From 5827250a94e38d9b637ed8ae9e9c4a584223cc31 Mon Sep 17 00:00:00 2001 From: Fyorl Date: Wed, 15 Aug 2012 06:08:18 +0800 Subject: [PATCH] [feature/attach-dl] Fixed the logic in an sql statement PHPBB3-11042 --- phpBB/includes/functions_download.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index 0be12aa617..182fce222b 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -690,8 +690,10 @@ function phpbb_download_check_pm_auth($db, $user_id, $msg_id) $sql = 'SELECT user_id, author_id FROM ' . PRIVMSGS_TO_TABLE . ' WHERE msg_id = ' . (int) $msg_id . ' - AND user_id = ' . (int) $user_id . ' - OR author_id = ' . (int) $user_id; + AND ( + user_id = ' . (int) $user_id . ' + OR author_id = ' . (int) $user_id . ' + )'; $result = $db->sql_query_limit($sql, 1); $allowed = $db->sql_fetchrow($result); $db->sql_freeresult($result);