diff options
Diffstat (limited to 'phpBB/includes/functions_download.php')
| -rw-r--r-- | phpBB/includes/functions_download.php | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index e7a1d2bff5..7ad34d9515 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -596,7 +596,7 @@ function phpbb_parse_range_request($request_array, $filesize) /** * Increments the download count of all provided attachments * -* @param \phpbb\db\driver\driver $db The database object +* @param \phpbb\db\driver\driver_interface $db The database object * @param array|int $ids The attach_id of each attachment * * @return null @@ -617,7 +617,7 @@ function phpbb_increment_downloads($db, $ids) /** * Handles authentication when downloading attachments from a post or topic * -* @param \phpbb\db\driver\driver $db The database object +* @param \phpbb\db\driver\driver_interface $db The database object * @param \phpbb\auth\auth $auth The authentication object * @param int $topic_id The id of the topic that we are downloading from * @@ -625,17 +625,29 @@ function phpbb_increment_downloads($db, $ids) */ function phpbb_download_handle_forum_auth($db, $auth, $topic_id) { - $sql = 'SELECT t.forum_id, f.forum_name, f.forum_password, f.parent_id - FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f - WHERE t.topic_id = " . (int) $topic_id . " - AND t.forum_id = f.forum_id"; + $sql_array = array( + 'SELECT' => 't.topic_visibility, t.forum_id, f.forum_name, f.forum_password, f.parent_id', + 'FROM' => array( + TOPICS_TABLE => 't', + FORUMS_TABLE => 'f', + ), + 'WHERE' => 't.topic_id = ' . (int) $topic_id . ' + AND t.forum_id = f.forum_id', + ); + + $sql = $db->sql_build_query('SELECT', $sql_array); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id'])) + if ($row && $row['topic_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $row['forum_id'])) { - if ($row && $row['forum_password']) + send_status_line(404, 'Not Found'); + trigger_error('ERROR_NO_ATTACHMENT'); + } + else if ($row && $auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id'])) + { + if ($row['forum_password']) { // Do something else ... ? login_forum_box($row); @@ -651,7 +663,7 @@ function phpbb_download_handle_forum_auth($db, $auth, $topic_id) /** * Handles authentication when downloading attachments from PMs * -* @param \phpbb\db\driver\driver $db The database object +* @param \phpbb\db\driver\driver_interface $db The database object * @param \phpbb\auth\auth $auth The authentication object * @param int $user_id The user id * @param int $msg_id The id of the PM that we are downloading from @@ -678,7 +690,7 @@ function phpbb_download_handle_pm_auth($db, $auth, $user_id, $msg_id) /** * Checks whether a user can download from a particular PM * -* @param \phpbb\db\driver\driver $db The database object +* @param \phpbb\db\driver\driver_interface $db The database object * @param int $user_id The user id * @param int $msg_id The id of the PM that we are downloading from * |