diff options
| author | Fyorl <gaelreth@gmail.com> | 2012-08-14 12:47:10 +0100 |
|---|---|---|
| committer | Fyorl <gaelreth@gmail.com> | 2012-08-14 12:47:10 +0100 |
| commit | b96c72c156b5fd207ef0b1d1b55df037df688976 (patch) | |
| tree | b99768ef93924ff432c30c162ea87b4bab46ff4f /phpBB/download/file.php | |
| parent | b05f36b19759eae3d6e60558355698d457df5b31 (diff) | |
| download | forums-b96c72c156b5fd207ef0b1d1b55df037df688976.tar forums-b96c72c156b5fd207ef0b1d1b55df037df688976.tar.gz forums-b96c72c156b5fd207ef0b1d1b55df037df688976.tar.bz2 forums-b96c72c156b5fd207ef0b1d1b55df037df688976.tar.xz forums-b96c72c156b5fd207ef0b1d1b55df037df688976.zip | |
[feature/attach-dl] Moved PM authentication handling into own function
PHPBB3-11042
Diffstat (limited to 'phpBB/download/file.php')
| -rw-r--r-- | phpBB/download/file.php | 33 |
1 files changed, 5 insertions, 28 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 0c3e0f5521..d000fc49d2 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -236,34 +236,7 @@ else if ($download_id) { // Attachment is in a private message. $row['forum_id'] = false; - if (!$auth->acl_get('u_pm_download')) - { - send_status_line(403, 'Forbidden'); - trigger_error('SORRY_AUTH_VIEW_ATTACH'); - } - - // Check if the attachment is within the users scope... - $sql = 'SELECT user_id, author_id - FROM ' . PRIVMSGS_TO_TABLE . ' - WHERE msg_id = ' . $attachment['post_msg_id']; - $result = $db->sql_query($sql); - - $allowed = false; - while ($user_row = $db->sql_fetchrow($result)) - { - if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id']) - { - $allowed = true; - break; - } - } - $db->sql_freeresult($result); - - if (!$allowed) - { - send_status_line(403, 'Forbidden'); - trigger_error('ERROR_NO_ATTACHMENT'); - } + phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']); } $extensions = array(); @@ -331,6 +304,10 @@ else { phpbb_download_check_forum_auth($db, $auth, $attachment['topic_id']); } + else + { + phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']); + } if (!class_exists('compress')) { |