From 8744b0da6d050275f9f2da8f12068238fd44da3c Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Sat, 8 Feb 2014 13:53:23 +0100
Subject: [ticket/12171] Check topic visibility before allowing to download
 attachments

PHPBB3-12171
---
 phpBB/includes/functions_download.php | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

(limited to 'phpBB/includes/functions_download.php')

diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php
index e7a1d2bff5..e17fe9de61 100644
--- a/phpBB/includes/functions_download.php
+++ b/phpBB/includes/functions_download.php
@@ -625,15 +625,23 @@ function phpbb_increment_downloads($db, $ids)
 */
 function phpbb_download_handle_forum_auth($db, $auth, $topic_id)
 {
-	$sql = 'SELECT t.forum_id, f.forum_name, f.forum_password, f.parent_id
-		FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
-		WHERE t.topic_id = " . (int) $topic_id . "
-			AND t.forum_id = f.forum_id";
+	$sql_array = array(
+		'SELECT'	=> 't.topic_visibility, t.forum_id, f.forum_name, f.forum_password, f.parent_id',
+		'FROM'		=> array(
+			TOPICS_TABLE => 't',
+			FORUMS_TABLE => 'f',
+		),
+		'WHERE'	=> 't.topic_id = ' . (int) $topic_id . '
+			AND t.forum_id = f.forum_id',
+	);
+
+	$sql = $db->sql_build_query('SELECT', $sql_array);
 	$result = $db->sql_query($sql);
 	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
 
-	if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
+	if ($row && ($row['topic_visibility'] == ITEM_APPROVED || $auth->acl_get('m_approve', $row['forum_id']))
+		&& $auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
 	{
 		if ($row && $row['forum_password'])
 		{
-- 
cgit v1.2.1


From ee1c055b7048e55aed91b3ec56cca01e9fc485d3 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Mon, 10 Feb 2014 12:17:28 +0100
Subject: [ticket/12171] Send correct status 403 when forbidden and 404 when
 not found

PHPBB3-12171
---
 phpBB/includes/functions_download.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'phpBB/includes/functions_download.php')

diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php
index e17fe9de61..c895f7b54b 100644
--- a/phpBB/includes/functions_download.php
+++ b/phpBB/includes/functions_download.php
@@ -640,10 +640,14 @@ function phpbb_download_handle_forum_auth($db, $auth, $topic_id)
 	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
 
-	if ($row && ($row['topic_visibility'] == ITEM_APPROVED || $auth->acl_get('m_approve', $row['forum_id']))
-		&& $auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
+	if ($row && $row['topic_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $row['forum_id']))
 	{
-		if ($row && $row['forum_password'])
+		send_status_line(404, 'Not Found');
+		trigger_error('ERROR_NO_ATTACHMENT');
+	}
+	else if ($row && $auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
+	{
+		if ($row['forum_password'])
 		{
 			// Do something else ... ?
 			login_forum_box($row);
-- 
cgit v1.2.1