCESS_ATTACHMENT'); + trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR); } } @@ -1175,7 +1177,7 @@ class parse_message extends bbcode_firstpass if (sizeof($filenames)) { include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); - + $sql = 'SELECT attach_id FROM ' . ATTACHMENTS_TABLE . " WHERE LOWER(physical_filename) IN ('" . implode("', '", array_map('strtolower', $filenames)) . "')"; @@ -1185,7 +1187,7 @@ class parse_message extends bbcode_firstpass if ($row) { - trigger_error('NO_ACCESS_ATTACHMENT'); + trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR); } foreach ($filenames as $pos => $physical_filename) |