diff options
Diffstat (limited to 'phpBB/download/file.php')
| -rw-r--r-- | phpBB/download/file.php | 33 |
1 files changed, 5 insertions, 28 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 0c3e0f5521..d000fc49d2 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -236,34 +236,7 @@ else if ($download_id) { // Attachment is in a private message. $row['forum_id'] = false; - if (!$auth->acl_get('u_pm_download')) - { - send_status_line(403, 'Forbidden'); - trigger_error('SORRY_AUTH_VIEW_ATTACH'); - } - - // Check if the attachment is within the users scope... - $sql = 'SELECT user_id, author_id - FROM ' . PRIVMSGS_TO_TABLE . ' - WHERE msg_id = ' . $attachment['post_msg_id']; - $result = $db->sql_query($sql); - - $allowed = false; - while ($user_row = $db->sql_fetchrow($result)) - { - if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id']) - { - $allowed = true; - break; - } - } - $db->sql_freeresult($result); - - if (!$allowed) - { - send_status_line(403, 'Forbidden'); - trigger_error('ERROR_NO_ATTACHMENT'); - } + phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']); } $extensions = array(); @@ -331,6 +304,10 @@ else { phpbb_download_check_forum_auth($db, $auth, $attachment['topic_id']); } + else + { + phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']); + } if (!class_exists('compress')) { |