[Openupload-svn-update] SF.net SVN: openupload:[245] trunk/lib/modules/default/files.inc.php

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 245
          http://openupload.svn.sourceforge.net/openupload/?rev=245&view=rev
Author:   tsdogs
Date:     2009-02-06 20:26:35 +0000 (Fri, 06 Feb 2009)

Log Message:
-----------
fix nasty security bug #2573950

Modified Paths:
--------------
    trunk/lib/modules/default/files.inc.php

Modified: trunk/lib/modules/default/files.inc.php
===================================================================

--- trunk/lib/modules/default/files.inc.php	2009-02-06 19:30:07 UTC (rev 244)
+++ trunk/lib/modules/default/files.inc.php	2009-02-06 20:26:35 UTC (rev 245)
@@ -317,7 +317,7 @@
     /* check if download exists, and what are the properties */
     if ($id != '') {
       $finfo = $this->loadFile($id);
-      if ($finfo[0]['id']!=$id) {
+      if ($finfo[0]['id']!=$id or isset($finfo[0]['group'])) {
         app()->log('warning','downloadRequest','','DENY','File does not exist: ID:'.$id);
         app()->error(tr('Requested file does not exist!'));
         $this->prevStep();


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


