From b96c72c156b5fd207ef0b1d1b55df037df688976 Mon Sep 17 00:00:00 2001
From: Fyorl <gaelreth@gmail.com>
Date: Tue, 14 Aug 2012 12:47:10 +0100
Subject: [feature/attach-dl] Moved PM authentication handling into own
 function

PHPBB3-11042
---
 phpBB/includes/functions_download.php | 51 +++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

(limited to 'phpBB/includes')

diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php
index 14d39806b9..ac5e5ddd7e 100644
--- a/phpBB/includes/functions_download.php
+++ b/phpBB/includes/functions_download.php
@@ -648,6 +648,57 @@ function phpbb_download_check_forum_auth($db, $auth, $topic_id)
 	}
 }
 
+/**
+* Handles authentication when downloading attachments from PMs
+*
+* @param dbal $db The database object
+* @param phpbb_auth $auth The authentication object
+* @param int $user_id The user id
+* @param int $msg_id The id of the PM that we are downloading from
+*
+* @return null
+*/
+function phpbb_download_handle_pm_auth($db, $auth, $user_id, $msg_id)
+{
+	if (!$auth->acl_get('u_pm_download'))
+	{
+		send_status_line(403, 'Forbidden');
+		trigger_error('SORRY_AUTH_VIEW_ATTACH');
+	}
+
+	$allowed = phpbb_download_check_pm_auth($db, $user_id, $msg_id);
+
+	if (!$allowed)
+	{
+		send_status_line(403, 'Forbidden');
+		trigger_error('ERROR_NO_ATTACHMENT');
+	}
+}
+
+/**
+* Checks whether a user can download from a particular PM
+*
+* @param dbal $db The database object
+* @param int $user_id The user id
+* @param int $msg_id The id of the PM that we are downloading from
+*
+* @return bool Whether the user is allowed to download from that PM or not
+*/
+function phpbb_download_check_pm_auth($db, $user_id, $msg_id)
+{
+	// Check if the attachment is within the users scope...
+	$sql = 'SELECT user_id, author_id
+		FROM ' . PRIVMSGS_TO_TABLE . '
+		WHERE msg_id = ' . $msg_id . "
+			AND user_id = $user_id
+			OR author_id = $user_id";
+	$result = $db->sql_query_limit($sql, 1);
+	$allowed = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
+
+	return $allowed;
+}
+
 /**
 * Cleans a filename of any characters that could potentially cause a problem on
 * a user's filesystem.
-- 
cgit v1.2.1