diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2014-02-08 13:53:23 +0100 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2014-02-10 12:36:01 +0100 |
| commit | 8744b0da6d050275f9f2da8f12068238fd44da3c (patch) | |
| tree | 1b2e31576e8ce5740581f5cebf05a4cf7b12e842 /phpBB/download/file.php | |
| parent | 344baf91809bbfd5a224191e13472b94f77b421c (diff) | |
| download | forums-8744b0da6d050275f9f2da8f12068238fd44da3c.tar forums-8744b0da6d050275f9f2da8f12068238fd44da3c.tar.gz forums-8744b0da6d050275f9f2da8f12068238fd44da3c.tar.bz2 forums-8744b0da6d050275f9f2da8f12068238fd44da3c.tar.xz forums-8744b0da6d050275f9f2da8f12068238fd44da3c.zip | |
[ticket/12171] Check topic visibility before allowing to download attachments
PHPBB3-12171
Diffstat (limited to 'phpBB/download/file.php')
| -rw-r--r-- | phpBB/download/file.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 7d39ee4821..155e77501f 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -163,17 +163,17 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach']) if ($download_id) { // Attachment id (only 1 attachment) - $sql_where = "attach_id = $download_id"; + $sql_where = 'attach_id = ' . $download_id; } else if ($post_msg_id) { // Post id or private message id (multiple attachments) - $sql_where = "post_msg_id = $post_msg_id AND is_orphan = 0"; + $sql_where = 'is_orphan = 0 AND post_msg_id = ' . $post_msg_id; } else if ($topic_id) { // Topic id (multiple attachments) - $sql_where = "topic_id = $topic_id AND is_orphan = 0"; + $sql_where = 'is_orphan = 0 AND topic_id = ' . $topic_id; } else { |