mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-27 05:38:52 +00:00
#s23535
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8454 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
parent
22deceec85
commit
9a236a55d3
1 changed files with 25 additions and 0 deletions
|
|
@ -208,8 +208,32 @@ else
|
||||||
$row['forum_id'] = false;
|
$row['forum_id'] = false;
|
||||||
if (!$auth->acl_get('u_pm_download'))
|
if (!$auth->acl_get('u_pm_download'))
|
||||||
{
|
{
|
||||||
|
header('HTTP/1.0 403 forbidden');
|
||||||
trigger_error('SORRY_AUTH_VIEW_ATTACH');
|
trigger_error('SORRY_AUTH_VIEW_ATTACH');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if the attachment is within the users scope...
|
||||||
|
$sql = 'SELECT user_id, author_id
|
||||||
|
FROM ' . PRIVMSGS_TO_TABLE . '
|
||||||
|
WHERE msg_id = ' . $attachment['post_msg_id'];
|
||||||
|
$result = $db->sql_query($sql);
|
||||||
|
|
||||||
|
$allowed = false;
|
||||||
|
while ($user_row = $db->sql_fetchrow($result))
|
||||||
|
{
|
||||||
|
if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id'])
|
||||||
|
{
|
||||||
|
$allowed = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$db->sql_freeresult($result);
|
||||||
|
|
||||||
|
if (!$allowed)
|
||||||
|
{
|
||||||
|
header('HTTP/1.0 403 forbidden');
|
||||||
|
trigger_error('ERROR_NO_ATTACHMENT');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// disallowed?
|
// disallowed?
|
||||||
|
|
@ -222,6 +246,7 @@ else
|
||||||
|
|
||||||
if (!download_allowed())
|
if (!download_allowed())
|
||||||
{
|
{
|
||||||
|
header('HTTP/1.0 403 forbidden');
|
||||||
trigger_error($user->lang['LINKAGE_FORBIDDEN']);
|
trigger_error($user->lang['LINKAGE_FORBIDDEN']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue