From c7fa86b388c0848c1a31100575df61166552d134 Mon Sep 17 00:00:00 2001 From: Florent Torregrosa Date: Sat, 8 Nov 2014 11:36:45 +0100 Subject: [PATCH] Issue #2179473: Fix private file upload when uploading file before submitting. --- protected_node.module | 63 +++++++++++++++++++++++-------------------------- 1 file changed, 30 insertions(+), 33 deletions(-) diff --git a/protected_node.module b/protected_node.module index 5db5863..06eab5e 100644 --- a/protected_node.module +++ b/protected_node.module @@ -685,46 +685,43 @@ function protected_node_file_download($uri) { $files = file_load_multiple(array(), array('uri' => $uri)); if (count($files)) { $file = reset($files); - if ($file->status) { - $query = db_select('node', 'n'); - $query->join('file_usage', 'fu', 'n.nid = fu.id'); - $query->join('protected_nodes', 'pn', 'n.nid = pn.nid'); - $query->fields('n', array('nid', 'uid')); - $query->fields('pn', array('protected_node_passwd_changed')); - $query->condition('fu.fid', $file->fid); - $query->condition('fu.type', 'node'); - $query->condition('pn.protected_node_is_protected', '1'); - $number_of_results = $query->countQuery()->execute()->fetchField(); - if (0 == $number_of_results) { - return array(); /* Row doesn't exist, it's not protected */ - } - $result = $query->execute(); + $query = db_select('node', 'n'); + $query->join('file_usage', 'fu', 'n.nid = fu.id'); + $query->join('protected_nodes', 'pn', 'n.nid = pn.nid'); + $query->fields('n', array('nid', 'uid')); + $query->fields('pn', array('protected_node_passwd_changed')); + $query->condition('fu.fid', $file->fid); + $query->condition('fu.type', 'node'); + $query->condition('pn.protected_node_is_protected', '1'); + $number_of_results = $query->countQuery()->execute()->fetchField(); + if (0 == $number_of_results) { + return array(); /* Row doesn't exist, it's not protected */ + } + $result = $query->execute(); - foreach ($result as $file_info) { - // if the file belongs to the current user let them see it. - if ($file_info === FALSE || ($user->uid && $user->uid == $file_info->uid)) { - return array(); - } + foreach ($result as $file_info) { + // if the file belongs to the current user let them see it. + if ($file_info === FALSE || ($user->uid && $user->uid == $file_info->uid)) { + return array(); + } - // Got the global password? - if (isset($_SESSION['_protected_node']['passwords']['global'])) { - $when = $_SESSION['_protected_node']['passwords']['global']; - if ($when > $file_info->protected_node_passwd_changed /* this page reset time */ - && $when > variable_get('protected_node_session_timelimit', 0)) { /* global reset time */ - return array(); - } - } - elseif (isset($_SESSION['_protected_node']['passwords'][$file_info->nid])) { - $when = $_SESSION['_protected_node']['passwords'][$file_info->nid]; - if ($when > $file_info->protected_node_passwd_changed /* this page reset time */ - && $when > variable_get('protected_node_session_timelimit', 0)) { /* global reset time */ + // Got the global password? + if (isset($_SESSION['_protected_node']['passwords']['global'])) { + $when = $_SESSION['_protected_node']['passwords']['global']; + if ($when > $file_info->protected_node_passwd_changed /* this page reset time */ + && $when > variable_get('protected_node_session_timelimit', 0)) { /* global reset time */ return array(); - } + } + } + elseif (isset($_SESSION['_protected_node']['passwords'][$file_info->nid])) { + $when = $_SESSION['_protected_node']['passwords'][$file_info->nid]; + if ($when > $file_info->protected_node_passwd_changed /* this page reset time */ + && $when > variable_get('protected_node_session_timelimit', 0)) { /* global reset time */ + return array(); } } } } - // No password, access denied. return -1; } -- 1.7.10.4